docs: record Serenity wave1 guardrails
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-25 21:50:55 +00:00
parent f2e751e1e6
commit eba18beabe
2 changed files with 15 additions and 1 deletions

View File

@@ -68,7 +68,13 @@ Per-service gotchas that aren't bugs but will bite you if you forget them.
- MAM-init script updates MyAnonamouse IP inside qbit container on startup
### Unraid-Cloudflared-Tunnel
- Dead container, should be removed
- Older notes called this dead, but live inspection on 2026-05-25 showed active Cloudflare QUIC edge registrations and a configured tunnel token.
- Treat it as a live service pending usage audit, not a safe blind-removal candidate.
### Serenity Wave 1 cleanup guardrails
- Do not assume `Unraid-Cloudflared-Tunnel` is dead just because it looked obsolete in older notes; live inspection on 2026-05-25 showed active Cloudflare tunnel registrations, so audit usage before removal.
- Do not remove Serenity's Pi-hole HA containers blindly while `10.5.30.53` still answers DNS; verify the full Technitium cutover path first.
- Recent `Created` containers on Unraid may represent intentionally retained templates rather than stale debris; distinguish them from long-dead exited containers before pruning.
### Serenity Newt / Pangolin stale health-check IP drift
- Several Serenity Newt-backed Pangolin targets were corrected to `ip=localhost`/`10.5.30.5` but still retained stale `hcHostname=10.5.1.5`, so Newt health checks failed with `no route to host`