diff --git a/docs/planning/SERENITY_CLEANUP_WAVE_1.md b/docs/planning/SERENITY_CLEANUP_WAVE_1.md index 092e4c7..1c1ebf4 100644 --- a/docs/planning/SERENITY_CLEANUP_WAVE_1.md +++ b/docs/planning/SERENITY_CLEANUP_WAVE_1.md @@ -68,6 +68,14 @@ From the live Serenity audit: - a temporary `10.5.1.5/32` alias on `br0` validated the diagnosis, but it was removed because the old IP is no longer allowed on that VLAN - authoritative Pangolin cleanup was then completed by rewriting the audited Serenity target set to `10.5.30.5` for both routing and health checks, removing the need for any legacy-IP workaround +## Wave 1 current execution status + +Live execution on 2026-05-25 established: +- `Huntarr` and `omegabrr` were low-risk stale stopped containers and were removed from Serenity +- the recent non-running `Created` containers (`calibre-web`, `SuggestArr`, `Cleanuparr`, `calibre`, `agregarr`) were not blindly pruned because their metadata was touched recently and they may represent intentional but inactive templates +- `Unraid-Cloudflared-Tunnel` is not currently dead: it still has a live tunnel token and active Cloudflare edge registrations, so removal requires a separate usage audit first +- the Serenity Pi-hole HA stack is also not safe to remove blindly yet: `10.5.30.53` is still answering DNS and Serenity is running a backup `keepalived`/Pi-hole stack, so Pi-hole retirement must stay gated on the broader DNS cutover verification + ## Wave 1-A: legacy Pi-hole removal ### Target containers diff --git a/docs/troubleshooting/KNOWN_QUIRKS.md b/docs/troubleshooting/KNOWN_QUIRKS.md index 6a27eec..a20b15d 100644 --- a/docs/troubleshooting/KNOWN_QUIRKS.md +++ b/docs/troubleshooting/KNOWN_QUIRKS.md @@ -68,7 +68,13 @@ Per-service gotchas that aren't bugs but will bite you if you forget them. - MAM-init script updates MyAnonamouse IP inside qbit container on startup ### Unraid-Cloudflared-Tunnel -- Dead container, should be removed +- Older notes called this dead, but live inspection on 2026-05-25 showed active Cloudflare QUIC edge registrations and a configured tunnel token. +- Treat it as a live service pending usage audit, not a safe blind-removal candidate. + +### Serenity Wave 1 cleanup guardrails +- Do not assume `Unraid-Cloudflared-Tunnel` is dead just because it looked obsolete in older notes; live inspection on 2026-05-25 showed active Cloudflare tunnel registrations, so audit usage before removal. +- Do not remove Serenity's Pi-hole HA containers blindly while `10.5.30.53` still answers DNS; verify the full Technitium cutover path first. +- Recent `Created` containers on Unraid may represent intentionally retained templates rather than stale debris; distinguish them from long-dead exited containers before pruning. ### Serenity Newt / Pangolin stale health-check IP drift - Several Serenity Newt-backed Pangolin targets were corrected to `ip=localhost`/`10.5.30.5` but still retained stale `hcHostname=10.5.1.5`, so Newt health checks failed with `no route to host`