mo/homelab-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams.

Browse Source 
Document pve (.216) and dell (.56) VMs/LXCs, other LAN services,
management flows, and update HOMELAB_IPS reference table.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
mo
2026-05-25 23:19:53 +02:00
parent 1010a4b1ac
commit 3a77680477
3 changed files with 308 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ARCHITECTURE.md
+255 -96
View File
@@ -1,150 +1,309 @@
# Homelab architectuur
Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de **security stack** naar Proxmox VM 102. Vaste IP-referentie: [HOMELAB_IPS.md](HOMELAB_IPS.md).
Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102.
Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).
## Fysieke hosts
---
## 1. LAN-overzicht
```mermaid
flowchart TB
subgraph lan [LAN 192.168.1.0/24]
subgraph core [Kern infrastructuur]
NAS["Synology NAS\n192.168.1.211"]
VM102["Proxmox VM 102 Postgress\n192.168.1.105"]
VM105["Proxmox VM 105 docker\n192.168.1.227"]
PVE216["Proxmox pve\n192.168.1.216"]
PVE56["Proxmox dell\n192.168.1.56"]
UDM["UniFi / gateway\n192.168.1.24"]
HA["Home Assistant\n192.168.1.235"]
PVE["Proxmox pve\n192.168.1.216 :8006"]
DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"]
end
User["Browser / Git client"] --> NAS
subgraph vm102 [VM 102 Postgress]
VM102["192.168.1.105\nSecurity stack"]
end
subgraph vm105 [VM 105 docker]
VM227["192.168.1.227\noffice_desk_agent"]
end
subgraph network [Netwerk en DNS]
UDM["UniFi UDM\n192.168.1.24"]
AdGuard["AdGuard NAS\n:3001 / :53"]
end
subgraph smarthome [Smart home]
HA["Home Assistant\n192.168.1.235 :8123"]
end
subgraph storage [Storage / media elders]
TN["TrueNAS\n192.168.1.185"]
end
Internet((Internet)) --> UDM
UDM --> AdGuard
AdGuard --> NAS
AdGuard --> PVE
AdGuard --> DELL
AdGuard --> VM102
AdGuard --> HA
User["Browser / Git"] --> NAS
User --> VM102
User --> PVE
User --> DELL
PVE --> VM102
DELL --> VM102
DELL --> VM227
NAS -->|"Gitea configs"| PVE
NAS -->|"Gitea configs"| DELL
```
## Security stack (productie op VM 102)
---
Het hart van monitoring, syslog, graph en agent-draait op **één VM**. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics.
## 2. Proxmox — twee clusters
Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`.
Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS).
```mermaid
flowchart TB
subgraph pve216 [pve — 192.168.1.216]
direction TB
PVE_API["Web UI :8006"]
subgraph pve_lxc [LXC running]
L104[vaultwarden .5]
L105[linkwarden .142]
L107[pve-scripts .23]
L117[Proxy .165]
L118[paymenter .45]
L119[nodecast .99]
L120[homepage .192]
L121[nginxproxymanager]
L100[autocaliweb]
L102[clawbot]
end
subgraph pve_vm [QEMU]
Q101[W11 — stopped]
Q111[Syno-latest — stopped]
end
end
subgraph dell56 [dell-proxmox — 192.168.1.56]
direction TB
DELL_API["Web UI :8006"]
subgraph dell_qemu [QEMU running]
Q102["102 Postgress\n→ .105 security"]
Q104[kassa-dev]
Q105["105 docker\n→ .227 office agent"]
Q114[DeepseekTUI]
end
subgraph dell_lxc [LXC running]
D107[Virtualmin 192.168.5.24]
D109[nginxproxymanager .173]
D111[pegaprox .249]
end
subgraph dell_stopped [QEMU stopped]
Q101s[opnsense]
Q103[Synology]
end
end
NAS["NAS .211\nbeheer / Gitea"] --> PVE_API
NAS --> DELL_API
```
### Proxmox — tabel (belangrijkste systemen)
| Host | IP | VMID | Naam | Type | IP app | Rol |
|------|-----|------|------|------|--------|-----|
| **dell** | .56 | 102 | Postgress | QEMU | **.105** | Postgres, Neo4j, Homelab Command, syslog, NATS, agent |
| **dell** | .56 | 105 | docker | QEMU | **.227** | Office desk agent :8000 |
| **dell** | .56 | 104 | kassa-dev | QEMU | — | Kassa dev |
| **dell** | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI |
| **dell** | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting |
| **dell** | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy |
| **dell** | .56 | 111 | pegaprox | LXC | .249 | Proxy |
| **pve** | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 |
| **pve** | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden |
| **pve** | .216 | 105 | linkwarden | LXC | .142 | Bookmarks |
| **pve** | .216 | 119 | nodecast-tv | LXC | .107 | Media |
| **pve** | .216 | 117 | Proxy | LXC | .165 | Proxy |
| **pve** | .216 | 118 | paymenter | LXC | .45 | Billing |
| **pve** | .216 | 121 | nginxproxymanager | LXC | — | NPM |
> Veel LXCs staan **stopped** (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md).
