External Plex Access Enabled: Successfully established public access to Plex via Oracle VPS without requiring Tailscale on client devices.
Installed socat on Oracle VPS for TCP tunneling.
Created plex-tunnel.service on Oracle VPS to forward port 32400 to Risa-Mediacore (192.168.1.21).
Updated Oracle VPS Caddyfile to reverse proxy plex.the-lal.net to the local tunnel (localhost:32400).
Configured Plex customConnections in Preferences.xml to include https://plex.the-lal.net:443.
Verified end-to-end connectivity via https://plex.the-lal.net/identity.
Plex Remote Streaming Optimized: Hardened the Risa-Mediacore Plex instance for high-performance remote playback.
Direct Play Alignment: Updated LanNetworks in Preferences.xml to include remote tunnel subnets, eliminating a 4Mbps "WAN" bottleneck and enabling full-quality Direct Play.
Hardware Acceleration Enabled: Manually patched Preferences.xml to enable HardwareAcceleratedCodecs and HardwareAcceleratedEncoders using the Intel QuickSync GPU (/dev/dri).
Bitrate Uncapped: Set WanPerStreamMaxUploadRate to unlimited (0).
Library Remediation (Downton Abbey): Resolved issues with missing media appearing as ghost entries.
Missing TV Show Discovery: Confirmed the Downton Abbey TV series was missing from all physical storage nodes.
Automated Acquisition: Added Downton Abbey (TV), Downton Abbey (2019 Movie), and Downton Abbey: A New Era (2022) to Sonarr/Radarr and triggered full missing-item searches.
Database Cleanup: Executed emptyTrash via Plex API to prune "Unavailable" ghost entries from the library.
qBittorrent Health Restoration: Fixed critical path mismatch errors in the download client.
Path Alignment: Corrected errored torrents by remapping their save/temp paths from host-style (/mnt/vault/...) to container-style (/data/...).
Internal Legacy Symlink: Created a persistent symlink inside the qbittorrent container (/mnt/vault -> /data) to maintain compatibility with legacy path references in the database.
Queue Purge & Rescan: Removed errored torrents with missing files and triggered fresh searches via Sonarr/Radarr to re-acquire them correctly.
Starfleet Atomic Monolith Migration Completed: Brought the Starfleet-Compute node into full compliance with the Atomic Monolith Standard.
Filesystem Alignment: Unified all media and download paths under /mnt/vault on the host and /data in containers.
Zero-Space Seeding: Verified physical hardlink support across the vault and bulk-deduplicated ~6GB of redundant data. Hardlinks are now enforced for all new imports.
Self-Healing: Deployed the autoheal sidecar and configured healthchecks for gluetun, qbittorrent, radarr, sonarr, prowlarr, and paperless.
API Migration: Updated Sonarr/Radarr root folders and qBittorrent save paths to the new unified structure.
Monitoring Noise Reduction: Implemented a 5-minute grace period for server and service alerts.
Updated tools/damage_control.py to track downtime duration before triggering alerts or self-healing.
Introduced persistent state tracking in /tmp/damage_control_state.json.
Reduced Telegram notification volume by filtering out transient network blips.
Dashboard Synchronization (Immich): Integrated Immich Photos into the Federation Master Dashboard.
Identified Immich running on Risa-Mediacore (192.168.1.21).
Updated services.yaml in the master-dashboard configuration on Memory-Alpha.
Added secure link to https://photos.the-lal.net under "Deck 3 Recreation".
🛠️ Infrastructure Updates
Oracle VPS (Wormhole):
Firewall: Opened port 32400/tcp for direct tunnel access (optional but useful).
Caddy: Standardized plex.the-lal.net as a public entry point.
Risa-Mediacore:
Plex: Restarted with updated customConnections to publish the public URL to Plex.tv.
📡 Networking Insights
Confirmed memory-alpha (192.168.1.13) is acting as a Tailscale subnet router for 192.168.1.0/24, which enables the Oracle VPS to reach internal nodes directly.