Merge pull request 'chore: decommission VM 105 (docker-vpn) — repo cleanup' (#40) from chore/20-decommission-vm-105-docker-vpn into main

ansible/playbooks/mask-avahi.yml

@@ -0,0 +1,43 @@
+---
+# Mask avahi-daemon on all Ubuntu hosts
+#
+# Avahi (mDNS/Bonjour) is not needed in a static-IP homelab with Pi-hole DNS.
+# A kernel busy-loop bug in avahi-daemon was found consuming ~1.7 CPU cores
+# across 5 VMs. Masking prevents it from ever starting again, surviving reboots.
+#
+# Targets: vms + physical (all Ubuntu QEMU VMs and ubuntu-manticore)
+# Controller: ansible-controller (LXC 304 at 10.10.0.232)
+#
+# Usage:
+#   # Dry run
+#   ansible-playbook /opt/ansible/playbooks/mask-avahi.yml --check
+#
+#   # Test on a single host first
+#   ansible-playbook /opt/ansible/playbooks/mask-avahi.yml --limit discord-bots
+#
+#   # Roll out to all Ubuntu hosts
+#   ansible-playbook /opt/ansible/playbooks/mask-avahi.yml
+#
+# To undo: systemctl unmask avahi-daemon
+
+- name: Mask avahi-daemon on all Ubuntu hosts
+  hosts: vms:physical
+  become: true
+
+  tasks:
+    - name: Stop avahi-daemon
+      ansible.builtin.systemd:
+        name: avahi-daemon
+        state: stopped
+      ignore_errors: true
+
+    - name: Mask avahi-daemon
+      ansible.builtin.systemd:
+        name: avahi-daemon
+        masked: true
+
+    - name: Verify avahi is masked
+      ansible.builtin.command: systemctl is-enabled avahi-daemon
+      register: avahi_status
+      changed_when: false
+      failed_when: avahi_status.stdout | trim != 'masked'

networking/examples/server_inventory.yaml

@@ -47,12 +47,13 @@ home_network:
       services: ["media", "transcoding"]
       description: "Tdarr media transcoding"
       
-    vpn_docker:
-      hostname: "10.10.0.121"
-      port: 22
-      user: "cal"
-      services: ["vpn", "docker"]
-      description: "VPN and Docker services"
+    # DECOMMISSIONED: vpn_docker (10.10.0.121) - VM 105 destroyed 2026-04
+    # vpn_docker:
+    #   hostname: "10.10.0.121"
+    #   port: 22
+    #   user: "cal"
+    #   services: ["vpn", "docker"]
+    #   description: "VPN and Docker services"
 
 remote_servers:
   akamai_nano:

networking/examples/ssh-homelab-setup.md

@@ -23,7 +23,7 @@ servers:
   pihole:             10.10.0.16  # Pi-hole DNS and ad blocking
   sba_pd_bots:        10.10.0.88  # SBa and PD bot services
   tdarr:              10.10.0.43  # Media transcoding
-  vpn_docker:         10.10.0.121 # VPN and Docker services
+  # vpn_docker:       10.10.0.121 # DECOMMISSIONED — VM 105 destroyed, migrated to arr-stack LXC 221
 ```
 
 ### Cloud Servers
@@ -175,11 +175,12 @@ Host tdarr media
     Port 22
     IdentityFile ~/.ssh/homelab_rsa
 
-Host docker-vpn
-    HostName 10.10.0.121
-    User cal
-    Port 22
-    IdentityFile ~/.ssh/homelab_rsa
+# DECOMMISSIONED: docker-vpn (10.10.0.121) - VM 105 destroyed, migrated to arr-stack LXC 221
+# Host docker-vpn
+#     HostName 10.10.0.121
+#     User cal
+#     Port 22
+#     IdentityFile ~/.ssh/homelab_rsa
 
 # Remote Cloud Servers
 Host akamai-nano akamai

server-configs/proxmox/qemu/105.conf

@@ -1,15 +0,0 @@
-agent: 1
-boot: order=scsi0;net0
-cores: 8
-memory: 16384
-meta: creation-qemu=6.1.0,ctime=1646688596
-name: docker-vpn
-net0: virtio=76:36:85:A7:6A:A3,bridge=vmbr0,firewall=1
-numa: 0
-onboot: 1
-ostype: l26
-scsi0: local-lvm:vm-105-disk-0,size=256G
-scsihw: virtio-scsi-pci
-smbios1: uuid=55061264-b9b1-4ce4-8d44-9c187affcb1d
-sockets: 1
-vmgenid: 30878bdf-66f9-41bf-be34-c31b400340f9

vm-management/proxmox-upgrades/proxmox-7-to-9-upgrade-plan.md

@@ -28,8 +28,8 @@ tags: [proxmox, upgrade, pve, backup, rollback, infrastructure]
 **Production Services** (7 LXC + 7 VMs) — cleaned up 2026-02-19:
 - **Critical**: Paper Dynasty/Major Domo (VM 115), Discord bots (VM 110), Gitea (LXC 225), n8n (LXC 210), Home Assistant (VM 109), Databases (VM 112), docker-home/Pi-hole 1 (VM 106)
 - **Important**: Claude Discord Coordinator (LXC 301), arr-stack (LXC 221), Uptime Kuma (LXC 227), Foundry VTT (LXC 223), Memos (LXC 222)
-- **Stopped/Investigate**: docker-vpn (VM 105, decommissioning), docker-home-servers (VM 116, needs investigation)
-- **Removed (2026-02-19)**: 108 (ansible), 224 (openclaw), 300 (openclaw-migrated), 101/102/104/111/211 (game servers), 107 (plex), 113 (tdarr - moved to .226), 114 (duplicate arr-stack), 117 (unused), 100/103 (old templates)
+- **Stopped/Investigate**: docker-home-servers (VM 116, needs investigation)
+- **Removed (2026-02-19)**: 108 (ansible), 224 (openclaw), 300 (openclaw-migrated), 101/102/104/111/211 (game servers), 107 (plex), 113 (tdarr - moved to .226), 114 (duplicate arr-stack), 117 (unused), 100/103 (old templates), 105 (docker-vpn - decommissioned 2026-04)
 
 **Key Constraints**:
 - Home Assistant VM 109 requires dual network (vmbr1 for Matter support)

vm-management/scripts/cloud-init-user-data.yaml

@@ -67,10 +67,15 @@ runcmd:
   
   # Add cal user to docker group (will take effect after next login)
   - usermod -aG docker cal
-  
+
   # Test Docker installation
   - docker run --rm hello-world
 
+  # Mask avahi-daemon — not needed in a static-IP homelab with Pi-hole DNS,
+  # and has a known kernel busy-loop bug that wastes CPU
+  - systemctl stop avahi-daemon || true
+  - systemctl mask avahi-daemon
+
 # Write configuration files
 write_files:
   # SSH hardening configuration

vm-management/wave2-migration-results.md

@@ -262,7 +262,7 @@ When connecting Jellyseerr to arr apps, be careful with tag configurations - inv
 - [x] Test movie/show requests through Jellyseerr
 
 ### After 48 Hours
-- [ ] Decommission VM 121 (docker-vpn)
+- [x] Decommission VM 121 (docker-vpn)
 - [ ] Clean up local migration temp files (`/tmp/arr-config-migration/`)
 
 ---