---
## 3. Synology NAS — Docker
```mermaid
flowchart LR
subgraph sources [Data-bronnen LAN]
UniFi[UniFi controller .24]
SyslogDev[Routers / switches / APs]
subgraph nas211 [NAS 192.168.1.211]
direction TB
subgraph infra [Infra en Git]
Gitea[Gitea :3000\nSSH :2222]
Portainer[Portainer :9000]
DuckDNS[DuckDNS]
end
subgraph data [Data en DNS]
PgAdmin[pgAdmin :5434]
PGBak[(Postgres backup :5433)]
AdGuard[AdGuard :3001]
end
subgraph monitor [Monitoring]
Prom[Prometheus :9090]
Graf[Grafana :3002]
PGexp[postgres-exporter :9187]
end
subgraph apps [Apps]
Homarr[Homarr :4755]
Remote[Remotely :8080]
Excal[Excalidraw :3765]
end
end
PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)]
Graf --> VM102PG
PGexp --> VM102PG
Prom --> PGexp
Prom --> Neo4jVM[Neo4j .105 :2004]
```
| Service | Poort | Verbonden met |
|---------|-------|----------------|
| Gitea | 3000 | Config-repo's (`homelab-configs`, `homelab-command`) |
| pgAdmin | 5434 | Postgres **productie** op .105:5433 |
| AdGuard | 3001, 53 | LAN DNS-filter |
| Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS |
| Postgres (backup) | 5433 | Oude kopie; rollback |
| Homarr / Homepage links | 4755 | Wijzen naar .105 voor security |
---
## 4. Security stack (productie VM 102)
```mermaid
flowchart LR
subgraph sources [Ingest bronnen]
UniFi[UniFi .24]
SyslogDev[Switches / APs / routers]
Zeek[Zeek / Suricata]
end
subgraph vm102 [VM 102 — 192.168.1.105]
subgraph vm105 [192.168.1.105 — VM 102]
UI[homelab-command :8765]
SyslogUDP[Syslog UDP :5514]
PG[(postgres-homelab :5433)]
Neo[(Neo4j :49153 / UI :49154)]
Neo[(Neo4j :49153\nBrowser :49154)]
NATS[NATS :4222]
Mesh[mesh-normalizer]
Agent[el-kadi-security-agent]
end
subgraph nas [NAS — 192.168.1.211]
Gitea[Gitea :3000]
PgAdmin[pgAdmin :5434]
Graf[Grafana :3002]
Prom[Prometheus :9090]
PGexp[postgres-exporter :9187]
AdGuard[AdGuard :3001]
PGBkp[(postgres-homelab backup :5433)]
end
User2[Gebruiker] --> UI
User2 --> PgAdmin
PgAdmin --> PG
Graf --> PG
Prom --> PGexp
PGexp --> PG
SyslogDev -->|UDP 5514| SyslogUDP
SyslogDev -->|UDP| SyslogUDP
UniFi -->|API| UI
Zeek -->|NATS publish| NATS
Zeek -->|NATS| NATS
NATS --> Mesh
SyslogUDP --> PG
UI --> PG
UI --> Neo
Mesh --> PG
Agent --> PG
AdGuard -->|DNS stats API| UI
PG -.->|rollback kopie| PGBkp
UI -->|DNS stats| AdGuardNAS[AdGuard .211]
```
## Datastromen
| Datastroom | Protocol | Doel |
|------------|----------|------|
| Syslog | UDP 5514 → .105 | `mesh.syslog_entries` |
| UniFi poll | HTTPS .24 | `mesh.unifi_polls` |
| Mesh events | NATS 4222 | `mesh.network_flows` |
| Agent | loop 300s | `agent.*` |
| Dashboard | HTTP 8765 | UI + API |
| Stroom | Van | Naar | Poort / protocol |
|--------|-----|------|------------------|
| Dashboard UI | Browser | VM 102 | HTTP 8765 |
| SQL (homelab DB) | homelab-command, agent, mesh | Postgres VM 102 | 5433 |
| Syslog ingest | Netwerkapparaten | homelab-command | UDP 5514 → `mesh.syslog_entries` |
| Zeek/Suricata events | Sensors | NATS → mesh-normalizer | 4222 → Postgres |
| Netwerk-topologie | homelab-command | Neo4j VM 102 | Bolt 49153 |
| DB beheer | pgAdmin (NAS) | Postgres VM 102 | 5433 |
| Metrics | Prometheus (NAS) | postgres-exporter → VM 102 | 9187 scrape |
| Git configs | Ontwikkelaar | Gitea (NAS) | 3000 / SSH 2222 |
---
## NAS — overige Docker (niet op VM 102)
## 5. Overige LAN-systemen
Deze draaien **niet** op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig.
```mermaid
flowchart TB
NAS["192.168.1.211"]
NAS --> Gitea
NAS --> AdGuard
NAS --> Portainer
NAS --> Homarr
NAS --> Homepage
NAS --> PromGraf[Prometheus + Grafana]
NAS --> PgAdmin
NAS --> PGbak[Postgres backup]
subgraph lan_other [Andere vaste systemen]
HA["Home Assistant .235"]
TN["TrueNAS .185\nFrigate :30058"]
UDM["UniFi .24"]
NC["Nextcloud cloud.el-kadi.nl"]
MO150["Diverse apps .150\nPortainer, DSM, …"]
MO117["Change detection .117"]
MO203["Minarca .203"]
Wazuh["Wazuh .73"]
end
AgentVM[security-agent .105] -.->|HTTP checks| HA
AgentVM -.-> UDM
UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216]
UI105 -.-> DELL56[.56]
```
| Service | Poort | Opmerking |
|---------|-------|-----------|
| Gitea | 3000 | Config-repo's, Git SSH 2222 |
| AdGuard | 3001 | DNS (dashboard haalt stats op) |
| Portainer | 9000 | Containerbeheer NAS |
| Homarr / Homepage | 4755 / 3010 | Links naar `.105` voor security |
| Grafana | 3002 | Postgres-datasource → `.105:5433` |
| Prometheus | 9090 | Scrapes o.a. Neo4j `.105:2004` |
| postgres (backup) | 5433 | Oude kopie; stoppen na validatie |
| IP | Systeem | Opmerking |
|----|---------|-----------|
| 192.168.1.235 | Home Assistant | Smart home |
| 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI |
| 192.168.1.24 | UniFi | Gateway + controller |
| 192.168.1.150 | mo-nas / apps | Meerdere kleine services |
| 192.168.1.192 | Homepage LXC | Op pve CT 120 |
| 192.168.1.173 | NPM | dell LXC 109 |
| 192.168.1.107 | nodecast | pve LXC 119 |
| 192.168.5.24 | Virtualmin | dell LXC (ander subnet) |
## Proxmox VM 105 docker (apart)
---
| VM | IP | Rol |
|----|-----|-----|
| 102 Postgress | 192.168.1.105 | Security + Postgres + Neo4j |
| 105 docker | 192.168.1.227 | `office_desk_agent` :8000 (Proxmox/office tooling) |
## Repo-structuur (Gitea)
## 6. Beheer- en config-flow
```mermaid
flowchart LR
Gitea["Gitea :3000\n192.168.1.211"]
Gitea --> CFG[homelab-configs\nDocker compose per app]
Gitea --> CMD[homelab-command\nDashboard broncode]
CFG --> DeployNAS[Deploy NAS apps]
CFG --> DeployVM[Documentatie VM 102]
CMD --> BuildVM[Build op VM 102\n~/homelab-command]
sequenceDiagram
participant Dev as Ontwikkelaar
participant Gitea as Gitea NAS :3000
participant NAS as NAS Docker
participant VM as VM102 .105
participant PVE as Proxmox .56/.216
Dev->>Gitea: push homelab-configs
Dev->>VM: ssh mo@.105 deploy homelab-command
Dev->>PVE: Web UI / API beheer VMs
NAS->>VM: postgres-exporter scrape
NAS->>Gitea: clone configs voor restore
VM->>PVE: Proxmox API in dashboard
```
| Repository | Inhoud |
|------------|--------|
| `homelab-configs` | Compose, env-voorbeelden, Homarr/Homepage, monitoring |
| `homelab-command` | FastAPI dashboard, mesh-ingest, Grafana-dockerfile |
| Actie | Waar |
|-------|------|
| Git configs | Gitea op NAS |
| Security productie | VM 102 (.105) |
| Proxmox beheer | .216 (pve) en .56 (dell) |
| DNS | AdGuard op NAS |
| DB GUI | pgAdmin NAS → Postgres .105 |
## Snelle URL-lijst
---
## 7. Snelle URL-lijst
| Wat | URL |
|-----|-----|
| Security dashboard | http://192.168.1.105:8765/dashboard |
| Neo4j Browser | http://192.168.1.105:49154 |
| pgAdmin | http://192.168.1.211:5434 |
| Gitea | http://192.168.1.211:3000 |
| Grafana | http://192.168.1.211:3002 |
| Portainer | http://192.168.1.211:9000 |
| **Security dashboard** | http://192.168.1.105:8765/dashboard |
| **Neo4j Browser** | http://192.168.1.105:49154 |
| **Proxmox pve** | https://192.168.1.216:8006 |
| **Proxmox dell** | https://192.168.1.56:8006 |
| **NAS DSM / apps** | http://192.168.1.211:5000 |
| **Gitea** | http://192.168.1.211:3000 |
| **pgAdmin** | http://192.168.1.211:5434 |
| **Grafana** | http://192.168.1.211:3002 |
| **AdGuard** | http://192.168.1.211:3001 |
| **Portainer NAS** | http://192.168.1.211:9000 |
| **Homarr** | http://192.168.1.211:4755 |
| **Home Assistant** | http://192.168.1.235:8123 |
| **UniFi** | https://192.168.1.24 |
| **Office agent** | http://192.168.1.227:8000 |
## Rollback
---
- Postgres: zie repo `homelab-command``docs/POSTGRES_ROLLBACK.md``PG_HOST` terug naar `.211`, NAS-container herstarten.
## 8. Rollback Postgres
Zie repo `homelab-command``docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten.