kavren/proxmox-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8d34127b6a80bde3dc100020a6a9e05a10bf8af
proxmox-infra/docs/CONFIGURATIONS.md
kavren e8d34127b6 docs: Update Frigate migration and Traefik config 
- Frigate migrated to LXC 128 (Docker) with auth enabled
- Updated IP to 10.4.2.8, port 8971 for authenticated access
- Traefik uses HTTPS backend with insecureSkipVerify for self-signed cert
- Added logrotate for Traefik logs (50MB max, 3 rotations)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-15 21:13:20 -05:00

7.6 KiB
Raw Blame History

Configuration Reference

Purpose: Detailed configuration for all services - copy/paste ready configs and settings Update Frequency: When service configurations change

Traefik

SSL/TLS with Let's Encrypt

Location: LXC 104 on pm2

Environment Variables (/etc/systemd/system/traefik.service.d/override.conf):

NAMECHEAP_API_USER=kavren
NAMECHEAP_API_KEY=8156f3d9ef664c91b95f029dfbb62ad5
NAMECHEAP_PROPAGATION_TIMEOUT=3600
NAMECHEAP_POLLING_INTERVAL=30
NAMECHEAP_TTL=300

Main Config (/etc/traefik/traefik.yaml):

certificatesResolvers:
  letsencrypt:
    acme:
      email: cory.bailey87@gmail.com
      storage: /etc/traefik/ssl/acme.json
      dnsChallenge:
        provider: namecheap
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

Service Routing Examples

Home Assistant (/etc/traefik/conf.d/home-automation.yaml):

http:
  routers:
    homeassistant:
      rule: "Host(`hass.kavcorp.com`)"
      entryPoints:
        - websecure
      service: homeassistant
      tls:
        certResolver: letsencrypt

  services:
    homeassistant:
      loadBalancer:
        servers:
          - url: "http://10.4.2.62:8123"

Ollama (/etc/traefik/conf.d/ollama.yaml):

http:
  routers:
    ollama:
      rule: "Host(`ollama.kavcorp.com`)"
      entryPoints:
        - websecure
      service: ollama
      tls:
        certResolver: letsencrypt

  services:
    ollama:
      loadBalancer:
        servers:
          - url: "http://10.4.2.224:11434"

Frigate (/etc/traefik/conf.d/frigate.yaml):

http:
  routers:
    frigate:
      rule: "Host(`frigate.kavcorp.com`)"
      entryPoints:
        - websecure
      service: frigate
      tls:
        certResolver: letsencrypt

  services:
    frigate:
      loadBalancer:
        servers:
          - url: "https://10.4.2.8:8971"
        serversTransport: frigate-transport

  serversTransports:
    frigate-transport:
      insecureSkipVerify: true

Note: Frigate uses port 8971 for authenticated access with a self-signed TLS certificate. Port 5000 is unauthenticated (for Home Assistant integration only).

Foundry VTT (/etc/traefik/conf.d/foundry.yaml):

http:
  routers:
    foundry:
      rule: "Host(`vtt.kavcorp.com`)"
      entryPoints:
        - websecure
      service: foundry
      tls:
        certResolver: letsencrypt

  services:
    foundry:
      loadBalancer:
        servers:
          - url: "http://10.4.2.37:30000"

Proxmox (/etc/traefik/conf.d/proxmox.yaml):

http:
  routers:
    proxmox:
      rule: "Host(`pm.kavcorp.com`)"
      entryPoints:
        - websecure
      service: proxmox
      tls:
        certResolver: letsencrypt

  services:
    proxmox:
      loadBalancer:
        servers:
          - url: "https://10.4.2.6:8006"
        serversTransport: proxmox-transport

  serversTransports:
    proxmox-transport:
      insecureSkipVerify: true

AMP (Application Management Panel)

Location: LXC 124 on elantris IP: 10.4.2.26:8080 Domain: amp.kavcorp.com

Traefik Config (/etc/traefik/conf.d/amp.yaml):

http:
  routers:
    amp:
      rule: "Host(`amp.kavcorp.com`)"
      entryPoints:
        - websecure
      service: amp
      tls:
        certResolver: letsencrypt

  services:
    amp:
      loadBalancer:
        servers:
          - url: "http://10.4.2.26:8080"

Home Assistant

Location: VM 100 on pm1 IP: 10.4.2.62:8123

Reverse Proxy Config (/config/configuration.yaml):

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.4.2.10  # Traefik IP
    - 172.30.0.0/16  # Home Assistant internal network (for add-ons)

Sonarr

Location: LXC 105 on pm2 IP: 10.4.2.15:8989 API Key: b331fe18ec2144148a41645d9ce8b249

Media Management Settings:

