32 CPU Cores
80 Go DDR4
3×2 To CEPH
2×12 To NAS
11 VLANs
~/lan
.critical 3
LAN 10 (INFRA)
/29AméliaAnneGrâce
LAN 20 (ADMIN)
/29KomodoCockpitGrafana...
LAN 30 (POULE)
/30OpenMediaVaultCEPHSMB
.prod 3
LAN 40 (FORGE)
/24ForgeJo
LAN 50 (SERVICES)
/24AuthentikJellyfinImmich...
LAN 60 (KUBE)
/29Cluster KubernetesRéservé MetalLB
.net 2
LAN 1 (NATIF)
/28Switch
LAN 80 (DNSPROXY)
/30DNSProxy
.access 3
LAN 150 (IoT)
/24IoT
LAN 90 (PRINT)
/29PRINTPRINT3D
LAN 100 (W.Fi)
/24Amplifi Mesh
~/wan
Tous les services exposés sur Internet transitent par une chaîne de sécurité multicouche avant d'atteindre les VMs.
WAN / Internet
nginx (Edge) CrowdSec · Fail2Ban · db-ip
step-ca (ACME) PKI interne — TLS end-to-end
Authentik (SSO) Authentification centralisée
Traefik Frontend @ Grace
Homepage
Traefik Monitoring @ Anne
Grafana
Traefik Cloud @ Grace
Immich
OpenCloud
Vaultwarden
Authentik
Traefik Médias @ Grace
Jellyfin
Traefik LLM @ Grace
Open WebUI
Amélia PVE
Intel i7-6700K 8c / 16 GB
11 svcVM Opensense
Firewall VPN WireGuard DHCP/DNS
VM SIEM
Wazuh Suricata
LXC DNS
AdGuard Home
LXC Net-tools
Speedtest Tracker
Anne PVE
AMD Ryzen 5 3500 GE Pro 8c / 16 GB
9 svcLXC Forgejo
ForgeJo
LXC Deploy
Komodo Semaphore
LXC Analytics
Umami
VM Monitoring
Grafana Prometheus InfluxDB
VM DCManager
PDM
VM PVE-Export
PVE-export
Grace PVE
AMD Ryzen 7 2700X 16c / 48 GB
16 svcVM Stockage
OpenMediaVault CEPH SMB/NFS
VM Cloud
Immich OpenCloud LinkWarden Vaultwarden
VM Frontend
Homepage
VM Lab
Win Server
VM KubeMaster
K8s Control Plane MetalLB
VM KubeWorker
K8s Worker Node
RPi 4 device
ARM Cortex-A72 4 GB
1 svc