Home

Welcome to the CharlieHub infrastructure documentation. This site provides comprehensive guides for operating and maintaining our hybrid cloud + homelab infrastructure.

Quick Links¶

Category	Description
Getting Started	New to the infrastructure? Start here
Operations	Daily tasks, backup, monitoring, security
Operator Guides	Making changes safely, security policies
Services	hub2, CT1112, CT1113
Reference	Network layout, VMID convention, scripts, cron schedule
Disaster Recovery	Backup strategy, recovery runbooks

🔐 Security & Compliance¶

Critical: See Security Maintenance Guide for quarterly credential rotation procedures.

Schedule: - Q1: March 29, 2026 @ 02:00 UTC (Last Sunday of quarter) - Q2: June 28, 2026 @ 02:00 UTC - Q3: September 27, 2026 @ 02:00 UTC - Q4: December 27, 2026 @ 02:00 UTC

Key Documents: - Security Maintenance - Quarterly rotation procedures - Safeguards & Policy - Security enforcement and audit trail - Operator How-To - Making infrastructure changes safely - Cron Schedule - All scheduled maintenance jobs

Architecture Overview¶

                              Internet
                                  │
                                  ▼
┌──────────────────────────────────────────────────────────────────────┐
│                     hub2 (OVH Dedicated)                             │
│                        51.68.235.106                                 │
│                                                                      │
│  ┌─────────────────────────────┐  ┌───────────────────────────────┐  │
│  │  CharlieHub Services        │  │  Parking Infrastructure       │  │
│  │  /opt/charliehub            │  │  /opt/parking-infrastructure  │  │
│  │                             │  │                               │  │
│  │  Traefik (Parent) :443 ─────┼──┼─► Traefik (Child) :8883       │  │
│  │     ├── Authelia SSO        │  │     ├── Parking API           │  │
│  │     ├── Domain Manager      │  │     ├── Parking Dashboard     │  │
│  │     ├── UniFi API           │  │     └── MQTT Broker           │  │
│  │     ├── Docs, Code Server   │  │                               │  │
│  │     └── Prometheus, Grafana │  └───────────────────────────────┘  │
│  └─────────────────────────────┘                                     │
│                        │ WireGuard VPN                               │
└────────────────────────┼─────────────────────────────────────────────┘
                         │
        ┌────────────────┴────────────────┐
        ▼                                  ▼
┌──────────────────┐              ┌──────────────────┐
│   UK Homelab     │              │   FR Homelab     │
│   10.44.x.x      │              │   10.35.x.x      │
│   px1, px2, px3  │              │   px5            │
│   CT1112, CT1113 │              │   UniFi UCG      │
│   UniFi UCG      │              │                  │
└──────────────────┘              └──────────────────┘

Key Services¶

Service	Location	Purpose
hub2	OVH Dedicated (51.68.235.106)	Central hub: Traefik, Domain Manager, Auth, APIs, Monitoring
PostgreSQL	CT1912 (REDACTED_IP)	Parking & IoT databases
IoT Platform	CT1113 (REDACTED_IP3)	ChirpStack, Node-RED
UniFi UCG	REDACTED_IP / REDACTED_IP	Network management (UK & FR)

Quick Commands¶

# Connect to hub2 (uses ubuntu user, not root)
ssh hub2                            # if SSH config is set up
ssh ubuntu@51.68.235.106            # via public IP

# Check hub2 services
docker ps

# Check WireGuard VPN status
sudo wg show

Domains¶

All public domains point to hub1 (151.80.58.99):

Domain	Purpose
*.charliehub.net	Infrastructure services
*.microshare.eu	Business services
*.sensemy.cloud	IoT platform
*.verdegris.ch/eu	Additional domains

Emergency Contacts¶

Disaster Recovery: See Recovery Runbooks
Monitoring: Grafana / Prometheus
Documentation: docs.charliehub.net