4.9 KiB
4.9 KiB
| title | tags | created | updated | last_verified | |||||
|---|---|---|---|---|---|---|---|---|---|
| Homelab — Network Topology |
|
2026-05-03 | 2026-05-03 | 2026-05-03 (live audit) |
Homelab Network Topology
Public Internet → Services
Internet
│
▼
Cloudflare DNS (ai-impress.com zone)
│
├── *.ai-impress.com → A record → 83.151.203.105 (home public IP)
└── mail.ai-impress.com → A record → 57.128.160.249 (aimpress VPS)
│
▼
Home Router TP-Link AX72 (83.151.203.105 WAN)
│
Port Forward: 80/TCP → 192.168.1.225:80
Port Forward: 443/TCP → 192.168.1.225:443
│
▼
Nginx Proxy Manager — CT102 Docker (192.168.1.225:80/443)
│
├── nextcloud.ai-impress.com → :8080 (Nextcloud)
├── passwords.ai-impress.com → :8082 (Vaultwarden)
├── photo.ai-impress.com → CT105:2283 (Immich — STOPPED)
├── home.ai-impress.com → :8085 (Glance)
├── jellyfin.ai-impress.com → CT111:8096 (Jellyfin)
├── media.ai-impress.com → :5055 (Jellyseerr)
├── auto.ai-impress.com → CT112:5678 (n8n)
├── edoc.ai-impress.com → :3004 (Documenso)
├── ntfy.ai-impress.com → :2586 (ntfy)
├── power.ai-impress.com → :8091 (Power Cost)
└── mail.ai-impress.com → 57.128.160.249:443 (passthrough to VPS)
LAN-Only Services (no external A record)
LAN client → AdGuard DNS → *.ai-impress.com → 192.168.1.225 (split-DNS)
→ NPM → internal services:
dns.ai-impress.com → :8053 (AdGuard admin) 🏠
beszel.ai-impress.com → :8090 (Beszel) 🏠
logs.ai-impress.com → :9999 (Dozzle) 🏠
tools.ai-impress.com → :8880 (IT Tools) 🏠
pdf.ai-impress.com → :8088 (Stirling-PDF) 🏠 ⚠️ broken
sonarr.ai-impress.com → CT111:8989 (Sonarr) 🏠
radarr.ai-impress.com → CT111:7878 (Radarr) 🏠
prowlarr.ai-impress.com → CT111:9696 🏠
qbit.ai-impress.com → CT111:8080 (qBit) 🏠
backup.ai-impress.com → :9898 (Backrest) 🏠
docs.ai-impress.com → :8010 (Paperless) 🏠
links.ai-impress.com → :3000 (Karakeep) 🏠
git.ai-impress.com → :3002 (Forgejo) 🏠
budget.ai-impress.com → :5006 (Actual) 🏠
finance.ai-impress.com → :3003 (Maybe) 🏠
plan.ai-impress.com → :8181 (Plane) 🏠
Tailscale Overlay (remote access)
Remote device (Tailscale node)
│
▼ (WireGuard tunnel, UDP)
pve host — Tailscale IP: 100.122.192.8
│
└── ssh pve → direct to Proxmox
└── http://192.168.1.48:8006 → PVE Web (need LAN or Tailscale subnet route)
Note
: Tailscale subnet-router NOT configured (2026-05-03). To access LAN IPs remotely:
ssh pve "tailscale up --advertise-routes=192.168.1.0/24 --accept-routes"After enabling: approve subnet in Tailscale admin console → all LAN IPs accessible via Tailscale.
LAN Subnet
Network: 192.168.1.0/24
Gateway: 192.168.1.1 (TP-Link AX72)
DHCP pool: 192.168.1.100–.199
Static/reserved IPs:
.1 — Router (AX72)
.2 — RE605X mesh extender
.3 — RE705X mesh extender
.48 — pve (Proxmox host)
.62 — CT101 (legacy AdGuard, pending destroy)
.71 — CT105 (Immich)
.225 — CT102 (Docker, DNS, NPM)
.230 — CT111 (media)
.232 — CT112 (n8n)
DNS Flow (Current vs Target)
Current (2026-05-03)
LAN client DHCP → DNS: 192.168.1.62 (CT101 native AdGuard)
Target (after router DNS update)
LAN client DHCP → DNS: 192.168.1.225 (CT102 Docker AdGuard)
Secondary DNS: 1.1.1.1 (fallback)
One-line change: Router → Network → DHCP → Primary DNS: 192.168.1.225
Internal Docker Networks (CT102)
Docker containers communicate via internal networks, not through NPM for inter-service calls. Key networks:
npm_default— NPM + proxy targetsmonitoring_default— Prometheus + exporters + Loki + Alertmanagernextcloud_default— Nextcloud + MariaDB + Redis + Collabora + notify-push
docker-socket-proxy: 0.0.0.0:2376 → LAN-accessible (⚠️ security — should be 127.0.0.1)
Firewall Summary
| Layer | Rule | Status |
|---|---|---|
| Router WAN | Port 80 → NPM | ✅ configured |
| Router WAN | Port 443 → NPM | ✅ configured |
| Router WAN | All other ports | ✅ blocked (SPI firewall) |
| Router WAN | UPnP | ✅ disabled |
| Proxmox | No firewall rules found | ⚠️ consider enabling pve firewall |
| CrowdSec | IPS running | ⚠️ no bouncer — not blocking yet |
Related
- wiki/homelab/homelab-services-map — full service list
- wiki/homelab/router-tplink-ax72-config — router settings
- wiki/infrastructure/server-pve — Proxmox host