kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
96d413602f34b0d15072878fa4428d8c53e9863e
proxmox-infra/docs/CONFIGURATIONS.md
kavren 96d413602f docs: Update Sonarr IP to 10.4.2.20, Jellyseerr to 10.4.2.25 
Fixed outdated IP addresses across documentation and scripts.
Sonarr LXC 105 is at 10.4.2.20, not 10.4.2.15.
Jellyseerr LXC 115 is at 10.4.2.25, not 10.4.2.20.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-12 18:24:17 -05:00

382 lines
7.9 KiB
Markdown
Raw Blame History

# Configuration Reference
> **Purpose**: Detailed configuration for all services - copy/paste ready configs and settings
> **Update Frequency**: When service configurations change
## Traefik
### SSL/TLS with Let's Encrypt
**Location**: LXC 104 on pm2
**Environment Variables** (`/etc/systemd/system/traefik.service.d/override.conf`):
```bash
NAMECHEAP_API_USER=kavren
NAMECHEAP_API_KEY=8156f3d9ef664c91b95f029dfbb62ad5
NAMECHEAP_PROPAGATION_TIMEOUT=3600
NAMECHEAP_POLLING_INTERVAL=30
NAMECHEAP_TTL=300
```
**Main Config** (`/etc/traefik/traefik.yaml`):
```yaml
certificatesResolvers:
letsencrypt:
acme:
email: cory.bailey87@gmail.com
storage: /etc/traefik/ssl/acme.json
dnsChallenge:
provider: namecheap
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
```
### Service Routing Examples
**Home Assistant** (`/etc/traefik/conf.d/home-automation.yaml`):
```yaml
http:
routers:
homeassistant:
rule: "Host(`hass.kavcorp.com`)"
entryPoints:
- websecure
service: homeassistant
tls:
certResolver: letsencrypt
services:
homeassistant:
loadBalancer:
servers:
- url: "http://10.4.2.62:8123"
```
**Ollama** (`/etc/traefik/conf.d/ollama.yaml`):
```yaml
http:
routers:
ollama:
rule: "Host(`ollama.kavcorp.com`)"
entryPoints:
- websecure
service: ollama
tls:
certResolver: letsencrypt
services:
ollama:
loadBalancer:
servers:
- url: "http://10.4.2.224:11434"
```
**Frigate** (`/etc/traefik/conf.d/frigate.yaml`):
```yaml
http:
routers:
frigate:
rule: "Host(`frigate.kavcorp.com`)"
entryPoints:
- websecure
service: frigate
tls:
certResolver: letsencrypt
services:
frigate:
loadBalancer:
servers:
- url: "https://10.4.2.8:8971"
serversTransport: frigate-transport
serversTransports:
frigate-transport:
insecureSkipVerify: true
```
**Note**: Frigate uses port 8971 for authenticated access with a self-signed TLS certificate. Port 5000 is unauthenticated (for Home Assistant integration only).
**Foundry VTT** (`/etc/traefik/conf.d/foundry.yaml`):
```yaml
http:
routers:
foundry:
rule: "Host(`vtt.kavcorp.com`)"
entryPoints:
- websecure
service: foundry
tls:
certResolver: letsencrypt
services:
foundry:
loadBalancer:
servers:
- url: "http://10.4.2.37:30000"
```
**Proxmox** (`/etc/traefik/conf.d/proxmox.yaml`):
```yaml
http:
routers:
proxmox:
rule: "Host(`pm.kavcorp.com`)"
entryPoints:
- websecure
service: proxmox
tls:
certResolver: letsencrypt
services:
proxmox:
loadBalancer:
servers:
- url: "https://10.4.2.6:8006"
serversTransport: proxmox-transport
serversTransports:
proxmox-transport:
insecureSkipVerify: true
```
## Synology DSM
**Location**: KavNas (Synology NAS)
**IP**: 10.4.2.13:5001
**Domain**: dsm.kavcorp.com
**Traefik Config** (`/etc/traefik/conf.d/dsm.yaml`):
```yaml
http:
routers:
dsm:
rule: "Host(`dsm.kavcorp.com`)"
entryPoints:
- websecure
service: dsm
tls:
certResolver: letsencrypt
services:
dsm:
loadBalancer:
servers:
- url: "http://10.4.2.13:5001"
