ARCHITECTURE.md

# Homelab architectuur

Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102.  
Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).

---

## 1. LAN-overzicht

```mermaid
flowchart TB
  subgraph core [Kern infrastructuur]
    NAS["Synology NAS\n192.168.1.211"]
    PVE["Proxmox pve\n192.168.1.216 :8006"]
    DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"]
  end

  subgraph vm102 [VM 102 Postgress]
    VM102["192.168.1.105\nSecurity stack"]
  end

  subgraph vm105 [VM 105 docker]
    VM227["192.168.1.227\noffice_desk_agent"]
  end

  subgraph network [Netwerk en DNS]
    UDM["UniFi UDM\n192.168.1.24"]
    AdGuard["AdGuard NAS\n:3001 / :53"]
  end

  subgraph smarthome [Smart home]
    HA["Home Assistant\n192.168.1.235 :8123"]
  end

  subgraph storage [Storage / media elders]
    TN["TrueNAS\n192.168.1.185"]
  end

  Internet((Internet)) --> UDM
  UDM --> AdGuard
  AdGuard --> NAS
  AdGuard --> PVE
  AdGuard --> DELL
  AdGuard --> VM102
  AdGuard --> HA
  User["Browser / Git"] --> NAS
  User --> VM102
  User --> PVE
  User --> DELL
  PVE --> VM102
  DELL --> VM102
  DELL --> VM227
  NAS -->|"Gitea configs"| PVE
  NAS -->|"Gitea configs"| DELL
```

---

## 2. Proxmox — twee clusters

Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`.  
Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS).

```mermaid
flowchart TB
  subgraph pve216 [pve — 192.168.1.216]
    direction TB
    PVE_API["Web UI :8006"]
    subgraph pve_lxc [LXC running]
      L104[vaultwarden .5]
      L105[linkwarden .142]
      L107[pve-scripts .23]
      L117[Proxy .165]
      L118[paymenter .45]
      L119[nodecast .99]
      L120[homepage .192]
      L121[nginxproxymanager]
      L100[autocaliweb]
      L102[clawbot]
    end
    subgraph pve_vm [QEMU]
      Q101[W11 — stopped]
      Q111[Syno-latest — stopped]
    end
  end

  subgraph dell56 [dell-proxmox — 192.168.1.56]
    direction TB
    DELL_API["Web UI :8006"]
    subgraph dell_qemu [QEMU running]
      Q102["102 Postgress\n→ .105 security"]
      Q104[kassa-dev]
      Q105["105 docker\n→ .227 office agent"]
      Q114[DeepseekTUI]
    end
    subgraph dell_lxc [LXC running]
      D107[Virtualmin 192.168.5.24]
      D109[nginxproxymanager .173]
      D111[pegaprox .249]
    end
    subgraph dell_stopped [QEMU stopped]
      Q101s[opnsense]
      Q103[Synology]
    end
  end

  NAS["NAS .211\nbeheer / Gitea"] --> PVE_API
  NAS --> DELL_API
```

### Proxmox — tabel (belangrijkste systemen)

| Host | IP | VMID | Naam | Type | IP app | Rol |
|------|-----|------|------|------|--------|-----|
| **dell** | .56 | 102 | Postgress | QEMU | **.105** | Postgres, Neo4j, Homelab Command, syslog, NATS, agent |
| **dell** | .56 | 105 | docker | QEMU | **.227** | Office desk agent :8000 |
| **dell** | .56 | 104 | kassa-dev | QEMU | — | Kassa dev |
| **dell** | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI |
| **dell** | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting |
| **dell** | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy |
| **dell** | .56 | 111 | pegaprox | LXC | .249 | Proxy |
| **pve** | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 |
| **pve** | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden |
| **pve** | .216 | 105 | linkwarden | LXC | .142 | Bookmarks |
| **pve** | .216 | 119 | nodecast-tv | LXC | .107 | Media |
| **pve** | .216 | 117 | Proxy | LXC | .165 | Proxy |
| **pve** | .216 | 118 | paymenter | LXC | .45 | Billing |
| **pve** | .216 | 121 | nginxproxymanager | LXC | — | NPM |

> Veel LXCs staan **stopped** (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md).

