The homelab network provides internal communication, external access via tunnels, and DNS-based service discovery.
Network Configuration
Subnet: 192.168.144.0/23 (512 addresses, 192.168.144.0 - 192.168.144.255) Gateway: 192.168.144.1 DNS: 192.168.144.20 (Pi-hole)
IP Allocation
Infrastructure
| Device | IP | Role |
|---|---|---|
| Gateway | 192.168.144.1 | Router |
| Pi-hole | 192.168.144.20 | DNS + ad blocking |
| Proxmox | 192.168.144.10 | Virtualization host |
| Uptime Kuma | 192.168.144.25 | Monitoring |
| Netgear GS105Ev2 | 192.168.145.139 | Managed switch |
Services by Category
Networking:
- Lanproxy (Caddy): 192.168.144.31
- Cloudflared: 192.168.144.32
Databases:
- WordPress (MariaDB): 192.168.144.41
Applications:
- Planka: 192.168.144.60
- n8n: 192.168.144.61
- AI (Ollama): 192.168.144.62
- Syncthing: 192.168.144.63
Web/CMS:
- WordPress jokegoudriaan: 192.168.144.70
- WordPress kledingruil: 192.168.144.71
- Grav: 192.168.144.72
- WordPress pgh: 192.168.144.73
Media:
- Jellyfin: 192.168.144.100
AI/Media:
- Immich (VM): 192.168.144.110
- Home Assistant (VM): 192.168.144.120
DNS
Pi-hole (192.168.144.20)
- Purpose: Network-wide ad blocking + DNS resolution
- Web UI: https://pihole.janvv.nl
- Local DNS: Resolves
.janvv.nldomains to internal IPs
Split-Horizon DNS
External clients use Cloudflare DNS → Cloudflare Tunnel Internal clients use Pi-hole → Local IP → Lanproxy (Caddy) → Service
This enables:
- Same URL works internally and externally
- Internal traffic stays local (faster, no tunnel overhead)
- Automatic SSL via Cloudflare DNS-01 challenge
Routing
External Access (Cloudflare Tunnel - CT 126)
Routes external traffic through Cloudflare's network to internal services.
| Configured routes: | External URL | Internal Destination |
|---|---|---|
| https://tasks.janvv.nl | 192.168.144.60:1337 (Planka) | |
| https://n8n.janvv.nl | 192.168.144.61:5678 (n8n) | |
| https://opa.janvv.nl | 192.168.144.72:80 (Grav) | |
| https://kijkdoos.janvv.nl | 192.168.144.100:8096 (Jellyfin) | |
| https://jokegoudriaan.nl | 192.168.144.70:80 (WordPress) | |
| https://kledingruil.jokegoudriaan.nl | 192.168.144.71:80 (WordPress) | |
| https://pgh.janvv.nl | 192.168.144.73:80 (WordPress) | |
| https://assistant.janvv.nl | 192.168.144.120:8123 (Home Assistant) | |
| https://photos.janvv.nl | 192.168.144.110:2283 (Immich) | |
| https://pihole.janvv.nl | 192.168.144.20:80 (Pi-hole) | |
| https://proxmox.janvv.nl | 192.168.144.10:8006 (Proxmox) | |
| https://status.janvv.nl | 192.168.144.25:80 (Uptime Kuma) | |
| https://sync.janvv.nl | 192.168.144.63:8384 (Syncthing) | |
| https://ollama.janvv.nl | 192.168.144.62:11435 (Ollama API via auth proxy) | |
| https://ai.janvv.nl | 192.168.144.62:8080 (Open WebUI) | |
| https://terminal.janvv.nl | 192.168.144.10:4711 (ttyd on Proxmox, behind Cloudflare Access) |
Management: Cloudflare Zero Trust dashboard (Zero Trust → Networks → Tunnels)
Internal HTTPS (Lanproxy/Caddy - CT 127)
Caddy reverse proxy provides internal HTTPS with automatic certificates.
Configuration: /opt/homelab-docker/lanproxy/Caddyfile in CT 127
Benefits:
- HTTPS on local network
- Automatic SSL via Cloudflare DNS-01 challenge
- Centralized reverse proxy configuration
| Selected internal-only routes: | Internal URL | Internal Destination |
|---|---|---|
| https://laptop1.janvv.nl | 192.168.145.10:4711 (ttyd on laptop1) | |
| https://laptop2.janvv.nl | 192.168.145.20:4711 (ttyd on laptop2) | |
| https://terminal.janvv.nl | 192.168.144.10:4711 (ttyd on Proxmox) |