252 lines
2.8 KiB
Markdown
252 lines
2.8 KiB
Markdown
# homelab
|
|
|
|
* OPNsense firewall: https://opnsense.hh.lan
|
|
* Proxmox virtualization cluster: https://proxmox1.hh.lan
|
|
|
|
## services
|
|
|
|
* HomeAssistant home automation
|
|
* http://homeassistant.local:8123/
|
|
* https://ha.hh.lan
|
|
* Frigate NVR (security cameras): https://frigate.local:8971
|
|
* Paperless document repository: https://paperless.hh.lan
|
|
|
|
### Gitea
|
|
|
|
* http://gitea.hh.lan:3000
|
|
* SSH key stored in bitwarden
|
|
* used `docker-compose-template` VM template
|
|
* Moved host `sshd` to `tcp:2222` so gitea container can use `tcp:22`
|
|
|
|
## things to set up
|
|
|
|
### Caddy
|
|
|
|
### Authentik
|
|
|
|
### CrashPlan (or other backup service)
|
|
|
|
### Home auth
|
|
|
|
## Network
|
|
|
|
```mermaid
|
|
graph TD;
|
|
internet((Internet))<-->nest_wifi_pro(Nest Wifi Pro);
|
|
nest_wifi_pro<-->microtik;
|
|
microtik<==>LACP(LACP/VLAN trunk);
|
|
LACP<-->vlan86;
|
|
LACP<-->vlan200;
|
|
vlan86<-->proxmox_eth0[eth0]<-->proxmox;
|
|
vlan86<-->proxmox_eth1[eth1]<-->proxmox;
|
|
vlan200<-->proxmox_eth0[eth0]<-->proxmox;
|
|
vlan200<-->proxmox_eth1[eth1]<-->proxmox;
|
|
proxmox<-->bond0<-->vmbr0<-->VMs;
|
|
vlan200<-->vault_eth3[eth3]<-->vault;
|
|
vlan200<-->vault_eth4[eth4]<-->vault;
|
|
```
|
|
|
|
### DNS
|
|
|
|
```mermaid
|
|
graph LR;
|
|
internet((Internet))<-->porkbun;
|
|
porkbun<-->hobbithole_org(hobbithole.org);
|
|
hobbithole_org<-->opnsense;
|
|
opnsense<-->caddy;
|
|
caddy<-->vault;
|
|
caddy<-->proxmox;
|
|
opnsense<-->hh_lan(hh.lan)<-->bind<-->unbound;
|
|
unbound<-->vault;
|
|
unbound<-->proxmox;
|
|
proxmox[proxmox + VMs];
|
|
|
|
```
|
|
|
|
* External domain: `hobbithole.org`
|
|
* Hosted on SquareSpace, about to move over to PorkBun
|
|
* Email forwarding
|
|
* gandalf@hobbithole.org --> gibsta@gmail.com
|
|
* treasury@hobbithole.org --> hobbitholetreasury@googlegroups.com
|
|
* Records
|
|
|
|
|
|
|
|
Host
|
|
|
|
Type
|
|
|
|
Priority
|
|
TTL
|
|
|
|
Data
|
|
|
|
@
|
|
|
|
A
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
66.186.208.83
|
|
|
|
|
|
|
|
backup
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
frigate
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
home
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
nestmtx
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
radarr
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
sab
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
sonarr
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
tv
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
vault
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
hobbithole.org
|
|
|
|
|
|
|
|
Google records
|
|
|
|
|
|
Add record
|
|
Host
|
|
|
|
Type
|
|
|
|
Priority
|
|
TTL
|
|
|
|
Data
|
|
|
|
y3t4fz4ttvom
|
|
|
|
CNAME
|
|
|
|
N/A
|
|
|
|
4 hrs
|
|
|
|
gv-3ccjjbudvp5ki7.dv.googlehosted.com
|
|
|
|
|
|
|
|
|
|
|
|
* Internal domain: `hh.lan`
|
|
* Unbound transparent domain --> BIND authoritative domain
|
|
* Hosted on OPNsense
|
|
*
|
|
|
|
### IPAM
|
|
|
|
* wifi: `192.168.86.0/24`
|
|
* services: `192.168.200.0/24`
|
|
*
|
|
|
|
## Proxmox
|
|
|
|
### Hosts
|
|
|
|
* `proxmox1.hh.lan`
|
|
* 192.168.200.101
|
|
* `proxmox2.hh.lan`
|
|
* 192.168.200.102
|
|
* `proxmox3.hh.lan`
|
|
* 192.168.200.103
|