kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ae071a50646e1af1eaacdef4d9546dd7ceaae1e4
proxmox-infra/docs/TASKS.md
kavren ae071a5064 docs: VLAN isolation working, OPNsense WAN cutover complete 
- Updated INFRASTRUCTURE.md with VLAN traffic path and required configs
- Updated CHANGELOG.md with WAN cutover and VLAN troubleshooting fixes
- Updated TASKS.md to reflect completed network work
- pm4 bridge VLAN config made persistent via post-up commands
- Pi-hole listeningMode changed to ALL for multi-subnet DNS

Key fixes:
- pm4 vmbr0 bridge-vlan-aware with VLANs 10,20,30 on eno1
- Pi-hole veth added to VLANs for routed traffic
- Pi-hole gateway set to OPNsense (10.4.2.1)
- OPNsense default route fixed to use WAN gateway

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-21 22:29:19 -05:00

64 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Current Tasks
> **Last Updated**: 2025-12-21
## In Progress
None currently.
## Pending
### Remaining Network Tasks
- [ ] Disable DHCP on Asus router and switch LAN to OPNsense DHCP
- [ ] Test firewall isolation (IoT device cannot ping LAN device)
- [ ] Test Smart Home access (Home Assistant can reach IoT devices)
- [ ] Add Pi-hole veth VLAN membership to LXC hookscript for persistence
### Future Network Upgrades
- [ ] Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul
- [ ] Consider managed 2.5G PoE switches for proper VLAN support
- [ ] Consider OPNsense HA (CARP) with second USB NIC on another node
### Media Organization
- [ ] Verify Jellyfin can see all imported media
- [ ] Clean up `.processing-loose-episodes` folder
- [ ] Review and potentially restore TV shows from processing folder
### Configuration
- [ ] Consider custom format to prefer English audio releases
- [ ] Review Sonarr language profiles for non-English releases
### Infrastructure
- [ ] Define backup strategy and schedule
- [ ] Set up monitoring/alerting system
- [ ] Document disaster recovery procedures
## Completed (Recent)
- [x] OPNsense WAN cutover to AT&T modem (192.168.1.x)
- [x] VLAN isolation working (Trusted, IoT, Guest)
- [x] pm4 vmbr0 VLAN-aware with persistent bridge vlan config
- [x] Pi-hole accepting DNS from all subnets (listeningMode=ALL)
- [x] Pi-hole gateway set to OPNsense for return routing
- [x] UniFi SSIDs configured with VLAN tags
- [x] Configured OPNsense VLANs (10, 20, 30) on vtnet0
- [x] Configured VLAN interfaces with IPs (10.4.10.1, 10.4.20.1, 10.4.30.1)
- [x] Configured DHCP on all VLAN interfaces
- [x] Implemented firewall rules for IoT/Guest isolation
- [x] Added Traefik routes for UniFi Controller and OPNsense
- [x] Resized Traefik LXC 104 rootfs from 2GB to 4GB
- [x] Configured pm4 vmbr1 bridge with USB 2.5G NIC for OPNsense WAN
- [x] Added net1 (vmbr1) to OPNsense VM 130
- [x] Deployed UniFi Controller LXC 111 on pm4
- [x] Fixed SSH access between cluster nodes (pm2 can access all nodes)
- [x] Fixed NZBGet permissions (UMask=0000 for 777 files)
- [x] Fixed Sonarr permissions (chmod 777 on imports)
- [x] Fixed Jellyfin LXC mounts (restarted LXC)
- [x] Fixed Jellyseerr IP in Traefik config
- [x] Consolidated documentation structure
- [x] Created documentation index
## Blocked
None currently.
Reference in New Issue View Git Blame Copy Permalink