kavren
96d413602f
Fixed outdated IP addresses across documentation and scripts. Sonarr LXC 105 is at 10.4.2.20, not 10.4.2.15. Jellyseerr LXC 115 is at 10.4.2.25, not 10.4.2.20. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
7.9 KiB
Configuration Reference
Purpose: Detailed configuration for all services - copy/paste ready configs and settings Update Frequency: When service configurations change
Traefik
SSL/TLS with Let's Encrypt
Location: LXC 104 on pm2
Environment Variables (/etc/systemd/system/traefik.service.d/override.conf):
NAMECHEAP_API_USER=kavren
NAMECHEAP_API_KEY=8156f3d9ef664c91b95f029dfbb62ad5
NAMECHEAP_PROPAGATION_TIMEOUT=3600
NAMECHEAP_POLLING_INTERVAL=30
NAMECHEAP_TTL=300
Main Config (/etc/traefik/traefik.yaml):
certificatesResolvers:
letsencrypt:
acme:
email: cory.bailey87@gmail.com
storage: /etc/traefik/ssl/acme.json
dnsChallenge:
provider: namecheap
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
Service Routing Examples
Home Assistant (/etc/traefik/conf.d/home-automation.yaml):
http:
routers:
homeassistant:
rule: "Host(`hass.kavcorp.com`)"
entryPoints:
- websecure
service: homeassistant
tls:
certResolver: letsencrypt
services:
homeassistant:
loadBalancer:
servers:
- url: "http://10.4.2.62:8123"
Ollama (/etc/traefik/conf.d/ollama.yaml):
http:
routers:
ollama:
rule: "Host(`ollama.kavcorp.com`)"
entryPoints:
- websecure
service: ollama
tls:
certResolver: letsencrypt
services:
ollama:
loadBalancer:
servers:
- url: "http://10.4.2.224:11434"
Frigate (/etc/traefik/conf.d/frigate.yaml):
http:
routers:
frigate:
rule: "Host(`frigate.kavcorp.com`)"
entryPoints:
- websecure
service: frigate
tls:
certResolver: letsencrypt
services:
frigate:
loadBalancer:
servers:
- url: "https://10.4.2.8:8971"
serversTransport: frigate-transport
serversTransports:
frigate-transport:
insecureSkipVerify: true
Note: Frigate uses port 8971 for authenticated access with a self-signed TLS certificate. Port 5000 is unauthenticated (for Home Assistant integration only).
Foundry VTT (/etc/traefik/conf.d/foundry.yaml):
http:
routers:
foundry:
rule: "Host(`vtt.kavcorp.com`)"
entryPoints:
- websecure
service: foundry
tls:
certResolver: letsencrypt
services:
foundry:
loadBalancer:
servers:
- url: "http://10.4.2.37:30000"
Proxmox (/etc/traefik/conf.d/proxmox.yaml):
http:
routers:
proxmox:
rule: "Host(`pm.kavcorp.com`)"
entryPoints:
- websecure
service: proxmox
tls:
certResolver: letsencrypt
services:
proxmox:
loadBalancer:
servers:
- url: "https://10.4.2.6:8006"
serversTransport: proxmox-transport
serversTransports:
proxmox-transport:
insecureSkipVerify: true
Synology DSM
Location: KavNas (Synology NAS) IP: 10.4.2.13:5001 Domain: dsm.kavcorp.com
Traefik Config (/etc/traefik/conf.d/dsm.yaml):
http:
routers:
dsm:
rule: "Host(`dsm.kavcorp.com`)"
entryPoints:
- websecure
service: dsm
tls:
certResolver: letsencrypt
services:
dsm:
loadBalancer:
servers:
- url: "http://10.4.2.13:5001"
Note: DSM is configured for HTTP on port 5001 (not HTTPS). Traefik terminates TLS.
