From 497239cc7667d2df29913541ea7edaf7ec44e1da Mon Sep 17 00:00:00 2001
From: yehor <yehor_vialov@fastmail.com>
Date: Wed, 11 Jun 2025 16:45:01 +0300
Subject: [PATCH] Add more on network

---
 docs/homelab/network.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/docs/homelab/network.md b/docs/homelab/network.md
index 2a7efc1..21a6546 100644
--- a/docs/homelab/network.md
+++ b/docs/homelab/network.md
@@ -2,6 +2,29 @@
 sidebar_position: 2
 title: Network
 ---
+The gate to my HomeLab is a **UniFi Cloud Gateway Ultra**. It is connected to a **1 Gbps** fiber optic from my ISP and manages **3 static WAN IP** addresses.
+
+## Hardware
+
+```mermaid
+---
+config:
+  look: handDrawn
+  theme: forest
+---
+flowchart TB
+  gateway(UniFi Cloud Gateway Ultra)
+  poe(UniFi Switch Light 8 PoE)
+  wifi1((UniFi U6+))
+  wifi2((UniFi U6+))
+  ISP <--> gateway
+  gateway <--> lan1[LAN] 
+  gateway <--> poe
+  poe <--> lan2[LAN]
+  poe <-->|PoE| wifi1
+  poe <-->|PoE| wifi2
+```
+
 ## WAN
 
 ### Port forwarding
@@ -83,3 +106,6 @@ Additional Firewall rules allowing or blocking zone-to-zone or subnet-to-subnet
 There are two Wireguard servers configured:
 1. **Hearthstone**. Subnet _192.168.3.0/24_. For external access to all local networks.
 1. **VPS**. Subnet _192.168.4.0/24_. For accessing VPS servers as local network devices.
+
+## DNS Server
+I use my gateway as a local DNS server with additional records for internal services, allowing them to be accessed using domain names like `beszel.int.example.com`, but only from the LAN or VPN. Almost all internal domains are pointing to the `ingress1` (Zoraxy reverse proxy), that also manages SSL termination.