Network Topology & IP Assignments

VLAN / Interface	Subnet	Purpose
`vlan88-work`	192.168.88.0/24	Homelab infrastructure — all servers, K8s, NAS
`vlan20-home`	192.168.20.0/24	Home devices — personal PCs, phones, TVs
`wireguard1`	192.168.100.0/24	VPN clients (WireGuard, UDP 13231)

IP Address	Hostname	Role	OS/Platform	Notes
192.168.88.1	MikroTik Router	Gateway / Firewall / DHCP	RouterOS	Network gateway, DNS forwarding
192.168.88.10-30	MetalLB Pool	K8s LoadBalancer IPs	—	Auto-assigned by MetalLB L2
192.168.88.11	Technitium Primary LB	DNS (Technitium primary)	K8s	externalTrafficPolicy: Local
192.168.88.13	Technitium Secondary LB	DNS (Technitium secondary)	K8s	externalTrafficPolicy: Local
192.168.88.53	Technitium MikroTik	DNS (MikroTik container, AXFR secondary)	MikroTik	Virtual IP via DST-NAT
192.168.88.12	Traefik VIP	K8s Ingress	K8s	All `*.homelab.vyanh.uk` traffic
192.168.88.19	Synology NAS	DS920+ / NFS / Docker	DSM 7	Primary storage, 4x8TB SHR
192.168.88.100	Proxmox VE	Hypervisor	Proxmox VE	Hosts all K8s VMs
192.168.88.230	TrueNAS	Secondary NAS	TrueNAS	Backup storage
192.168.88.245	Utility Server	Monitoring exporters	Linux	SNMP exporter, PVE exporter
192.168.88.247	k8s-node-3	K8s Worker	Ubuntu	Workloads
192.168.88.248	k8s-node-2	K8s Worker	Ubuntu	Workloads
192.168.88.249	k8s-node-1	K8s Worker	Ubuntu	Workloads
192.168.88.250	k8s-cp	K8s Control Plane	Ubuntu	kubeadm, etcd, scheduler

Service	URL	Namespace	Auth
ArgoCD	`https://argocd.homelab.vyanh.uk`	argocd	Authentik OIDC
Grafana	`https://grafana.homelab.vyanh.uk`	monitoring	Authentik OIDC
Vault	`https://vault.homelab.vyanh.uk`	vault	Token/OIDC
Harbor	`https://harbor.homelab.vyanh.uk`	harbor	Authentik OIDC
Authentik	`https://authentik.homelab.vyanh.uk`	authentik	Built-in
Technitium DNS	`https://dns.homelab.vyanh.uk`	technitium	Password (Vault)
Technitium DNS 2	`https://dns2.homelab.vyanh.uk`	technitium	Password (Vault)
Technitium MikroTik	`http://dns-mikrotik.homelab.vyanh.uk`	technitium	Password (Vault)
Nextcloud	`https://nextcloud.homelab.vyanh.uk`	nextcloud	Built-in
Longhorn	`https://longhorn.homelab.vyanh.uk`	longhorn-system	—
VictoriaMetrics	`https://victoriametrics.homelab.vyanh.uk`	monitoring	—
VictoriaLogs	`https://victorialogs.homelab.vyanh.uk`	monitoring	—
Traefik Dashboard	`https://traefik.homelab.vyanh.uk`	traefik	IP whitelist
Tempo	`https://tempo.homelab.vyanh.uk`	monitoring	—
LifeOps	`https://lifeops.homelab.vyanh.uk`	life-ops	JWT
LifeOps (public)	`https://tracker.vyanh.uk`	life-ops	JWT
Wiki.js	`https://wikijs.homelab.vyanh.uk`	nas-ingress	Built-in
Wiki.js (public)	`https://wiki.vyanh.uk`	nas-ingress	Built-in
ntfy	`https://ntfy.homelab.vyanh.uk`	nas-ingress	Token auth
ntfy (public)	`https://ntfy.vyanh.uk`	nas-ingress	Token auth
Vaultwarden	`https://vaultwarden.homelab.vyanh.uk`	nas-ingress	Built-in
Vaultwarden (public)	`https://vault.vyanh.uk`	nas-ingress	Built-in
Uptime Kuma	`https://uptime.homelab.vyanh.uk`	nas-ingress	—
Uptime Kuma (public)	`https://status.vyanh.uk`	nas-ingress	—

Service	Internal Port	Local URL	Public URL	Security
Immich	`:2283`	`https://immich.homelab.vyanh.uk`	—	Default headers
Vaultwarden	`:8843`	`https://vaultwarden.homelab.vyanh.uk`	`https://vault.vyanh.uk`	Default headers
Uptime Kuma	`:3001`	`https://uptime.homelab.vyanh.uk`	`https://status.vyanh.uk`	Default headers
ntfy	`:2586`	`https://ntfy.homelab.vyanh.uk`	`https://ntfy.vyanh.uk`	Default headers
Portainer	`:9443`	`https://portainer.homelab.vyanh.uk`	—	Local-only IP whitelist
Homepage	`:3000`	`https://homepage.homelab.vyanh.uk`	—	Default headers
Paperless-ngx	`:8010`	`https://paperless.homelab.vyanh.uk`	—	Default headers
Wiki.js	`:3080`	`https://wikijs.homelab.vyanh.uk`	`https://wiki.vyanh.uk`	Default headers

Public URL	Routes To	Notes
`https://wiki.vyanh.uk`	WikiJS via Traefik nas-ingress	—
`https://status.vyanh.uk`	Uptime Kuma `:3001` on NAS	—
`https://tracker.vyanh.uk`	LifeOps in K8s	—
`https://ntfy.vyanh.uk`	ntfy `:2586` on NAS	Push notifications

Public URL	Routes To	Notes
`https://vault.vyanh.uk`	Vaultwarden `:8843` on NAS	Independent of K8s — stays up during cluster outages

Public Hostname	Resolves to (LAN)	Traefik Ingress
`vault.vyanh.uk`	`192.168.88.12`	`nas-ingress/vaultwarden`
`wiki.vyanh.uk`	`192.168.88.12`	`nas-ingress/wikijs`
`status.vyanh.uk`	`192.168.88.12`	`nas-ingress/uptime-kuma`
`tracker.vyanh.uk`	`192.168.88.12`	`life-ops/lifeops-tracker-public`
`ntfy.vyanh.uk`	`192.168.88.12`	`nas-ingress/ntfy`

¶ Network Topology & IP Assignments

¶ Network Subnets

¶ Subnet: 192.168.88.0/24 (VLAN88 — Homelab)

¶ Full IP Assignment Table

¶ Kubernetes Service URLs

¶ NAS Docker Service URLs

¶ Cloudflare Public Domains (External Access)

¶ Split DNS (LAN Access to Public Hostnames)