5.3 KiB
5.3 KiB
IP Address Migration Plan
Status: IN PROGRESS
Completed 2025-12-22:
- All LXC gateways fixed to 10.4.2.1 (OPNsense)
- Critical containers migrated to local-lvm (Pi-hole, Traefik, Authelia, Vaultwarden, UniFi, Gitea)
- Traefik gateway fixed (was 10.4.2.254, now 10.4.2.1)
- NAT reflection enabled in OPNsense
- UniFi, Immich, Gitea set to static IPs and verified working through Traefik
- Media stack IP reorganization complete (all in 10.4.2.20-29 range)
- Traefik configs updated for all new IPs
Pending:
- Core infrastructure IP updates (Authelia, Vaultwarden, Pi-hole)
- Other services (Frigate, Foundry, Home Assistant, llama.cpp, AMP)
- Docker hosts IP updates
- Update docs/INFRASTRUCTURE.md with final IPs
Current IP Map (pm2 - 10.4.2.6):
- 104 traefik: 10.4.2.10
- 105 sonarr: 10.4.2.20 ✓
- 108 radarr: 10.4.2.24 ✓
- 113 docker-pm2: 10.4.2.203
- 114 prowlarr: 10.4.2.22 ✓
- 115 jellyseerr: 10.4.2.25 ✓
- 116 authelia: 10.4.2.19
- 117 whisparr: 10.4.2.21 ✓
- 118 notifiarr: 10.4.2.29 ✓
- 119 bazarr: 10.4.2.23 ✓
- 120 kometa: 10.4.2.27 ✓
- 122 recyclarr: 10.4.2.28 ✓
Current IP Map (pm4 - 10.4.2.5):
- 103 pihole: 10.4.2.129
- 110 docker-pm4: 10.4.2.204
- 111 unifi: 10.4.2.16 ✓
- 125 vaultwarden: 10.4.2.212
- 126 immich: 10.4.2.30 ✓
- 127 gitea: 10.4.2.31 ✓
Current IP Map (elantris - 10.4.2.14):
- 121 jellyfin: 10.4.2.26 ✓
- 124 amp: 10.4.2.40 ✓
New IP Allocation Scheme
| Range | Purpose |
|---|---|
| 10.4.2.1 | OPNsense gateway |
| 10.4.2.2-9 | Proxmox nodes |
| 10.4.2.10-19 | Core Infrastructure (proxy, DNS, auth, NAS) |
| 10.4.2.20-39 | Services (media stack, apps) |
| 10.4.2.40-49 | Game servers / AMP |
| 10.4.2.50-99 | Reserved / Future |
| 10.4.2.100-199 | DHCP Dynamic Pool |
| 10.4.2.200-239 | Docker hosts / VMs |
| 10.4.2.240-249 | IoT / Network controllers |
| 10.4.2.250-254 | Network gear |
Migration Table
Core Infrastructure (10.4.2.10-19)
| Service | VMID | Node | Current IP | New IP | Gateway Fix |
|---|---|---|---|---|---|
| Traefik | 104 | pm2 | 10.4.2.10 | 10.4.2.10 | Already 10.4.2.1 |
| Pi-hole | 103 | pm4 | 10.4.2.129 | 10.4.2.11 | Already 10.4.2.1 |
| Authelia | 116 | pm2 | 10.4.2.19 | 10.4.2.12 | 10.4.2.254→10.4.2.1 |
| KavNas | - | NAS | 10.4.2.13 | 10.4.2.13 | N/A (DHCP static) |
| Gitea | 127 | pm4 | 10.4.2.7 (DHCP) | 10.4.2.14 | Set to 10.4.2.1 |
| Vaultwarden | 125 | pm4 | 10.4.2.212 | 10.4.2.15 | 10.4.2.254→10.4.2.1 |
| UniFi | 111 | pm4 | 10.4.2.242 (DHCP) | 10.4.2.16 | Set to 10.4.2.1 |
Services - Media Stack (10.4.2.20-29) ✅ COMPLETE
| Service | VMID | Node | IP | Status |
|---|---|---|---|---|
| Sonarr | 105 | pm2 | 10.4.2.20 | ✅ Done |
| Whisparr | 117 | pm2 | 10.4.2.21 | ✅ Done |
| Prowlarr | 114 | pm2 | 10.4.2.22 | ✅ Done |
| Bazarr | 119 | pm2 | 10.4.2.23 | ✅ Done |
| Radarr | 108 | pm2 | 10.4.2.24 | ✅ Done |
| Jellyseerr | 115 | pm2 | 10.4.2.25 | ✅ Done |
| Jellyfin | 121 | elantris | 10.4.2.26 | ✅ Done |
| Kometa | 120 | pm2 | 10.4.2.27 | ✅ Done |
| Recyclarr | 122 | pm2 | 10.4.2.28 | ✅ Done |
| Notifiarr | 118 | pm2 | 10.4.2.29 | ✅ Done |
| Immich | 126 | pm4 | 10.4.2.30 | ✅ Done |
Services - Other (10.4.2.30-39)
| Service | VMID | Node | Current IP | New IP | Gateway Fix |
|---|---|---|---|---|---|
| Immich | 126 | pm4 | DHCP | 10.4.2.30 | Set to 10.4.2.1 |
| Frigate | 128 | pm3 | 10.4.2.8 | 10.4.2.31 | Check |
| Foundry VTT | 112 | pm3 | 10.4.2.37 | 10.4.2.37 | ✅ Already in range |
| Home Assistant | 100 | pm1 | 10.4.2.62 | 10.4.2.33 | Check |
| llama.cpp | 123 | elantris | 10.4.2.224 | 10.4.2.34 | Check |
Game Servers (10.4.2.40-49)
| Service | VMID | Node | Current IP | New IP | Gateway Fix |
|---|---|---|---|---|---|
| AMP | 124 | elantris | 10.4.2.40 | 10.4.2.40 | ✅ Done |
Docker Hosts (10.4.2.200-209)
| Service | VMID | Node | Current IP | New IP | Gateway Fix |
|---|---|---|---|---|---|
| docker-pm2 | 113 | pm2 | 10.4.2.203 | 10.4.2.200 | 10.4.2.254→10.4.2.1 |
| docker-pm4 | 110 | pm4 | 10.4.2.204 | 10.4.2.201 | 10.4.2.254→10.4.2.1 |
| docker-pm3 | 109 | pm3 | ? | 10.4.2.202 | Check |
| dockge | 107 | pm3 | ? | 10.4.2.203 | Check |
Migration Order
Phase 1: Fix gateways only (no IP changes)
- Restart not required, just config update
Phase 2: Migrate non-critical services
- Media stack (Sonarr, Radarr, etc.) - low impact
- Docker hosts
- Game servers
Phase 3: Migrate core services (brief downtime)
- Authelia
- Vaultwarden
- UniFi
- Gitea
Phase 4: Migrate DNS (coordinate carefully)
- Update all DHCP clients to use new Pi-hole IP FIRST
- Then migrate Pi-hole
Phase 5: Update Traefik configs
- Update all backend IPs in Traefik route configs
Post-Migration
- Update OPNsense DHCP static mappings
- Update docs/INFRASTRUCTURE.md
- Update Traefik configs
- Test all services
- Delete this migration plan file
Commands Reference
Change LXC IP and gateway:
pct set <vmid> --net0 name=eth0,bridge=vmbr0,gw=10.4.2.1,ip=<NEW_IP>/24,type=veth
pct reboot <vmid>
Add DHCP static mapping in OPNsense: Via UI: Services → DHCPv4 → [LAN] → Static Mappings