From 3a776804774b61f96e79237548731353bc581f36 Mon Sep 17 00:00:00 2001 From: mo Date: Mon, 25 May 2026 23:19:53 +0200 Subject: [PATCH] Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams. Document pve (.216) and dell (.56) VMs/LXCs, other LAN services, management flows, and update HOMELAB_IPS reference table. Co-authored-by: Cursor --- ARCHITECTURE.md | 351 +++++++++++++++++++++++++++++++++++------------- HOMELAB_IPS.md | 63 +++++++-- README.md | 5 +- 3 files changed, 308 insertions(+), 111 deletions(-) diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index 4f0b707..178af00 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -1,150 +1,309 @@ # Homelab architectuur -Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de **security stack** naar Proxmox VM 102. Vaste IP-referentie: [HOMELAB_IPS.md](HOMELAB_IPS.md). +Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102. +Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md). -## Fysieke hosts +--- + +## 1. LAN-overzicht ```mermaid flowchart TB - subgraph lan [LAN 192.168.1.0/24] + subgraph core [Kern infrastructuur] NAS["Synology NAS\n192.168.1.211"] - VM102["Proxmox VM 102 Postgress\n192.168.1.105"] - VM105["Proxmox VM 105 docker\n192.168.1.227"] - PVE216["Proxmox pve\n192.168.1.216"] - PVE56["Proxmox dell\n192.168.1.56"] - UDM["UniFi / gateway\n192.168.1.24"] - HA["Home Assistant\n192.168.1.235"] + PVE["Proxmox pve\n192.168.1.216 :8006"] + DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"] end - User["Browser / Git client"] --> NAS + + subgraph vm102 [VM 102 Postgress] + VM102["192.168.1.105\nSecurity stack"] + end + + subgraph vm105 [VM 105 docker] + VM227["192.168.1.227\noffice_desk_agent"] + end + + subgraph network [Netwerk en DNS] + UDM["UniFi UDM\n192.168.1.24"] + AdGuard["AdGuard NAS\n:3001 / :53"] + end + + subgraph smarthome [Smart home] + HA["Home Assistant\n192.168.1.235 :8123"] + end + + subgraph storage [Storage / media elders] + TN["TrueNAS\n192.168.1.185"] + end + + Internet((Internet)) --> UDM + UDM --> AdGuard + AdGuard --> NAS + AdGuard --> PVE + AdGuard --> DELL + AdGuard --> VM102 + AdGuard --> HA + User["Browser / Git"] --> NAS User --> VM102 + User --> PVE + User --> DELL + PVE --> VM102 + DELL --> VM102 + DELL --> VM227 + NAS -->|"Gitea configs"| PVE + NAS -->|"Gitea configs"| DELL ``` -## Security stack (productie op VM 102) +--- -Het hart van monitoring, syslog, graph en agent-draait op **één VM**. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics. +## 2. Proxmox — twee clusters + +Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`. +Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS). + +```mermaid +flowchart TB + subgraph pve216 [pve — 192.168.1.216] + direction TB + PVE_API["Web UI :8006"] + subgraph pve_lxc [LXC running] + L104[vaultwarden .5] + L105[linkwarden .142] + L107[pve-scripts .23] + L117[Proxy .165] + L118[paymenter .45] + L119[nodecast .99] + L120[homepage .192] + L121[nginxproxymanager] + L100[autocaliweb] + L102[clawbot] + end + subgraph pve_vm [QEMU] + Q101[W11 — stopped] + Q111[Syno-latest — stopped] + end + end + + subgraph dell56 [dell-proxmox — 192.168.1.56] + direction TB + DELL_API["Web UI :8006"] + subgraph dell_qemu [QEMU running] + Q102["102 Postgress\n→ .105 