homelab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Updates to network article.
All checks were successful
CI / release (push) Successful in 6m9s
Details

Browse Source
This commit is contained in:
Michael Housh
2025-04-08 13:36:39 -04:00
parent d0383b0d4e
commit a53e808aec
10 changed files with 122 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Sources/Docs/Templates/BaseLayout.swift
View File

@@ -20,7 +20,7 @@ func baseLayout(
return [
.documentType("html"),
html(lang: "en-US") {
generateHeader(pageTitle, extraHeader)
generateHead(pageTitle, extraHeader)
body(class: "text-white text-lg pb-5 font-avenir \(section.rawValue)") {
siteHeader(section)
@@ -80,19 +80,16 @@ private func footer(_ rssLink: String) -> Node {
"("
%a(
class: "[&:hover]:border-b border-green-400",
href: "https://github.com/m-housh/mhoush.com",
href: "https://git.housh.dev/homelab/docs",
rel: "nofollow",
target: "_blank"
) { "source" }
%")."
}
script(src: "https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/components/prism-core.min.js")
script(src: "https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/keep-markup/prism-keep-markup.min.js")
script(src: "https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js")
}
}
private func generateHeader(_ pageTitle: String, _ extraHeader: NodeConvertible) -> Node {
private func generateHead(_ pageTitle: String, _ extraHeader: NodeConvertible) -> Node {
head {
meta(charset: "utf-8")
meta(content: "#0e1112", name: "theme-color", customAttributes: ["media": "(prefers-color-scheme: dark)"])
@@ -128,8 +125,6 @@ private func generateHeader(_ pageTitle: String, _ extraHeader: NodeConvertible)
link(href: "/static/output.css", rel: "stylesheet")
link(href: "/articles/feed.xml", rel: "alternate", title: SiteMetadata.name, type: "application/rss+xml")
extraHeader
// script(src: "https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js")
//
Node.raw("""
<script src="/pagefind/pagefind-ui.js"></script>
<link href="/pagefind/pagefind-ui.css" rel="stylesheet">

13
Sources/Docs/Templates/HomeLink.swift
View File

@@ -46,12 +46,15 @@ extension HomeLink: NodeConvertible {
}
private func internalLink() -> Node {
a(class: "bg-orange-400 border-2 border-green-600 p-4 rounded-lg [&:hover]:bg-orange-500", href: href) {
a(
class: "bg-orange-400 border-2 border-green-600 p-4 rounded-lg [&:hover]:bg-orange-500",
href: href
) {
div(class: "flex text-3xl") {
i(class: "mt-1", customAttributes: ["data-lucide": icon])
p(class: "ps-2") { title }
span(class: "ps-2") { title }
}
p(class: "text-sm") { description }
span(class: "text-sm") { description }
}
}
@@ -64,9 +67,9 @@ extension HomeLink: NodeConvertible {
) {
div(class: "flex text-3xl") {
i(class: "mt-1", customAttributes: ["data-lucide": icon])
p(class: "ps-2") { title }
span(class: "ps-2") { title }
}
p(class: "text-sm") { description }
span(class: "text-sm") { description }
}
}
}

45
Sources/Docs/Templates/RenderPage.swift
View File

@@ -37,14 +37,7 @@ func renderHome(body: String) -> Node {
"Articles",
icon: "newspaper",
href: "/articles/",
description: "Click here to view articles."
)
HomeLink.external(
"Service Monitor",
icon: "heart-pulse",
href: "https://uptime.housh.dev/status/housh-dev",
description: "Click here to view the service status."
description: "Click here to view all articles."
)
HomeLink.external(
@@ -55,17 +48,10 @@ func renderHome(body: String) -> Node {
)
HomeLink.external(
"Excalidraw",
icon: "pen-tool",
href: "https://draw.housh.dev",
description: "A drawing utility."
)
HomeLink.external(
"Gitea",
icon: "git-branch",
href: "https://git.housh.dev/explore/repos",
description: "Explore source code."
"Service Monitor",
icon: "heart-pulse",
href: "https://uptime.housh.dev/status/housh-dev",
description: "Server and services uptime status page."
)
HomeLink.external(
@@ -75,12 +61,33 @@ func renderHome(body: String) -> Node {
description: "Network management."
)
HomeLink.external(
"Excalidraw",
icon: "pen-tool",
href: "https://draw.housh.dev",
description: "A drawing utility that runs locally in your browser."
)
HomeLink.external(
"Gitea",
icon: "git-branch",
href: "https://git.housh.dev/explore/repos",
description: "Explore source code."
)
HomeLink.external(
"Legacy Purchase Orders",
icon: "file-archive",
href: "https://legach-po.housh.dev",
description: "Legacy purchase order application (pre-2025)."
)
HomeLink.external(
"HVAC Toolbox",
icon: "hammer",
href: "https://hvac-toolbox.com",
description: "A collection of HVAC calculators."
)
}
}
script(src: "https://unpkg.com/lucide@latest")

