fred/homelab-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix WireGuard network documentation (10.0.8.0/24 → 10.0.9.0/24)

Browse Source 
- Corrected VPN network from deprecated 10.0.8.0/24 to current 10.0.9.0/24
- Added VPS WireGuard IP: 10.0.9.1 (vps.nianticbooks.com)
- Added UCG Ultra WireGuard IP: 10.0.9.2 (client mode)
- Documented traffic flow: VPS → WireGuard → UCG Ultra → homelab
- Added Caddy domain handling (*.nianticbooks.com, *.deadeyeg4ming.vip)
- Created new NETWORK-ARCHITECTURE.md with complete network documentation
- Removed references to deprecated old VPS (55.XX...) and 10.0.9.3 peer

Updated files:
- docs/COMPLETE-HOMELAB-INVENTORY-2026-02-05.md
- docs/INFRASTRUCTURE-AUDIT-COMPLETE-2026-02-05.md
- infrastructure/TOOLS.md
- docs/NETWORK-ARCHITECTURE.md (NEW)
This commit is contained in:
Funky (OpenClaw)
2026-02-06 02:21:14 +00:00
parent 7485e82b2f
commit db9ea38783
4 changed files with 201 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/COMPLETE-HOMELAB-INVENTORY-2026-02-05.md
View File

@@ -9,7 +9,7 @@
## Network Overview ## Network Overview
**Main Network:** 10.0.10.0/24 **Main Network:** 10.0.10.0/24
**VPN Network:** 10.0.8.0/24 (WireGuard) **VPN Network:** 10.0.9.0/24 (WireGuard)
**External VPS:** 66.63.182.168 (vps.nianticbooks.com) **External VPS:** 66.63.182.168 (vps.nianticbooks.com)
**Proxmox Hosts:** 3 active **Proxmox Hosts:** 3 active
@@ -146,10 +146,11 @@ None (all workloads in VM)
### VPS (66.63.182.168 - vps.nianticbooks.com) ### VPS (66.63.182.168 - vps.nianticbooks.com)
- **SSH Access:** ❌ Not configured (no public key) - **SSH Access:** ❌ Not configured (no public key)
- **WireGuard IP:** 10.0.9.1
- **Known Services:** - **Known Services:**
- Caddy reverse proxy (handles external access) - Caddy reverse proxy (*.nianticbooks.com, *.deadeyeg4ming.vip)
- WireGuard VPN endpoint - WireGuard VPN server (10.0.9.0/24)
- Routes traffic to internal homelab - Routes traffic to UCG Ultra (10.0.9.2) → homelab (10.0.10.0/24)
- LetsEncrypt SSL certificates - LetsEncrypt SSL certificates
- **Estimated Role:** Public-facing gateway for homelab services - **Estimated Role:** Public-facing gateway for homelab services
@@ -219,8 +220,8 @@ None (all workloads in VM)
| vmbr0 | pve-storage | 10.0.10.4/24 | Main network bridge | | vmbr0 | pve-storage | 10.0.10.4/24 | Main network bridge |
### External Access ### External Access
- **VPS Caddy** → WireGuard VPN (10.0.8.0/24) → Internal services - **VPS Caddy** (10.0.9.1) → WireGuard VPN (10.0.9.0/24) → UCG Ultra (10.0.9.2) → Internal services (10.0.10.0/24)
- **LetsEncrypt SSL** on VPS for public services - **LetsEncrypt SSL** on VPS for public services (*.nianticbooks.com, *.deadeyeg4ming.vip)
- **Step-CA** (10.0.10.15) for internal certificates - **Step-CA** (10.0.10.15) for internal certificates
--- ---

