lazorgurl/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9cb517fcbec050c9b2d2f07d5c89fa65a33d171c
homelab/infra/ubiquiti/README.md
Julia McGhee 96e3f32f28 Initial monorepo scaffold 
Turborepo + pnpm monorepo for k3s homelab cluster on Intel NUCs.

- Apps: Next.js web frontend, Express API (TypeScript, Dockerfiles, k8s manifests)
- Packages: shared UI, ESLint config, TypeScript config, Drizzle DB schemas
- Infra/Ansible: bare-metal provisioning with roles for common, k3s-server, k3s-agent, hardening
- Infra/Kubernetes: ArgoCD GitOps (app-of-apps + ApplicationSets), platform components
  (cert-manager, Traefik, CloudNativePG, Valkey, Longhorn, Sealed Secrets), namespaces
- Observability: kube-prometheus-stack, Loki, Promtail as ArgoCD Applications
- CI/CD: GitHub Actions for PR builds, preview deploys, production deploys
- DX: Taskfile, utility scripts, copier templates, Ubiquiti network docs
2026-03-19 22:24:56 +00:00

74 lines
2.7 KiB
Markdown
Raw Blame History

# Ubiquiti Cloud Gateway Configuration
Documentation for the Ubiquiti Cloud Gateway (UCG) that manages network ingress for the homelab cluster.
## Network Layout
```
Internet
UCG (Ubiquiti Cloud Gateway)
├── VLAN 1 - Management (10.0.1.0/24)
├── VLAN 10 - Servers (10.0.10.0/24)
├── VLAN 20 - IoT (10.0.20.0/24)
└── VLAN 99 - Guest (10.0.99.0/24)
```
## VLAN Configuration
| VLAN ID | Name | Subnet | Purpose |
|---------|------------|-----------------|------------------------|
| 1 | Management | 10.0.1.0/24 | Network devices, admin |
| 10 | Servers | 10.0.10.0/24 | k3s cluster nodes |
| 20 | IoT | 10.0.20.0/24 | IoT devices |
| 99 | Guest | 10.0.99.0/24 | Guest WiFi |
## DHCP Reservations (VLAN 10 — Servers)
| Hostname | IP Address | MAC Address | Role |
|----------|-------------|-------------------|-------------|
| nuc01 | 10.0.10.11 | XX:XX:XX:XX:XX:01 | k3s server |
| nuc02 | 10.0.10.12 | XX:XX:XX:XX:XX:02 | k3s agent |
| nuc03 | 10.0.10.13 | XX:XX:XX:XX:XX:03 | k3s agent |
## Port Forwarding Rules
| Name | External Port | Internal IP | Internal Port | Protocol |
|------------|---------------|--------------|---------------|----------|
| HTTP | 80 | 10.0.10.11 | 80 | TCP |
| HTTPS | 443 | 10.0.10.11 | 443 | TCP |
| k3s API | 6443 | 10.0.10.11 | 6443 | TCP |
> **Note**: HTTP/HTTPS traffic routes to nuc01 where Traefik runs as the ingress controller.
> k3s API port is only forwarded if external kubectl access is needed.
## Firewall Rules
### Inter-VLAN Rules
- **Servers → Internet**: Allow all outbound
- **Servers → Management**: Allow (for UCG API access)
- **IoT → Servers**: Deny (isolate IoT from cluster)
- **Guest → ***: Allow Internet only, block all local
### Inbound Rules
- Allow established/related connections
- Allow HTTP (80) and HTTPS (443) to VLAN 10
- Drop all other inbound
## DNS Configuration
- **Internal DNS**: Use UCG as DNS server for VLAN 10
- **External DNS**: Cloudflare (1.1.1.1, 1.0.0.1)
- **Local DNS entries**: Add `*.homelab.local` → 10.0.10.11 for internal access
## Setup Steps
1. **Create VLANs** in UniFi Network → Settings → Networks
2. **Assign ports** on the switch to VLAN 10 for NUC connections
3. **Create DHCP reservations** for each NUC (Settings → Networks → VLAN 10)
4. **Add port forwarding rules** (Settings → Firewall & Security → Port Forwarding)
5. **Configure firewall rules** (Settings → Firewall & Security → Firewall Rules)
6. **Set local DNS** entries for *.homelab.local
Reference in New Issue View Git Blame Copy Permalink