docs: record Serenity wave1 guardrails
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-25 21:50:55 +00:00
parent f2e751e1e6
commit eba18beabe
2 changed files with 15 additions and 1 deletions

View File

@@ -68,6 +68,14 @@ From the live Serenity audit:
- a temporary `10.5.1.5/32` alias on `br0` validated the diagnosis, but it was removed because the old IP is no longer allowed on that VLAN
- authoritative Pangolin cleanup was then completed by rewriting the audited Serenity target set to `10.5.30.5` for both routing and health checks, removing the need for any legacy-IP workaround
## Wave 1 current execution status
Live execution on 2026-05-25 established:
- `Huntarr` and `omegabrr` were low-risk stale stopped containers and were removed from Serenity
- the recent non-running `Created` containers (`calibre-web`, `SuggestArr`, `Cleanuparr`, `calibre`, `agregarr`) were not blindly pruned because their metadata was touched recently and they may represent intentional but inactive templates
- `Unraid-Cloudflared-Tunnel` is not currently dead: it still has a live tunnel token and active Cloudflare edge registrations, so removal requires a separate usage audit first
- the Serenity Pi-hole HA stack is also not safe to remove blindly yet: `10.5.30.53` is still answering DNS and Serenity is running a backup `keepalived`/Pi-hole stack, so Pi-hole retirement must stay gated on the broader DNS cutover verification
## Wave 1-A: legacy Pi-hole removal
### Target containers