# homelab

* OPNsense firewall: https://opnsense.hh.lan
* Proxmox virtualization cluster: https://proxmox1.hh.lan

## services

* HomeAssistant home automation
  * http://homeassistant.local:8123/
  * https://ha.hh.lan
* Frigate NVR (security cameras): https://frigate.local:8971
* Paperless document repository: https://paperless.hh.lan

### Gitea

* http://gitea.hh.lan:3000
* SSH key stored in bitwarden
* used `docker-compose-template` VM template
* Moved host `sshd` to `tcp:2222` so gitea container can use `tcp:22`

## things to set up

### Caddy

### Authentik

### CrashPlan (or other backup service)

### Home auth

## Network

```mermaid
graph TD;
  internet((Internet))<-->nest_wifi_pro(Nest Wifi Pro);
  nest_wifi_pro<-->microtik;
  microtik<==>LACP(LACP/VLAN trunk);
  LACP<-->vlan86;
  LACP<-->vlan200;
  vlan86<-->proxmox_eth0[eth0]<-->proxmox;
  vlan86<-->proxmox_eth1[eth1]<-->proxmox;
  vlan200<-->proxmox_eth0[eth0]<-->proxmox;
  vlan200<-->proxmox_eth1[eth1]<-->proxmox;
  proxmox<-->bond0<-->vmbr0<-->VMs;
  vlan200<-->vault_eth3[eth3]<-->vault;
  vlan200<-->vault_eth4[eth4]<-->vault;
```

### DNS

```mermaid
graph LR;
  internet((Internet))<-->porkbun;
  porkbun<-->hobbithole_org(hobbithole.org);
  hobbithole_org<-->opnsense;
  opnsense<-->caddy;
  caddy<-->vault;
  caddy<-->proxmox;
  opnsense<-->hh_lan(hh.lan)<-->bind<-->unbound;
  unbound<-->vault;
  unbound<-->proxmox;
  proxmox[proxmox + VMs];

```

* External domain: `hobbithole.org`
  * Hosted on SquareSpace, about to move over to PorkBun
  * Email forwarding
    * gandalf@hobbithole.org --> gibsta@gmail.com
    * treasury@hobbithole.org --> hobbitholetreasury@googlegroups.com
  * Records

| Host |
|      |

Host

Type

Priority
TTL

Data

@

A

N/A

4 hrs

66.186.208.83



backup

CNAME

N/A

4 hrs

hobbithole.org



frigate

CNAME

N/A

4 hrs

hobbithole.org



home

CNAME

N/A

4 hrs

hobbithole.org



nestmtx

CNAME

N/A

4 hrs

hobbithole.org



radarr

CNAME

N/A

4 hrs

hobbithole.org



sab

CNAME

N/A

4 hrs

hobbithole.org



sonarr

CNAME

N/A

4 hrs

hobbithole.org



tv

CNAME

N/A

4 hrs

hobbithole.org



vault

CNAME

N/A

4 hrs

hobbithole.org



Google records


Add record
Host

Type

Priority
TTL

Data

y3t4fz4ttvom

CNAME

N/A

4 hrs

gv-3ccjjbudvp5ki7.dv.googlehosted.com





* Internal domain: `hh.lan`
  * Unbound transparent domain --> BIND authoritative domain
    * Hosted on OPNsense
    *

### IPAM

* wifi: `192.168.86.0/24`
* services: `192.168.200.0/24`
*

## Proxmox

### Hosts

* `proxmox1.hh.lan`
  * 192.168.200.101
* `proxmox2.hh.lan`
  * 192.168.200.102
* `proxmox3.hh.lan`
  * 192.168.200.103