kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e0a64b1b9233d6718012511eacf492ce7b740365
proxmox-infra/docs/TASKS.md
kavren e0a64b1b92 docs: Add DHCP-based network isolation strategy 
- Document OPNsense WAN configuration (pm4 vmbr1 with USB NIC)
- Add DHCP-based isolation workaround for unmanaged Gigabyte switches
- Plan subnet scheme: LAN (10.4.2.0/24), IoT (10.4.10.0/24), Guest (10.4.20.0/24)
- Document planned OPNsense firewall rules for isolation
- Update tasks with OPNsense migration and isolation steps
- Fix Claude Code hooks settings (remove matcher from Stop hook)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-21 19:20:07 -05:00

72 lines
2.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Current Tasks
> **Last Updated**: 2025-12-21
## In Progress
None currently.
## Pending
### OPNsense Migration (Priority)
OPNsense VM 130 deployed on pm4 with vmbr1 (USB NIC) for WAN.
**Pending:**
- [ ] Connect USB NIC to AT&T modem (WAN cutover)
- [ ] Configure OPNsense WAN interface (DHCP or PPPoE from AT&T)
- [ ] Configure OPNsense as DHCP server for LAN (10.4.2.0/24)
- [ ] Test internet connectivity through OPNsense
- [ ] Update gateway on all devices from 10.4.2.254 → 10.4.2.1
### Network Isolation (DHCP Workaround)
Using DHCP-based isolation due to unmanaged Gigabyte switches. See DECISIONS.md.
**Pending:**
- [ ] Configure OPNsense DHCP scope for IoT (10.4.10.0/24)
- [ ] Configure OPNsense DHCP scope for Guest (10.4.20.0/24)
- [ ] Configure UniFi to assign IoT/Guest clients to correct subnets (via DHCP options or UniFi DHCP)
- [ ] Create OPNsense firewall rules:
- Block IoT → LAN
- Block Guest → LAN
- Block Guest → IoT
- Allow Smart Home VMs → IoT
- [ ] Test isolation (IoT device cannot ping LAN device)
- [ ] Test Smart Home access (Home Assistant can reach IoT)
### Future Network Upgrades
- [ ] Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul
- [ ] Consider managed 2.5G PoE switches for proper VLAN support
- [ ] Consider OPNsense HA (CARP) with second USB NIC on another node
### Media Organization
- [ ] Verify Jellyfin can see all imported media
- [ ] Clean up `.processing-loose-episodes` folder
- [ ] Review and potentially restore TV shows from processing folder
### Configuration
- [ ] Consider custom format to prefer English audio releases
- [ ] Review Sonarr language profiles for non-English releases
### Infrastructure
- [ ] Define backup strategy and schedule
- [ ] Set up monitoring/alerting system
- [ ] Document disaster recovery procedures
## Completed (Recent)
- [x] Configured pm4 vmbr1 bridge with USB 2.5G NIC for OPNsense WAN
- [x] Added net1 (vmbr1) to OPNsense VM 130
- [x] Documented DHCP-based network isolation strategy
- [x] Deployed UniFi Controller LXC 111 on pm4
- [x] Fixed SSH access between cluster nodes (pm2 can access all nodes)
- [x] Fixed NZBGet permissions (UMask=0000 for 777 files)
- [x] Fixed Sonarr permissions (chmod 777 on imports)
- [x] Fixed Jellyfin LXC mounts (restarted LXC)
- [x] Fixed Jellyseerr IP in Traefik config
- [x] Consolidated documentation structure
- [x] Created documentation index
## Blocked
None currently.
Reference in New Issue View Git Blame Copy Permalink