kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
proxmox-infra/docs/TASKS.md

2.9 KiB
Raw Permalink Blame History

Current Tasks

Last Updated: 2025-12-21

In Progress

OPNsense NAT Configuration (URGENT)

Config was corrupted during editing. Restored to backup. Need to re-add:

Via OPNsense UI (https://10.4.2.1):

  1. Port Forwards (Firewall → NAT → Port Forward):

    • TCP 80 → 10.4.2.10:80 (Traefik HTTP)
    • TCP 443 → 10.4.2.10:443 (Traefik HTTPS)
    • TCP/UDP game ports → 10.4.2.26 (AMP server)

  2. NAT Reflection (Firewall → Settings → Advanced):

    • Reflection for port forwards: Enable (NAT + proxy)

  3. Disable Rebind Check (System → Settings → Administration):

    • Uncheck "HTTP Referer enforcement"

  4. WireGuard should still work (built into OPNsense 25.7)

Pending

Remaining Network Tasks

  • Disable DHCP on Asus router and switch LAN to OPNsense DHCP
  • Test firewall isolation (IoT device cannot ping LAN device)
  • Test LAN access to IoT (Home Assistant, Frigate can reach IoT devices)
  • Migrate devices from Asus APs to UniFi APs (to retire Asus routers)

Future Network Upgrades

  • Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul
  • Consider managed 2.5G PoE switches for proper VLAN support
  • Consider OPNsense HA (CARP) with second USB NIC on another node

Media Organization

  • Verify Jellyfin can see all imported media
  • Clean up .processing-loose-episodes folder
  • Review and potentially restore TV shows from processing folder

Configuration

  • Consider custom format to prefer English audio releases
  • Review Sonarr language profiles for non-English releases

Infrastructure

  • Define backup strategy and schedule
  • Set up monitoring/alerting system
  • Document disaster recovery procedures

Completed (Recent)

  • OPNsense WAN cutover to AT&T modem (192.168.1.x)
  • VLAN isolation working (Trusted, IoT, Guest)
  • pm4 vmbr0 VLAN-aware with persistent bridge vlan config
  • Pi-hole accepting DNS from all subnets (listeningMode=ALL)
  • Pi-hole gateway set to OPNsense for return routing
  • UniFi SSIDs configured with VLAN tags
  • Configured OPNsense VLANs (10, 20, 30) on vtnet0
  • Configured VLAN interfaces with IPs (10.4.10.1, 10.4.20.1, 10.4.30.1)
  • Configured DHCP on all VLAN interfaces
  • Implemented firewall rules for IoT/Guest isolation
  • Added Traefik routes for UniFi Controller and OPNsense
  • Resized Traefik LXC 104 rootfs from 2GB to 4GB
  • Configured pm4 vmbr1 bridge with USB 2.5G NIC for OPNsense WAN
  • Added net1 (vmbr1) to OPNsense VM 130
  • Deployed UniFi Controller LXC 111 on pm4
  • Fixed SSH access between cluster nodes (pm2 can access all nodes)
  • Fixed NZBGet permissions (UMask=0000 for 777 files)
  • Fixed Sonarr permissions (chmod 777 on imports)
  • Fixed Jellyfin LXC mounts (restarted LXC)
  • Fixed Jellyseerr IP in Traefik config
  • Consolidated documentation structure
  • Created documentation index

Blocked

None currently.

Reference in New Issue View Git Blame Copy Permalink