jester/zlh-grind
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases Wiki Activity

Add LXC template standard - Ubuntu 24.04 for all containers

Browse Source
This commit is contained in:
jester 2026-03-29 18:00:40 +00:00
parent dc2c3c60d2
commit 3519c82bdd
1 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
SCRATCH/handover-mar29-2026.md
View File

@ -13,7 +13,7 @@ This is a fresh chat handover. Read this file first, then read:
A new dedicated server has been purchased from GTHost Detroit and is active. A new dedicated server has been purchased from GTHost Detroit and is active.
The platform is being migrated from the old Denver server to the new Detroit server. The platform is being migrated from the old Denver server to the new Detroit server.
The user is preparing to begin the migration today. Migration is in progress as of Mar 29 — OPNsense routers and DNS are up on new host.
**New server specs:** **New server specs:**
- Supermicro 2029TP-HTR - Supermicro 2029TP-HTR
@ -47,22 +47,28 @@ The user is preparing to begin the migration today.
--- ---
## Standard LXC/VM Specs (new host)
**All LXC containers use Ubuntu 24.04** — standardized across the board.
| Service type | CPU | RAM | Disk |
|---|---|---|---|
| Proxy (Caddy) | 1 core | 512MB | 8GB |
| DNS (Technitium) | 1 core | 512MB | 8GB |
| Velocity | 2 cores | 2GB | 16GB |
| Monitor | 2 cores | 2GB | 16GB |
| Artifacts | 1 core | 512MB | 32GB+ |
| API/Portal VMs | 2 cores | 4GB | 32GB |
| OPNsense VMs | 4 cores | 8GB | 64GB |
---
## PBS Status (CRITICAL — Do This First) ## PBS Status (CRITICAL — Do This First)
- Old backups only go to November 2025 — disk was full - Old backups only go to November 2025 — disk was full
- Disk has been resized to 1.1TB - Disk has been resized to 1.1TB
- Plan: delete old datastore, recreate fresh, run full backup of everything - ✅ PBS datastore recreated fresh Mar 29
- DO NOT start migration until fresh backups are confirmed green - ✅ Fresh backup of all VMs/containers completed Mar 29 ~08:34
**Fresh backup priority order:**
1. OPNsense core router (105)
2. OPNsense zpack router (1006)
3. zlh-dns (1001)
4. zpack-api (1005)
5. zpack-portal (1100)
6. zlh-artifacts (1003)
7. zlh-velocity (300)
8. Everything else
--- ---
@ -71,19 +77,19 @@ The user is preparing to begin the migration today.
### DO MIGRATE — New ID assignments: ### DO MIGRATE — New ID assignments:
| Old ID | Name | New ID | Type | How | | Old ID | Name | New ID | Type | How |
|--------|------|--------|------|-----| |--------|-------|--------|------|-----|
| 105 | zlh-router (core OPNsense) | 9001 | VM | Fresh 26.1 + config import | | 105 | zlh-router (core OPNsense) | 9001 | VM | Fresh 26.1 + config import |
| 1006 | zlh-zpack-router (game/dev OPNsense) | 9002 | VM | Fresh 26.1 + config import | | 1006 | zlh-zpack-router (game/dev OPNsense) | 9002 | VM | Fresh 26.1 + config import |
| 1001 | zlh-dns | 9010 | LXC | Fresh + Technitium export/import | | 1001 | zlh-dns | 9010 | LXC | Fresh + Technitium export/import |
| 1002 | zlh-proxy (Traefik core) | 9011 | LXC | Fresh + config | | 1002 | zlh-proxy (Caddy core) | 9011 | LXC | Fresh + config |
| 1004 | zlh-zpack-proxy (Traefik game/dev) | 9012 | LXC | Fresh + config | | 1004 | zlh-zpack-proxy (Caddy game/dev) | 9012 | LXC | Fresh + config |
| 9000 | zlh-connect (Twingate) | 9013 | LXC | Fresh install | | 9000 | zlh-connect (Twingate) | 9013 | LXC | Fresh install |
| 1003 | zlh-artifacts (Caddy file server) | 9014 | LXC | Fresh Caddy + rsync content | | 1003 | zlh-artifacts (Caddy file server) | 9014 | LXC | Fresh Caddy + rsync content |
| 300 | zlh-velocity | 9015 | LXC | Fresh + copy jar + plugin | | 300 | zlh-velocity | 9015 | LXC | Fresh + copy jar + plugin |