AMP (Application Management Panel)
Location: LXC 124 on elantris IP: 10.4.2.26:8080 Domain: amp.kavcorp.com
Traefik Config (/etc/traefik/conf.d/amp.yaml):
http:
routers:
amp:
rule: "Host(`amp.kavcorp.com`)"
entryPoints:
- websecure
service: amp
tls:
certResolver: letsencrypt
services:
amp:
loadBalancer:
servers:
- url: "http://10.4.2.26:8080"
Home Assistant
Location: VM 100 on pm1 IP: 10.4.2.62:8123
Reverse Proxy Config (/config/configuration.yaml):
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.4.2.10 # Traefik IP
- 172.30.0.0/16 # Home Assistant internal network (for add-ons)
Sonarr
Location: LXC 105 on pm2 IP: 10.4.2.20:8989 API Key: b331fe18ec2144148a41645d9ce8b249
Media Management Settings:
- Permissions: Enabled, chmod 777
- Hardlinks: Enabled
- Episode title required: Always
- Free space check: 100MB minimum
Radarr
Location: LXC 108 IP: 10.4.2.16:7878 API Key: 5e6796988abf4d6d819a2b506a44f422
NZBGet
Location: Docker on kavnas (10.4.2.13) Port: 6789 Web User: kavren Web Password: fre8ub2ax8
Key Settings (/volume1/docker/nzbget/config/nzbget.conf):
MainDir=/config
DestDir=/downloads/completed
InterDir=/downloads/intermediate
UMask=0000 # Creates files with 777 permissions
Docker Mounts:
- Config:
/volume1/docker/nzbget/config:/config - Downloads:
/volume1/Media/downloads:/downloads
Recyclarr
Location: LXC 122 on pm2
IP: 10.4.2.25
Binary: /usr/local/bin/recyclarr
Config: /root/.config/recyclarr/recyclarr.yml
Sync Schedule: Daily at 3 AM via cron
Configured Profiles:
- Radarr: HD Bluray + WEB (1080p), Remux-1080p - Anime
- Sonarr: WEB-1080p, Remux-1080p - Anime
- Custom Formats: TRaSH Guides synced (Dolby Vision blocked, release group tiers)
Jellyfin
Location: LXC 121 on elantris IP: 10.4.2.21:8096
Media Mounts (inside LXC):
/media/tv→/el-pool/media/tv/media/anime→/el-pool/media/anime/media/movies→/el-pool/media/movies
Permissions: Files must be 777 for Jellyfin user (UID 100107 in LXC) to access
Vaultwarden
Location: LXC 125 on pm4 IP: 10.4.2.212:80 Domain: vtw.kavcorp.com
Traefik Config (/etc/traefik/conf.d/vaultwarden.yaml):
http:
routers:
vaultwarden:
rule: "Host(`vtw.kavcorp.com`)"
entryPoints:
- websecure
service: vaultwarden
tls:
certResolver: letsencrypt
services:
vaultwarden:
loadBalancer:
servers:
- url: "http://10.4.2.212:80"
Pi-hole
Location: LXC 103 on pm4 IP: 10.4.2.129 Domain: pihole.kavcorp.com Web UI: http://10.4.2.129/admin
DNS Configuration:
- Unbound recursive DNS on port 5335
- Pi-hole uses
127.0.0.1#5335as upstream
Traefik Config (/etc/traefik/conf.d/pihole.yaml):
http:
routers:
pihole:
rule: "Host(`pihole.kavcorp.com`)"
entryPoints:
- websecure
service: pihole
tls:
certResolver: letsencrypt
services:
pihole:
loadBalancer:
servers:
- url: "http://10.4.2.129"
Router Configuration (Asus):
- LAN → DHCP Server → DNS Server 1:
10.4.2.129 - DNS Server 2:
1.1.1.1(fallback)
Immich
Location: LXC 126 on pm4 IP: 10.4.2.24:2283 Domain: immich.kavcorp.com
Config (/opt/immich/.env):
TZ=America/Indiana/Indianapolis
IMMICH_VERSION=release
NODE_ENV=production
DB_HOSTNAME=127.0.0.1
DB_USERNAME=immich
DB_PASSWORD=AulF5JhgWXrRxtaV05
DB_DATABASE_NAME=immich
DB_VECTOR_EXTENSION=pgvector
REDIS_HOSTNAME=127.0.0.1
IMMICH_MACHINE_LEARNING_URL=http://127.0.0.1:3003
MACHINE_LEARNING_CACHE_FOLDER=/opt/immich/cache
IMMICH_MEDIA_LOCATION=/mnt/immich-library
NFS Mount (configured via pct set 126 -mp0):
- Host path:
/mnt/pve/elantris-downloads/immich - Container path:
/mnt/immich-library - Source: elantris (
/el-pool/downloads/immich/)
Systemd Services:
immich-web.service- Web UI and APIimmich-ml.service- Machine learning service
Traefik Config (/etc/traefik/conf.d/immich.yaml):
http:
routers:
immich:
rule: "Host(`immich.kavcorp.com`)"
entryPoints:
- websecure
service: immich
tls:
certResolver: letsencrypt
services:
immich:
loadBalancer:
servers:
- url: "http://10.4.2.24:2283"