Architecture¶
Architecture decision records, network diagrams, and the lab audit live here.
| Doc | Purpose |
|---|---|
| Lab Audit | Phase 0.5 — disposition of every entity |
| Current Network (live) | As-built scan + current DNS posture |
| Firewall (live posture) | ZBF zones and matrix (2026-06-03 baseline) |
| AdGuard Home | Authoritative DNS, Tailscale same-subnet caveat |
| Network Architecture | Intended VLANs, WiFi, DNS, Tailscale overlay |
| Network Diagram | Auto-generated from inventory |
| Firewall Policy | Inter-VLAN default-deny design (SEC-002) |
| Device-to-VLAN Mapping | Device placement reference |
| Proxmox consolidation | Future stopped-guest review |
| Compute disposition review | Owner keep/consolidate/retire matrix |
| Compute live | Proxmox / VMM scans + guest JSON artifacts |
| Prox storage snapshot (2026-06-24) | Point-in-time prox disk / NAS audit |
| Prox storage remediation proposal | Owner decisions — 114, saltierpoop, Whrrr upstream |
| Network Observations (2026-06-03) | Pre-cutover anomalies |
| ADR-001: Two Independent Traefik Instances | Reverse proxy decision |
| ADR-002: Authentik universal SSO | Authentik on all hosts; Plex exempt |
| Saltbox monitoring migration | Observability consolidation policy |
| Coordinated OS Patching | Phase 8 — push-mode updates from infra-services |