myron/infra
1
0
Fork 0
mirror of https://github.com/myronblair/infra synced 2026-06-30 17:50:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
infra/ai-memory/project_infra_todo.md
T

5.2 KiB
Raw Permalink Blame History

name, description, metadata
name description metadata
project-infra-todo Infrastructure TODO list — outstanding issues and fixes needed across homelab
node_type type originSessionId
memory project b1e93a6a-f101-4ea4-aafb-9cb7e2958821

Infrastructure TODO

Last updated: 2026-06-28

🔴 OPEN

  • Synology iSCSI → Proxmox storage — COMPLETE 2026-06-27. SynologyLVM (lvmthin, 1.86TB) active. SynologyiSCSI raw device also added. NAS at 10.48.200.249, IQN: iqn.2000-01.com.synology:NAS.Target-1.6296e09c4cb. Set as default Proxmox storage. NAS hostname fixed in /etc/hosts (was resolving to Tailscale IP — root cause of past VM corruptions). SynologyProx CIFS stays for backups/ISOs.

  • FortiGate DNS + Synology Reverse Proxy for all VMs — Use Synology's built-in Reverse Proxy (DSM → Control Panel → Application Portal → Reverse Proxy) instead of NPM. FortiGate DNS overrides point all .lan domains → 10.48.200.249 (Synology). NPM kept but no longer primary.

    • Step 1 — FortiGate DNS: https://192.168.20.1 (admin / Joker1974!!!) → Network → DNS → Local DNS Records. Each .lan entry → 10.48.200.249
    • Step 2 — Synology Reverse Proxy rules (DSM → Control Panel → Application Portal → Reverse Proxy):
      Source FQDN Destination IP Port Notes
      proxmox.lan 10.48.200.90 8006 HTTPS backend, enable WebSocket
      jarvis.lan 10.48.200.211 80 HTTP
      hoa.lan 10.48.200.97 8123 HTTP, enable WebSocket (HA requires it)
      homebridge.lan 10.48.200.18 8581 HTTP
      jellyfin.lan 10.48.200.33 8096 HTTP, enable WebSocket
      novacpx.lan 10.48.200.110 8882 HTTPS backend
      sonarr.lan 10.48.200.35 8989 HTTP
      radarr.lan 10.48.200.35 7878 HTTP
      qbit.lan 10.48.200.35 8080 HTTP
      ollama.lan 10.48.200.210 11434 HTTP
      npm.lan 10.48.200.200 81 HTTP
      nas.lan 10.48.200.249 5001 HTTPS (DSM itself)
    • Step 3 — Client DNS: Set Windows DNS to FortiGate (192.168.20.1) or PVE1 (10.48.200.90) so .lan resolves
    • WebSocket: Must be enabled on proxmox.lan, hoa.lan, jellyfin.lan rules or those UIs will break

  • Home Assistant VM109 post-boot setup — HA is booting (supervisor starting). Once port 8123 is up:

    1. Restore Google Drive backup (file ID: 1mLE1S9dSvxl0RYQnCt020WT-UZnQuxqP)
    2. Install Tailscale addon (go to Supervisor > Add-on Store)
    3. Re-integrate JARVIS ↔ HA (212 entities)
    4. Resize disk from 32GB → 150GB (qm resize 109 sata0 +118G while VM stopped, then resize partition inside HA)

  • CT110 WireGuard filesystem read-only — fsck run, filesystem clean and rw. wg-clients.conf updated with new MediaStack pubkey. 2026-06-24.

  • CT110 wg-clients auto-start — added /etc/local.d/wg-clients.start (OpenRC local service). wg-clients comes up on boot. 2026-06-24.

  • MediaStack QEMU guest agent — installed and running, qm guest exec 103 verified working 2026-06-24.

  • Tailscale re-auth on PVE1 — completed 2026-06-24.

  • NovaCPX stale ARP fix permanence — static ARP for 10.48.200.201 (bc:24:11:67:1d:47) set as PERMANENT via systemd static-arp.service on NovaCPX, enabled on boot 2026-06-24.

  • web.orbishosting.com — Ollama link — verified working 2026-06-24.

  • MediaStack backup to new storage — VM 103 disk now on GoFlex storage. Backup job runs nightly at 21:00 to SynologyProx and backs up VM regardless of disk location. Verified 2026-06-24.

  • NAS Git Server — Hybrid Mirror Setup — COMPLETE 2026-06-29. Gitea 1.26.4 (ARM64) on Synology NAS at 10.48.200.249:3000, HTTPS at gitea.orbishosting.com. All 25 GitHub repos mirrored (every 8h). 4 private NAS-only repos: infra-private, fortigate-config, proxmox-secrets, jarvis-secrets. Auto-starts on boot via /usr/local/etc/rc.d/gitea.sh. Added to web.orbishosting.com dashboard.

  • Synology NAS → FortiSwitch — COMPLETE 2026-06-28. NAS LAN2 → FortiSwitch Port 6, NAS LAN1 → FortiSwitch Port 7. Bonding configured as Adaptive Load Balancing (ALB) in Synology DSM (802.3ad LACP not available on FortiGate 60F FortiOS for managed FortiSwitch via CLI or GUI). ALB provides outbound load balancing + redundancy without switch LACP support. NAS remains at 10.48.200.249.

COMPLETED (2026-06-24 session)

  • MediaStack VM 103 restored from 2026-06-23 backup (I/O errors on Synology disk)
  • MediaStack disk moved off Synology to new storage
  • WireGuard kill-switch rebuilt on MediaStack — new keypair, CT110 peer updated, hardcoded fwmark, LAN exception correct
  • WireGuard tunnel verified — exits via DO (165.22.1.228), handshake active
  • Ollama listening on 0.0.0.0:11434 (was 127.0.0.1 only) — added systemd override
  • CT110 LAN IP corrected to 10.48.200.67 (was wrongly documented as 10.48.200.19)
  • NovaCPX 502s fixed — flushed stale ARP on NovaCPX for NPM's IP
  • web.orbishosting.com WireGuard CT link updated to 10.48.200.67
  • JARVIS admin URL updated to https://jarvis.orbishosting.com/admin/ everywhere
  • web.orbishosting.com — Downloads card added (INFRASTRUCTURE-REFERENCE.md, syncs daily from JARVIS)
Reference in New Issue View Git Blame Copy Permalink