proxmox-infra/docs/NETWORK-MAP.md

# KavCorp Network Map

> **Last Updated**: 2025-12-28
> **Network**: 10.4.2.0/24
> **Gateway**: 10.4.2.1 (OPNsense)
> **DNS**: 10.4.2.11 (Pi-hole)

## Network Topology

```
                              INTERNET
                                  │
                                  │ WAN (AT&T)
                                  │ Public: 99.74.188.161
                                  ▼
                    ┌─────────────────────────────┐
                    │     OPNsense (VM 130)       │
                    │        10.4.2.1             │
                    │   WAN: vmbr1 | LAN: vmbr0   │
                    └──────────────┬──────────────┘
                                   │
       ┌───────────────────────────┼───────────────────────────┐
       │                      vmbr0 Bridge                     │
       │                    10.4.2.0/24 (LAN)                  │
       └───┬───────┬───────┬───────┬───────┬───────────────────┘
           │       │       │       │       │
           ▼       ▼       ▼       ▼       ▼
        ┌─────┐ ┌─────┐ ┌─────┐ ┌─────┐ ┌──────────┐  ┌─────────┐
        │ pm1 │ │ pm2 │ │ pm3 │ │ pm4 │ │ elantris │  │ KavNas  │
        │ .2  │ │ .6  │ │ .3  │ │ .5  │ │   .14    │  │  .13    │
        └──┬──┘ └──┬──┘ └──┬──┘ └──┬──┘ └────┬─────┘  └─────────┘
           │       │       │       │         │
   ┌───────┘       │       │       │         └────────┐
   │               │       │       │                  │
   ▼               ▼       ▼       ▼                  ▼
┌──────┐    ┌───────────┐ ┌────┐ ┌──────────┐    ┌─────────┐
│HA    │    │Media Stack│ │Game│ │  Infra   │    │  Media  │
│Zwave │    │ Services  │ │Svcs│ │ Services │    │ Storage │
│Twing.│    │           │ │    │ │          │    │         │
└──────┘    └───────────┘ └────┘ └──────────┘    └─────────┘
```

## IP Address Allocation

### Proxmox Nodes (10.4.2.2-9)

| IP | Hostname | Description |
|----|----------|-------------|
| 10.4.2.2 | pm1.kav | Proxmox node 1 |
| 10.4.2.3 | pm3.kav | Proxmox node 3 |
| 10.4.2.5 | pm4.kav | Proxmox node 4 |
| 10.4.2.6 | pm2.kav | Proxmox node 2 (primary management) |
| 10.4.2.14 | elantris.kav | Proxmox node 5 (128GB RAM, ZFS) |

### Core Infrastructure (10.4.2.10-19)

| IP | Hostname | Service | VMID | Node |
|----|----------|---------|------|------|
| 10.4.2.1 | opnsense.kav | OPNsense Gateway | 130 | pm4 |
| 10.4.2.10 | traefik.kav | Reverse Proxy | 104 | pm2 |
| 10.4.2.11 | pihole.kav | DNS Server | 103 | pm4 |
| 10.4.2.12 | authelia.kav | SSO Authentication | 116 | pm2 |
| 10.4.2.13 | kavnas.kav | Synology NAS | - | - |
| 10.4.2.15 | vaultwarden.kav | Password Manager | 125 | pm4 |
| 10.4.2.16 | unifi.kav | UniFi Controller | 111 | pm4 |

### Media Stack (10.4.2.20-29)

| IP | Hostname | Service | VMID | Node |
|----|----------|---------|------|------|
| 10.4.2.20 | sonarr.kav | TV Shows | 105 | pm2 |
| 10.4.2.21 | whisparr.kav | Adult Content | 117 | pm2 |
| 10.4.2.22 | prowlarr.kav | Indexer Manager | 114 | pm2 |
| 10.4.2.23 | bazarr.kav | Subtitles | 119 | pm2 |
| 10.4.2.24 | radarr.kav | Movies | 108 | pm2 |
| 10.4.2.25 | jellyseerr.kav | Media Requests | 115 | pm2 |
| 10.4.2.26 | jellyfin.kav | Media Server | 121 | elantris |
| 10.4.2.27 | kometa.kav | Plex Meta Manager | 120 | pm2 |
| 10.4.2.28 | recyclarr.kav | Quality Profiles | 122 | pm2 |
| 10.4.2.29 | notifiarr.kav | Notifications | 118 | pm2 |

### Services (10.4.2.30-39)

| IP | Hostname | Service | VMID | Node |
|----|----------|---------|------|------|
| 10.4.2.30 | immich.kav | Photo Management | 126 | pm4 |
| 10.4.2.31 | gitea.kav | Git Server | 127 | pm4 |
| 10.4.2.32 | frigate.kav | NVR | 128 | pm3 |
| 10.4.2.33 | homeassistant.kav | Home Automation | 100 | pm1 (VM) |
| 10.4.2.34 | ollama.kav | LLM Server | 123 | elantris |
| 10.4.2.35 | twingate.kav | Zero Trust Access | 101 | pm1 |
| 10.4.2.37 | foundryvtt.kav | Virtual Tabletop | 112 | pm3 |

### Game Servers (10.4.2.40-49)

| IP | Hostname | Service | VMID | Node |
|----|----------|---------|------|------|
| 10.4.2.40 | amp.kav | Game Server Manager | 124 | elantris |

### IoT / Home Automation (10.4.2.50-99)

| IP | Hostname | Service | VMID | Node |
|----|----------|---------|------|------|
| 10.4.2.50 | zwave.kav | Z-Wave JS UI | 102 | pm1 |
| 10.4.2.51 | mqtt.kav | MQTT Broker | 106 | pm3 |

### Docker Hosts (10.4.2.200-209)

| IP | Hostname | Service | VMID | Node |
|----|----------|---------|------|------|
| 10.4.2.200 | docker-pm2.kav | Docker Host | 113 | pm2 |
| 10.4.2.201 | docker-pm4.kav | Docker Host | 110 | pm4 |
| 10.4.2.202 | docker-pm3.kav | Docker Host | 109 | pm3 (VM) |
| 10.4.2.203 | dockge.kav | Docker Management | 107 | pm3 |

## IP Range Summary

| Range | Purpose | Status |
|-------|---------|--------|
| 10.4.2.1 | OPNsense Gateway | Assigned |
| 10.4.2.2-9 | Proxmox Nodes | Assigned |
| 10.4.2.10-19 | Core Infrastructure | Assigned |
| 10.4.2.20-29 | Media Stack | Assigned |
| 10.4.2.30-39 | Services | Partially used |
| 10.4.2.40-49 | Game Servers | Partially used |
| 10.4.2.50-99 | IoT / Reserved | Partially used |
| 10.4.2.100-199 | DHCP Pool | Dynamic |
| 10.4.2.200-209 | Docker Hosts | Assigned |
| 10.4.2.210-239 | Reserved | Available |
| 10.4.2.240-249 | Network Controllers | Reserved |
| 10.4.2.250-254 | Network Gear | Reserved |

## Access Methods

### SSH Access
All containers have SSH enabled with key-based authentication:
```bash
ssh root@<service>.kav
# Example: ssh root@traefik.kav
```

### Web Access
All web services are accessible via Traefik reverse proxy:
- External: `https://<service>.kavcorp.com`
- Internal: `http://<ip>:<port>`

### Local DNS
Pi-hole provides `.kav` domain resolution for all services.
Configure your device to use `10.4.2.11` as DNS server.

## Generating Updated Map

Use the network map script to generate a current view:
```bash
cd /home/kavren/proxmox-infra
./scripts/monitoring/network-map.sh
```