```
**Note**: DSM is configured for HTTP on port 5001 (not HTTPS). Traefik terminates TLS.
## AMP (Application Management Panel)
**Location**: LXC 124 on elantris
**IP**: 10.4.2.26:8080
**Domain**: amp.kavcorp.com
**Traefik Config** (`/etc/traefik/conf.d/amp.yaml`):
```yaml
http:
routers:
amp:
rule: "Host(`amp.kavcorp.com`)"
entryPoints:
- websecure
service: amp
tls:
certResolver: letsencrypt
services:
amp:
loadBalancer:
servers:
- url: "http://10.4.2.26:8080"
```
## Home Assistant
**Location**: VM 100 on pm1
**IP**: 10.4.2.62:8123
**Reverse Proxy Config** (`/config/configuration.yaml`):
```yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.4.2.10 # Traefik IP
- 172.30.0.0/16 # Home Assistant internal network (for add-ons)
```
## Sonarr
**Location**: LXC 105 on pm2
**IP**: 10.4.2.20:8989
**API Key**: b331fe18ec2144148a41645d9ce8b249
**Media Management Settings**:
- Permissions: Enabled, chmod 777
- Hardlinks: Enabled
- Episode title required: Always
- Free space check: 100MB minimum
## Radarr
**Location**: LXC 108
**IP**: 10.4.2.16:7878
**API Key**: 5e6796988abf4d6d819a2b506a44f422
## NZBGet
**Location**: Docker on kavnas (10.4.2.13)
**Port**: 6789
**Web User**: kavren
**Web Password**: fre8ub2ax8
**Key Settings** (`/volume1/docker/nzbget/config/nzbget.conf`):
```ini
MainDir=/config
DestDir=/downloads/completed
InterDir=/downloads/intermediate
UMask=0000 # Creates files with 777 permissions
```
**Docker Mounts**:
- Config: `/volume1/docker/nzbget/config:/config`
- Downloads: `/volume1/Media/downloads:/downloads`
## Recyclarr
**Location**: LXC 122 on pm2
**IP**: 10.4.2.25
**Binary**: `/usr/local/bin/recyclarr`
**Config**: `/root/.config/recyclarr/recyclarr.yml`
**Sync Schedule**: Daily at 3 AM via cron
**Configured Profiles**:
- **Radarr**: HD Bluray + WEB (1080p), Remux-1080p - Anime
- **Sonarr**: WEB-1080p, Remux-1080p - Anime
- **Custom Formats**: TRaSH Guides synced (Dolby Vision blocked, release group tiers)
## Jellyfin
**Location**: LXC 121 on elantris
**IP**: 10.4.2.21:8096
**Media Mounts** (inside LXC):
- `/media/tv``/el-pool/media/tv`
- `/media/anime``/el-pool/media/anime`
- `/media/movies``/el-pool/media/movies`
**Permissions**: Files must be 777 for Jellyfin user (UID 100107 in LXC) to access
## Vaultwarden
**Location**: LXC 125 on pm4
**IP**: 10.4.2.212:80
**Domain**: vtw.kavcorp.com
**Traefik Config** (`/etc/traefik/conf.d/vaultwarden.yaml`):
```yaml
http:
routers:
vaultwarden:
rule: "Host(`vtw.kavcorp.com`)"
entryPoints:
- websecure
service: vaultwarden
tls:
certResolver: letsencrypt
services:
vaultwarden:
loadBalancer:
servers:
- url: "http://10.4.2.212:80"
```
## Pi-hole
**Location**: LXC 103 on pm4
**IP**: 10.4.2.129
**Domain**: pihole.kavcorp.com
**Web UI**: http://10.4.2.129/admin
**DNS Configuration**:
- Unbound recursive DNS on port 5335
- Pi-hole uses `127.0.0.1#5335` as upstream
**Traefik Config** (`/etc/traefik/conf.d/pihole.yaml`):
```yaml
http:
routers:
pihole:
rule: "Host(`pihole.kavcorp.com`)"
entryPoints:
- websecure
service: pihole
tls:
certResolver: letsencrypt
services:
pihole:
loadBalancer:
servers:
- url: "http://10.4.2.129"
```
**Router Configuration** (Asus):
- LAN → DHCP Server → DNS Server 1: `10.4.2.129`
- DNS Server 2: `1.1.1.1` (fallback)
## Immich
**Location**: LXC 126 on pm4
**IP**: 10.4.2.24:2283
**Domain**: immich.kavcorp.com
**Config** (`/opt/immich/.env`):
```bash
TZ=America/Indiana/Indianapolis
IMMICH_VERSION=release
NODE_ENV=production
DB_HOSTNAME=127.0.0.1
DB_USERNAME=immich
DB_PASSWORD=AulF5JhgWXrRxtaV05
DB_DATABASE_NAME=immich
DB_VECTOR_EXTENSION=pgvector
REDIS_HOSTNAME=127.0.0.1
IMMICH_MACHINE_LEARNING_URL=http://127.0.0.1:3003
MACHINE_LEARNING_CACHE_FOLDER=/opt/immich/cache
IMMICH_MEDIA_LOCATION=/mnt/immich-library
```
**NFS Mount** (configured via `pct set 126 -mp0`):
- Host path: `/mnt/pve/elantris-downloads/immich`
- Container path: `/mnt/immich-library`
- Source: elantris (`/el-pool/downloads/immich/`)
**Systemd Services**:
- `immich-web.service` - Web UI and API
- `immich-ml.service` - Machine learning service
**Traefik Config** (`/etc/traefik/conf.d/immich.yaml`):
```yaml
http:
routers:
immich:
rule: "Host(`immich.kavcorp.com`)"
entryPoints:
- websecure
service: immich
tls:
certResolver: letsencrypt
services:
immich:
loadBalancer:
servers:
- url: "http://10.4.2.24:2283"
```
Reference in New Issue View Git Blame Copy Permalink