security"] + Q104[kassa-dev] + Q105["105 docker\n→ .227 office agent"] + Q114[DeepseekTUI] + end + subgraph dell_lxc [LXC running] + D107[Virtualmin 192.168.5.24] + D109[nginxproxymanager .173] + D111[pegaprox .249] + end + subgraph dell_stopped [QEMU stopped] + Q101s[opnsense] + Q103[Synology] + end + end + + NAS["NAS .211\nbeheer / Gitea"] --> PVE_API + NAS --> DELL_API +``` + +### Proxmox — tabel (belangrijkste systemen) + +| Host | IP | VMID | Naam | Type | IP app | Rol | +|------|-----|------|------|------|--------|-----| +| **dell** | .56 | 102 | Postgress | QEMU | **.105** | Postgres, Neo4j, Homelab Command, syslog, NATS, agent | +| **dell** | .56 | 105 | docker | QEMU | **.227** | Office desk agent :8000 | +| **dell** | .56 | 104 | kassa-dev | QEMU | — | Kassa dev | +| **dell** | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI | +| **dell** | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting | +| **dell** | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy | +| **dell** | .56 | 111 | pegaprox | LXC | .249 | Proxy | +| **pve** | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 | +| **pve** | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden | +| **pve** | .216 | 105 | linkwarden | LXC | .142 | Bookmarks | +| **pve** | .216 | 119 | nodecast-tv | LXC | .107 | Media | +| **pve** | .216 | 117 | Proxy | LXC | .165 | Proxy | +| **pve** | .216 | 118 | paymenter | LXC | .45 | Billing | +| **pve** | .216 | 121 | nginxproxymanager | LXC | — | NPM | + +> Veel LXCs staan **stopped** (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md). + +--- + +## 3. Synology NAS — Docker ```mermaid flowchart LR - subgraph sources [Data-bronnen LAN] - UniFi[UniFi controller .24] - SyslogDev[Routers / switches / APs] + subgraph nas211 [NAS 192.168.1.211] + direction TB + subgraph infra [Infra en Git] + Gitea[Gitea :3000\nSSH :2222] + Portainer[Portainer :9000] + DuckDNS[DuckDNS] + end + subgraph data [Data en DNS] + PgAdmin[pgAdmin :5434] + PGBak[(Postgres backup :5433)] + AdGuard[AdGuard :3001] + end + subgraph monitor [Monitoring] + Prom[Prometheus :9090] + Graf[Grafana :3002] + PGexp[postgres-exporter :9187] + end + subgraph apps [Apps] + Homarr[Homarr :4755] + Remote[Remotely :8080] + Excal[Excalidraw :3765] + end + end + + PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)] + Graf --> VM102PG + PGexp --> VM102PG + Prom --> PGexp + Prom --> Neo4jVM[Neo4j .105 :2004] +``` + +| Service | Poort | Verbonden met | +|---------|-------|----------------| +| Gitea | 3000 | Config-repo's (`homelab-configs`, `homelab-command`) | +| pgAdmin | 5434 | Postgres **productie** op .105:5433 | +| AdGuard | 3001, 53 | LAN DNS-filter | +| Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS | +| Postgres (backup) | 5433 | Oude kopie; rollback | +| Homarr / Homepage links | 4755 | Wijzen naar .105 voor security | + +--- + +## 4. Security stack (productie VM 102) + +```mermaid +flowchart LR + subgraph sources [Ingest bronnen] + UniFi[UniFi .24] + SyslogDev[Switches / APs / routers] Zeek[Zeek / Suricata] end - subgraph vm102 [VM 102 — 192.168.1.105] + subgraph vm105 [192.168.1.105 — VM 102] UI[homelab-command :8765] SyslogUDP[Syslog UDP :5514] PG[(postgres-homelab :5433)] - Neo[(Neo4j :49153 / UI :49154)] + Neo[(Neo4j :49153\nBrowser :49154)] NATS[NATS :4222] Mesh[mesh-normalizer] Agent[el-kadi-security-agent] end - subgraph nas [NAS — 192.168.1.211] - Gitea[Gitea :3000] - PgAdmin[pgAdmin :5434] - Graf[Grafana :3002] - Prom[Prometheus :9090] - PGexp[postgres-exporter :9187] - AdGuard[AdGuard :3001] - PGBkp[(postgres-homelab backup :5433)] - end - - User2[Gebruiker] --> UI - User2 --> PgAdmin - PgAdmin --> PG - Graf --> PG - Prom --> PGexp - PGexp --> PG - - SyslogDev -->|UDP 5514| SyslogUDP + SyslogDev -->|UDP| SyslogUDP UniFi -->|API| UI - Zeek -->|NATS publish| NATS + Zeek -->|NATS| NATS NATS --> Mesh SyslogUDP --> PG UI --> PG UI --> Neo Mesh --> PG Agent --> PG - AdGuard -->|DNS stats API| UI - - PG -.->|rollback kopie| PGBkp + UI -->|DNS stats| AdGuardNAS[AdGuard .211] ``` -## Datastromen +| Datastroom | Protocol | Doel | +|------------|----------|------| +| Syslog | UDP 5514 → .105 | `mesh.syslog_entries` | +| UniFi poll | HTTPS .24 | `mesh.unifi_polls` | +| Mesh events | NATS 4222 | `mesh.network_flows` | +| Agent | loop 300s | `agent.*` | +| Dashboard | HTTP 8765 | UI + API | -| Stroom | Van | Naar | Poort / protocol | -|--------|-----|------|------------------| -| Dashboard UI | Browser | VM 102 | HTTP 8765 | -| SQL (homelab DB) | homelab-command, agent, mesh | Postgres VM 102 | 5433 | -| Syslog ingest | Netwerkapparaten | homelab-command | UDP 5514 → `mesh.syslog_entries` | -| Zeek/Suricata events | Sensors | NATS → mesh-normalizer | 4222 → Postgres | -| Netwerk-topologie | homelab-command | Neo4j VM 102 | Bolt 49153 | -| DB beheer | pgAdmin (NAS) | Postgres VM 102 | 5433 | -| Metrics | Prometheus (NAS) | postgres-exporter → VM 102 | 9187 scrape | -| Git configs | Ontwikkelaar | Gitea (NAS) | 3000 / SSH 2222 | +--- -## NAS — overige Docker (niet op VM 102) +## 5. Overige LAN-systemen + +Deze draaien **niet** op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig. ```mermaid flowchart TB - NAS["192.168.1.211"] - NAS --> Gitea - NAS --> AdGuard - NAS --> Portainer - NAS --> Homarr - NAS --> Homepage - NAS --> PromGraf[Prometheus + Grafana] - NAS --> PgAdmin - NAS --> PGbak[Postgres backup] + subgraph lan_other [Andere vaste systemen] + HA["Home Assistant .235"] + TN["TrueNAS .185\nFrigate :30058"] + UDM["UniFi .24"] + NC["Nextcloud cloud.el-kadi.nl"] + MO150["Diverse apps .150\nPortainer, DSM, …"] + MO117["Change detection .117"] + MO203["Minarca .203"] + Wazuh["Wazuh .73"] + end + + AgentVM[security-agent .105] -.->|HTTP checks| HA + AgentVM -.-> UDM + UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216] + UI105 -.-> DELL56[.56] ``` -| Service | Poort | Opmerking | -|---------|-------|-----------| -| Gitea | 3000 | Config-repo's, Git SSH 2222 | -| AdGuard | 3001 | DNS (dashboard haalt stats op) | -| Portainer | 9000 | Containerbeheer NAS | -| Homarr / Homepage | 4755 / 3010 | Links naar `.105` voor security | -| Grafana | 3002 | Postgres-datasource → `.105:5433` | -| Prometheus | 9090 | Scrapes o.a. Neo4j `.105:2004` | -| postgres (backup) | 5433 | Oude kopie; stoppen na validatie | +| IP | Systeem | Opmerking | +|----|---------|-----------| +| 192.168.1.235 | Home Assistant | Smart home | +| 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI | +| 192.168.1.24 | UniFi | Gateway + controller | +| 192.168.1.150 | mo-nas / apps | Meerdere kleine services | +| 192.168.1.192 | Homepage LXC | Op pve CT 120 | +| 192.168.1.173 | NPM | dell LXC 109 | +| 192.168.1.107 | nodecast | pve LXC 119 | +| 192.168.5.24 | Virtualmin | dell LXC (ander subnet) | -## Proxmox VM 105 docker (apart) +--- -| VM | IP | Rol | -|----|-----|-----| -| 102 Postgress | 192.168.1.105 | Security + Postgres + Neo4j | -| 105 docker | 192.168.1.227 | `office_desk_agent` :8000 (Proxmox/office tooling) | - -## Repo-structuur (Gitea) +## 6. Beheer- en config-flow ```mermaid -flowchart LR - Gitea["Gitea :3000\n192.168.1.211"] - Gitea --> CFG[homelab-configs\nDocker compose per app] - Gitea --> CMD[homelab-command\nDashboard broncode] - CFG --> DeployNAS[Deploy NAS apps] - CFG --> DeployVM[Documentatie VM 102] - CMD --> BuildVM[Build op VM 102\n~/homelab-command] +sequenceDiagram + participant Dev as Ontwikkelaar + participant Gitea as Gitea NAS :3000 + participant NAS as NAS Docker + participant VM as VM102 .105 + participant PVE as Proxmox .56/.216 + + Dev->>Gitea: push homelab-configs + Dev->>VM: ssh mo@.105 deploy homelab-command + Dev->>PVE: Web UI / API beheer VMs + NAS->>VM: postgres-exporter scrape + NAS->>Gitea: clone configs voor restore + VM->>PVE: Proxmox API in dashboard ``` -| Repository | Inhoud | -|------------|--------| -| `homelab-configs` | Compose, env-voorbeelden, Homarr/Homepage, monitoring | -| `homelab-command` | FastAPI dashboard, mesh-ingest, Grafana-dockerfile | +| Actie | Waar | +|-------|------| +| Git configs | Gitea op NAS | +| Security productie | VM 102 (.105) | +| Proxmox beheer | .216 (pve) en .56 (dell) | +| DNS | AdGuard op NAS | +| DB GUI | pgAdmin NAS → Postgres .105 | -## Snelle URL-lijst +--- + +## 7. Snelle URL-lijst | Wat | URL | |-----|-----| -| Security dashboard | http://192.168.1.105:8765/dashboard | -| Neo4j Browser | http://192.168.1.105:49154 | -| pgAdmin | http://192.168.1.211:5434 | -| Gitea | http://192.168.1.211:3000 | -| Grafana | http://192.168.1.211:3002 | -| Portainer | http://192.168.1.211:9000 | +| **Security dashboard** | http://192.168.1.105:8765/dashboard | +| **Neo4j Browser** | http://192.168.1.105:49154 | +| **Proxmox pve** | https://192.168.1.216:8006 | +| **Proxmox dell** | https://192.168.1.56:8006 | +| **NAS DSM / apps** | http://192.168.1.211:5000 | +| **Gitea** | http://192.168.1.211:3000 | +| **pgAdmin** | http://192.168.1.211:5434 | +| **Grafana** | http://192.168.1.211:3002 | +| **AdGuard** | http://192.168.1.211:3001 | +| **Portainer NAS** | http://192.168.1.211:9000 | +| **Homarr** | http://192.168.1.211:4755 | +| **Home Assistant** | http://192.168.1.235:8123 | +| **UniFi** | https://192.168.1.24 | +| **Office agent** | http://192.168.1.227:8000 | -## Rollback +--- -- Postgres: zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md` — `PG_HOST` terug naar `.211`, NAS-container herstarten. +## 8. Rollback Postgres + +Zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten. diff --git a/HOMELAB_IPS.md b/HOMELAB_IPS.md index d15ca29..405da91 100644 --- a/HOMELAB_IPS.md +++ b/HOMELAB_IPS.md @@ -1,30 +1,65 @@ # Homelab IP-adressen (referentie) -## Waar draait wat? +## Kernhosts -| IP | Host | Services | -|----|------|----------| -| **192.168.1.105** | Proxmox VM 102 `Postgress` | Postgres :5433, Neo4j :49153–49155, Dashboard :8765, Syslog UDP :5514, NATS :4222, Security agent | -| **192.168.1.211** | Synology NAS | Gitea :3000, pgAdmin :5434, Grafana :3002, Prometheus :9090, AdGuard :3001, Portainer :9000, Postgres **backup** :5433 | +| IP | Host | Rol | +|----|------|-----| +| **192.168.1.211** | Synology NAS | Gitea, AdGuard, Portainer, Grafana, Prometheus, pgAdmin, Homarr, Postgres backup | +| **192.168.1.105** | Proxmox VM 102 `Postgress` | **Productie security:** Postgres, Neo4j, Dashboard, syslog, NATS, agent | | **192.168.1.227** | Proxmox VM 105 `docker` | Office desk agent :8000 | -| **192.168.1.216** | Proxmox pve | API :8006 | -| **192.168.1.56** | Proxmox dell | API :8006 | +| **192.168.1.216** | Proxmox **pve** | Hypervisor API :8006, veel LXC (vaultwarden, homepage, …) | +| **192.168.1.56** | Proxmox **dell-proxmox** | Hypervisor API :8006, VM 102/105, NPM, Virtualmin | -## Standaard URLs (productie) +## Netwerk en smart home -- Dashboard: http://192.168.1.105:8765/dashboard -- Neo4j Browser: http://192.168.1.105:49154 -- pgAdmin: http://192.168.1.211:5434 (server → `192.168.1.105:5433`) -- Gitea: http://192.168.1.211:3000 +| IP | Systeem | +|----|---------| +| 192.168.1.24 | UniFi controller / gateway | +| 192.168.1.235 | Home Assistant :8123 | -## Env-variabelen (`.env` in repo) +## Proxmox LXC (selectie, running) + +| IP | Hostnaam | Proxmox | +|----|----------|---------| +| 192.168.1.192 | homepage | pve CT 120 | +| 192.168.1.173 | nginxproxymanager | dell CT 109 | +| 192.168.1.249 | pegaprox | dell CT 111 | +| 192.168.5.24 | Virtualmin | dell CT 107 | +| 192.168.1.142 | linkwarden | pve CT 105 | +| 192.168.1.107 | nodecast-tv | pve CT 119 | + +Volledige LXC-tabel: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md). + +## Overige LAN (Homepage / monitoring) + +| IP | Systeem | +|----|---------| +| 192.168.1.185 | TrueNAS / Frigate | +| 192.168.1.150 | mo-nas, diverse apps | +| 192.168.1.117 | Change detection | +| 192.168.1.230 | Proxmox (extra node in Homepage) | + +## Env-variabelen (`homelab-configs/.env.example`) ```env NAS_IP=192.168.1.211 VM102_IP=192.168.1.105 PG_HOST=192.168.1.105 +PROXMOX_HOST_PVE=192.168.1.216 +PROXMOX_HOST_DELL=192.168.1.56 ``` +## Productie-URLs + +| Service | URL | +|---------|-----| +| Security dashboard | http://192.168.1.105:8765/dashboard | +| Neo4j | http://192.168.1.105:49154 | +| Proxmox pve | https://192.168.1.216:8006 | +| Proxmox dell | https://192.168.1.56:8006 | +| Gitea | http://192.168.1.211:3000 | +| pgAdmin | http://192.168.1.211:5434 | + ## Syslog -Remote syslog → **192.168.1.105:5514** (niet `.211`). +Remote syslog → **192.168.1.105:5514** diff --git a/README.md b/README.md index 18dd735..053a8b6 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,9 @@ # Homelab Infrastructure Configuration -Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox VM 102 (`192.168.1.105`). Zie [HOMELAB_IPS.md](HOMELAB_IPS.md). +Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox VM 102 (`192.168.1.105`). + +- **Architectuur-diagrammen:** [ARCHITECTURE.md](ARCHITECTURE.md) (Proxmox, NAS, security stack, LAN) +- **IP-lijst:** [HOMELAB_IPS.md](HOMELAB_IPS.md) **Snel herstellen:** [RESTORE.md](RESTORE.md) **Volledige inventaris:** [INVENTORY.md](INVENTORY.md)