6.4 KiB
6.4 KiB
Infrastructure Reference
Purpose: Single source of truth for all infrastructure details - nodes, IPs, services, storage, network Update Frequency: Immediately when infrastructure changes
Proxmox Cluster Nodes
| Hostname | IP Address | Role | Resources |
|---|---|---|---|
| pm1 | 10.4.2.2 | Proxmox cluster node | - |
| pm2 | 10.4.2.6 | Proxmox cluster node (primary management) | - |
| pm3 | 10.4.2.3 | Proxmox cluster node | - |
| pm4 | 10.4.2.5 | Proxmox cluster node | - |
| elantris | 10.4.2.14 | Proxmox cluster node (Debian-based) | 128GB RAM, ZFS storage (24TB) |
Cluster Name: KavCorp Network: 10.4.2.0/24 Gateway: 10.4.2.254
Service Map
| Service | IP:Port | Location | Domain | Auth |
|---|---|---|---|---|
| Proxmox Web UI | 10.4.2.6:8006 | pm2 | pm.kavcorp.com | Proxmox built-in |
| Traefik | 10.4.2.10 | LXC 104 (pm2) | - | None (reverse proxy) |
| Authelia | 10.4.2.19 | LXC 116 (pm2) | auth.kavcorp.com | SSO provider |
| Sonarr | 10.4.2.15:8989 | LXC 105 (pm2) | sonarr.kavcorp.com | Built-in |
| Radarr | 10.4.2.16:7878 | LXC 108 (pm2) | radarr.kavcorp.com | Built-in |
| Prowlarr | 10.4.2.17:9696 | LXC 114 (pm2) | prowlarr.kavcorp.com | Built-in |
| Jellyseerr | 10.4.2.18:5055 | LXC 115 (pm2) | jellyseerr.kavcorp.com | Built-in |
| Whisparr | 10.4.2.20:6969 | LXC 117 (pm2) | whisparr.kavcorp.com | Built-in |
| Notifiarr | 10.4.2.21 | LXC 118 (pm2) | - | API key |
| Jellyfin | 10.4.2.21:8096 | LXC 121 (elantris) | jellyfin.kavcorp.com | Built-in |
| Bazarr | 10.4.2.22:6767 | LXC 119 (pm2) | bazarr.kavcorp.com | Built-in |
| Kometa | 10.4.2.23 | LXC 120 (pm2) | - | N/A |
| Recyclarr | 10.4.2.25 | LXC 122 (pm2) | - | CLI only |
| NZBGet | 10.4.2.13:6789 | Docker (kavnas) | nzbget.kavcorp.com | Built-in |
| Home Assistant | 10.4.2.62:8123 | VM 100 (pm1) | hass.kavcorp.com | Built-in |
| Frigate | 10.4.2.8:8971 | LXC 128 (pm3) | frigate.kavcorp.com | Built-in (auth required) |
| Foundry VTT | 10.4.2.37:30000 | LXC 112 (pm3) | vtt.kavcorp.com | Built-in |
| llama.cpp | 10.4.2.224:11434 | LXC 123 (elantris) | ollama.kavcorp.com | None (API) |
| AMP | 10.4.2.26:8080 | LXC 124 (elantris) | amp.kavcorp.com | Built-in |
| Vaultwarden | 10.4.2.212 | LXC 125 (pm4) | vtw.kavcorp.com | Built-in |
| Immich | 10.4.2.24:2283 | LXC 126 (pm4) | immich.kavcorp.com | Built-in |
| Gitea | 10.4.2.7:3000 | LXC 127 (pm4) | git.kavcorp.com | Built-in |
| Pi-hole | 10.4.2.129 | LXC 103 (pm4) | pihole.kavcorp.com | Built-in |
| UniFi Controller | 10.4.2.242:8443 | LXC 111 (pm4) | unifi.kavcorp.com | Built-in |
| OPNsense (KavSense) | 10.4.2.1 | VM 130 (pm4) | opnsense.kavcorp.com | Built-in (net0: vmbr0/LAN, net1: vmbr1/WAN) |
| KavNas | 10.4.2.13 | Synology NAS | - | NAS auth |
Storage Architecture
NFS Mounts (Shared)
| Mount Name | Source | Mount Point | Size | Usage |
|---|---|---|---|---|
| elantris-media | elantris:/el-pool/media | /mnt/pve/elantris-media | ~24TB | Media files (movies, TV, anime) |