---

## 3. Synology NAS — Docker

```mermaid
flowchart LR
  subgraph nas211 [NAS 192.168.1.211]
    direction TB
    subgraph infra [Infra en Git]
      Gitea[Gitea :3000\nSSH :2222]
      Portainer[Portainer :9000]
      DuckDNS[DuckDNS]
    end
    subgraph data [Data en DNS]
      PgAdmin[pgAdmin :5434]
      PGBak[(Postgres backup :5433)]
      AdGuard[AdGuard :3001]
    end
    subgraph monitor [Monitoring]
      Prom[Prometheus :9090]
      Graf[Grafana :3002]
      PGexp[postgres-exporter :9187]
    end
    subgraph apps [Apps]
      Homarr[Homarr :4755]
      Remote[Remotely :8080]
      Excal[Excalidraw :3765]
    end
  end

  PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)]
  Graf --> VM102PG
  PGexp --> VM102PG
  Prom --> PGexp
  Prom --> Neo4jVM[Neo4j .105 :2004]
```

| Service | Poort | Verbonden met |
|---------|-------|----------------|
| Gitea | 3000 | Config-repo's (`homelab-configs`, `homelab-command`) |
| pgAdmin | 5434 | Postgres **productie** op .105:5433 |
| AdGuard | 3001, 53 | LAN DNS-filter |
| Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS |
| Postgres (backup) | 5433 | Oude kopie; rollback |
| Homarr / Homepage links | 4755 | Wijzen naar .105 voor security |

---

## 4. Security stack (productie VM 102)

```mermaid
flowchart LR
  subgraph sources [Ingest bronnen]
    UniFi[UniFi .24]
    SyslogDev[Switches / APs / routers]
    Zeek[Zeek / Suricata]
  end

  subgraph vm105 [192.168.1.105 — VM 102]
    UI[homelab-command :8765]
    SyslogUDP[Syslog UDP :5514]
    PG[(postgres-homelab :5433)]
    Neo[(Neo4j :49153\nBrowser :49154)]
    NATS[NATS :4222]
    Mesh[mesh-normalizer]
    Agent[el-kadi-security-agent]
  end

  SyslogDev -->|UDP| SyslogUDP
  UniFi -->|API| UI
  Zeek -->|NATS| NATS
  NATS --> Mesh
  SyslogUDP --> PG
  UI --> PG
  UI --> Neo
  Mesh --> PG
  Agent --> PG
  UI -->|DNS stats| AdGuardNAS[AdGuard .211]
```

| Datastroom | Protocol | Doel |
|------------|----------|------|
| Syslog | UDP 5514 → .105 | `mesh.syslog_entries` |
| UniFi poll | HTTPS .24 | `mesh.unifi_polls` |
| Mesh events | NATS 4222 | `mesh.network_flows` |
| Agent | loop 300s | `agent.*` |
| Dashboard | HTTP 8765 | UI + API |

---

## 5. Overige LAN-systemen

Deze draaien **niet** op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig.

```mermaid
flowchart TB
  subgraph lan_other [Andere vaste systemen]
    HA["Home Assistant .235"]
    TN["TrueNAS .185\nFrigate :30058"]
    UDM["UniFi .24"]
    NC["Nextcloud cloud.el-kadi.nl"]
    MO150["Diverse apps .150\nPortainer, DSM, …"]
    MO117["Change detection .117"]
    MO203["Minarca .203"]
    Wazuh["Wazuh .73"]
  end

  AgentVM[security-agent .105] -.->|HTTP checks| HA
  AgentVM -.-> UDM
  UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216]
  UI105 -.-> DELL56[.56]
```

| IP | Systeem | Opmerking |
|----|---------|-----------|
| 192.168.1.235 | Home Assistant | Smart home |
| 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI |
| 192.168.1.24 | UniFi | Gateway + controller |
| 192.168.1.150 | mo-nas / apps | Meerdere kleine services |
| 192.168.1.192 | Homepage LXC | Op pve CT 120 |
| 192.168.1.173 | NPM | dell LXC 109 |
| 192.168.1.107 | nodecast | pve LXC 119 |
| 192.168.5.24 | Virtualmin | dell LXC (ander subnet) |

