kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9002edcf9a9e5776ed1efb26a816503947086314
proxmox-infra/docs/TASKS.md

80 lines
2.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Current Tasks
> **Last Updated**: 2025-12-21
## In Progress
### OPNsense NAT Configuration (URGENT)
Config was corrupted during editing. Restored to backup. Need to re-add:
**Via OPNsense UI (https://10.4.2.1):**
1. **Port Forwards** (Firewall → NAT → Port Forward):
- TCP 80 → 10.4.2.10:80 (Traefik HTTP)
- TCP 443 → 10.4.2.10:443 (Traefik HTTPS)
- TCP/UDP game ports → 10.4.2.26 (AMP server)
2. **NAT Reflection** (Firewall → Settings → Advanced):
- Reflection for port forwards: Enable (NAT + proxy)
3. **Disable Rebind Check** (System → Settings → Administration):
- Uncheck "HTTP Referer enforcement"
4. **WireGuard** should still work (built into OPNsense 25.7)
## Pending
### Remaining Network Tasks
- [x] Disable DHCP on Asus router and switch LAN to OPNsense DHCP
- [x] Test firewall isolation (IoT device cannot ping LAN device)
- [x] Test LAN access to IoT (Home Assistant, Frigate can reach IoT devices)
- [ ] Migrate devices from Asus APs to UniFi APs (to retire Asus routers)
### Future Network Upgrades
- [ ] Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul
- [ ] Consider managed 2.5G PoE switches for proper VLAN support
- [ ] Consider OPNsense HA (CARP) with second USB NIC on another node
### Media Organization
- [ ] Verify Jellyfin can see all imported media
- [ ] Clean up `.processing-loose-episodes` folder
- [ ] Review and potentially restore TV shows from processing folder
### Configuration
- [ ] Consider custom format to prefer English audio releases
- [ ] Review Sonarr language profiles for non-English releases
### Infrastructure
- [ ] Define backup strategy and schedule
- [ ] Set up monitoring/alerting system
- [ ] Document disaster recovery procedures
## Completed (Recent)
- [x] OPNsense WAN cutover to AT&T modem (192.168.1.x)
- [x] VLAN isolation working (Trusted, IoT, Guest)
- [x] pm4 vmbr0 VLAN-aware with persistent bridge vlan config
- [x] Pi-hole accepting DNS from all subnets (listeningMode=ALL)
- [x] Pi-hole gateway set to OPNsense for return routing
- [x] UniFi SSIDs configured with VLAN tags
- [x] Configured OPNsense VLANs (10, 20, 30) on vtnet0
- [x] Configured VLAN interfaces with IPs (10.4.10.1, 10.4.20.1, 10.4.30.1)
- [x] Configured DHCP on all VLAN interfaces
- [x] Implemented firewall rules for IoT/Guest isolation
- [x] Added Traefik routes for UniFi Controller and OPNsense
- [x] Resized Traefik LXC 104 rootfs from 2GB to 4GB
- [x] Configured pm4 vmbr1 bridge with USB 2.5G NIC for OPNsense WAN
- [x] Added net1 (vmbr1) to OPNsense VM 130
- [x] Deployed UniFi Controller LXC 111 on pm4
- [x] Fixed SSH access between cluster nodes (pm2 can access all nodes)
- [x] Fixed NZBGet permissions (UMask=0000 for 777 files)
- [x] Fixed Sonarr permissions (chmod 777 on imports)
- [x] Fixed Jellyfin LXC mounts (restarted LXC)
- [x] Fixed Jellyseerr IP in Traefik config
- [x] Consolidated documentation structure
- [x] Created documentation index
## Blocked
None currently.
Reference in New Issue View Git Blame Copy Permalink