homelab-configs/ARCHITECTURE.md

Homelab architectuur

Overzicht van hoe de diensten bij elkaar hangen na de verplaatsing van de security stack naar Proxmox VM 102. Vaste IP-referentie: HOMELAB_IPS.md.

Fysieke hosts

flowchart TB
  subgraph lan [LAN 192.168.1.0/24]
    NAS["Synology NAS\n192.168.1.211"]
    VM102["Proxmox VM 102 Postgress\n192.168.1.105"]
    VM105["Proxmox VM 105 docker\n192.168.1.227"]
    PVE216["Proxmox pve\n192.168.1.216"]
    PVE56["Proxmox dell\n192.168.1.56"]
    UDM["UniFi / gateway\n192.168.1.24"]
    HA["Home Assistant\n192.168.1.235"]
  end
  User["Browser / Git client"] --> NAS
  User --> VM102

Security stack (productie op VM 102)

Het hart van monitoring, syslog, graph en agent-draait op één VM. De NAS toont nog dashboards in Homarr/Homepage en beheert Git + metrics.

flowchart LR
  subgraph sources [Data-bronnen LAN]
    UniFi[UniFi controller .24]
    SyslogDev[Routers / switches / APs]
    Zeek[Zeek / Suricata]
  end

  subgraph vm102 [VM 102 — 192.168.1.105]
    UI[homelab-command :8765]
    SyslogUDP[Syslog UDP :5514]
    PG[(postgres-homelab :5433)]
    Neo[(Neo4j :49153 / UI :49154)]
    NATS[NATS :4222]
    Mesh[mesh-normalizer]
    Agent[el-kadi-security-agent]
  end

  subgraph nas [NAS — 192.168.1.211]
    Gitea[Gitea :3000]
    PgAdmin[pgAdmin :5434]
    Graf[Grafana :3002]
    Prom[Prometheus :9090]
    PGexp[postgres-exporter :9187]
    AdGuard[AdGuard :3001]
    PGBkp[(postgres-homelab backup :5433)]
  end

  User2[Gebruiker] --> UI
  User2 --> PgAdmin
  PgAdmin --> PG
  Graf --> PG
  Prom --> PGexp
  PGexp --> PG

  SyslogDev -->|UDP 5514| SyslogUDP
  UniFi -->|API| UI
  Zeek -->|NATS publish| NATS
  NATS --> Mesh
  SyslogUDP --> PG
  UI --> PG
  UI --> Neo
  Mesh --> PG
  Agent --> PG
  AdGuard -->|DNS stats API| UI

  PG -.->|rollback kopie| PGBkp

Datastromen

Stroom	Van	Naar	Poort / protocol
Dashboard UI	Browser	VM 102	HTTP 8765
SQL (homelab DB)	homelab-command, agent, mesh	Postgres VM 102	5433
Syslog ingest	Netwerkapparaten	homelab-command	UDP 5514 → mesh.syslog_entries
Zeek/Suricata events	Sensors	NATS → mesh-normalizer	4222 → Postgres
Netwerk-topologie	homelab-command	Neo4j VM 102	Bolt 49153
DB beheer	pgAdmin (NAS)	Postgres VM 102	5433
Metrics	Prometheus (NAS)	postgres-exporter → VM 102	9187 scrape
Git configs	Ontwikkelaar	Gitea (NAS)	3000 / SSH 2222

NAS — overige Docker (niet op VM 102)

flowchart TB
  NAS["192.168.1.211"]
  NAS --> Gitea
  NAS --> AdGuard
  NAS --> Portainer
  NAS --> Homarr
  NAS --> Homepage
  NAS --> PromGraf[Prometheus + Grafana]
  NAS --> PgAdmin
  NAS --> PGbak[Postgres backup]

Service	Poort	Opmerking
Gitea	3000	Config-repo's, Git SSH 2222
AdGuard	3001	DNS (dashboard haalt stats op)
Portainer	9000	Containerbeheer NAS
Homarr / Homepage	4755 / 3010	Links naar .105 voor security
Grafana	3002	Postgres-datasource → .105:5433
Prometheus	9090	Scrapes o.a. Neo4j .105:2004
postgres (backup)	5433	Oude kopie; stoppen na validatie

Proxmox VM 105 docker (apart)

VM	IP	Rol
102 Postgress	192.168.1.105	Security + Postgres + Neo4j
105 docker	192.168.1.227	office_desk_agent :8000 (Proxmox/office tooling)

Repo-structuur (Gitea)

flowchart LR
  Gitea["Gitea :3000\n192.168.1.211"]
  Gitea --> CFG[homelab-configs\nDocker compose per app]
  Gitea --> CMD[homelab-command\nDashboard broncode]
  CFG --> DeployNAS[Deploy NAS apps]
  CFG --> DeployVM[Documentatie VM 102]
  CMD --> BuildVM[Build op VM 102\n~/homelab-command]

Repository	Inhoud
homelab-configs	Compose, env-voorbeelden, Homarr/Homepage, monitoring
homelab-command	FastAPI dashboard, mesh-ingest, Grafana-dockerfile

Snelle URL-lijst

Wat	URL
Security dashboard	http://192.168.1.105:8765/dashboard
Neo4j Browser	http://192.168.1.105:49154
pgAdmin	http://192.168.1.211:5434
Gitea	http://192.168.1.211:3000
Grafana	http://192.168.1.211:3002
Portainer	http://192.168.1.211:9000

Rollback

• Postgres: zie homelab-command/docs/POSTGRES_ROLLBACK.md (in homelab-command repo) — PG_HOST terug naar .211, NAS-container herstarten.