Add network documentation

2025-05-21 18:30:06 +03:00 · 2025-05-21 18:30:06 +03:00 · 359d62df58
commit 359d62df58
parent 466d510264
8 changed files with 1030 additions and 13 deletions
--- a/docs/homelab/Services/outline.md
+++ b/docs/homelab/Services/outline.md
--- a/docs/homelab/index.md
+++ b/docs/homelab/index.md
@ -17,11 +17,13 @@ The gateway is also a DNS server for all local network and VPN clients.
 WiFi network is delivered by **two UniFi U6+** access points powered with the **Switch Lite 8 PoE**.
 [More on network](network.md)
 ## Servers
 My family home cloud is provided by the **Synology DS423+**. It is for photos and documents hosting and sharing.
 I also have a **DIY NAS with TrueNAS Community Edition** on it that hosts most of the services for personal and family use, that are not from Synology.
-The third one is the Asus PN42 min PC with an Intel N100 CPU with the **Proxomox VE** on it. It hosts public services, like this website, my Gitea instance, and others.
+The third one is the **Asus PN42** min PC with an Intel N100 CPU with the **Proxomox VE** on it. It hosts public services, like this website, my Gitea instance, and others.
 I also have a mighty **Home Assistant Blue** with... well **Home Assistant** on it. It does not depend on other servers and has a separate Cloudflare tunnel to it from the outside to be available even when all other servers fail.
--- a/docs/homelab/network.md
+++ b/docs/homelab/network.md
@ -0,0 +1,84 @@
 ---
 title: Network
 ---
 ## WAN
 ### Port forwarding
 ```mermaid
 ---
 config:
  look: handDrawn
  theme: neutral
 ---
 flowchart LR
    W8[WAN IP *8]
    W9[WAN IP *9]
    W0[WAN IP *0]
    montgomery("`Synology NAS
    _DSM Web UI, Hyper Backup Vault, Drive Server_`")
    plex(Plex external access)
    ingress50("`ingress-50
    _Zoraxy_`")
    ingress1("`ingress-1
    _Zoraxy_`")
    WAN1 --> W8
    WAN1 --> W9
    WAN1 --> W0
    W8 --> montgomery
    W8 --> plex
    W8 --> qbt(qBittorrent)
    W9 --> gitssh(Gitea SSH)
    W9 --> ingress50 --> pub(Public services)
    W0 --> ingress1 --> per(Personal services)
 ```
 ### Firewall rules
 In addition to default rules.
 | Name                      | Action | Source Zone   | Destination Zone |
 |-------------------------- | ------ | ------------- | ---------------- |
 | Allow UniFi remote access | Allow  | External      | Gateway          |
 ## Local network
 ### VLANs
 | Name        | Subnet            | Description                                                   | Isolate network |
 |------------ | ----------------- | ------------------------------------------------------------- | --------------- |
 | **Default** | _192.168.1.0/24_  | Default local network for laptops, family phones and tablets  | No              |
 | **Pub**     | _192.168.50.0/24_ | An isolated VLAN for public services                          | No              |
 | **Guest**   | _192.168.5.0/24_  | An isolated VLAN for guest WiFi access                        | No              |
 | **IoT**     | _192.168.6.0/24_  | An isolated VLAN for connected home appliance                 | No              |
 - Device Isolation is disabled for all networks
 ### Firewall zones
 | Name            | Built in | Networks / Interfaces                       |
 |---------------- | -------- | ------------------------------------------- |
 | Internal        | ✅       | [`Default`](#vlans)                         |
 | External        | ✅       | [`Primary (WAN1)`](#wan) `Secondary (WAN2)` |
 | Gateway         | ✅       | -                                           |
 | VPN             | ✅       | [`Hearthstone`](#vpn) [`VPS`](#vpn)         |
 | Hotspot         | ✅       | [`Guest`](#vlans)                           |
 | DMZ             | ✅       | -                                           |
 | VLAN 50         | ❌       | [`Pub`](#vlans)                             |
 | VLAN 6          | ❌       | [`IoT`](#vlans)                             |
 ### Zones access rules
 Additional Firewall rules allowing or blocking zone-to-zone or subnet-to-subnet communications.
