chore: initial repo setup with baseline config backup
- Pull current config from router (OpenWRT 24.10.2) - Add backup, safe-apply, and push-all scripts - Add CLAUDE.md with workflow rules and context - Add network-map.md with current topology and planned VLANs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
70
docs/network-map.md
Normal file
70
docs/network-map.md
Normal file
@@ -0,0 +1,70 @@
|
||||
# Network Map
|
||||
|
||||
## Router
|
||||
| Item | Value |
|
||||
|------------|-------------------------------------|
|
||||
| Device | TP-Link Archer AX23 v1 |
|
||||
| OpenWRT | 24.10.2 |
|
||||
| LAN IP | 10.0.0.1 |
|
||||
| LAN Subnet | 10.0.0.0/24 (pre-VLAN) |
|
||||
| WAN | Full fibre, 1gbps down / 100mbps up |
|
||||
| SSH | `ssh openwrt` |
|
||||
|
||||
## Current SSIDs
|
||||
| SSID | Band | Status |
|
||||
|----------------------|---------------|---------------------------------------------------|
|
||||
| Moonshield | 2.4GHz + 5GHz | Main network |
|
||||
| Stow on the Wireless | 2.4GHz | Unused — will become IoT SSID ("Cloud Connected") |
|
||||
|
||||
## Planned VLAN Layout
|
||||
| VLAN ID | Name | Subnet | Purpose |
|
||||
|---------|---------|--------------|--------------------------------|
|
||||
| 1 | trusted | 10.0.1.0/24 | Phones, laptops |
|
||||
| 10 | servers | 10.0.10.0/24 | NAS, Pis, HA, Frigate, PiHole |
|
||||
| 20 | iot | 10.0.20.0/24 | Smart devices, cameras |
|
||||
| 30 | media | 10.0.30.0/24 | Shield TV, consoles, smart TVs |
|
||||
| 40 | guest | 10.0.40.0/24 | Guest WiFi |
|
||||
|
||||
## Planned SSID → VLAN Mapping
|
||||
| SSID | VLAN | Notes |
|
||||
|-----------------|---------|-------------------------------------|
|
||||
| Moonshield | trusted | Existing main SSID |
|
||||
| Cloud Connected | iot | Renamed from "Stow on the Wireless" |
|
||||
| Pinball Map | media | New SSID for Shield + consoles |
|
||||
| Passenger | guest | New — optional |
|
||||
|
||||
## External Access
|
||||
|
||||
Ports forwarded to `everlost.lan` (10.0.0.2), which runs Nginx + Letsencrypt + auth before proxying to internal services.
|
||||
|
||||
### Port Forwards
|
||||
| Name | Proto | WAN Port | Dest IP | Dest Port |
|
||||
|----------------------|-------|----------|-----------|-----------|
|
||||
| HTTP | TCP | 80 | 10.0.0.2 | 80 |
|
||||
| HTTPS | TCP | 443 | 10.0.0.2 | 443 |
|
||||
| SSH - Everlost | TCP | 22563 | 10.0.0.2 | 22563 |
|
||||
| SSH - Home Assistant | TCP | 22553 | 10.0.0.11 | 22553 |
|
||||
| SSH - Frigate | TCP | 22583 | 10.0.0.12 | 22583 |
|
||||
| SSH - Jester | TCP | 22573 | 10.0.0.21 | 22573 |
|
||||
| SSH - Wayfaerer | TCP | 22593 | 10.0.0.22 | 22593 |
|
||||
| SSH - Gitea | TCP | 2222 | 10.0.0.2 | 2222 |
|
||||
| Wireguard | UDP | 51820 | 10.0.0.2 | 51820 |
|
||||
| Plex - Jester | TCP | 32400 | 10.0.0.21 | 32400 |
|
||||
| Plex - Wayfaerer | TCP | 32450 | 10.0.0.22 | 32450 |
|
||||
|
||||
## Planned WAN2 (Failover)
|
||||
| Item | Value |
|
||||
|----------|---------------------------------------------------------------|
|
||||
| Device | GL-XE300 (Puli) |
|
||||
| Firmware | GL.iNet 4.3.27 (based on OpenWRT 22.03.4) |
|
||||
| LAN IP | 10.0.100.1 (change from default 192.168.8.1 before wiring in) |
|
||||
| Subnet | 10.0.100.0/24 |
|
||||
| WAN | 4G LTE via M.2 modem |
|
||||
| SSH | `ssh openwrtwan` |
|
||||
|
||||
`mwan3` on the main router handles automatic failover. A firewall rule on the main router allows management access from the trusted VLAN to `10.0.100.1` on ports 22/80/443.
|
||||
|
||||
---
|
||||
|
||||
> For full device inventory, static DHCP leases, and cross-VLAN firewall requirements see:
|
||||
> [`vlan-requirements.md`](vlan-requirements.md)
|
||||
Reference in New Issue
Block a user