# CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

## Project Purpose

**netfix** is a diagnostic/debugging toolkit for troubleshooting network connectivity between VMs running on an ESXi hypervisor host and an external client, connected through Unifi network switches.

## Environment Context

- **Hypervisor**: VMware ESXi
- **Network infrastructure**: Ubiquiti Unifi switches
- **Debugging scope**: VM-to-external-client connectivity issues across the ESXi virtual switch and physical Unifi switch layers

## Credentials convention

Plaintext passwords / API keys / tokens have been moved out of these files into [Infisical](infisical.md). Where a credential used to be inline, you'll now see a pointer in the form:

```
[Infisical: homelab/<env>/<folder>/<KEY>]
```

To fetch one (machine identity required — see `infisical.md`):

```bash
TOKEN=$(curl -s -X POST https://infisical.dohertylan.com/api/v1/auth/universal-auth/login \
  -H 'Content-Type: application/json' \
  -d '{"clientId":"<id>","clientSecret":"<secret>"}' \
  | python3 -c "import json,sys;print(json.load(sys.stdin)['accessToken'])")
PROJ=$(curl -s -H "Authorization: Bearer $TOKEN" \
  https://infisical.dohertylan.com/api/v1/workspace \
  | python3 -c "import json,sys;print(json.load(sys.stdin)['workspaces'][0]['id'])")
curl -sG "https://infisical.dohertylan.com/api/v3/secrets/raw/<KEY>" \
  -H "Authorization: Bearer $TOKEN" \
  --data-urlencode "workspaceId=$PROJ" \
  --data-urlencode "environment=<env>" \
  --data-urlencode "secretPath=<folder>" \
  | python3 -c "import json,sys;print(json.load(sys.stdin)['secret']['secretValue'])"
```

Or via the Infisical web UI at https://infisical.dohertylan.com.

## Components

- [TrueNAS Server](truenas.md) — NAS at 10.100.0.25 (management) / 10.50.0.x (storage), serves SMB and NFS
- [ESXi Host](esxi.md) — HP server at 10.2.0.12, ESXi 8.0.3, 8 VMs (7 powered on), access via `govc` only (not SSH). **Read esxi.md for credentials and connection details.**
- [Docker Server](docker.md) — Debian 13 at 10.100.0.35, Docker host for 21 containers (arr stack, Traefik, Semaphore/Ansible). **This is the local machine.**
- [Infisical](infisical.md) — Secrets management at https://infisical.dohertylan.com, runs as a Docker stack on the docker host
- [Plex Server](plex.md) — Debian 11 at 10.100.0.24, Plex Media Server 1.43, NFS media from TrueNAS
- [Home Assistant](ha.md) — HAOS at 10.100.0.40, HA 2026.2.2, 2,411 entities, smart home automation. API access only (no SSH).
- [Ignition Gateway](ignition.md) — Debian 11 at 10.100.0.90, Ignition 8.3.3 (Maker), SCADA/IIoT platform with PostgreSQL 13
- [Veeam Server](veeam.md) — Windows Server 2025 at 10.100.0.30, Veeam B&R 12.3, backup server. **Read veeam.md for credentials and connection details.**
- [Desktop](desktop.md) — Windows PC, dual-homed on LAN_100 (10.100.0.49) and DATA_50 (10.50.0.49)
- [Wonderware Dev VM](ww.md) — Windows 10 ESXi VM at 10.100.0.48, OpenSSH (passwordless)
- [Unifi Network](unifi.md) — UDM Pro gateway + USW Pro Aggregation central switch, API access via key