yevi.org/www.yevi.org
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 14 Activity

Add more on network
All checks were successful
Build release image / build (push) Successful in 1m33s
Details

Browse Source
This commit is contained in:
yehor
2025-06-11 16:45:01 +03:00
parent 4c7a1a6721
commit 497239cc76
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/homelab/network.md
View File

@ -2,6 +2,29 @@
sidebar_position: 2
title: Network
---
The gate to my HomeLab is a **UniFi Cloud Gateway Ultra**. It is connected to a **1 Gbps** fiber optic from my ISP and manages **3 static WAN IP** addresses.
## Hardware
```mermaid
---
config:
look: handDrawn
theme: forest
---
flowchart TB
gateway(UniFi Cloud Gateway Ultra)
poe(UniFi Switch Light 8 PoE)
wifi1((UniFi U6+))
wifi2((UniFi U6+))
ISP <--> gateway
gateway <--> lan1[LAN]
gateway <--> poe
poe <--> lan2[LAN]
poe <-->|PoE| wifi1
poe <-->|PoE| wifi2
```
## WAN
### Port forwarding
@ -83,3 +106,6 @@ Additional Firewall rules allowing or blocking zone-to-zone or subnet-to-subnet
There are two Wireguard servers configured:
1. **Hearthstone**. Subnet _192.168.3.0/24_. For external access to all local networks.
1. **VPS**. Subnet _192.168.4.0/24_. For accessing VPS servers as local network devices.
## DNS Server
I use my gateway as a local DNS server with additional records for internal services, allowing them to be accessed using domain names like `beszel.int.example.com`, but only from the LAN or VPN. Almost all internal domains are pointing to the `ingress1` (Zoraxy reverse proxy), that also manages SSL termination.