TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: homelab infrastructure wiki

Browse Source 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
This commit is contained in:
Hermes Agent
2026-05-24 16:08:40 -07:00
parent d132442429
commit e4d91aadf9
285 changed files with 30018 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
homelab/docs/unifi-post-migration-summary-2026-03-17.md Normal file
View File

@@ -0,0 +1,64 @@
---
project:
name: UniFi Post-Migration Summary 2026-03-17
status: active
category: infrastructure
source: homelabagentroot
created: 2026-03-17
updated: 2026-03-17
description: Final summary of UniFi zoning, host migration, and rollback references after the March 17 cleanup wave
goals:
- Record the end state after network cleanup
- Provide a quick reference for what changed and what remains
- Link operators to rollback and runbook notes
priority: high
tags: [unifi, post-migration, summary, rollback]
---
# UniFi Post-Migration Summary 2026-03-17
## Completed Changes
- `Family of D.` moved from `Management` to `Internal`
- `Management` reduced to `Default` only
- New `Internal` access rules created for `Servers`, `IoT`, and `Staging`
- Logging enabled on key edge, VPN, and east-west user-defined policies
- Legacy `192.168.1.x` host paths removed from:
- `proxmox`
- `ubuntu`
- `truenas`
- Wi-Fi participation removed from:
- `grizzley`
- `ice`
- Staging-side `192.168.40.x` host paths removed from:
- `truenas`
- `grizzley`
- `ice`
- Staging access policies disabled:
- `Vpn to Staging`
- `Allow Servers to Staging`
## Current Host End State
| Host | Current Primary Addressing | Notes |
|------|----------------------------|-------|
| `ubuntu` | `192.168.50.61`, `192.168.30.61` | App edge healthy; UniFi may still show stale alternate observations |
| `proxmox` | `192.168.50.11`, `192.168.30.11` | Legacy `192.168.1.11` removed |
| `truenas` | `192.168.50.12` | Legacy `192.168.1.12` and staging `192.168.40.12` removed |
| `grizzley` | `192.168.50.84`, `192.168.30.84` | Wi-Fi removed |
| `ice` | `192.168.50.197`, `192.168.30.197` | Wi-Fi removed |
## Remaining Follow-Up
- Allow UniFi controller client history to age out or refresh
- Keep remaining `192.168.30.x` service-side paths in place for now because they appear to support intentional IoT-side service adjacency; remove them only after per-service validation
- Review public `HTTP` exposure and any duplicate firewall rules
- `grizzley` still has one disconnected/no-IP UniFi history record; a direct delete attempt returned `api.err.NotFound`, so this currently looks like controller-history lag
- `TrueNAS` is intentionally exposed through the local-only route `truenas.local.tophermayor.com`; `truenas.tophermayor.com` is not the canonical admin URL
## References
- Canonical current-state reference: [`docs/UNIFI_NETWORK_INFRASTRUCTURE.md`](/Users/christopherjohnsisonmayor/Infrastructure/core/docs/UNIFI_NETWORK_INFRASTRUCTURE.md)
- Runbook: [[unifi-host-migration-runbook.md|UniFi Host Migration Runbook]]
- Rollback: [[unifi-rollback-2026-03-17.md|UniFi Rollback 2026-03-17]]
- Execution details: [[unifi-execution-plan.md|UniFi Execution Plan]]