| KavNas | kavnas:10.4.2.13:/volume1 | /mnt/pve/KavNas | ~23TB | Backups, ISOs, LXC storage, downloads |
Local Storage (Per-Node)
| Storage | Type | Size | Usage |
|---|---|---|---|
| local | Directory | ~100GB | Backups, templates, ISOs |
| local-lvm | LVM thin pool | ~350-375GB | VM/LXC disks |
ZFS Pools
| Pool | Location | Size | Usage |
|---|---|---|---|
| el-pool | elantris | 24TB | Large data storage |
Media Folders
| Path | Type | Permissions | Notes |
|---|---|---|---|
| /mnt/pve/elantris-media/movies | NFS | 777 | Movie library |
| /mnt/pve/elantris-media/tv | NFS | 777 | TV show library |
| /mnt/pve/elantris-media/anime | NFS | 777 | Anime library |
| /mnt/pve/elantris-media/processing | NFS | 777 | Processing/cleanup folder |
| /mnt/pve/KavNas/downloads | NFS | 777 | Download client output |
Network Configuration
DNS & Domains
Domain: kavcorp.com DNS Provider: Namecheap Public IP: 99.74.188.161
All *.kavcorp.com subdomains route through Traefik reverse proxy (10.4.2.10) for SSL termination and routing.
Bridges
All Nodes (vmbr0)
| Setting | Value |
|---|---|
| Bridge | vmbr0 |
| Physical Interface | eno1 |
| CIDR | 10.4.2.0/24 |
| Gateway | 10.4.2.254 |
pm4 Only (vmbr1 - WAN for OPNsense)
| Setting | Value |
|---|---|
| Bridge | vmbr1 |
| Physical Interface | enx6c1ff76e4d47 (USB 2.5G NIC) |
| Purpose | WAN uplink to AT&T modem |
| Used by | VM 130 (OPNsense) net1 |
VLANs and Subnets
| VLAN | Subnet | Gateway | DHCP Range | Purpose |
|---|---|---|---|---|
| - | 10.4.2.0/24 | 10.4.2.1 | .100-.200 | Infrastructure (Proxmox, core services) |
| 10 | 10.4.10.0/24 | 10.4.10.1 | .100-.200 | Trusted (user devices) |
| 20 | 10.4.20.0/24 | 10.4.20.1 | .100-.200 | IoT (KavCorp-IOT SSID) |
| 30 | 10.4.30.0/24 | 10.4.30.1 | .100-.200 | Guest (KavCorp-Guest SSID) |
VLAN Traffic Path: UniFi AP → Unmanaged Switch → pm4 vmbr0 → OPNsense vtnet0
Required pm4 vmbr0 Configuration:
bridge-vlan-aware yesin /etc/network/interfaces- VLANs 10, 20, 30 added to eno1:
post-up bridge vlan add dev eno1 vid {10,20,30} - VLANs 10, 20, 30 added to veth103i0 (Pi-hole): via hookscript
local:snippets/pihole-vlan.sh
Pi-hole Configuration (LXC 103):
listeningMode = "ALL"in /etc/pihole/pihole.toml (to accept DNS from all subnets)- Gateway: 10.4.2.1 (OPNsense) for proper VLAN routing
See DECISIONS.md for firewall rules and network isolation strategy.
Access & Credentials
SSH Access
- User: kavren (from local machine)
- User: root (between cluster nodes)
- Key Type: ed25519
- Node-to-Node: Passwordless SSH configured for cluster operations
Important Paths
Traefik (LXC 104):
- Config:
/etc/traefik/traefik.yaml - Service configs:
/etc/traefik/conf.d/*.yaml - SSL certs:
/etc/traefik/ssl/acme.json - Service file:
/etc/systemd/system/traefik.service.d/override.conf
Media Services:
- Sonarr config:
/var/lib/sonarr/ - Radarr config:
/var/lib/radarr/ - Recyclarr config:
/root/.config/recyclarr/recyclarr.yml
NZBGet (Docker on kavnas):
- Config:
/volume1/docker/nzbget/config/nzbget.conf - Downloads:
/volume1/Media/downloads/