mo/homelab-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand ARCHITECTURE.md with Proxmox, NAS, and LAN system diagrams.

Browse Source 
Document pve (.216) and dell (.56) VMs/LXCs, other LAN services,
management flows, and update HOMELAB_IPS reference table.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
mo
2026-05-25 23:19:53 +02:00
parent 1010a4b1ac
commit 3a77680477
3 changed files with 308 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ARCHITECTURE.md
+255 -96
View File
@@ -1,150 +1,309 @@
# Homelab architectuur # Homelab architectuur
Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de **security stack** naar Proxmox VM 102. Vaste IP-referentie: [HOMELAB_IPS.md](HOMELAB_IPS.md). Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102.
Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).
## Fysieke hosts ---
## 1. LAN-overzicht
```mermaid ```mermaid
flowchart TB flowchart TB
subgraph lan [LAN 192.168.1.0/24] subgraph core [Kern infrastructuur]
NAS["Synology NAS\n192.168.1.211"] NAS["Synology NAS\n192.168.1.211"]
VM102["Proxmox VM 102 Postgress\n192.168.1.105"] PVE["Proxmox pve\n192.168.1.216 :8006"]
VM105["Proxmox VM 105 docker\n192.168.1.227"] DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"]
PVE216["Proxmox pve\n192.168.1.216"]
PVE56["Proxmox dell\n192.168.1.56"]
UDM["UniFi / gateway\n192.168.1.24"]
HA["Home Assistant\n192.168.1.235"]
end end
User["Browser / Git client"] --> NAS
subgraph vm102 [VM 102 Postgress]
VM102["192.168.1.105\nSecurity stack"]
end
subgraph vm105 [VM 105 docker]
VM227["192.168.1.227\noffice_desk_agent"]
end
subgraph network [Netwerk en DNS]
UDM["UniFi UDM\n192.168.1.24"]
AdGuard["AdGuard NAS\n:3001 / :53"]
end
subgraph smarthome [Smart home]
HA["Home Assistant\n192.168.1.235 :8123"]
end
subgraph storage [Storage / media elders]
TN["TrueNAS\n192.168.1.185"]
end
Internet((Internet)) --> UDM
UDM --> AdGuard
AdGuard --> NAS
AdGuard --> PVE
AdGuard --> DELL
AdGuard --> VM102
AdGuard --> HA
User["Browser / Git"] --> NAS
User --> VM102 User --> VM102
User --> PVE
User --> DELL
PVE --> VM102
DELL --> VM102
DELL --> VM227
NAS -->|"Gitea configs"| PVE
NAS -->|"Gitea configs"| DELL
``` ```
## Security stack (productie op VM 102) ---
Het hart van monitoring, syslog, graph en agent-draait op **één VM**. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics. ## 2. Proxmox — twee clusters
Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`.
Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS).
```mermaid
flowchart TB
subgraph pve216 [pve — 192.168.1.216]
direction TB
PVE_API["Web UI :8006"]
subgraph pve_lxc [LXC running]
L104[vaultwarden .5]
L105[linkwarden .142]
L107[pve-scripts .23]
L117[Proxy .165]
L118[paymenter .45]
L119[nodecast .99]
L120[homepage .192]
L121[nginxproxymanager]
L100[autocaliweb]
L102[clawbot]
end
subgraph pve_vm [QEMU]
Q101[W11 — stopped]
Q111[Syno-latest — stopped]
end
end
subgraph dell56 [dell-proxmox — 192.168.1.56]
direction TB
DELL_API["Web UI :8006"]
subgraph dell_qemu [QEMU running]
Q102["102 Postgress\n→ .105 security"]
Q104[kassa-dev]
Q105["105 docker\n→ .227 office agent"]
Q114[DeepseekTUI]
end
subgraph dell_lxc [LXC running]
D107[Virtualmin 192.168.5.24]
D109[nginxproxymanager .173]
D111[pegaprox .249]
end
subgraph dell_stopped [QEMU stopped]
Q101s[opnsense]
Q103[Synology]
end
end
NAS["NAS .211\nbeheer / Gitea"] --> PVE_API
NAS --> DELL_API
```
### Proxmox — tabel (belangrijkste systemen)
| Host | IP | VMID | Naam | Type | IP app | Rol |
|------|-----|------|------|------|--------|-----|
| **dell** | .56 | 102 | Postgress | QEMU | **.105** | Postgres, Neo4j, Homelab Command, syslog, NATS, agent |
| **dell** | .56 | 105 | docker | QEMU | **.227** | Office desk agent :8000 |
| **dell** | .56 | 104 | kassa-dev | QEMU | — | Kassa dev |
| **dell** | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI |
| **dell** | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting |
| **dell** | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy |
| **dell** | .56 | 111 | pegaprox | LXC | .249 | Proxy |
| **pve** | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 |
| **pve** | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden |
| **pve** | .216 | 105 | linkwarden | LXC | .142 | Bookmarks |
| **pve** | .216 | 119 | nodecast-tv | LXC | .107 | Media |
| **pve** | .216 | 117 | Proxy | LXC | .165 | Proxy |
| **pve** | .216 | 118 | paymenter | LXC | .45 | Billing |
| **pve** | .216 | 121 | nginxproxymanager | LXC | — | NPM |
> Veel LXCs staan **stopped** (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md).
---
## 3. Synology NAS — Docker
```mermaid ```mermaid
flowchart LR flowchart LR
subgraph sources [Data-bronnen LAN] subgraph nas211 [NAS 192.168.1.211]
UniFi[UniFi controller .24] direction TB
SyslogDev[Routers / switches / APs] subgraph infra [Infra en Git]
Gitea[Gitea :3000\nSSH :2222]
Portainer[Portainer :9000]
DuckDNS[DuckDNS]
end
subgraph data [Data en DNS]
PgAdmin[pgAdmin :5434]
PGBak[(Postgres backup :5433)]
AdGuard[AdGuard :3001]
end
subgraph monitor [Monitoring]
Prom[Prometheus :9090]
Graf[Grafana :3002]
PGexp[postgres-exporter :9187]
end
subgraph apps [Apps]
Homarr[Homarr :4755]
Remote[Remotely :8080]
Excal[Excalidraw :3765]
end
end
PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)]
Graf --> VM102PG
PGexp --> VM102PG
Prom --> PGexp
Prom --> Neo4jVM[Neo4j .105 :2004]
```
| Service | Poort | Verbonden met |
|---------|-------|----------------|
| Gitea | 3000 | Config-repo's (`homelab-configs`, `homelab-command`) |
| pgAdmin | 5434 | Postgres **productie** op .105:5433 |
| AdGuard | 3001, 53 | LAN DNS-filter |
| Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS |
| Postgres (backup) | 5433 | Oude kopie; rollback |
| Homarr / Homepage links | 4755 | Wijzen naar .105 voor security |
---
## 4. Security stack (productie VM 102)
```mermaid
flowchart LR
subgraph sources [Ingest bronnen]
UniFi[UniFi .24]
SyslogDev[Switches / APs / routers]
Zeek[Zeek / Suricata] Zeek[Zeek / Suricata]
end end
subgraph vm102 [VM 102 — 192.168.1.105] subgraph vm105 [192.168.1.105 — VM 102]
UI[homelab-command :8765] UI[homelab-command :8765]
SyslogUDP[Syslog UDP :5514] SyslogUDP[Syslog UDP :5514]
PG[(postgres-homelab :5433)] PG[(postgres-homelab :5433)]
Neo[(Neo4j :49153 / UI :49154)] Neo[(Neo4j :49153\nBrowser :49154)]
NATS[NATS :4222] NATS[NATS :4222]
Mesh[mesh-normalizer] Mesh[mesh-normalizer]
Agent[el-kadi-security-agent] Agent[el-kadi-security-agent]
end end
subgraph nas [NAS — 192.168.1.211] SyslogDev -->|UDP| SyslogUDP
Gitea[Gitea :3000]
PgAdmin[pgAdmin :5434]
Graf[Grafana :3002]
Prom[Prometheus :9090]
PGexp[postgres-exporter :9187]
AdGuard[AdGuard :3001]
PGBkp[(postgres-homelab backup :5433)]
end
User2[Gebruiker] --> UI
User2 --> PgAdmin
PgAdmin --> PG
Graf --> PG
Prom --> PGexp
PGexp --> PG
SyslogDev -->|UDP 5514| SyslogUDP
UniFi -->|API| UI UniFi -->|API| UI
Zeek -->|NATS publish| NATS Zeek -->|NATS| NATS
NATS --> Mesh NATS --> Mesh
SyslogUDP --> PG SyslogUDP --> PG
UI --> PG UI --> PG
UI --> Neo UI --> Neo
Mesh --> PG Mesh --> PG
Agent --> PG Agent --> PG
AdGuard -->|DNS stats API| UI UI -->|DNS stats| AdGuardNAS[AdGuard .211]
PG -.->|rollback kopie| PGBkp
``` ```
## Datastromen | Datastroom | Protocol | Doel |
|------------|----------|------|
| Syslog | UDP 5514 → .105 | `mesh.syslog_entries` |
| UniFi poll | HTTPS .24 | `mesh.unifi_polls` |
| Mesh events | NATS 4222 | `mesh.network_flows` |
| Agent | loop 300s | `agent.*` |
| Dashboard | HTTP 8765 | UI + API |
| Stroom | Van | Naar | Poort / protocol | ---
|--------|-----|------|------------------|
| Dashboard UI | Browser | VM 102 | HTTP 8765 |
| SQL (homelab DB) | homelab-command, agent, mesh | Postgres VM 102 | 5433 |
| Syslog ingest | Netwerkapparaten | homelab-command | UDP 5514 → `mesh.syslog_entries` |
| Zeek/Suricata events | Sensors | NATS → mesh-normalizer | 4222 → Postgres |
| Netwerk-topologie | homelab-command | Neo4j VM 102 | Bolt 49153 |
| DB beheer | pgAdmin (NAS) | Postgres VM 102 | 5433 |
| Metrics | Prometheus (NAS) | postgres-exporter → VM 102 | 9187 scrape |
| Git configs | Ontwikkelaar | Gitea (NAS) | 3000 / SSH 2222 |
## NAS — overige Docker (niet op VM 102) ## 5. Overige LAN-systemen
Deze draaien **niet** op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig.
```mermaid ```mermaid
flowchart TB flowchart TB
NAS["192.168.1.211"] subgraph lan_other [Andere vaste systemen]
NAS --> Gitea HA["Home Assistant .235"]
NAS --> AdGuard TN["TrueNAS .185\nFrigate :30058"]
NAS --> Portainer UDM["UniFi .24"]
NAS --> Homarr NC["Nextcloud cloud.el-kadi.nl"]
NAS --> Homepage MO150["Diverse apps .150\nPortainer, DSM, …"]
NAS --> PromGraf[Prometheus + Grafana] MO117["Change detection .117"]
NAS --> PgAdmin MO203["Minarca .203"]
NAS --> PGbak[Postgres backup] Wazuh["Wazuh .73"]
end
AgentVM[security-agent .105] -.->|HTTP checks| HA
AgentVM -.-> UDM
UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216]
UI105 -.-> DELL56[.56]
``` ```
| Service | Poort | Opmerking | | IP | Systeem | Opmerking |
|---------|-------|-----------| |----|---------|-----------|
| Gitea | 3000 | Config-repo's, Git SSH 2222 | | 192.168.1.235 | Home Assistant | Smart home |
| AdGuard | 3001 | DNS (dashboard haalt stats op) | | 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI |
| Portainer | 9000 | Containerbeheer NAS | | 192.168.1.24 | UniFi | Gateway + controller |
| Homarr / Homepage | 4755 / 3010 | Links naar `.105` voor security | | 192.168.1.150 | mo-nas / apps | Meerdere kleine services |
| Grafana | 3002 | Postgres-datasource → `.105:5433` | | 192.168.1.192 | Homepage LXC | Op pve CT 120 |
| Prometheus | 9090 | Scrapes o.a. Neo4j `.105:2004` | | 192.168.1.173 | NPM | dell LXC 109 |
| postgres (backup) | 5433 | Oude kopie; stoppen na validatie | | 192.168.1.107 | nodecast | pve LXC 119 |
| 192.168.5.24 | Virtualmin | dell LXC (ander subnet) |
## Proxmox VM 105 docker (apart) ---
| VM | IP | Rol | ## 6. Beheer- en config-flow
|----|-----|-----|
| 102 Postgress | 192.168.1.105 | Security + Postgres + Neo4j |
| 105 docker | 192.168.1.227 | `office_desk_agent` :8000 (Proxmox/office tooling) |
## Repo-structuur (Gitea)
```mermaid ```mermaid
flowchart LR sequenceDiagram
Gitea["Gitea :3000\n192.168.1.211"] participant Dev as Ontwikkelaar
Gitea --> CFG[homelab-configs\nDocker compose per app] participant Gitea as Gitea NAS :3000
Gitea --> CMD[homelab-command\nDashboard broncode] participant NAS as NAS Docker
CFG --> DeployNAS[Deploy NAS apps] participant VM as VM102 .105
CFG --> DeployVM[Documentatie VM 102] participant PVE as Proxmox .56/.216
CMD --> BuildVM[Build op VM 102\n~/homelab-command]
Dev->>Gitea: push homelab-configs
Dev->>VM: ssh mo@.105 deploy homelab-command
Dev->>PVE: Web UI / API beheer VMs
NAS->>VM: postgres-exporter scrape
NAS->>Gitea: clone configs voor restore
VM->>PVE: Proxmox API in dashboard
``` ```
| Repository | Inhoud | | Actie | Waar |
|------------|--------| |-------|------|
| `homelab-configs` | Compose, env-voorbeelden, Homarr/Homepage, monitoring | | Git configs | Gitea op NAS |
| `homelab-command` | FastAPI dashboard, mesh-ingest, Grafana-dockerfile | | Security productie | VM 102 (.105) |
| Proxmox beheer | .216 (pve) en .56 (dell) |
| DNS | AdGuard op NAS |
| DB GUI | pgAdmin NAS → Postgres .105 |
## Snelle URL-lijst ---
## 7. Snelle URL-lijst
| Wat | URL | | Wat | URL |
|-----|-----| |-----|-----|
| Security dashboard | http://192.168.1.105:8765/dashboard | | **Security dashboard** | http://192.168.1.105:8765/dashboard |
| Neo4j Browser | http://192.168.1.105:49154 | | **Neo4j Browser** | http://192.168.1.105:49154 |
| pgAdmin | http://192.168.1.211:5434 | | **Proxmox pve** | https://192.168.1.216:8006 |
| Gitea | http://192.168.1.211:3000 | | **Proxmox dell** | https://192.168.1.56:8006 |
| Grafana | http://192.168.1.211:3002 | | **NAS DSM / apps** | http://192.168.1.211:5000 |
| Portainer | http://192.168.1.211:9000 | | **Gitea** | http://192.168.1.211:3000 |
| **pgAdmin** | http://192.168.1.211:5434 |
| **Grafana** | http://192.168.1.211:3002 |
| **AdGuard** | http://192.168.1.211:3001 |
| **Portainer NAS** | http://192.168.1.211:9000 |
| **Homarr** | http://192.168.1.211:4755 |
| **Home Assistant** | http://192.168.1.235:8123 |
| **UniFi** | https://192.168.1.24 |
| **Office agent** | http://192.168.1.227:8000 |
## Rollback ---
- Postgres: zie repo `homelab-command``docs/POSTGRES_ROLLBACK.md``PG_HOST` terug naar `.211`, NAS-container herstarten. ## 8. Rollback Postgres
Zie repo `homelab-command``docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten.
HOMELAB_IPS.md
+49 -14
View File
@@ -1,30 +1,65 @@
# Homelab IP-adressen (referentie) # Homelab IP-adressen (referentie)
## Waar draait wat? ## Kernhosts
| IP | Host | Services | | IP | Host | Rol |
|----|------|----------| |----|------|-----|
| **192.168.1.105** | Proxmox VM 102 `Postgress` | Postgres :5433, Neo4j :4915349155, Dashboard :8765, Syslog UDP :5514, NATS :4222, Security agent | | **192.168.1.211** | Synology NAS | Gitea, AdGuard, Portainer, Grafana, Prometheus, pgAdmin, Homarr, Postgres backup |
| **192.168.1.211** | Synology NAS | Gitea :3000, pgAdmin :5434, Grafana :3002, Prometheus :9090, AdGuard :3001, Portainer :9000, Postgres **backup** :5433 | | **192.168.1.105** | Proxmox VM 102 `Postgress` | **Productie security:** Postgres, Neo4j, Dashboard, syslog, NATS, agent |
| **192.168.1.227** | Proxmox VM 105 `docker` | Office desk agent :8000 | | **192.168.1.227** | Proxmox VM 105 `docker` | Office desk agent :8000 |
| **192.168.1.216** | Proxmox pve | API :8006 | | **192.168.1.216** | Proxmox **pve** | Hypervisor API :8006, veel LXC (vaultwarden, homepage, …) |
| **192.168.1.56** | Proxmox dell | API :8006 | | **192.168.1.56** | Proxmox **dell-proxmox** | Hypervisor API :8006, VM 102/105, NPM, Virtualmin |
## Standaard URLs (productie) ## Netwerk en smart home
- Dashboard: http://192.168.1.105:8765/dashboard | IP | Systeem |
- Neo4j Browser: http://192.168.1.105:49154 |----|---------|
- pgAdmin: http://192.168.1.211:5434 (server → `192.168.1.105:5433`) | 192.168.1.24 | UniFi controller / gateway |
- Gitea: http://192.168.1.211:3000 | 192.168.1.235 | Home Assistant :8123 |
## Env-variabelen (`.env` in repo) ## Proxmox LXC (selectie, running)
| IP | Hostnaam | Proxmox |
|----|----------|---------|
| 192.168.1.192 | homepage | pve CT 120 |
| 192.168.1.173 | nginxproxymanager | dell CT 109 |
| 192.168.1.249 | pegaprox | dell CT 111 |
| 192.168.5.24 | Virtualmin | dell CT 107 |
| 192.168.1.142 | linkwarden | pve CT 105 |
| 192.168.1.107 | nodecast-tv | pve CT 119 |
Volledige LXC-tabel: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md).
## Overige LAN (Homepage / monitoring)
| IP | Systeem |
|----|---------|
| 192.168.1.185 | TrueNAS / Frigate |
| 192.168.1.150 | mo-nas, diverse apps |
| 192.168.1.117 | Change detection |
| 192.168.1.230 | Proxmox (extra node in Homepage) |
## Env-variabelen (`homelab-configs/.env.example`)
```env ```env
NAS_IP=192.168.1.211 NAS_IP=192.168.1.211
VM102_IP=192.168.1.105 VM102_IP=192.168.1.105
PG_HOST=192.168.1.105 PG_HOST=192.168.1.105
PROXMOX_HOST_PVE=192.168.1.216
PROXMOX_HOST_DELL=192.168.1.56
``` ```
## Productie-URLs
| Service | URL |
|---------|-----|
| Security dashboard | http://192.168.1.105:8765/dashboard |
| Neo4j | http://192.168.1.105:49154 |
| Proxmox pve | https://192.168.1.216:8006 |
| Proxmox dell | https://192.168.1.56:8006 |
| Gitea | http://192.168.1.211:3000 |
| pgAdmin | http://192.168.1.211:5434 |
## Syslog ## Syslog
Remote syslog → **192.168.1.105:5514** (niet `.211`). Remote syslog → **192.168.1.105:5514**
README.md
+4 -1
View File
@@ -1,6 +1,9 @@
# Homelab Infrastructure Configuration # Homelab Infrastructure Configuration
Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox VM 102 (`192.168.1.105`). Zie [HOMELAB_IPS.md](HOMELAB_IPS.md). Private Gitea-repo met **alle configs per applicatie** voor Synology NAS (`192.168.1.211`) en Proxmox VM 102 (`192.168.1.105`).
- **Architectuur-diagrammen:** [ARCHITECTURE.md](ARCHITECTURE.md) (Proxmox, NAS, security stack, LAN)
- **IP-lijst:** [HOMELAB_IPS.md](HOMELAB_IPS.md)
**Snel herstellen:** [RESTORE.md](RESTORE.md) **Snel herstellen:** [RESTORE.md](RESTORE.md)
**Volledige inventaris:** [INVENTORY.md](INVENTORY.md) **Volledige inventaris:** [INVENTORY.md](INVENTORY.md)