---

## 6. Beheer- en config-flow

```mermaid
sequenceDiagram
  participant Dev as Ontwikkelaar
  participant Gitea as Gitea NAS :3000
  participant NAS as NAS Docker
  participant VM as VM102 .105
  participant PVE as Proxmox .56/.216

  Dev->>Gitea: push homelab-configs
  Dev->>VM: ssh mo@.105 deploy homelab-command
  Dev->>PVE: Web UI / API beheer VMs
  NAS->>VM: postgres-exporter scrape
  NAS->>Gitea: clone configs voor restore
  VM->>PVE: Proxmox API in dashboard
```

| Actie | Waar |
|-------|------|
| Git configs | Gitea op NAS |
| Security productie | VM 102 (.105) |
| Proxmox beheer | .216 (pve) en .56 (dell) |
| DNS | AdGuard op NAS |
| DB GUI | pgAdmin NAS → Postgres .105 |

---

## 7. Snelle URL-lijst

| Wat | URL |
|-----|-----|
| **Security dashboard** | http://192.168.1.105:8765/dashboard |
| **Neo4j Browser** | http://192.168.1.105:49154 |
| **Proxmox pve** | https://192.168.1.216:8006 |
| **Proxmox dell** | https://192.168.1.56:8006 |
| **NAS DSM / apps** | http://192.168.1.211:5000 |
| **Gitea** | http://192.168.1.211:3000 |
| **pgAdmin** | http://192.168.1.211:5434 |
| **Grafana** | http://192.168.1.211:3002 |
| **AdGuard** | http://192.168.1.211:3001 |
| **Portainer NAS** | http://192.168.1.211:9000 |
| **Homarr** | http://192.168.1.211:4755 |
| **Home Assistant** | http://192.168.1.235:8123 |
| **UniFi** | https://192.168.1.24 |
| **Office agent** | http://192.168.1.227:8000 |

---

## 8. Rollback Postgres

Zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten.
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`# Homelab architectuur`

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102.`
			`Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`---`

			`## 1. LAN-overzicht`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
			```mermaid
			`flowchart TB`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`subgraph core [Kern infrastructuur]`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`NAS["Synology NAS\n192.168.1.211"]`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`PVE["Proxmox pve\n192.168.1.216 :8006"]`
			`DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"]`
			`end`

			`subgraph vm102 [VM 102 Postgress]`
			`VM102["192.168.1.105\nSecurity stack"]`
			`end`

			`subgraph vm105 [VM 105 docker]`
			`VM227["192.168.1.227\noffice_desk_agent"]`
			`end`

			`subgraph network [Netwerk en DNS]`
			`UDM["UniFi UDM\n192.168.1.24"]`
			`AdGuard["AdGuard NAS\n:3001 / :53"]`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`end`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00
			`subgraph smarthome [Smart home]`
			`HA["Home Assistant\n192.168.1.235 :8123"]`
			`end`

			`subgraph storage [Storage / media elders]`
			`TN["TrueNAS\n192.168.1.185"]`
			`end`

			`Internet((Internet)) --> UDM`
			`UDM --> AdGuard`
			`AdGuard --> NAS`
			`AdGuard --> PVE`
			`AdGuard --> DELL`
			`AdGuard --> VM102`
			`AdGuard --> HA`
			`User["Browser / Git"] --> NAS`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`User --> VM102`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`User --> PVE`
			`User --> DELL`
			`PVE --> VM102`
			`DELL --> VM102`
			`DELL --> VM227`
			`NAS -->\|"Gitea configs"\| PVE`
			`NAS -->\|"Gitea configs"\| DELL`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			```

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`---`

			`## 2. Proxmox — twee clusters`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`.
			Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS).

			```mermaid
			`flowchart TB`
			`subgraph pve216 [pve — 192.168.1.216]`
			`direction TB`
			`PVE_API["Web UI :8006"]`
			`subgraph pve_lxc [LXC running]`
			`L104[vaultwarden .5]`
			`L105[linkwarden .142]`
			`L107[pve-scripts .23]`
			`L117[Proxy .165]`
			`L118[paymenter .45]`
			`L119[nodecast .99]`
			`L120[homepage .192]`
			`L121[nginxproxymanager]`
			`L100[autocaliweb]`
			`L102[clawbot]`
			`end`
			`subgraph pve_vm [QEMU]`
			`Q101[W11 — stopped]`
			`Q111[Syno-latest — stopped]`
			`end`
			`end`

			`subgraph dell56 [dell-proxmox — 192.168.1.56]`
			`direction TB`
			`DELL_API["Web UI :8006"]`
			`subgraph dell_qemu [QEMU running]`
			`Q102["102 Postgress\n→ .105 security"]`
			`Q104[kassa-dev]`
			`Q105["105 docker\n→ .227 office agent"]`
			`Q114[DeepseekTUI]`
			`end`
			`subgraph dell_lxc [LXC running]`
			`D107[Virtualmin 192.168.5.24]`
			`D109[nginxproxymanager .173]`
			`D111[pegaprox .249]`
			`end`
			`subgraph dell_stopped [QEMU stopped]`
			`Q101s[opnsense]`
			`Q103[Synology]`
			`end`
			`end`

			`NAS["NAS .211\nbeheer / Gitea"] --> PVE_API`
			`NAS --> DELL_API`
			```

			`### Proxmox — tabel (belangrijkste systemen)`

			`\| Host \| IP \| VMID \| Naam \| Type \| IP app \| Rol \|`
			`\|------\|-----\|------\|------\|------\|--------\|-----\|`
			`\| dell \| .56 \| 102 \| Postgress \| QEMU \| .105 \| Postgres, Neo4j, Homelab Command, syslog, NATS, agent \|`
			`\| dell \| .56 \| 105 \| docker \| QEMU \| .227 \| Office desk agent :8000 \|`
			`\| dell \| .56 \| 104 \| kassa-dev \| QEMU \| — \| Kassa dev \|`
			`\| dell \| .56 \| 114 \| DeepseekTUI \| QEMU \| — \| Deepseek TUI \|`
			`\| dell \| .56 \| 107 \| Virtualmin \| LXC \| 192.168.5.24 \| Web hosting \|`
			`\| dell \| .56 \| 109 \| nginxproxymanager \| LXC \| .173 \| Reverse proxy \|`
			`\| dell \| .56 \| 111 \| pegaprox \| LXC \| .249 \| Proxy \|`
			`\| pve \| .216 \| 120 \| homepage \| LXC \| .192 \| Homepage dashboard :3000 \|`
			`\| pve \| .216 \| 104 \| vaultwarden \| LXC \| .5 \| Wachtwoorden \|`
			`\| pve \| .216 \| 105 \| linkwarden \| LXC \| .142 \| Bookmarks \|`
			`\| pve \| .216 \| 119 \| nodecast-tv \| LXC \| .107 \| Media \|`
			`\| pve \| .216 \| 117 \| Proxy \| LXC \| .165 \| Proxy \|`
			`\| pve \| .216 \| 118 \| paymenter \| LXC \| .45 \| Billing \|`
			`\| pve \| .216 \| 121 \| nginxproxymanager \| LXC \| — \| NPM \|`

			`> Veel LXCs staan stopped (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md).`

			`---`

			`## 3. Synology NAS — Docker`

			```mermaid
			`flowchart LR`
			`subgraph nas211 [NAS 192.168.1.211]`
			`direction TB`
			`subgraph infra [Infra en Git]`
			`Gitea[Gitea :3000\nSSH :2222]`
			`Portainer[Portainer :9000]`
			`DuckDNS[DuckDNS]`
			`end`
			`subgraph data [Data en DNS]`
			`PgAdmin[pgAdmin :5434]`
			`PGBak[(Postgres backup :5433)]`
			`AdGuard[AdGuard :3001]`
			`end`
			`subgraph monitor [Monitoring]`
			`Prom[Prometheus :9090]`
			`Graf[Grafana :3002]`
			`PGexp[postgres-exporter :9187]`
			`end`
			`subgraph apps [Apps]`
			`Homarr[Homarr :4755]`
			`Remote[Remotely :8080]`
			`Excal[Excalidraw :3765]`
			`end`
			`end`

			`PgAdmin -->\|SQL\| VM102PG[(Postgres VM102 :5433)]`
			`Graf --> VM102PG`
			`PGexp --> VM102PG`
			`Prom --> PGexp`
			`Prom --> Neo4jVM[Neo4j .105 :2004]`
			```

			`\| Service \| Poort \| Verbonden met \|`
			`\|---------\|-------\|----------------\|`
			\| Gitea \| 3000 \| Config-repo's (`homelab-configs`, `homelab-command`) \|
			`\| pgAdmin \| 5434 \| Postgres productie op .105:5433 \|`
			`\| AdGuard \| 3001, 53 \| LAN DNS-filter \|`
			`\| Prometheus + Grafana \| 9090, 3002 \| Scrape VM102 + NAS \|`
			`\| Postgres (backup) \| 5433 \| Oude kopie; rollback \|`
			`\| Homarr / Homepage links \| 4755 \| Wijzen naar .105 voor security \|`

			`---`

			`## 4. Security stack (productie VM 102)`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
			```mermaid
			`flowchart LR`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`subgraph sources [Ingest bronnen]`
			`UniFi[UniFi .24]`
			`SyslogDev[Switches / APs / routers]`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`Zeek[Zeek / Suricata]`
			`end`

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`subgraph vm105 [192.168.1.105 — VM 102]`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`UI[homelab-command :8765]`
			`SyslogUDP[Syslog UDP :5514]`
			`PG[(postgres-homelab :5433)]`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`Neo[(Neo4j :49153\nBrowser :49154)]`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`NATS[NATS :4222]`
			`Mesh[mesh-normalizer]`
			`Agent[el-kadi-security-agent]`
			`end`

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`SyslogDev -->\|UDP\| SyslogUDP`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`UniFi -->\|API\| UI`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`Zeek -->\|NATS\| NATS`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			`NATS --> Mesh`
			`SyslogUDP --> PG`
			`UI --> PG`
			`UI --> Neo`
			`Mesh --> PG`
			`Agent --> PG`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`UI -->\|DNS stats\| AdGuardNAS[AdGuard .211]`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			```

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`\| Datastroom \| Protocol \| Doel \|`
			`\|------------\|----------\|------\|`
			\| Syslog \| UDP 5514 → .105 \| `mesh.syslog_entries` \|
			\| UniFi poll \| HTTPS .24 \| `mesh.unifi_polls` \|
			\| Mesh events \| NATS 4222 \| `mesh.network_flows` \|
			\| Agent \| loop 300s \| `agent.*` \|
			`\| Dashboard \| HTTP 8765 \| UI + API \|`

