Document VM 102 security stack and update IPs to 192.168.1.105.

Add ARCHITECTURE.md and HOMELAB_IPS.md, refresh inventory and app configs for Postgres, Neo4j, Homelab Command, pgAdmin, Homarr, and Homepage links. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-25 23:15:42 +02:00
parent 02b1d155d4
commit 0d6ee22247
19 changed files with 248 additions and 35 deletions
@@ -0,0 +1,150 @@
+# Homelab architectuur
+
+Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de **security stack** naar Proxmox VM 102. Vaste IP-referentie: [HOMELAB_IPS.md](HOMELAB_IPS.md).
+
+## Fysieke hosts
+
+```mermaid
+flowchart TB
+  subgraph lan [LAN 192.168.1.0/24]
+    NAS["Synology NAS\n192.168.1.211"]
+    VM102["Proxmox VM 102 Postgress\n192.168.1.105"]
+    VM105["Proxmox VM 105 docker\n192.168.1.227"]
+    PVE216["Proxmox pve\n192.168.1.216"]
+    PVE56["Proxmox dell\n192.168.1.56"]
+    UDM["UniFi / gateway\n192.168.1.24"]
+    HA["Home Assistant\n192.168.1.235"]
+  end
+  User["Browser / Git client"] --> NAS
+  User --> VM102
+```
+
+## Security stack (productie op VM 102)
+
+Het hart van monitoring, syslog, graph en agent-draait op **één VM**. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics.
+
+```mermaid
+flowchart LR
+  subgraph sources [Data-bronnen LAN]
+    UniFi[UniFi controller .24]
+    SyslogDev[Routers / switches / APs]
+    Zeek[Zeek / Suricata]
+  end
+
+  subgraph vm102 [VM 102 — 192.168.1.105]
+    UI[homelab-command :8765]
+    SyslogUDP[Syslog UDP :5514]
+    PG[(postgres-homelab :5433)]
+    Neo[(Neo4j :49153 / UI :49154)]
+    NATS[NATS :4222]
+    Mesh[mesh-normalizer]
+    Agent[el-kadi-security-agent]
+  end
+
+  subgraph nas [NAS — 192.168.1.211]
+    Gitea[Gitea :3000]
+    PgAdmin[pgAdmin :5434]
+    Graf[Grafana :3002]
+    Prom[Prometheus :9090]
+    PGexp[postgres-exporter :9187]
+    AdGuard[AdGuard :3001]
+    PGBkp[(postgres-homelab backup :5433)]
+  end
+
+  User2[Gebruiker] --> UI
+  User2 --> PgAdmin
+  PgAdmin --> PG
+  Graf --> PG
+  Prom --> PGexp
+  PGexp --> PG
+
+  SyslogDev -->|UDP 5514| SyslogUDP
+  UniFi -->|API| UI
+  Zeek -->|NATS publish| NATS
+  NATS --> Mesh
+  SyslogUDP --> PG
+  UI --> PG
+  UI --> Neo
+  Mesh --> PG
+  Agent --> PG
+  AdGuard -->|DNS stats API| UI
+
+  PG -.->|rollback kopie| PGBkp
+```
+
+## Datastromen
+
+| Stroom | Van | Naar | Poort / protocol |
+|--------|-----|------|------------------|
+| Dashboard UI | Browser | VM 102 | HTTP 8765 |
+| SQL (homelab DB) | homelab-command, agent, mesh | Postgres VM 102 | 5433 |
+| Syslog ingest | Netwerkapparaten | homelab-command | UDP 5514 → `mesh.syslog_entries` |
+| Zeek/Suricata events | Sensors | NATS → mesh-normalizer | 4222 → Postgres |
+| Netwerk-topologie | homelab-command | Neo4j VM 102 | Bolt 49153 |
+| DB beheer | pgAdmin (NAS) | Postgres VM 102 | 5433 |
+| Metrics | Prometheus (NAS) | postgres-exporter → VM 102 | 9187 scrape |
+| Git configs | Ontwikkelaar | Gitea (NAS) | 3000 / SSH 2222 |
+
+## NAS — overige Docker (niet op VM 102)
+
+```mermaid
+flowchart TB
+  NAS["192.168.1.211"]
+  NAS --> Gitea
+  NAS --> AdGuard
+  NAS --> Portainer
+  NAS --> Homarr
+  NAS --> Homepage
+  NAS --> PromGraf[Prometheus + Grafana]
+  NAS --> PgAdmin
+  NAS --> PGbak[Postgres backup]
+```
+
+| Service | Poort | Opmerking |
+|---------|-------|-----------|
+| Gitea | 3000 | Config-repo's, Git SSH 2222 |
+| AdGuard | 3001 | DNS (dashboard haalt stats op) |
+| Portainer | 9000 | Containerbeheer NAS |
+| Homarr / Homepage | 4755 / 3010 | Links naar `.105` voor security |
+| Grafana | 3002 | Postgres-datasource → `.105:5433` |
+| Prometheus | 9090 | Scrapes o.a. Neo4j `.105:2004` |
+| postgres (backup) | 5433 | Oude kopie; stoppen na validatie |
+
+## Proxmox VM 105 docker (apart)
+
+| VM | IP | Rol |
+|----|-----|-----|
+| 102 Postgress | 192.168.1.105 | Security + Postgres + Neo4j |
+| 105 docker | 192.168.1.227 | `office_desk_agent` :8000 (Proxmox/office tooling) |
+
+## Repo-structuur (Gitea)
+
+```mermaid
+flowchart LR
+  Gitea["Gitea :3000\n192.168.1.211"]
+  Gitea --> CFG[homelab-configs\nDocker compose per app]
+  Gitea --> CMD[homelab-command\nDashboard broncode]
+  CFG --> DeployNAS[Deploy NAS apps]
+  CFG --> DeployVM[Documentatie VM 102]
+  CMD --> BuildVM[Build op VM 102\n~/homelab-command]
+```
+
+| Repository | Inhoud |
+|------------|--------|
+| `homelab-configs` | Compose, env-voorbeelden, Homarr/Homepage, monitoring |
+| `homelab-command` | FastAPI dashboard, mesh-ingest, Grafana-dockerfile |
+
+## Snelle URL-lijst
+
+| Wat | URL |
+|-----|-----|
+| Security dashboard | http://192.168.1.105:8765/dashboard |
+| Neo4j Browser | http://192.168.1.105:49154 |
+| pgAdmin | http://192.168.1.211:5434 |
+| Gitea | http://192.168.1.211:3000 |
+| Grafana | http://192.168.1.211:3002 |
+| Portainer | http://192.168.1.211:9000 |
+
+## Rollback
+
+- Postgres: zie [homelab-command/docs/POSTGRES_ROLLBACK.md](http://192.168.1.211:3000/mo/homelab-command/src/branch/main/docs/POSTGRES_ROLLBACK.md) (in homelab-command repo) — `PG_HOST` terug naar `.211`, NAS-container herstarten.