# homelab * OPNsense firewall: https://opnsense.hh.lan * Proxmox virtualization cluster: https://proxmox1.hh.lan ## services * HomeAssistant home automation * http://homeassistant.local:8123/ * https://ha.hh.lan * Frigate NVR (security cameras): https://frigate.local:8971 * Paperless document repository: https://paperless.hh.lan ### Gitea * http://gitea.hh.lan:3000 * SSH key stored in bitwarden * used `docker-compose-template` VM template * Moved host `sshd` to `tcp:2222` so gitea container can use `tcp:22` ## things to set up ### Caddy ### Authentik ### CrashPlan (or other backup service) ### Home auth ## Hardware * unnamed switch (TODO) * [Mikrotik CSS318-16G-2S+IN](https://mikrotik.com/product/css318_16g_2s_in#fndtn-downloads) * SwOS management interface: http://192.168.86.54 * [manual](https://help.mikrotik.com/docs/spaces/SWOS/pages/76415036/CRS3xx+and+CSS326-24G-2S+series+Manual#CRS3xxandCSS32624G2S+seriesManual-LAG) ## Network ```mermaid graph TD; internet((Internet))<-->nest_wifi_pro(Nest Wifi Pro); nest_wifi_pro<-->mikrotik; mikrotik<==>LACP(LACP/VLAN trunk); LACP<-->vlan86; LACP<-->vlan200; vlan86<-->proxmox_eth0[eth0]<-->proxmox; vlan86<-->proxmox_eth1[eth1]<-->proxmox; vlan200<-->proxmox_eth0[eth0]<-->proxmox; vlan200<-->proxmox_eth1[eth1]<-->proxmox; proxmox<-->bond0<-->vmbr0<-->VMs; vlan200<-->vault_eth3[eth3]<-->vault; vlan200<-->vault_eth4[eth4]<-->vault; ``` ### DNS ```mermaid graph LR; internet((Internet))<-->porkbun; porkbun<-->hobbithole_org(hobbithole.org); hobbithole_org<-->opnsense; opnsense<-->caddy; caddy<-->vault; caddy<-->proxmox; opnsense<-->hh_lan(hh.lan)<-->bind<-->unbound; unbound<-->vault; unbound<-->proxmox; proxmox[proxmox + VMs]; ``` * External domain: `hobbithole.org` * Hosted on SquareSpace, about to move over to PorkBun * Transfer requested [[2025-06-15]] * Email forwarding * gandalf@hobbithole.org --> gibsta@gmail.com * treasury@hobbithole.org --> hobbitholetreasury@googlegroups.com * Records | Host | Type | Priority | TTL | Data | | -------------- | ----- | -------- | ----- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | @ | A | N/A | 4 hrs | 66.186.208.83 | | backup | CNAME | N/A | 4 hrs | hobbithole.org | | frigate | CNAME | N/A | 4 hrs | hobbithole.org | | home | CNAME | N/A | 4 hrs | hobbithole.org | | nestmtx | CNAME | N/A | 4 hrs | hobbithole.org | | radarr | CNAME | N/A | 4 hrs | hobbithole.org | | sab | CNAME | N/A | 4 hrs | hobbithole.org | | sonarr | CNAME | N/A | 4 hrs | hobbithole.org | | tv | CNAME | N/A | 4 hrs | hobbithole.org | | vault | CNAME | N/A | 4 hrs | hobbithole.org | | y3t4fz4ttvom | CNAME | N/A | 4 hrs | gv-3ccjjbudvp5ki7.dv.googlehosted.com | | @ | MX | N/A | 4 hrs | mxa.mailgun.org | | @ | MX | N/A | 4 hrs | mxb.mailgun.org | | @ | TXT | N/A | 4 hrs | v=spf1 include:mailgun.org ~all | | krs._domainkey | TXT | N/A | 4 hrs | k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDjzUREnJNjiTg2oKAUdaFixMkblPmbiQTW2kinGFIFji16qN50L02DyBxanRz9Z2IK/uhLJ0I4angMTuSr338/ZE6xfjuJIqNMIOw0kgPnxo4qj5HxDiygUSbLHuxMnWzlOddzGgHpytPgpk9gYlw3b2Tt0K5Ym20ie7GaAXv+QIDAQAB | * Internal domain: `hh.lan` * Unbound transparent domain --> BIND authoritative domain * Hosted on OPNsense * ### IPAM * wifi: `192.168.86.0/24` * services: `192.168.200.0/24` * ## Proxmox ### Hosts * `proxmox1.hh.lan` * 192.168.200.101 * `proxmox2.hh.lan` * 192.168.200.102 * `proxmox3.hh.lan` * 192.168.200.103 [//begin]: # "Autogenerated link references for markdown compatibility" [2025-06-15]: 2025-06-15.md "2025-06-15" [//end]: # "Autogenerated link references"