			`---`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`## 5. Overige LAN-systemen`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`Deze draaien niet op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig.`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
			```mermaid
			`flowchart TB`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`subgraph lan_other [Andere vaste systemen]`
			`HA["Home Assistant .235"]`
			`TN["TrueNAS .185\nFrigate :30058"]`
			`UDM["UniFi .24"]`
			`NC["Nextcloud cloud.el-kadi.nl"]`
			`MO150["Diverse apps .150\nPortainer, DSM, …"]`
			`MO117["Change detection .117"]`
			`MO203["Minarca .203"]`
			`Wazuh["Wazuh .73"]`
			`end`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`AgentVM[security-agent .105] -.->\|HTTP checks\| HA`
			`AgentVM -.-> UDM`
			`UI105[homelab-command .105] -.->\|Proxmox API\| PVE216[.216]`
			`UI105 -.-> DELL56[.56]`
			```
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`\| IP \| Systeem \| Opmerking \|`
			`\|----\|---------\|-----------\|`
			`\| 192.168.1.235 \| Home Assistant \| Smart home \|`
			`\| 192.168.1.185 \| TrueNAS / Frigate \| NVR / camera AI \|`
			`\| 192.168.1.24 \| UniFi \| Gateway + controller \|`
			`\| 192.168.1.150 \| mo-nas / apps \| Meerdere kleine services \|`
			`\| 192.168.1.192 \| Homepage LXC \| Op pve CT 120 \|`
			`\| 192.168.1.173 \| NPM \| dell LXC 109 \|`
			`\| 192.168.1.107 \| nodecast \| pve LXC 119 \|`
			`\| 192.168.5.24 \| Virtualmin \| dell LXC (ander subnet) \|`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`---`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`## 6. Beheer- en config-flow`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
			```mermaid
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`sequenceDiagram`
			`participant Dev as Ontwikkelaar`
			`participant Gitea as Gitea NAS :3000`
			`participant NAS as NAS Docker`
			`participant VM as VM102 .105`
			`participant PVE as Proxmox .56/.216`

			`Dev->>Gitea: push homelab-configs`
			`Dev->>VM: ssh mo@.105 deploy homelab-command`
			`Dev->>PVE: Web UI / API beheer VMs`
			`NAS->>VM: postgres-exporter scrape`
			`NAS->>Gitea: clone configs voor restore`
			`VM->>PVE: Proxmox API in dashboard`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00			```

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`\| Actie \| Waar \|`
			`\|-------\|------\|`
			`\| Git configs \| Gitea op NAS \|`
			`\| Security productie \| VM 102 (.105) \|`
			`\| Proxmox beheer \| .216 (pve) en .56 (dell) \|`
			`\| DNS \| AdGuard op NAS \|`
			`\| DB GUI \| pgAdmin NAS → Postgres .105 \|`

			`---`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`## 7. Snelle URL-lijst`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
			`\| Wat \| URL \|`
			`\|-----\|-----\|`
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`\| Security dashboard \| http://192.168.1.105:8765/dashboard \|`
			`\| Neo4j Browser \| http://192.168.1.105:49154 \|`
			`\| Proxmox pve \| https://192.168.1.216:8006 \|`
			`\| Proxmox dell \| https://192.168.1.56:8006 \|`
			`\| NAS DSM / apps \| http://192.168.1.211:5000 \|`
			`\| Gitea \| http://192.168.1.211:3000 \|`
			`\| pgAdmin \| http://192.168.1.211:5434 \|`
			`\| Grafana \| http://192.168.1.211:3002 \|`
			`\| AdGuard \| http://192.168.1.211:3001 \|`
			`\| Portainer NAS \| http://192.168.1.211:9000 \|`
			`\| Homarr \| http://192.168.1.211:4755 \|`
			`\| Home Assistant \| http://192.168.1.235:8123 \|`
			`\| UniFi \| https://192.168.1.24 \|`
			`\| Office agent \| http://192.168.1.227:8000 \|`

			`---`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			`## 8. Rollback Postgres`
Document VM 102 security stack and update IPs to 192.168.1.105. 2026-05-25 23:15:42 +02:00
Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. 2026-05-25 23:19:53 +02:00			Zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten.