//nbkelley /homelab

Network Infrastructure & VLANs#

What Was Established#

The network uses a UniFi UCG Express with a multi-VLAN setup. A recent incident involving a VPN expiry caused a routing failure on specific VLANs due to policy-based routing (PBR) without a fallback mechanism.

Key Decisions#

  • VLAN Segmentation:
    • Gandalf: Server network (Always-on, stable, no VPN).
    • Mithrandir (VLAN 2): Client/AI network. Traffic is routed through ProtonVPN via WireGuard.
    • Harken (VLAN 3): General usage.
    • Tharkûn (DMZ): Restricted zone (DMZ $\rightarrow$ Internal is Blocked).
    • Rivendell (VLAN 4): Unused.
  • VPN Configuration: ProtonVPN WireGuard Client 1 is used for Mithrand/VLAN 2. Critical: Ensure “Block traffic if WireGuard is down” is enabled to prevent IP leaks.
  • IP Management: Use DHCP Reservations (Fixed IPs) in the UniFi Controller rather than configuring static IPs on individual hosts to prevent port-forward breakage during DHCP lease renewals.

Current Configuration#

Known Fixed IPs (DHCP Reservations):

  • Proxmox: 192.168.1.69
  • Prometheus: 192.168.1.167
  • Cloudflared: 192.168.1.95
  • Docker: 192.168.1.208
  • Servarr: 192.168.1.112
  • Proxy/NPM: 192.168.1.222
  • Uptime Kuma: 192.168.1.58
  • Websites: 192.168.1.237
  • Pavilion (AI PC): 192.168.2.192 (Mithrandir)

Open Questions#

  • Verify if the unifi-minimal-exporter or unpoller is better for long-term metrics (current plan is to use UniFi API directly via n8n).

Node Exporter Deployment, AI-Driven Monitoring Pipeline, Wi-Fi Performance Optimization (U7 Lite), Proxy Management & Cloudflare Tunnels

Sources#

Homelab AI - 2026-04-14 · ingested/chats/Homelab AI - 2026-04-14

Backward Node Exporter Deployment Proxmox ZFS Storage Setup Forward