Iron-Legion/documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6ed7f6ead448c07d8d5ea564d82ad7c0a4446b3
documentation/09-open-questions.md
jarvis 484b2e6272 DNS topology: AdGuard removed, Technitium authoritative + DoT + ad blocking 
- Remove AdGuard Home from all service catalogs, deployment phases,
  persistence tables, and network architecture docs
- Update Technitium notes: authoritative .ai.home zone, recursive resolver,
  DoT forwarder to Cloudflare (tls://1.1.1.1), built-in ad blocking
- Resolve open questions #2 (Technitium upstream) and #3 (AdGuard layout)
- Add dns-topology.md: complete DNS architecture diagram, zone details,
  client assignments, Tailscale integration, troubleshooting table,
  migration history (AdGuard deployed → paused → removed)
2026-05-29 21:01:24 -04:00

2.2 KiB
Raw Blame History

Iron Legion Homelab Services Stack — Open Questions & Blockers

Blocker Status

# Question Impact Default if Unresolved
1 Domain name — Does Bobby own a domain (e.g., bobbysh.me) or do we use a fake TLD (labs.internal)? Critical — TLS certs, Authelia, and DNS all depend on this. Use labs.internal + self-signed CA
2 Technitium upstream Low
3 AdGuard Home vs Technitium layout Low
4 Jellyfin media storage — External USB on MK7? SMB share? NVMe? Medium External USB mounted at /media on MK7
5 Backup target on MK7 — Capacity? Dedicated drive? Rsync target path? Medium /backups/<service-name>/ on MK7 secondary storage
6 Nextcloud database — Use existing PostgreSQL on MK7, or deploy Nextcloud AIO (bundled)? Medium — affects resource allocation on MK7 Deploy standalone PostgreSQL container on MK7 for Nextcloud AIO is too heavy
7 GPU on MK7 — NVIDIA driver runtime for Jellyfin transcode? Low — falls back to CPU transcode Use jellyfin/jellyfin with NVIDIA_VISIBLE_DEVICES env if available
8 Notification routing — Discord webhook? SMTP? File only? Low — default file works File notifications in /opt/iron-legion/authelia/notifications/
9 Tailscale ACL policy — Draft exists in Section 7. Bobby must review and apply in Tailscale admin console. Low Stay permissive until Bobby approves
10 Beszel alert thresholds — CPU %, memory %, disk % triggers not defined. Low Defaults in Beszel container

Outstanding Decisions Required

|| 18|1. Pi-hole inclusionResolved. AdGuard Home replaces Pi-hole in Phase 1. || AdGuard HomeResolved. Removed. Technitium built-in ad blocking replaces it. 2. Authelia two-factor method — TOTP via app (Google Authenticator) vs WebAuthn/FIDO2 keys? 3. Home vs remote access — If Bobby wants to share Jellyfin with friends/family outside Tailscale, public domain + Authelia guard is required.

Reference in New Issue View Git Blame Copy Permalink