76
content/articles/2025-04-02-Network.md
View File

@@ -1,8 +1,9 @@
---
date: 2025-4-02
updated: 2025-4-03
updated: 2025-4-08
author: "Michael Housh"
tags: network, infrastructure
primaryTag: infrastructure
---
# Networking
@@ -10,9 +11,31 @@ tags: network, infrastructure
All of the networking setup is done through [unifi](https://unifi.ui.com). The
network is segmented into several different networks to isolate communication.
> Note: If you are unable to connect to the unifi management console linked
> above or if the internet is down, you can connect directly with the management
> console at `http://192.168.1.1`.
## Backup
The network management console get's backed up automatically each week (Sundays
@2:30am), however you can manually backup the server by going to
`Settings -> Control Plane -> Backups`. This is where you can also restore from
a backup if needed.
## Networks
An overview of the networks that are setup.
A brief overview of the networks that are setup, their uses, and why they are
needed.
| Network | VLAN ID | Subnet | Usable IP's |
| --------- | ------- | ---------------- | ----------- |
| Default | 1 | 192.168.1.0/24 | 249 |
| Main | 10 | 192.168.10.0/24 | 205 |
| Phones | 20 | 192.168.20.0/28 | 13 |
| IoT | 30 | 192.168.30.0/24 | 249 |
| housh.dev | 50 | 192.168.50.0/28 | 12 |
| Guest | 60 | 192.168.60.0/26 | 61 |
| Mangement | 254 | 192.168.254.0/24 | 249 |
### Default Network
@@ -21,8 +44,8 @@ unifi networking gear. It is also generally the network a new device will go if
it is plugged into an ethernet cable / switch. For this reason this network is
isolated from communicating with other networks.
New devices that end up on this network should be configured to the appropriate
network by a network administrator.
New devices that end up on this network should be configured / moved to the
appropriate network by a network administrator.
### Management Network
@@ -33,26 +56,32 @@ someone gained access to the network.
### Main Network
This is where the majority of "trusted" devices should be placed on the network,
such as computers, phones, etc. This is also the network when people join the
non-guest WiFi.
such as computers, mobile phones, etc. This is also the network used when people
join the non-guest WiFi.
This network has the ability to communicate with most all other networks.
This network has the ability to communicate with most all other networks,
therefore only trusted devices should be allowed on this network.
### housh.dev Network
This is the network where all the servers are placed. This network is primarily
setup to allow "responses", but not initiate communication with other networks.
This is to help reduce the risk if one of the servers gets compromised, an
attacker should not easily be able to transition to another network.
This is the network where the majority of servers are placed. This network is
primarily setup to allow "responses", but not allowed to initiate communication
with other networks. This is to help reduce the risk if one of the servers gets
compromised, an attacker should not easily be able to transition to another
network.
### Phones Network
This is the network where all the VoIP phones are on. It is considered
"untrusted" and should not be able to communicate with any other network.
This is merely considered "untrusted" because there's no reason for anything on
this network to try and reach anything else. It should only handle phone
traffic.
### IoT Network
This is the network where all IoT (internet of things) devices are. This is
This is the network where IoT (internet of things) devices are. This is
considered an "untrusted" network and communications with other networks are
minimized to what is actually needed to work. This network is not able to
communicate with the internet, because these devices are made by so many
@@ -64,6 +93,24 @@ such as home-pods and apple-tv because there are network challenges with these
devices operating properly when placed on the IoT network, such as airdrop and
screen casting (which may be resolved in the future).
### Guest Network
This is the network where guests are placed, it is considered "untrusted" and
should only be able to access the internet. Devices on this network are also not
able to communicate with other devices attached to the guest network.
## Wifi Networks
The following wifi networks are setup and broadcast via the access points. All
networks require a password to use. Ask Michael for passwords if you need them.
| Wifi SSID | Network |
| ------------------------ | ----------------------- |
| Center of Monroe | Main |
| Jarvis | IoT |
| Center of Monroe - Guest | Guest |
| Housh Home Energy | Main (VPN traffic only) |
## Firewall
The unifi management console is what handles firewall rules for the networks. It
@@ -74,6 +121,11 @@ is accessed via `Settings -> Security -> Firewall` on the management console.
This is where settings are made to either allow or deny traffic on the networks
from communicating with other networks or the internet.
> Note: Be aware that making changes here may break things / render networks or
> services to be unusable. It is recommended to make a backup prior to making
> changes. One of the biggest things to _not_ do is block traffic from
> `Main -> Gateway`, most everything else done is recoverable.
## DNS
DNS is what translates IP addresses to domain names (i.e.

