Network Layout¶

Complete network architecture for the CharlieHub infrastructure.

Overview¶

                              Internet
                                  │
                                  ▼
                    ┌─────────────────────────────┐
                    │     hub2 (OVH Dedicated)    │
                    │       51.68.235.106         │
                    │                             │
                    │       wg-uk: REDACTED_IP     │
                    │       wg-fr: REDACTED_IP      │
                    └─────────────┬───────────────┘
                                  │
           ┌──────────────────────┴──────────────────────┐
           │              WireGuard VPN                   │
           └──────────────────────┬──────────────────────┘
                                  │
        ┌─────────────────────────┴─────────────────────────┐
        │                                                    │
        ▼                                                    ▼
┌───────────────────────────┐                ┌───────────────────────────┐
│    UK Site (10.44.x.x)    │                │   France Site (10.35.x.x) │
│  ┌─────────────────────┐  │                │  ┌─────────────────────┐  │
│  │ UniFi UCG: REDACTED_IP│  │                │  │ UniFi UCG: REDACTED_IP│  │
│  └─────────────────────┘  │                │  └─────────────────────┘  │
│                           │                │                           │
│  px1: REDACTED_IP          │   SD-WAN VPN   │  px5: REDACTED_IP          │
│  px2: REDACTED_IP          │◄──────────────►│                           │
│  px3: REDACTED_IP          │                │                           │
└───────────────────────────┘                └───────────────────────────┘

Site Summary¶

Site	Location	Subnet	Purpose
hub2	OVH Dedicated	51.68.235.106	Central services hub
UK	Home network	10.44.x.x	Primary Proxmox cluster
France	Home network	10.35.x.x	DR site

hub2 (OVH Dedicated Server)¶

The central hub for all public-facing services.

Property	Value
Public IP	51.68.235.106
WireGuard UK IP	REDACTED_IP
WireGuard FR IP	REDACTED_IP
SSH User	ubuntu (not root)

Services on hub2¶

Port	Service
80, 443	Traefik (HTTP/HTTPS)
9091	Authelia SSO
8001	Domain Manager API
8002	UniFi API
8000	Docs (MkDocs)
3000	Grafana
9090	Prometheus
9100	Node Exporter

VLAN Structure¶

VLAN	Network	Purpose
VLAN 1 (untagged)	10.x.1.x	Proxmox hosts, VMs, CTs (main LAN)
VLAN 5	10.x.5.x	IoT devices

VLAN 10 Retired

VLAN 10 (10.x.10.x) was retired on 2026-01-09. All VMs/CTs now use the main LAN (10.x.1.x).

UK Site (10.44.x.x)¶

Management Network (10.44.1.x)¶

IP	Device	Role
REDACTED_IP	UniFi UCG	Router
REDACTED_IP	px1-silverstone	Primary Proxmox node
REDACTED_IP	px2-monza	Compute node
REDACTED_IP	px3-suzuka	NAS + HA replica

VMs/CTs (Main LAN - 10.44.1.x)¶

VLAN 10 Retired

VLAN 10 (10.44.10.x) was retired on 2026-01-09. All VMs/CTs now use main LAN with IPs matching their CT numbers.

IP	VMID	Name	Purpose
REDACTED_IP	CT1912	prod-database-temp	PostgreSQL (temporary)
REDACTED_IP3	CT1113	prod-iot-platform	ChirpStack, Node-RED
REDACTED_IP4	CT1114	pulse-monitor	Pulse monitoring
REDACTED_IP5	CT1115	prod-monitoring	Monitoring services
REDACTED_IP6	CT1116	homarr-dashboard	Homarr dashboard
192.168.100.164	Linux Mint	isp-monitor	ISP performance monitoring (direct to Technicolor)
REDACTED_IP	VM2912	gmc-server	GMC WireGuard server

France Site (10.35.x.x)¶

Management Network (10.35.1.x)¶

IP	Device	Role
REDACTED_IP	UniFi UCG	Router
REDACTED_IP	px5-lemans	Remote Proxmox node

VMs/CTs (Main LAN - 10.35.1.x)¶

VLAN 10 Retired

VLAN 10 (10.35.10.x) was retired on 2026-01-13. All VMs/CTs now use main LAN with IPs matching their VM numbers.

IP	VMID	Name	Purpose
REDACTED_IP	CT5122	GMC	Gateway Management Console (legacy)
REDACTED_IP	VM5123	cbre-api-people-counting	CBRE people counting API
REDACTED_IP	VM5125	dinard-print-server	Print server

WireGuard VPN¶

Hub2 connects to homelabs via UniFi WireGuard site-to-site VPN:

Interface	Hub2 IP	Peer	Routes
wg-uk	REDACTED_IP	uk-ucg (REDACTED_IP)	REDACTED_SUBNET
wg-fr	REDACTED_IP	fr-dnr-ucg (REDACTED_IP)	REDACTED_SUBNET

WireGuard VPN

WireGuard provides simple, reliable site-to-site connectivity via UniFi's native VPN support.

Cross-Site Connectivity¶

hub2 (OVH Dedicated)
    │
    │ WireGuard VPN
    │
    ├──► UK Site (10.44.x.x)
    │       │
    │       │ UniFi SD-WAN VPN
    │       │
    │       └──► France Site (10.35.x.x)
    │
    └──► France Site (direct via WireGuard)

All sites can communicate via multiple paths: - WireGuard VPN: Direct connectivity from hub2 to any site - SD-WAN VPN: UK ↔ France via UniFi site-to-site tunnel

DNS¶

All public domains point to hub2 (51.68.235.106):

Domain	Purpose
*.charliehub.net	Infrastructure services
*.microshare.eu	Business services
*.sensemy.cloud	IoT platform
*.verdegris.ch/eu	Additional domains

Key Services¶

Component	Location	IP	Purpose
prod-monitoring (CT1115)	px1	REDACTED_IP5	Primary homelab monitoring (Prometheus, Grafana, Loki, Alertmanager)
hub2 Monitoring	OVH Dedicated	51.68.235.106	Cloud monitoring (Prometheus, Grafana)

Deprecated¶

Component	Previous Location	Status
hub1 (OVH1)	151.80.58.99	Replaced by hub2
VM1111/VM5111	REDACTED_IP	Migrated to hub2
SSHPiper	VM1111:2222	No longer needed