 | Source Zone   | Destination Zone | Source                | Destination                 | Action             | Description                                                                        | 
 |-------------- | ---------------- | --------------------- | --------------------------- | ------------------ | ---------------------------------------------------------------------------------- |
 | Internal      | VLAN 50          | All                   | All                         | Allow with return  | Allow all traffic from [`Default`](#vlans) network to [`Pub`](#vlans)              |
 | Internal      | VLAN 6           | All                   | All                         | Allow with return  | Allow all traffic from [`Default`](#vlans) network to [`IoT`](#vlans)              |
 | VPN           | Internal         | [VPS subnet](#vpn)    | All                         | Allow only return  | Allow return traffic from [`VPS`](#vpn) subnet to [`Default`](#vlans)              |
 | VPN           | Internal         | [VPS subnet](#vpn)    | All                         | Block              | Block [`VPS`](#vpn) VPN clients from accessing the [`Default`](#vlans) network     |
 | VPN           | Hotspot          | [VPS subnet](#vpn)    | All                         | Block              | Block [`VPS`](#vpn) VPN clients from accessing the [`Guest`](#vlans) network       |
 | VPN           | DMZ              | [VPS subnet](#vpn)    | All                         | Block              | Block [`VPS`](#vpn) VPN clients from accessing the [`DMZ`](#firewall-zones) zone   |
 | VPN           | VLAN 50          | All                   | [Hearthstone](#vpn)         | Allow all          | Allow [`Hearthstone`](#vpn) VPN clients access to [`Pub`](#vlans) network          |
 | VPN           | VLAN 6 (IoT)     | All                   | [Hearthstone](#vpn)         | Allow all          | Block [`Hearthstone`](#vpn) VPN clients access to [`IoT`](#vlans) network          |
 | VLAN 50       | VLAN 50          | All                   | All                         | Allow all          | Allow [`Pub`](#vlans) network clients accessing each other                         |
 ## VPN
 There are two Wireguard servers configured:
 1. **Hearthstone**. Subnet _192.168.3.0/24_. For external access to all local networks.
 1. **VPS**. Subnet _192.168.4.0/24_. For accessing VPS servers as local network devices.
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@ -36,6 +36,12 @@ const config = {
    locales: ['en'],
  },
  markdown: {
    mermaid: true,
  },
  themes: ['@docusaurus/theme-mermaid'],
  scripts: [
    {
      src: 'https://plausible.nicelycomposed.codes/js/script.outbound-links.js',
--- a/package.json
+++ b/package.json
@ -16,6 +16,7 @@
  "dependencies": {
    "@docusaurus/core": "3.7.0",
    "@docusaurus/preset-classic": "3.7.0",
    "@docusaurus/theme-mermaid": "^3.7.0",
    "@mdx-js/react": "^3.0.0",
    "clsx": "^2.0.0",
    "prism-react-renderer": "^2.3.0",
--- a/sidebars.js
+++ b/sidebars.js
@ -17,9 +17,8 @@
 const sidebars = {
  homelabSidebar: [{
-    type: 'doc',
+    type: 'autogenerated',
-    id: 'homelab/index',
+    dirName: 'homelab',
    label: 'HomeLab',
  },],
--- a/src/components/HomepageFeatures/index.js
+++ b/src/components/HomepageFeatures/index.js
@ -19,7 +19,7 @@ const FeatureList = [
    Svg: require('@site/static/img/homelab.svg').default,
    description: (
      <>
-        Here I'm trying my best in documenting my home servers and services.
+        Here I'm trying my best in documenting my home servers and self-hosted services.
      </>
    ),
  },
--- a/yarn.lock
+++ b/yarn.lock