# Homelab architectuur Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de **security stack** naar Proxmox VM 102. Vaste IP-referentie: [HOMELAB_IPS.md](HOMELAB_IPS.md). ## Fysieke hosts ```mermaid flowchart TB subgraph lan [LAN 192.168.1.0/24] NAS["Synology NAS\n192.168.1.211"] VM102["Proxmox VM 102 Postgress\n192.168.1.105"] VM105["Proxmox VM 105 docker\n192.168.1.227"] PVE216["Proxmox pve\n192.168.1.216"] PVE56["Proxmox dell\n192.168.1.56"] UDM["UniFi / gateway\n192.168.1.24"] HA["Home Assistant\n192.168.1.235"] end User["Browser / Git client"] --> NAS User --> VM102 ``` ## Security stack (productie op VM 102) Het hart van monitoring, syslog, graph en agent-draait op **één VM**. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics. ```mermaid flowchart LR subgraph sources [Data-bronnen LAN] UniFi[UniFi controller .24] SyslogDev[Routers / switches / APs] Zeek[Zeek / Suricata] end subgraph vm102 [VM 102 — 192.168.1.105] UI[homelab-command :8765] SyslogUDP[Syslog UDP :5514] PG[(postgres-homelab :5433)] Neo[(Neo4j :49153 / UI :49154)] NATS[NATS :4222] Mesh[mesh-normalizer] Agent[el-kadi-security-agent] end subgraph nas [NAS — 192.168.1.211] Gitea[Gitea :3000] PgAdmin[pgAdmin :5434] Graf[Grafana :3002] Prom[Prometheus :9090] PGexp[postgres-exporter :9187] AdGuard[AdGuard :3001] PGBkp[(postgres-homelab backup :5433)] end User2[Gebruiker] --> UI User2 --> PgAdmin PgAdmin --> PG Graf --> PG Prom --> PGexp PGexp --> PG SyslogDev -->|UDP 5514| SyslogUDP UniFi -->|API| UI Zeek -->|NATS publish| NATS NATS --> Mesh SyslogUDP --> PG UI --> PG UI --> Neo Mesh --> PG Agent --> PG AdGuard -->|DNS stats API| UI PG -.->|rollback kopie| PGBkp ``` ## Datastromen | Stroom | Van | Naar | Poort / protocol | |--------|-----|------|------------------| | Dashboard UI | Browser | VM 102 | HTTP 8765 | | SQL (homelab DB) | homelab-command, agent, mesh | Postgres VM 102 | 5433 | | Syslog ingest | Netwerkapparaten | homelab-command | UDP 5514 → `mesh.syslog_entries` | | Zeek/Suricata events | Sensors | NATS → mesh-normalizer | 4222 → Postgres | | Netwerk-topologie | homelab-command | Neo4j VM 102 | Bolt 49153 | | DB beheer | pgAdmin (NAS) | Postgres VM 102 | 5433 | | Metrics | Prometheus (NAS) | postgres-exporter → VM 102 | 9187 scrape | | Git configs | Ontwikkelaar | Gitea (NAS) | 3000 / SSH 2222 | ## NAS — overige Docker (niet op VM 102) ```mermaid flowchart TB NAS["192.168.1.211"] NAS --> Gitea NAS --> AdGuard NAS --> Portainer NAS --> Homarr NAS --> Homepage NAS --> PromGraf[Prometheus + Grafana] NAS --> PgAdmin NAS --> PGbak[Postgres backup] ``` | Service | Poort | Opmerking | |---------|-------|-----------| | Gitea | 3000 | Config-repo's, Git SSH 2222 | | AdGuard | 3001 | DNS (dashboard haalt stats op) | | Portainer | 9000 | Containerbeheer NAS | | Homarr / Homepage | 4755 / 3010 | Links naar `.105` voor security | | Grafana | 3002 | Postgres-datasource → `.105:5433` | | Prometheus | 9090 | Scrapes o.a. Neo4j `.105:2004` | | postgres (backup) | 5433 | Oude kopie; stoppen na validatie | ## Proxmox VM 105 docker (apart) | VM | IP | Rol | |----|-----|-----| | 102 Postgress | 192.168.1.105 | Security + Postgres + Neo4j | | 105 docker | 192.168.1.227 | `office_desk_agent` :8000 (Proxmox/office tooling) | ## Repo-structuur (Gitea) ```mermaid flowchart LR Gitea["Gitea :3000\n192.168.1.211"] Gitea --> CFG[homelab-configs\nDocker compose per app] Gitea --> CMD[homelab-command\nDashboard broncode] CFG --> DeployNAS[Deploy NAS apps] CFG --> DeployVM[Documentatie VM 102] CMD --> BuildVM[Build op VM 102\n~/homelab-command] ``` | Repository | Inhoud | |------------|--------| | `homelab-configs` | Compose, env-voorbeelden, Homarr/Homepage, monitoring | | `homelab-command` | FastAPI dashboard, mesh-ingest, Grafana-dockerfile | ## Snelle URL-lijst | Wat | URL | |-----|-----| | Security dashboard | http://192.168.1.105:8765/dashboard | | Neo4j Browser | http://192.168.1.105:49154 | | pgAdmin | http://192.168.1.211:5434 | | Gitea | http://192.168.1.211:3000 | | Grafana | http://192.168.1.211:3002 | | Portainer | http://192.168.1.211:9000 | ## Rollback - Postgres: zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md` — `PG_HOST` terug naar `.211`, NAS-container herstarten.