# Homelab architectuur Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102. Korte IP-lijst: [HOMELAB_IPS.md](HOMELAB_IPS.md) · Inventaris: [INVENTORY.md](INVENTORY.md) · Proxmox detail: [apps/proxmox/lxc-inventory.md](apps/proxmox/lxc-inventory.md). --- ## 1. LAN-overzicht ```mermaid flowchart TB subgraph core [Kern infrastructuur] NAS["Synology NAS\n192.168.1.211"] PVE["Proxmox pve\n192.168.1.216 :8006"] DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"] end subgraph vm102 [VM 102 Postgress] VM102["192.168.1.105\nSecurity stack"] end subgraph vm105 [VM 105 docker] VM227["192.168.1.227\noffice_desk_agent"] end subgraph network [Netwerk en DNS] UDM["UniFi UDM\n192.168.1.24"] AdGuard["AdGuard NAS\n:3001 / :53"] end subgraph smarthome [Smart home] HA["Home Assistant\n192.168.1.235 :8123"] end subgraph storage [Storage / media elders] TN["TrueNAS\n192.168.1.185"] end Internet((Internet)) --> UDM UDM --> AdGuard AdGuard --> NAS AdGuard --> PVE AdGuard --> DELL AdGuard --> VM102 AdGuard --> HA User["Browser / Git"] --> NAS User --> VM102 User --> PVE User --> DELL PVE --> VM102 DELL --> VM102 DELL --> VM227 NAS -->|"Gitea configs"| PVE NAS -->|"Gitea configs"| DELL ``` --- ## 2. Proxmox — twee clusters Configs in repo: `apps/proxmox/hosts/pve/` en `apps/proxmox/hosts/dell-proxmox/`. Pull live LXC-configs: `python3 scripts/pull-lxc-from-proxmox.py` (vanaf NAS). ```mermaid flowchart TB subgraph pve216 [pve — 192.168.1.216] direction TB PVE_API["Web UI :8006"] subgraph pve_lxc [LXC running] L104[vaultwarden .5] L105[linkwarden .142] L107[pve-scripts .23] L117[Proxy .165] L118[paymenter .45] L119[nodecast .99] L120[homepage .192] L121[nginxproxymanager] L100[autocaliweb] L102[clawbot] end subgraph pve_vm [QEMU] Q101[W11 — stopped] Q111[Syno-latest — stopped] end end subgraph dell56 [dell-proxmox — 192.168.1.56] direction TB DELL_API["Web UI :8006"] subgraph dell_qemu [QEMU running] Q102["102 Postgress\n→ .105 security"] Q104[kassa-dev] Q105["105 docker\n→ .227 office agent"] Q114[DeepseekTUI] end subgraph dell_lxc [LXC running] D107[Virtualmin 192.168.5.24] D109[nginxproxymanager .173] D111[pegaprox .249] end subgraph dell_stopped [QEMU stopped] Q101s[opnsense] Q103[Synology] end end NAS["NAS .211\nbeheer / Gitea"] --> PVE_API NAS --> DELL_API ``` ### Proxmox — tabel (belangrijkste systemen) | Host | IP | VMID | Naam | Type | IP app | Rol | |------|-----|------|------|------|--------|-----| | **dell** | .56 | 102 | Postgress | QEMU | **.105** | Postgres, Neo4j, Homelab Command, syslog, NATS, agent | | **dell** | .56 | 105 | docker | QEMU | **.227** | Office desk agent :8000 | | **dell** | .56 | 104 | kassa-dev | QEMU | — | Kassa dev | | **dell** | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI | | **dell** | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting | | **dell** | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy | | **dell** | .56 | 111 | pegaprox | LXC | .249 | Proxy | | **pve** | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 | | **pve** | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden | | **pve** | .216 | 105 | linkwarden | LXC | .142 | Bookmarks | | **pve** | .216 | 119 | nodecast-tv | LXC | .107 | Media | | **pve** | .216 | 117 | Proxy | LXC | .165 | Proxy | | **pve** | .216 | 118 | paymenter | LXC | .45 | Billing | | **pve** | .216 | 121 | nginxproxymanager | LXC | — | NPM | > Veel LXCs staan **stopped** (immich, n8n, tunarr, …) — zie [lxc-inventory.md](apps/proxmox/lxc-inventory.md). --- ## 3. Synology NAS — Docker ```mermaid flowchart LR subgraph nas211 [NAS 192.168.1.211] direction TB subgraph infra [Infra en Git] Gitea[Gitea :3000\nSSH :2222] Portainer[Portainer :9000] DuckDNS[DuckDNS] end subgraph data [Data en DNS] PgAdmin[pgAdmin :5434] PGBak[(Postgres backup :5433)] AdGuard[AdGuard :3001] end subgraph monitor [Monitoring] Prom[Prometheus :9090] Graf[Grafana :3002] PGexp[postgres-exporter :9187] end subgraph apps [Apps] Homarr[Homarr :4755] Remote[Remotely :8080] Excal[Excalidraw :3765] end end PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)] Graf --> VM102PG PGexp --> VM102PG Prom --> PGexp Prom --> Neo4jVM[Neo4j .105 :2004] ``` | Service | Poort | Verbonden met | |---------|-------|----------------| | Gitea | 3000 | Config-repo's (`homelab-configs`, `homelab-command`) | | pgAdmin | 5434 | Postgres **productie** op .105:5433 | | AdGuard | 3001, 53 | LAN DNS-filter | | Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS | | Postgres (backup) | 5433 | Oude kopie; rollback | | Homarr / Homepage links | 4755 | Wijzen naar .105 voor security | --- ## 4. Security stack (productie VM 102) ```mermaid flowchart LR subgraph sources [Ingest bronnen] UniFi[UniFi .24] SyslogDev[Switches / APs / routers] Zeek[Zeek / Suricata] end subgraph vm105 [192.168.1.105 — VM 102] UI[homelab-command :8765] SyslogUDP[Syslog UDP :5514] PG[(postgres-homelab :5433)] Neo[(Neo4j :49153\nBrowser :49154)] NATS[NATS :4222] Mesh[mesh-normalizer] Agent[el-kadi-security-agent] end SyslogDev -->|UDP| SyslogUDP UniFi -->|API| UI Zeek -->|NATS| NATS NATS --> Mesh SyslogUDP --> PG UI --> PG UI --> Neo Mesh --> PG Agent --> PG UI -->|DNS stats| AdGuardNAS[AdGuard .211] ``` | Datastroom | Protocol | Doel | |------------|----------|------| | Syslog | UDP 5514 → .105 | `mesh.syslog_entries` | | UniFi poll | HTTPS .24 | `mesh.unifi_polls` | | Mesh events | NATS 4222 | `mesh.network_flows` | | Agent | loop 300s | `agent.*` | | Dashboard | HTTP 8765 | UI + API | --- ## 5. Overige LAN-systemen Deze draaien **niet** op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig. ```mermaid flowchart TB subgraph lan_other [Andere vaste systemen] HA["Home Assistant .235"] TN["TrueNAS .185\nFrigate :30058"] UDM["UniFi .24"] NC["Nextcloud cloud.el-kadi.nl"] MO150["Diverse apps .150\nPortainer, DSM, …"] MO117["Change detection .117"] MO203["Minarca .203"] Wazuh["Wazuh .73"] end AgentVM[security-agent .105] -.->|HTTP checks| HA AgentVM -.-> UDM UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216] UI105 -.-> DELL56[.56] ``` | IP | Systeem | Opmerking | |----|---------|-----------| | 192.168.1.235 | Home Assistant | Smart home | | 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI | | 192.168.1.24 | UniFi | Gateway + controller | | 192.168.1.150 | mo-nas / apps | Meerdere kleine services | | 192.168.1.192 | Homepage LXC | Op pve CT 120 | | 192.168.1.173 | NPM | dell LXC 109 | | 192.168.1.107 | nodecast | pve LXC 119 | | 192.168.5.24 | Virtualmin | dell LXC (ander subnet) | --- ## 6. Beheer- en config-flow ```mermaid sequenceDiagram participant Dev as Ontwikkelaar participant Gitea as Gitea NAS :3000 participant NAS as NAS Docker participant VM as VM102 .105 participant PVE as Proxmox .56/.216 Dev->>Gitea: push homelab-configs Dev->>VM: ssh mo@.105 deploy homelab-command Dev->>PVE: Web UI / API beheer VMs NAS->>VM: postgres-exporter scrape NAS->>Gitea: clone configs voor restore VM->>PVE: Proxmox API in dashboard ``` | Actie | Waar | |-------|------| | Git configs | Gitea op NAS | | Security productie | VM 102 (.105) | | Proxmox beheer | .216 (pve) en .56 (dell) | | DNS | AdGuard op NAS | | DB GUI | pgAdmin NAS → Postgres .105 | --- ## 7. Snelle URL-lijst | Wat | URL | |-----|-----| | **Security dashboard** | http://192.168.1.105:8765/dashboard | | **Neo4j Browser** | http://192.168.1.105:49154 | | **Proxmox pve** | https://192.168.1.216:8006 | | **Proxmox dell** | https://192.168.1.56:8006 | | **NAS DSM / apps** | http://192.168.1.211:5000 | | **Gitea** | http://192.168.1.211:3000 | | **pgAdmin** | http://192.168.1.211:5434 | | **Grafana** | http://192.168.1.211:3002 | | **AdGuard** | http://192.168.1.211:3001 | | **Portainer NAS** | http://192.168.1.211:9000 | | **Homarr** | http://192.168.1.211:4755 | | **Home Assistant** | http://192.168.1.235:8123 | | **UniFi** | https://192.168.1.24 | | **Office agent** | http://192.168.1.227:8000 | --- ## 8. Rollback Postgres Zie repo `homelab-command` → `docs/POSTGRES_ROLLBACK.md`: `PG_HOST` terug naar `.211` en NAS-container `postgres-homelab` herstarten.