| 104 | zlh-monitor (Prometheus/Grafana) | 9016 | LXC | Fresh install | | 104 | zlh-monitor (Prometheus/Grafana) | 9016 | LXC | Fresh install |
| 2001 | zlh-back (PBS) | 9017 | VM | Fresh + PBS config | | 2001 | zlh-back (PBS) | 9017 | VM | Fresh + PBS config |
| 1005 | zpack-api | 9020 | VM | Fresh Ubuntu VM + copy project folder | | 1005 | zpac-api | 9020 | VM | Fresh Ubuntu VM + copy project folder |
| 1100 | zpack-portal | 9021 | VM | Fresh Ubuntu VM + copy project folder | | 1100 | zpac-portal | 9021 | VM | Fresh Ubuntu VM + copy project folder |
| 4000 | aimeesites | 9030 | LXC | Migrate | | 4000 | aimeesites | 9030 | LXC | Migrate |
### DO NOT MIGRATE (legacy/unused): ### DO NOT MIGRATE (legacy/unused):
@ -133,12 +139,12 @@ The user is preparing to begin the migration today.
- Two routers: core (105→9001) and zpack/game/dev (1006→9002) - Two routers: core (105→9001) and zpack/game/dev (1006→9002)
- Installing OPNsense 26.1 fresh (upgrade from 25.7.10) - Installing OPNsense 26.1 fresh (upgrade from 25.7.10)
- Import 25.7.10 config — upgrade path is supported - Import 25.7.10 config — upgrade path is supported
- DHCP plugin auto-installs during upgrade - **Install os-isc-dhcp plugin BEFORE importing config** — ISC DHCP no longer built-in in 26.1
- Firewall rules migration assistant available but not urgent - Firewall rules migration assistant available but not urgent — do after everything is stable
- Interface reassignment after config import may be needed - Interface reassignment after config import may be needed
- GTHost MAC binding required for WAN public IPs — check GTHost panel for registered MACs - GTHost MAC binding required for WAN public IPs — check GTHost panel for registered MACs
**zpack-api / zpack-portal:** **zpac-api / zpac-portal:**
- Both kept as VMs (not LXC) — active development, always been VMs - Both kept as VMs (not LXC) — active development, always been VMs
- Node 22.21.0 (already current LTS — no upgrade needed) - Node 22.21.0 (already current LTS — no upgrade needed)
- Next.js 16.1.1 (current — no upgrade needed) - Next.js 16.1.1 (current — no upgrade needed)
@ -150,6 +156,11 @@ The user is preparing to begin the migration today.
- Fresh LXC + copy Velocity jar + copy plugin jar - Fresh LXC + copy Velocity jar + copy plugin jar
- Check current version on old server before migrating - Check current version on old server before migrating
**zlh-proxy / zlh-zpack-proxy:**
- Both now use Caddy (not Traefik) — switched during migration
- Original Caddyfile saved at SCRATCH/caddy/Caddyfile-old
- New Caddyfile for 9011 at SCRATCH/caddy/Caddyfile-new (update IPs after API/portal are up)
--- ---
## Architecture Reminders ## Architecture Reminders
@ -172,8 +183,8 @@ The user is preparing to begin the migration today.
- All services run on private IPs internally - All services run on private IPs internally
- No hardcoded public IP dependencies in application code - No hardcoded public IP dependencies in application code
- DNS cutover (Cloudflare A/SRV records for Velocity) is the only external change needed at cutover - DNS cutover (Cloudflare A/SRV records for Velocity) is the only external change needed at cutover
- New host will have different physical NIC names — check with `ip link show` before configuring bridges - New host has different physical NIC names — ens6f0/ens6f1 (vs eno1/eno2 on old host)
- Mirror the vmbr layout from current host exactly - vmbr0vmbr6 configured and working on new host
- GTHost MAC binding: OPNsense WAN virtual NIC MAC must match what GTHost has registered for the public IPs - GTHost MAC binding: OPNsense WAN virtual NIC MAC must match what GTHost has registered for the public IPs
--- ---