20
content/articles/2025-04-04-servers.md
View File

@@ -1,6 +1,8 @@
---
date: 2025-04-04
updated: 2025-04-08
tags: servers, infrastructure, homelab
primaryTag: infrastructure
---
# Servers
@@ -15,7 +17,9 @@ services based on that. Meaning services that I run primarily for personal items
are running on servers that I own, while services that are supporting business
functionality run on the companies server.
All of the servers run the services in `Docker Containers`.
All of the servers run the services in `Docker Containers`, which allows for
them to be isolated from the host system (server) and makes them more easily
portable between servers if needed.
There is also a `Raspberry-Pi` that runs `Home Assitant`, which is another one
of my personal devices.
@@ -27,10 +31,14 @@ of my personal devices.
| rogue-mini | roguemini.housh.dev | 192.168.50.4 |
| home-assistant | homeassitant.housh.dev | 192.168.30.5 |
| NAS | nas.housh.dev | 192.168.10.105 |
| Backup NAS | nas.hhe | 192.168.1.10 |
You can read more about the network setup
[here](https://docs.housh.dev/articles/2025/network/).
> Note: The backup NAS is used to backup our primary NAS, for now it is not easy
> to use, and will be used for camera / security footage in the future.
## Containers
Services run inside of docker containers that are spread between several
@@ -44,7 +52,8 @@ is hosted on an [internal git server](https://git.housh.dev/homelab). The
configuration will consist of a docker compose file (generally named
`compose.yaml`). There is often an `example.env` file for the service, these are
examples for documentation and variable naming purposes. The environment
variables themselves are setup in the container orchestrator for the service.
variables themselves are setup in the container orchestrator for the service to
prevent sensitive data being "leaked".
### Container orchestrator
@@ -99,7 +108,7 @@ access may be implemented in the future. If access is required outside of our
network then using our VPN is required. The VPN setup is done automatically via
unifi (our network router).
`DNS` is what translates domain names to `IP` addresses, currently the public
`DNS` is what translates domain names to `IP addresses`, currently the public
DNS records are handled by cloudflare. Cloudflare is used to validate that we
own the `housh.dev` domain name in order for Let's Encrypt to issue free `TLS`
certificates. TLS is used to encrypt traffic over the web (`https://`).
@@ -107,4 +116,7 @@ certificates. TLS is used to encrypt traffic over the web (`https://`).
Internal DNS records are setup in our unifi router `Settings -> Routing -> DNS`.
The internal DNS is fairly simple and just needs to map to servers appropriately
(primarily just to the primary caddy instance, which then handles all the
routing to the individual service that is requested).
routing to the individual service that is requested). All devices that connect
to the network will be able to use the internal DNS to resolve host names
properly (meaning it all should just work automatically without any knowledge
from the user).

1
content/articles/2025-04-07-PhoneSystem.md
View File

@@ -1,6 +1,7 @@
---
date: 2025-04-07
tags: phones, infrastructure, unifi
primaryTag: infrastructure
---
# Phone System

1
content/articles/2025-04-07-TimeMachine.md
View File

@@ -1,6 +1,7 @@
---
date: 2025-04-07
tags: how-to, backups, nas
primaryTag: how-to
---
# Time Machine Backups

1
content/articles/2025-04-08-LinkSharing.md
View File

@@ -1,6 +1,7 @@
---
date: 2025-04-08
tags: how-to, nas
primaryTag: how-to
---
# Link Sharing

2
content/static/input.css
View File

@@ -151,7 +151,7 @@ article a:hover {
}
article code {
@apply bg-violet-600;
@apply text-white bg-violet-600 px-2;
}
article ol {

2
content/static/output.css
View File

File diff suppressed because one or more lines are too long