mirror of
https://github.com/myronblair/infra
synced 2026-06-30 17:50:10 -05:00
80 lines
5.2 KiB
Markdown
80 lines
5.2 KiB
Markdown
---
|
|
name: project-infra-todo
|
|
description: Infrastructure TODO list — outstanding issues and fixes needed across homelab
|
|
metadata:
|
|
node_type: memory
|
|
type: project
|
|
originSessionId: b1e93a6a-f101-4ea4-aafb-9cb7e2958821
|
|
---
|
|
|
|
# Infrastructure TODO
|
|
|
|
Last updated: 2026-06-28
|
|
|
|
---
|
|
|
|
## 🔴 OPEN
|
|
|
|
- [x] **Synology iSCSI → Proxmox storage** — COMPLETE 2026-06-27. SynologyLVM (lvmthin, 1.86TB) active. SynologyiSCSI raw device also added. NAS at 10.48.200.249, IQN: iqn.2000-01.com.synology:NAS.Target-1.6296e09c4cb. Set as default Proxmox storage. NAS hostname fixed in /etc/hosts (was resolving to Tailscale IP — root cause of past VM corruptions). SynologyProx CIFS stays for backups/ISOs.
|
|
|
|
- [ ] **FortiGate DNS + Synology Reverse Proxy for all VMs** — Use Synology's built-in Reverse Proxy (DSM → Control Panel → Application Portal → Reverse Proxy) instead of NPM. FortiGate DNS overrides point all .lan domains → 10.48.200.249 (Synology). NPM kept but no longer primary.
|
|
- **Step 1 — FortiGate DNS**: https://192.168.20.1 (admin / Joker1974!!!) → Network → DNS → Local DNS Records. Each .lan entry → 10.48.200.249
|
|
- **Step 2 — Synology Reverse Proxy rules** (DSM → Control Panel → Application Portal → Reverse Proxy):
|
|
| Source FQDN | Destination IP | Port | Notes |
|
|
|------------|----------------|------|-------|
|
|
| proxmox.lan | 10.48.200.90 | 8006 | HTTPS backend, enable WebSocket |
|
|
| jarvis.lan | 10.48.200.211 | 80 | HTTP |
|
|
| hoa.lan | 10.48.200.97 | 8123 | HTTP, **enable WebSocket** (HA requires it) |
|
|
| homebridge.lan | 10.48.200.18 | 8581 | HTTP |
|
|
| jellyfin.lan | 10.48.200.33 | 8096 | HTTP, enable WebSocket |
|
|
| novacpx.lan | 10.48.200.110 | 8882 | HTTPS backend |
|
|
| sonarr.lan | 10.48.200.35 | 8989 | HTTP |
|
|
| radarr.lan | 10.48.200.35 | 7878 | HTTP |
|
|
| qbit.lan | 10.48.200.35 | 8080 | HTTP |
|
|
| ollama.lan | 10.48.200.210 | 11434 | HTTP |
|
|
| npm.lan | 10.48.200.200 | 81 | HTTP |
|
|
| nas.lan | 10.48.200.249 | 5001 | HTTPS (DSM itself) |
|
|
- **Step 3 — Client DNS**: Set Windows DNS to FortiGate (192.168.20.1) or PVE1 (10.48.200.90) so .lan resolves
|
|
- **WebSocket**: Must be enabled on proxmox.lan, hoa.lan, jellyfin.lan rules or those UIs will break
|
|
|
|
- [ ] **Home Assistant VM109 post-boot setup** — HA is booting (supervisor starting). Once port 8123 is up:
|
|
1. Restore Google Drive backup (file ID: `1mLE1S9dSvxl0RYQnCt020WT-UZnQuxqP`)
|
|
2. Install Tailscale addon (go to Supervisor > Add-on Store)
|
|
3. Re-integrate JARVIS ↔ HA (212 entities)
|
|
4. Resize disk from 32GB → 150GB (`qm resize 109 sata0 +118G` while VM stopped, then resize partition inside HA)
|
|
|
|
|
|
|
|
- [x] **CT110 WireGuard filesystem read-only** — fsck run, filesystem clean and rw. wg-clients.conf updated with new MediaStack pubkey. 2026-06-24.
|
|
|
|
- [x] **CT110 wg-clients auto-start** — added `/etc/local.d/wg-clients.start` (OpenRC local service). wg-clients comes up on boot. 2026-06-24.
|
|
|
|
- [x] **MediaStack QEMU guest agent** — installed and running, `qm guest exec 103` verified working 2026-06-24.
|
|
|
|
- [x] **Tailscale re-auth on PVE1** — completed 2026-06-24.
|
|
|
|
- [x] **NovaCPX stale ARP fix permanence** — static ARP for 10.48.200.201 (bc:24:11:67:1d:47) set as PERMANENT via systemd `static-arp.service` on NovaCPX, enabled on boot 2026-06-24.
|
|
|
|
- [x] **web.orbishosting.com — Ollama link** — verified working 2026-06-24.
|
|
|
|
- [x] **MediaStack backup to new storage** — VM 103 disk now on GoFlex storage. Backup job runs nightly at 21:00 to SynologyProx and backs up VM regardless of disk location. Verified 2026-06-24.
|
|
|
|
- [x] **NAS Git Server — Hybrid Mirror Setup** — COMPLETE 2026-06-29. Gitea 1.26.4 (ARM64) on Synology NAS at 10.48.200.249:3000, HTTPS at gitea.orbishosting.com. All 25 GitHub repos mirrored (every 8h). 4 private NAS-only repos: infra-private, fortigate-config, proxmox-secrets, jarvis-secrets. Auto-starts on boot via /usr/local/etc/rc.d/gitea.sh. Added to web.orbishosting.com dashboard.
|
|
|
|
- [x] **Synology NAS → FortiSwitch** — COMPLETE 2026-06-28. NAS LAN2 → FortiSwitch Port 6, NAS LAN1 → FortiSwitch Port 7. Bonding configured as **Adaptive Load Balancing (ALB)** in Synology DSM (802.3ad LACP not available on FortiGate 60F FortiOS for managed FortiSwitch via CLI or GUI). ALB provides outbound load balancing + redundancy without switch LACP support. NAS remains at 10.48.200.249.
|
|
|
|
---
|
|
|
|
## ✅ COMPLETED (2026-06-24 session)
|
|
|
|
- [x] MediaStack VM 103 restored from 2026-06-23 backup (I/O errors on Synology disk)
|
|
- [x] MediaStack disk moved off Synology to new storage
|
|
- [x] WireGuard kill-switch rebuilt on MediaStack — new keypair, CT110 peer updated, hardcoded fwmark, LAN exception correct
|
|
- [x] WireGuard tunnel verified — exits via DO (165.22.1.228), handshake active
|
|
- [x] Ollama listening on 0.0.0.0:11434 (was 127.0.0.1 only) — added systemd override
|
|
- [x] CT110 LAN IP corrected to 10.48.200.67 (was wrongly documented as 10.48.200.19)
|
|
- [x] NovaCPX 502s fixed — flushed stale ARP on NovaCPX for NPM's IP
|
|
- [x] web.orbishosting.com WireGuard CT link updated to 10.48.200.67
|
|
- [x] JARVIS admin URL updated to https://jarvis.orbishosting.com/admin/ everywhere
|
|
- [x] web.orbishosting.com — Downloads card added (INFRASTRUCTURE-REFERENCE.md, syncs daily from JARVIS)
|