TopherMayor/hermes-ice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hermes-ice/homelab/docs/unifi-post-migration-summary-2026-03-17.md
Hermes Agent e4d91aadf9 Initial commit: homelab infrastructure wiki 
- Full Obsidian vault content
- Host configs (ice, grizzley, ubuntu, proxmox, truenas, panda, hyte)
- Media stack documentation
- Traefik HA setup
- Automation scripts
- Bachelor party planning
2026-05-24 16:08:40 -07:00

2.7 KiB
Raw Permalink Blame History

project
project
name status category source created updated description goals priority tags
UniFi Post-Migration Summary 2026-03-17 active infrastructure homelabagentroot 2026-03-17 2026-03-17 Final summary of UniFi zoning, host migration, and rollback references after the March 17 cleanup wave
Record the end state after network cleanup
Provide a quick reference for what changed and what remains
Link operators to rollback and runbook notes
high
unifi
post-migration
summary
rollback

UniFi Post-Migration Summary 2026-03-17

Completed Changes

  • Family of D. moved from Management to Internal
  • Management reduced to Default only
  • New Internal access rules created for Servers, IoT, and Staging
  • Logging enabled on key edge, VPN, and east-west user-defined policies
  • Legacy 192.168.1.x host paths removed from:
    • proxmox
    • ubuntu
    • truenas
  • Wi-Fi participation removed from:
    • grizzley
    • ice
  • Staging-side 192.168.40.x host paths removed from:
    • truenas
    • grizzley
    • ice
  • Staging access policies disabled:
    • Vpn to Staging
    • Allow Servers to Staging

Current Host End State

Host Current Primary Addressing Notes
ubuntu 192.168.50.61, 192.168.30.61 App edge healthy; UniFi may still show stale alternate observations
proxmox 192.168.50.11, 192.168.30.11 Legacy 192.168.1.11 removed
truenas 192.168.50.12 Legacy 192.168.1.12 and staging 192.168.40.12 removed
grizzley 192.168.50.84, 192.168.30.84 Wi-Fi removed
ice 192.168.50.197, 192.168.30.197 Wi-Fi removed

Remaining Follow-Up

  • Allow UniFi controller client history to age out or refresh
  • Keep remaining 192.168.30.x service-side paths in place for now because they appear to support intentional IoT-side service adjacency; remove them only after per-service validation
  • Review public HTTP exposure and any duplicate firewall rules
  • grizzley still has one disconnected/no-IP UniFi history record; a direct delete attempt returned api.err.NotFound, so this currently looks like controller-history lag
  • TrueNAS is intentionally exposed through the local-only route truenas.local.tophermayor.com; truenas.tophermayor.com is not the canonical admin URL

References

Reference in New Issue View Git Blame Copy Permalink