# homelab

* OPNsense firewall: https://opnsense.hh.lan
* Proxmox virtualization cluster: https://proxmox1.hh.lan

## services

* HomeAssistant home automation
  * http://homeassistant.local:8123/
  * https://ha.hh.lan
* Frigate NVR (security cameras): https://frigate.local:8971
* Paperless document repository: https://paperless.hh.lan

### Gitea

* http://gitea.hh.lan:3000
* SSH key stored in bitwarden
* used `docker-compose-template` VM template
* Moved host `sshd` to `tcp:2222` so gitea container can use `tcp:22`

## things to set up

### Caddy

### Authentik

### CrashPlan (or other backup service)

### Home auth

## Network

```mermaid
graph TD;
  internet((Internet))<-->nest_wifi_pro(Nest Wifi Pro);
  nest_wifi_pro<-->microtik;
  microtik<==>LACP(LACP/VLAN trunk);
  LACP<-->vlan86;
  LACP<-->vlan200;
  vlan86<-->proxmox_eth0[eth0]<-->proxmox;
  vlan86<-->proxmox_eth1[eth1]<-->proxmox;
  vlan200<-->proxmox_eth0[eth0]<-->proxmox;
  vlan200<-->proxmox_eth1[eth1]<-->proxmox;
  proxmox<-->bond0<-->vmbr0<-->VMs;
  vlan200<-->vault_eth3[eth3]<-->vault;
  vlan200<-->vault_eth4[eth4]<-->vault;
```

### DNS

```mermaid
graph LR;
  internet((Internet))<-->porkbun;
  porkbun<-->hobbithole_org(hobbithole.org);
  hobbithole_org<-->opnsense;
  opnsense<-->caddy;
  caddy<-->vault;
  caddy<-->proxmox;
  opnsense<-->hh_lan(hh.lan)<-->bind<-->unbound;
  unbound<-->vault;
  unbound<-->proxmox;
  proxmox[proxmox + VMs];

```

* External domain: `hobbithole.org`
  * Hosted on SquareSpace, about to move over to PorkBun
  * Email forwarding
    * gandalf@hobbithole.org --> gibsta@gmail.com
    * treasury@hobbithole.org --> hobbitholetreasury@googlegroups.com
  * Records

| Host         | Type  | Priority | TTL   | Data                                  |
| ------------ | ----- | -------- | ----- | ------------------------------------- |
| @            | A     | N/A      | 4 hrs | 66.186.208.83                         |
| backup       | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| frigate      | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| home         | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| nestmtx      | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| radarr       | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| sab          | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| sonarr       | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| tv           | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| vault        | CNAME | N/A      | 4 hrs | hobbithole.org                        |
| y3t4fz4ttvom | CNAME | N/A      | 4 hrs | gv-3ccjjbudvp5ki7.dv.googlehosted.com |

* Internal domain: `hh.lan`
  * Unbound transparent domain --> BIND authoritative domain
    * Hosted on OPNsense
    *

### IPAM

* wifi: `192.168.86.0/24`
* services: `192.168.200.0/24`
*

## Proxmox

### Hosts

* `proxmox1.hh.lan`
  * 192.168.200.101
* `proxmox2.hh.lan`
  * 192.168.200.102
* `proxmox3.hh.lan`
  * 192.168.200.103