Network Overview
Read time 2 minutes
Overview of some services on my network.
The setup is fully redundant as high availability cluster.
Driven by open source and powered with renewable energy.
Using Terraform, Cloud-init and Ansible for IaC.
And K8s, Gitlab, Flux2 and Renovate for GitOps.
Network Diagram
DMZ
| Service | Description |
|---|---|
| Postfix, Dovecot, SpamAssassin | Email Server with DKIM, DMARC, SPF, DANE, Sieve |
| Nextcloud, Collabora | Cloud With Mail, Calendar, Contacts, Notes, Tasks, Online Editing of Documents |
| Gitlab, Gitlab Runner, Renovate | Version Control System with CI/CD, Kanban, Issue Tracking, Private Docker Registry, Dependency Update Bot, Unit Tests, Smoke Tests, End-to-End Tests, Automatic Staging Deploy |
| MariaDB Galera | SQL Database Cluster |
| Nginx, Certbot, Modsec | Reverse Proxy with Let’s Encrypt and Web Application Firewall |
| Apache2, PHP 7.4, Memcached | Web Environment for Production and Staging |
| Apache2, PHP 8.0, Memcached, Xdebug | Web Environment for Development |
LAN
| Service | Description |
|---|---|
| Heimdall | Bookmark Dashboard |
| NetBox | IP Address and Inventory Management |
| netboot.xyz | PXE TFTP Server |
| Bitwarden | Password Manager |
| Sonarr | Series Media Manager |
| Radarr | Movie Media Manager |
| Jellyfin | Media Server, Transcoder, DVR |
| Samba | Windows Network Share |
| NFS | Linux Network Share |
IOT
| Service | Description |
|---|---|
| Home Assistant | Home Automation System |
| Ha-Bridge | IOT bridge for Alexa |
| Mosquitto | MQTT Broker |
| Tasmota | Alternative Firmware for ESP8266/ESP32 IOT Devices, BLE MQTT Gateway, Zigbee MQTT Gateway |
| Marlin, OctoPrint, Cura | 3D Printer Firmware, Controller, STL Viewer, Slicer |
GSM
| Service | Description |
|---|---|
| Pterodactyl | Game Server Manager |
Quorum Node
| Service | Description |
|---|---|
| Corosync Qdevice | Quorum for KVM Cluster |
| Galera Arbitrator | Quorum for MariaDB Cluster |
| NUT Server | Network UPS Tools |
| Zabbix | Monitoring System |
| Telegraf, InfluxDB, Grafana | Metrics Dashboard |
| Elasticsearch, Logstash, Kibana | Central Log Server with Reports |
OPNsense Firewall
| Service | Description |
|---|---|
| VLANS | LAN, DMZ, IOT, GSM, GUEST, PBX, NVR, VPN, WAN1, WAN2, MGMT |
| Multi WAN | WAN Failover |
| Wireguard | VPN for Remote Access |
| Wireguard | Additional Static IPv4/IPv6 Gateways |
| DOH | DNS over HTTPS with DNSSEC |
| Adblock | DNS based Ad-Blocker |
| Suricata | Intrusion Detection and Prevention |
| Traffic Shaping | Bandwidth Limiting, QoS |
| Ntopng | Traffic Analysis |
| HAProxy | TCP Load Balancer |
| Carp | High Availability |
| Other | DHCP, RA, DNS, NTP, NAT, IPv4, IPv6 |
Additional VM’s
| VM | Description |
|---|---|
| Asterisk | PBX Telephone System |
| Shinobi | NVR Camera System |
| Myrtille | RDP Web Gateway |
Offsite VPS
| Service | Description |
|---|---|
| Uptime Kuma | Monitoring System with Status Page |
| Wireguard Gateway | Gateway for Additional Static IPv4/IPv6 |
| Backup Storage | Offsite Backup 3-2-1 |
Write a Reply or Comment