# homelab * OPNsense firewall: https://opnsense.hh.lan:8443 * 192.168.86.45 * Proxmox virtualization cluster: https://proxmox1.hh.lan ## services * HomeAssistant home automation * http://homeassistant.local:8123/ * https://ha.hh.lan * Frigate NVR (security cameras): https://frigate.local:8971 * Paperless document repository * https://paperless.hobbithole.org * https://paperless.hh.lan ### Gitea * https://git.hobbithole.org * http://gitea.hh.lan:3000 * SSH key stored in bitwarden * used `docker-compose-template` VM template * Moved host `sshd` to `tcp:2222` so gitea container can use `tcp:22` ## things to set up * Network UPS Tool? (NUT) * Monitor reservoir levels * https://dwr.state.co.us/Tools/StationsLite/UNIRESCO?params=STORAGE * Caddy * Authentik * Proxmox backup * CrashPlan (or other backup service) * [Proxmox Crashplan](https://nguvu.org/proxmox/proxmox-crashplan-install/) * https://github.com/nix-community/terraform-nixos/blob/master/examples/hermetic_config/default.tf * https://spacelift.io/blog/terraform-proxmox-provider#5-run-terraform-to-create-the-vm * Home auth * Windows auth * SSO access to services * Bitwarden self-hosted org * [Self-host an Organization](https://bitwarden.com/help/self-host-an-organization/) * OpenBao (Vault fork) - https://openbao.org/docs/install/ ## things to research * Pangolin * Suricata * [Wiki.js](https://js.wiki/) * Komodo * https://github.com/moghtech/komodo * 🦎 a tool to build and deploy software on many servers 🦎 * headscale / tailscale * [GitHub - juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server](https://github.com/juanfont/headscale) * [Tailscale · Best VPN Service for Secure Networks](https://tailscale.com/) ### Home auth ## Hardware * unnamed switch (TODO) * [Mikrotik CSS318-16G-2S+IN](https://mikrotik.com/product/css318_16g_2s_in#fndtn-downloads) * SwOS management interface: http://192.168.86.54 * [manual](https://help.mikrotik.com/docs/spaces/SWOS/pages/76415036/CRS3xx+and+CSS326-24G-2S+series+Manual#CRS3xxandCSS32624G2S+seriesManual-LAG) * proxmox1 * Beelink Mini PC EQi12, Intel Core 1220P(Max 4.4GHz 10C/12T), 16GB DDR4 500GB PCle4.0 SSD Mini Computers,Dual LAN/Wifi6/BT5.2,Dual 4K Display,Built-in Power Supply Office PC * proxmox2 * Beelink Mini PC EQi12, Intel Core 1220P(Max 4.4GHz 10C/12T), 16GB DDR4 500GB PCle4.0 SSD Mini Computers,Dual LAN/Wifi6/BT5.2,Dual 4K Display,Built-in Power Supply Office PC * proxmox3 * Beelink Mini PC EQi12, Intel Core 1220P(Max 4.4GHz 10C/12T), 16GB DDR4 500GB PCle4.0 SSD Mini Computers,Dual LAN/Wifi6/BT5.2,Dual 4K Display,Built-in Power Supply Office PC * frigate * Beelink EQ14 Mini PC, Intel Twin Lake N150(Up to 3.6GHz) 16GB DDR4 500GB NVMe SSD, 2.5G Dual LAN Mini Computer Supports WiFi6, BT5.2, USB3.2, 4K@60Hz Dual HDMI Display, Home-Server/Network Firewall ## Network ```mermaid graph TD; internet((Internet))<-->nest_wifi_pro(Nest Wifi Pro); nest_wifi_pro<-->mikrotik; mikrotik<==>LACP(LACP/VLAN trunk); vlan42("vlan42 (home)"); vlan86("vlan86 (wifi)"); vlan60("vlan60 (work)"); vlan200("vlan200 (services)"); LACP<-->vlan42; LACP<-->vlan60; LACP<-->vlan86; LACP<-->vlan200; vlan42<-->proxmox_eth0[eth0]<-->proxmox; vlan42<-->proxmox_eth1[eth1]<-->proxmox; vlan60<-->proxmox_eth0[eth0]<-->proxmox; vlan60<-->proxmox_eth1[eth1]<-->proxmox; vlan86<-->proxmox_eth0[eth0]<-->proxmox; vlan86<-->proxmox_eth1[eth1]<-->proxmox; vlan200<-->proxmox_eth0[eth0]<-->proxmox; vlan200<-->proxmox_eth1[eth1]<-->proxmox; proxmox<-->bond0<-->vmbr0<-->VMs; vlan200<-->vault_eth3[eth3]<-->vault; vlan200<-->vault_eth4[eth4]<-->vault; ``` ### DNS ```mermaid graph LR; internet((Internet))<-->porkbun; porkbun<-->hobbithole_org(hobbithole.org); hobbithole_org<-->opnsense; opnsense<-->caddy; caddy<-->vault; caddy<-->proxmox; opnsense<-->hh_lan(hh.lan)<-->bind<-->unbound; unbound<-->vault; unbound<-->proxmox; proxmox[proxmox + VMs]; ``` * External domain: `hobbithole.org` * Hosted on SquareSpace, about to move over to PorkBun * Transfer requested [[2025-06-15]] * Email forwarding * gandalf@hobbithole.org --> gibsta@gmail.com * treasury@hobbithole.org --> hobbitholetreasury@googlegroups.com * Records | Host | Type | Priority | TTL | Data | | -------------- | ----- | -------- | ----- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | @ | A | N/A | 4 hrs | 66.186.208.83 | | backup | CNAME | N/A | 4 hrs | hobbithole.org | | frigate | CNAME | N/A | 4 hrs | hobbithole.org | | home | CNAME | N/A | 4 hrs | hobbithole.org | | nestmtx | CNAME | N/A | 4 hrs | hobbithole.org | | radarr | CNAME | N/A | 4 hrs | hobbithole.org | | sab | CNAME | N/A | 4 hrs | hobbithole.org | | sonarr | CNAME | N/A | 4 hrs | hobbithole.org | | tv | CNAME | N/A | 4 hrs | hobbithole.org | | vault | CNAME | N/A | 4 hrs | hobbithole.org | | y3t4fz4ttvom | CNAME | N/A | 4 hrs | gv-3ccjjbudvp5ki7.dv.googlehosted.com | | @ | MX | N/A | 4 hrs | mxa.mailgun.org | | @ | MX | N/A | 4 hrs | mxb.mailgun.org | | @ | TXT | N/A | 4 hrs | v=spf1 include:mailgun.org ~all | | krs._domainkey | TXT | N/A | 4 hrs | k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDjzUREnJNjiTg2oKAUdaFixMkblPmbiQTW2kinGFIFji16qN50L02DyBxanRz9Z2IK/uhLJ0I4angMTuSr338/ZE6xfjuJIqNMIOw0kgPnxo4qj5HxDiygUSbLHuxMnWzlOddzGgHpytPgpk9gYlw3b2Tt0K5Ym20ie7GaAXv+QIDAQAB | * Internal domain: `hh.lan` * Unbound transparent domain --> BIND authoritative domain * Hosted on OPNsense * * hobby domains * Transferring to Porkbun * b3n.ooo * benmiller.xyz * beepmill.com ### IPAM * wifi: `192.168.86.0/24` * home: `192.168.42.0/24` * services: `192.168.200.0/24` * work: `172.16.60.0/24` ## Proxmox ### Hosts * `proxmox1.hh.lan` * 192.168.200.101 * `proxmox2.hh.lan` * 192.168.200.102 * `proxmox3.hh.lan` * 192.168.200.103 [//begin]: # "Autogenerated link references for markdown compatibility" [2025-06-15]: 2025-06-15.md "2025-06-15" [//end]: # "Autogenerated link references"