lerko96
cd454b2926
Full public/ directory — services, network, decisions, security, inventory, rebuild sequence, and per-LXC setup guides. Sourced from wiki. No secrets or WAN IPs included.
4.0 KiB
4.0 KiB
Services
Full registry of what's running, where it lives, and how to reach it. See README for compute layout and Network for VLAN/IP context.
Status Key
| Symbol | Meaning |
|---|---|
| ✅ | Running, healthy |
| ⚠️ | Running, needs attention |
| 🔴 | Down / broken |
| 🚧 | In progress |
| ➖ | Decommissioned |
Core Network (VLAN 1000/1010/1020)
| Service | IP | Port | VLAN | URL | Status | Notes |
|---|---|---|---|---|---|---|
| pfSense | 10.1.0.1 / 10.0.0.1 | 443 | LAN/MGMT | https://pfsense.lerkolabs.com | ✅ | Firewall, DHCP, WireGuard VPN |
| Omada Switch | 10.0.0.2 | 443 | MGMT | https://switch.lerkolabs.com | ✅ | Managed switch, VLAN config |
| AT&T Gateway | 192.168.1.254 | 80 | — | http://192.168.1.254 | ✅ | IP Passthrough only, WiFi disabled |
| Pi-hole | 10.2.0.11 | 80/53 | 1020 | https://pihole.lerkolabs.com | ✅ | Primary DNS, ad blocking |
| Caddy (infra) | 10.2.0.20 | 80/443 | 1020 | — | ✅ | Reverse proxy, wildcard SSL via Cloudflare DNS-01 |
| ntfy | 10.2.0.20 | — | 1020 | — | ✅ | Push notifications (infra LXC) |
| Authentik | 10.2.0.25 | 9000 | 1020 | https://auth.lerkolabs.com | ✅ | SSO — OIDC + forward auth |
| Proxmox | 10.2.0.10 | 8006 | 1020 | https://proxmox.lerkolabs.com | ✅ | Hypervisor |
Observability (monitor LXC — 10.2.0.51)
| Service | URL | Notes |
|---|---|---|
| Grafana | https://grafana.lerkolabs.com | Dashboards, alerting |
| Victoria Metrics | — | Metrics storage |
| Beszel | — | Container + host monitoring |
Productivity Apps (apps LXC — 10.2.0.60)
All behind Authentik SSO.
| Service | URL | Auth | Purpose |
|---|---|---|---|
| Outline | https://outline.lerkolabs.com | OIDC | Team wiki |
| Vikunja | https://tasks.lerkolabs.com | OIDC | Task management |
| Ghostfolio | https://finance.lerkolabs.com | Forward auth | Portfolio tracking |
| Hoarder | https://hoarder.lerkolabs.com | Forward auth | Bookmark manager |
| Grist | https://grist.lerkolabs.com | Forward auth | Spreadsheets / data |
| Actual Budget | https://budget.lerkolabs.com | Forward auth | Personal budgeting |
| FreshRSS | https://rss.lerkolabs.com | Forward auth | RSS reader |
| Memos | https://memos.lerkolabs.com | Forward auth | Quick notes |
| Traggo | https://time.lerkolabs.com | Forward auth | Time tracking |
| Baikal | https://dav.lerkolabs.com | Forward auth | CalDAV / CardDAV |
| Glance | https://glance.lerkolabs.com | Forward auth | Homepage dashboard |
| Filebrowser | https://files.lerkolabs.com | Forward auth | File management |
| Bytestash | — | Forward auth | Snippet storage |
Shared infrastructure in apps LXC: single Postgres instance (multi-DB) + Redis. See D004.
Secrets (vault LXC — 10.2.0.X)
| Service | URL | Notes |
|---|---|---|
| Vaultwarden | https://vault.lerkolabs.com | Isolated LXC — not shared with apps |
Media (servarr VM)
| Service | Purpose |
|---|---|
| Plex + Jellyfin | Media streaming |
| Sonarr / Radarr / Lidarr | Automated media management |
| Prowlarr + Bazarr | Indexer aggregation + subtitles |
| qBittorrent (via Gluetun) | Downloads — VPN-gated |
| Calibre-Web Automated | Book library with auto-ingest |
| Kavita | E-reader |
DMZ (VLAN 1 — 10.99.0.0/24)
| Service | IP | URL | Status | Notes |
|---|---|---|---|---|
| Caddy (DMZ) | 10.99.0.20 | — | ✅ | Public reverse proxy |
| Gitea | 10.99.0.22 | https://gitea.lerkolabs.com | ✅ | Public Git |
| Portfolio | 10.99.0.23 | https://lerkolabs.com | ✅ | Personal site |
Access Matrix
| Service | LAN | Homelab | Guest | IoT | WFH | VPN |
|---|---|---|---|---|---|---|
| pfSense Web GUI | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Pi-hole Admin | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ |
| All *.lerkolabs.com | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ |
| Proxmox | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ |
| Internet | ✅ | limited | ✅ | ✅ | ✅ | optional |