17
docs/INFRASTRUCTURE-AUDIT-COMPLETE-2026-02-05.md
View File

@@ -35,8 +35,10 @@ Fred's homelab is a well-structured Proxmox-based infrastructure supporting smar
- Proxmox management interfaces - Proxmox management interfaces
- LXC containers and VMs - LXC containers and VMs
**VPN Network:** 10.0.8.0/24 **VPN Network:** 10.0.9.0/24
- WireGuard tunnel - WireGuard tunnel
- VPS: 10.0.9.1 (WireGuard server)
- UCG Ultra: 10.0.9.2 (WireGuard client mode)
- Secure remote access to homelab - Secure remote access to homelab
**External Access:** **External Access:**
@@ -155,12 +157,13 @@ Fred's homelab is a well-structured Proxmox-based infrastructure supporting smar
**Platform:** Cloud VPS **Platform:** Cloud VPS
**Purpose:** External reverse proxy and public access point **Purpose:** External reverse proxy and public access point
**WireGuard IP:** 10.0.9.1
**Services Running:** **Services Running:**
- Caddy reverse proxy - Caddy reverse proxy (*.nianticbooks.com, *.deadeyeg4ming.vip)
- Handles public DNS and routing - Handles public DNS and routing
- Terminates WireGuard VPN connections - WireGuard VPN server (10.0.9.0/24)
- Routes traffic to internal services securely - Routes traffic via WireGuard (10.0.9.1) → UCG Ultra (10.0.9.2) → homelab (10.0.10.0/24)
**Configuration:** **Configuration:**
- SSL certificates via LetsEncrypt (managed by Caddy) - SSL certificates via LetsEncrypt (managed by Caddy)
@@ -188,9 +191,11 @@ Fred's homelab is a well-structured Proxmox-based infrastructure supporting smar
### VPN Access ### VPN Access
**WireGuard VPN** **WireGuard VPN**
- Network: 10.0.8.0/24 - Network: 10.0.9.0/24
- VPS: 10.0.9.1 (66.63.182.168 - vps.nianticbooks.com)
- UCG Ultra: 10.0.9.2 (client mode, routes to 10.0.10.0/24)
- Provides secure remote access to homelab - Provides secure remote access to homelab
- Used by VPS to route traffic internally - Used by VPS Caddy to route traffic internally
- Properly segregated from main network - Properly segregated from main network
### Firewall & Access Control ### Firewall & Access Control

179
docs/NETWORK-ARCHITECTURE.md Normal file
View File

@@ -0,0 +1,179 @@
# Network Architecture - Fred's Homelab
**Last Updated:** 2026-02-06 02:17 UTC
**Documented by:** Funky (OpenClaw)
---
## Network Overview
Fred's homelab uses a multi-layer network architecture with WireGuard VPN connecting the external VPS to the internal network via a UniFi Cloud Gateway Ultra.
---
## Network Subnets
### 10.0.10.0/24 - Main Homelab Network
**Gateway:** UCG Ultra (UniFi Cloud Gateway)
**Purpose:** Internal services, Proxmox hosts, LXC containers, VMs
**Key IPs:**
- 10.0.10.2 - router-pve (Proxmox host)
- 10.0.10.3 - main-pve (Proxmox host)
- 10.0.10.4 - pve-storage (Proxmox host)
- 10.0.10.5 - OMV (OpenMediaVault NAS)
- 10.0.10.11 - Fred's iMac (OpenClaw node)
- 10.0.10.15-50 - Services (see SERVICE-MAP.md)
### 10.0.9.0/24 - WireGuard VPN
**Purpose:** Secure tunnel between VPS and homelab
**Peers:**
- **10.0.9.1** - VPS (vps.nianticbooks.com, 66.63.182.168)
- WireGuard server
- Runs Caddy for *.nianticbooks.com and *.deadeyeg4ming.vip
- **10.0.9.2** - UCG Ultra (UniFi Cloud Gateway)
- WireGuard client mode
- Routes traffic between 10.0.9.0/24 ↔ 10.0.10.0/24
---
## Traffic Flow
### External Request to Internal Service
```
Internet User
DNS Resolution (*.nianticbooks.com or *.deadeyeg4ming.vip)
VPS: 66.63.182.168 (Caddy reverse proxy)
↓ WireGuard tunnel
10.0.9.1 (VPS) → 10.0.9.2 (UCG Ultra)
↓ Internal routing
10.0.10.x (Internal service - Proxmox LXC/VM)
↓ Response back through same path
Internet User
```
### Example: Minecraft Server (atmons.deadeyeg4ming.vip)
```
Player connects to atmons.deadeyeg4ming.vip
DNS → 66.63.182.168
VPS Caddy reverse_proxy 10.0.10.46:25567
↓ WireGuard
10.0.9.1 → 10.0.9.2 (UCG Ultra)
10.0.10.46:25567 (Pterodactyl Wings - Minecraft server)
```
---
## Network Equipment
### UCG Ultra (UniFi Cloud Gateway)
- **Model:** UniFi Cloud Gateway Ultra
- **Role:** Primary gateway/router for homelab
- **WireGuard:** Client mode connecting to VPS (10.0.9.1)
- **Internal IP:** 10.0.10.1 (assumed gateway)
- **WireGuard IP:** 10.0.9.2
- **Routing:** Bridges 10.0.9.0/24 ↔ 10.0.10.0/24
### VPS (vps.nianticbooks.com)
- **Public IP:** 66.63.182.168
- **Provider:** (Unknown - document later)
- **WireGuard IP:** 10.0.9.1
- **Services:**
- Caddy reverse proxy
- WireGuard VPN server
- LetsEncrypt SSL termination
---
## Caddy Reverse Proxy Configuration
### Current Domains
- ***.nianticbooks.com** - Fred's primary domain
- ***.deadeyeg4ming.vip** - Gaming/personal domain
### Known Subdomains
*(Document as they're added)*
Example configuration for new subdomain:
```caddy
atmons.deadeyeg4ming.vip {
reverse_proxy 10.0.10.46:25567
}
```
**Note:** VPS can reach any IP on 10.0.10.0/24 via WireGuard → UCG Ultra routing.
---
## Security Notes
### WireGuard VPN
- ✅ Traffic between VPS and homelab is encrypted
- ✅ Only authorized WireGuard peers can access homelab
- ✅ Proper network segmentation (10.0.9.x separate from 10.0.10.x)
### SSL/TLS
- **External:** LetsEncrypt via Caddy on VPS (automatic renewal)
- **Internal:** Step-CA (10.0.10.15) provides internal certificates
### Access Control
- UCG Ultra manages firewall rules (document separately)
- WireGuard provides authentication via public/private keys
- No direct port forwarding on public IP (all via VPN tunnel)
---
## Deprecated Networks (DO NOT USE)
### ❌ 10.0.8.0/24
- **Old VPN network** from previous VPS setup
- **Status:** DEPRECATED
- **Reason:** Migrated to 10.0.9.0/24 with current VPS
### ❌ Old VPS (55.XX.X.X)
- **Old peer:** 10.0.9.3
- **Status:** DECOMMISSIONED
- **Reason:** Replaced with current VPS (66.63.182.168)
**Action:** Remove any references to 10.0.8.0/24 or old VPS from documentation and configs.
---
## Future Considerations
### Potential Improvements
1. **Document Caddy configuration** - SSH into VPS and document current Caddyfile
2. **UCG Ultra firewall rules** - Document current rules for reference
3. **Additional VPN peers** - If adding more WireGuard clients, use 10.0.9.3+
4. **IPv6** - Consider if needed for future services
### Monitoring
- Monitor WireGuard tunnel health
- Alert if VPN connection drops
- Track bandwidth usage on VPN tunnel
---
## Quick Reference
**VPS Caddy adds new subdomain:**
1. SSH to VPS (need to set up SSH key first!)
2. Edit Caddyfile
3. Add reverse_proxy to internal IP (10.0.10.x)
4. Reload Caddy
5. Update this documentation
**Internal service IPs:** See [SERVICE-MAP.md](SERVICE-MAP.md)
---
*Maintained by: Funky (OpenClaw AI Agent)*
*Source: http://10.0.10.2:3000/fred/homelab-docs*

5
infrastructure/TOOLS.md
View File

@@ -6,8 +6,11 @@ Skills define *how* tools work. This file is for *your* specifics — the stuff
### Network ### Network
- Main Network: 10.0.10.0/24 - Main Network: 10.0.10.0/24
- VPN: WireGuard tunnel at 10.0.8.0/24 - VPN: WireGuard tunnel at 10.0.9.0/24
- VPS WireGuard IP: 10.0.9.1 (66.63.182.168 - vps.nianticbooks.com)
- UCG Ultra WireGuard IP: 10.0.9.2 (WireGuard client mode)
- VPS: 66.63.182.168 (vps.nianticbooks.com) running Caddy reverse proxy - VPS: 66.63.182.168 (vps.nianticbooks.com) running Caddy reverse proxy
- Handles: *.nianticbooks.com and *.deadeyeg4ming.vip
### Proxmox Hosts ### Proxmox Hosts
- Main Proxmox host: 10.0.10.3 (main-pve) - Main Proxmox host: 10.0.10.3 (main-pve)