  • Permissions: Enabled, chmod 777
  • Hardlinks: Enabled
  • Episode title required: Always
  • Free space check: 100MB minimum

Radarr

Location: LXC 108 IP: 10.4.2.16:7878 API Key: 5e6796988abf4d6d819a2b506a44f422

NZBGet

Location: Docker on kavnas (10.4.2.13) Port: 6789 Web User: kavren Web Password: fre8ub2ax8

Key Settings (/volume1/docker/nzbget/config/nzbget.conf):

MainDir=/config
DestDir=/downloads/completed
InterDir=/downloads/intermediate
UMask=0000  # Creates files with 777 permissions

Docker Mounts:

  • Config: /volume1/docker/nzbget/config:/config
  • Downloads: /volume1/Media/downloads:/downloads

Recyclarr

Location: LXC 122 on pm2 IP: 10.4.2.25 Binary: /usr/local/bin/recyclarr Config: /root/.config/recyclarr/recyclarr.yml

Sync Schedule: Daily at 3 AM via cron

Configured Profiles:

  • Radarr: HD Bluray + WEB (1080p), Remux-1080p - Anime
  • Sonarr: WEB-1080p, Remux-1080p - Anime
  • Custom Formats: TRaSH Guides synced (Dolby Vision blocked, release group tiers)

Jellyfin

Location: LXC 121 on elantris IP: 10.4.2.21:8096

Media Mounts (inside LXC):

  • /media/tv/el-pool/media/tv
  • /media/anime/el-pool/media/anime
  • /media/movies/el-pool/media/movies

Permissions: Files must be 777 for Jellyfin user (UID 100107 in LXC) to access

Vaultwarden

Location: LXC 125 on pm4 IP: 10.4.2.212:80 Domain: vtw.kavcorp.com

Traefik Config (/etc/traefik/conf.d/vaultwarden.yaml):

http:
  routers:
    vaultwarden:
      rule: "Host(`vtw.kavcorp.com`)"
      entryPoints:
        - websecure
      service: vaultwarden
      tls:
        certResolver: letsencrypt

  services:
    vaultwarden:
      loadBalancer:
        servers:
          - url: "http://10.4.2.212:80"

Immich

Location: LXC 126 on pm4 IP: 10.4.2.24:2283 Domain: immich.kavcorp.com

Config (/opt/immich/.env):

TZ=America/Indiana/Indianapolis
IMMICH_VERSION=release
NODE_ENV=production
DB_HOSTNAME=127.0.0.1
DB_USERNAME=immich
DB_PASSWORD=AulF5JhgWXrRxtaV05
DB_DATABASE_NAME=immich
DB_VECTOR_EXTENSION=pgvector
REDIS_HOSTNAME=127.0.0.1
IMMICH_MACHINE_LEARNING_URL=http://127.0.0.1:3003
MACHINE_LEARNING_CACHE_FOLDER=/opt/immich/cache
IMMICH_MEDIA_LOCATION=/mnt/immich-library

NFS Mount (configured via pct set 126 -mp0):

  • Host path: /mnt/pve/elantris-downloads/immich
  • Container path: /mnt/immich-library
  • Source: elantris (/el-pool/downloads/immich/)

Systemd Services:

  • immich-web.service - Web UI and API
  • immich-ml.service - Machine learning service

Traefik Config (/etc/traefik/conf.d/immich.yaml):

http:
  routers:
    immich:
      rule: "Host(`immich.kavcorp.com`)"
      entryPoints:
        - websecure
      service: immich
      tls:
        certResolver: letsencrypt

  services:
    immich:
      loadBalancer:
        servers:
          - url: "http://10.4.2.24:2283"

Shinobi

Location: LXC 103 on pm4 IP: 10.4.2.226:8080 Domain: shinobi.kavcorp.com

Process Manager: PM2

  • pm2 list - View running processes
  • pm2 restart camera - Restart Shinobi
  • pm2 logs camera - View logs

Video Storage:

  • Path: /opt/Shinobi/videos
  • Source: NFS mount from elantris (/el-pool/shinobi)
  • Size: ~11TB available

Hardware:

  • Coral USB TPU passed through (/dev/coral_usb)
  • Note: Coral plugin requires TensorFlow Lite native build (not available for Ubuntu 24.04)

Traefik Config (/etc/traefik/conf.d/shinobi.yaml):

http:
  routers:
    shinobi:
      rule: "Host(`shinobi.kavcorp.com`)"
      entryPoints:
        - websecure
      service: shinobi
      tls:
        certResolver: letsencrypt

  services:
    shinobi:
      loadBalancer:
        servers:
          - url: "http://10.4.2.226:8080"
Reference in New Issue View Git Blame Copy Permalink