Homelab - Cees van de Griend

Documentation of my on-premisses homelab.

Overview

Name	IP address	Link	Remarks
UniFi Default	192.168.1.0/24
Gateway	192.168.1.1	Ethernet	UniFi Dream Machine Pro
KPN	192.168.2.0/24
KPN TV	192.168.2.2	Wifi	Setup box
dns01	192.168.2.3	Ethernet	Raspberry Pi 3B, 1GB mem, sd 16 GB
CHiQ	192.168.2.4	Wifi	"Smart" TV
Gateway	192.168.2.75	Ethernet	UniFi Dream Machine Pro
KPN Box	192.168.2.254	Fiber	KPN Gateway
UniFi Management	192.168.16.0/24
Access point	192.168.16.182	Ethernet	UniFi U6 Lite
Switch	192.168.16.183	SFP+	UniFi USW Pro 24 PoE
Main	192.168.17.0/24
printer01	192.168.17.8	Wifi	Epson ET-2861
Fairphone 5	192.168.17.80	Wifi
laptop02	192.168.17.123	Wifi	Framework 12
athena	192.168.17.182	Wifi	Framework 13
media01	192.168.17.38	Wifi	Raspberry Pi 4B, 4GB mem, ssd 1 TB
Development	192.168.20.0/24	Not used
Test	192.168.21.0/24
tkc01	192.168.21.8	Ethernet	unknown laptop
Staging	192.168.22.0/24	Not used
Production	192.168.23.0/24
dns02	192.168.23.3	Ethernet	Raspberry Pi 4B, 1GB mem, usb 64 GB
nas01	192.168.23.8	Ethernet	UniFi UNAS-2
DMZ	192.168.24.0/24	Not used
IoT	192.168.30.0/24
gw2	192.168.30.6	Ethernet	IKEA Gateway
Guest	192.168.31.0/24

Secrets

pass - my personal password store in my home directory. The entries are encrypted with my GnuPG public key. The store is a Git repository and a copy is stored in a remote location: ~/Documents/405_Repositories/password-store.git The ~/Documents/ folder is backuped daily to nas01.
Proton Pass - mainly used for websites and browser integrations.
BitWarden - old entries, newer are stored in Proton Pass or pass.

Domains

cvdg.eu: used for on-premis TLS certificates
griend.eu: main e-mail accounts
griend.dev: used for hobby projects

cvdg.eu

SOA:	TransIP
DNS:	CloudFlare
MX:	ProtonMail
Website:	GitLab

griend.eu

SOA:	TransIP
DNS:	TransIP
MX:	ProtonMail
Website:	GitLab

griend.dev

SOA:	TransIP
DNS:	TransIP
MX:	ProtonMail
Website:	GitLab

On-premises

Modem: KPN Box 12
KPN TV: Set-top box (WiFi)
Raspberry Pi 3B+: DNS (100 Mb/s eth)
UniFi: Dream Machine Pro (1 Gb/s eth)

KPN

This part of the network is treated as an external network. All the devices I have which are not fully under my control in this network. The devices are not allowed to connect to the inner network. The inner network is behind the UniFi Gateway.

Name	IP address	DHCP	Connection
KPN TV	192.168.2.2	DHCP reserved	WiFi
dns01	192.168.2.3	DHCP reserved	ethernet
CHiQ - Smart TV	192.168.2.4	DHCP reserved	Wifi
UniFi Dream Machine Pro	192.168.2.75	DHCP reserved	ethernet
KPN Box 12	192.168.2.254	Fixed

KPN Box 12

I have a 1 Gb/s fiber optic connection from KPN Internet with TV and mobile. Only outgoing traffic is allowed.

WiFi is active.

KPN TV

The device is infrequently used for watching the national news and live television.

I have not bothered to investigate if there is a workaround, but this box has a lot of troubles if it does not connect to the WiFi network of the KPN Modem.

dns01

The DHCP server (KPN Box 12) uses dns01 as a pi-hole. The hardware is an old Raspberry Pi 3, model B+ with 1 GiB memory and a 16 GiB micro SD card as root partition.

dns01 is the DNS server (Pi-Hole) for the KPN network.

CHiQ

This is a smart TV with Google TV. Not used very much, mainly as display for the KPN TV and media01 Raspberry Pi 4, used as media player.

UniFi Dream Machine Pro

This device controls my homelab network. At the moment I have: