mo
3a77680477
Document pve (.216) and dell (.56) VMs/LXCs, other LAN services, management flows, and update HOMELAB_IPS reference table. Co-authored-by: Cursor <cursoragent@cursor.com>
8.5 KiB
8.5 KiB
Homelab architectuur
Volledig overzicht van hosts, Proxmox, NAS Docker en de security stack op VM 102.
Korte IP-lijst: HOMELAB_IPS.md · Inventaris: INVENTORY.md · Proxmox detail: apps/proxmox/lxc-inventory.md.
1. LAN-overzicht
flowchart TB
subgraph core [Kern infrastructuur]
NAS["Synology NAS\n192.168.1.211"]
PVE["Proxmox pve\n192.168.1.216 :8006"]
DELL["Proxmox dell-proxmox\n192.168.1.56 :8006"]
end
subgraph vm102 [VM 102 Postgress]
VM102["192.168.1.105\nSecurity stack"]
end
subgraph vm105 [VM 105 docker]
VM227["192.168.1.227\noffice_desk_agent"]
end
subgraph network [Netwerk en DNS]
UDM["UniFi UDM\n192.168.1.24"]
AdGuard["AdGuard NAS\n:3001 / :53"]
end
subgraph smarthome [Smart home]
HA["Home Assistant\n192.168.1.235 :8123"]
end
subgraph storage [Storage / media elders]
TN["TrueNAS\n192.168.1.185"]
end
Internet((Internet)) --> UDM
UDM --> AdGuard
AdGuard --> NAS
AdGuard --> PVE
AdGuard --> DELL
AdGuard --> VM102
AdGuard --> HA
User["Browser / Git"] --> NAS
User --> VM102
User --> PVE
User --> DELL
PVE --> VM102
DELL --> VM102
DELL --> VM227
NAS -->|"Gitea configs"| PVE
NAS -->|"Gitea configs"| DELL
2. Proxmox — twee clusters
Configs in repo: apps/proxmox/hosts/pve/ en apps/proxmox/hosts/dell-proxmox/.
Pull live LXC-configs: python3 scripts/pull-lxc-from-proxmox.py (vanaf NAS).
flowchart TB
subgraph pve216 [pve — 192.168.1.216]
direction TB
PVE_API["Web UI :8006"]
subgraph pve_lxc [LXC running]
L104[vaultwarden .5]
L105[linkwarden .142]
L107[pve-scripts .23]
L117[Proxy .165]
L118[paymenter .45]
L119[nodecast .99]
L120[homepage .192]
L121[nginxproxymanager]
L100[autocaliweb]
L102[clawbot]
end
subgraph pve_vm [QEMU]
Q101[W11 — stopped]
Q111[Syno-latest — stopped]
end
end
subgraph dell56 [dell-proxmox — 192.168.1.56]
direction TB
DELL_API["Web UI :8006"]
subgraph dell_qemu [QEMU running]
Q102["102 Postgress\n→ .105 security"]
Q104[kassa-dev]
Q105["105 docker\n→ .227 office agent"]
Q114[DeepseekTUI]
end
subgraph dell_lxc [LXC running]
D107[Virtualmin 192.168.5.24]
D109[nginxproxymanager .173]
D111[pegaprox .249]
end
subgraph dell_stopped [QEMU stopped]
Q101s[opnsense]
Q103[Synology]
end
end
NAS["NAS .211\nbeheer / Gitea"] --> PVE_API
NAS --> DELL_API
Proxmox — tabel (belangrijkste systemen)
| Host | IP | VMID | Naam | Type | IP app | Rol |
|---|---|---|---|---|---|---|
| dell | .56 | 102 | Postgress | QEMU | .105 | Postgres, Neo4j, Homelab Command, syslog, NATS, agent |
| dell | .56 | 105 | docker | QEMU | .227 | Office desk agent :8000 |
| dell | .56 | 104 | kassa-dev | QEMU | — | Kassa dev |
| dell | .56 | 114 | DeepseekTUI | QEMU | — | Deepseek TUI |
| dell | .56 | 107 | Virtualmin | LXC | 192.168.5.24 | Web hosting |
| dell | .56 | 109 | nginxproxymanager | LXC | .173 | Reverse proxy |
| dell | .56 | 111 | pegaprox | LXC | .249 | Proxy |
| pve | .216 | 120 | homepage | LXC | .192 | Homepage dashboard :3000 |
| pve | .216 | 104 | vaultwarden | LXC | .5 | Wachtwoorden |
| pve | .216 | 105 | linkwarden | LXC | .142 | Bookmarks |
| pve | .216 | 119 | nodecast-tv | LXC | .107 | Media |
| pve | .216 | 117 | Proxy | LXC | .165 | Proxy |
| pve | .216 | 118 | paymenter | LXC | .45 | Billing |
| pve | .216 | 121 | nginxproxymanager | LXC | — | NPM |
Veel LXCs staan stopped (immich, n8n, tunarr, …) — zie lxc-inventory.md.
3. Synology NAS — Docker
flowchart LR
subgraph nas211 [NAS 192.168.1.211]
direction TB
subgraph infra [Infra en Git]
Gitea[Gitea :3000\nSSH :2222]
Portainer[Portainer :9000]
DuckDNS[DuckDNS]
end
subgraph data [Data en DNS]
PgAdmin[pgAdmin :5434]
PGBak[(Postgres backup :5433)]
AdGuard[AdGuard :3001]
end
subgraph monitor [Monitoring]
Prom[Prometheus :9090]
Graf[Grafana :3002]
PGexp[postgres-exporter :9187]
end
subgraph apps [Apps]
Homarr[Homarr :4755]
Remote[Remotely :8080]
Excal[Excalidraw :3765]
end
end
PgAdmin -->|SQL| VM102PG[(Postgres VM102 :5433)]
Graf --> VM102PG
PGexp --> VM102PG
Prom --> PGexp
Prom --> Neo4jVM[Neo4j .105 :2004]
| Service | Poort | Verbonden met |
|---|---|---|
| Gitea | 3000 | Config-repo's (homelab-configs, homelab-command) |
| pgAdmin | 5434 | Postgres productie op .105:5433 |
| AdGuard | 3001, 53 | LAN DNS-filter |
| Prometheus + Grafana | 9090, 3002 | Scrape VM102 + NAS |
| Postgres (backup) | 5433 | Oude kopie; rollback |
| Homarr / Homepage links | 4755 | Wijzen naar .105 voor security |
4. Security stack (productie VM 102)
flowchart LR
subgraph sources [Ingest bronnen]
UniFi[UniFi .24]
SyslogDev[Switches / APs / routers]
Zeek[Zeek / Suricata]
end
subgraph vm105 [192.168.1.105 — VM 102]
UI[homelab-command :8765]
SyslogUDP[Syslog UDP :5514]
PG[(postgres-homelab :5433)]
Neo[(Neo4j :49153\nBrowser :49154)]
NATS[NATS :4222]
Mesh[mesh-normalizer]
Agent[el-kadi-security-agent]
end
SyslogDev -->|UDP| SyslogUDP
UniFi -->|API| UI
Zeek -->|NATS| NATS
NATS --> Mesh
SyslogUDP --> PG
UI --> PG
UI --> Neo
Mesh --> PG
Agent --> PG
UI -->|DNS stats| AdGuardNAS[AdGuard .211]
| Datastroom | Protocol | Doel |
|---|---|---|
| Syslog | UDP 5514 → .105 | mesh.syslog_entries |
| UniFi poll | HTTPS .24 | mesh.unifi_polls |
| Mesh events | NATS 4222 | mesh.network_flows |
| Agent | loop 300s | agent.* |
| Dashboard | HTTP 8765 | UI + API |
5. Overige LAN-systemen
Deze draaien niet op NAS of VM 102, maar staan in Homarr/Homepage en worden door de security agent gemonitord waar nodig.
flowchart TB
subgraph lan_other [Andere vaste systemen]
HA["Home Assistant .235"]
TN["TrueNAS .185\nFrigate :30058"]
UDM["UniFi .24"]
NC["Nextcloud cloud.el-kadi.nl"]
MO150["Diverse apps .150\nPortainer, DSM, …"]
MO117["Change detection .117"]
MO203["Minarca .203"]
Wazuh["Wazuh .73"]
end
AgentVM[security-agent .105] -.->|HTTP checks| HA
AgentVM -.-> UDM
UI105[homelab-command .105] -.->|Proxmox API| PVE216[.216]
UI105 -.-> DELL56[.56]
| IP | Systeem | Opmerking |
|---|---|---|
| 192.168.1.235 | Home Assistant | Smart home |
| 192.168.1.185 | TrueNAS / Frigate | NVR / camera AI |
| 192.168.1.24 | UniFi | Gateway + controller |
| 192.168.1.150 | mo-nas / apps | Meerdere kleine services |
| 192.168.1.192 | Homepage LXC | Op pve CT 120 |
| 192.168.1.173 | NPM | dell LXC 109 |
| 192.168.1.107 | nodecast | pve LXC 119 |
| 192.168.5.24 | Virtualmin | dell LXC (ander subnet) |
6. Beheer- en config-flow
sequenceDiagram
participant Dev as Ontwikkelaar
participant Gitea as Gitea NAS :3000
participant NAS as NAS Docker
participant VM as VM102 .105
participant PVE as Proxmox .56/.216
Dev->>Gitea: push homelab-configs
Dev->>VM: ssh mo@.105 deploy homelab-command
Dev->>PVE: Web UI / API beheer VMs
NAS->>VM: postgres-exporter scrape
NAS->>Gitea: clone configs voor restore
VM->>PVE: Proxmox API in dashboard
| Actie | Waar |
|---|---|
| Git configs | Gitea op NAS |
| Security productie | VM 102 (.105) |
| Proxmox beheer | .216 (pve) en .56 (dell) |
| DNS | AdGuard op NAS |
| DB GUI | pgAdmin NAS → Postgres .105 |
7. Snelle URL-lijst
| Wat | URL |
|---|---|
| Security dashboard | http://192.168.1.105:8765/dashboard |
| Neo4j Browser | http://192.168.1.105:49154 |
| Proxmox pve | https://192.168.1.216:8006 |
| Proxmox dell | https://192.168.1.56:8006 |
| NAS DSM / apps | http://192.168.1.211:5000 |
| Gitea | http://192.168.1.211:3000 |
| pgAdmin | http://192.168.1.211:5434 |
| Grafana | http://192.168.1.211:3002 |
| AdGuard | http://192.168.1.211:3001 |
| Portainer NAS | http://192.168.1.211:9000 |
| Homarr | http://192.168.1.211:4755 |
| Home Assistant | http://192.168.1.235:8123 |
| UniFi | https://192.168.1.24 |
| Office agent | http://192.168.1.227:8000 |
8. Rollback Postgres
Zie repo homelab-command → docs/POSTGRES_ROLLBACK.md: PG_HOST terug naar .211 en NAS-container postgres-homelab herstarten.