first commit

templates/infrastructure.html

@@ -0,0 +1,123 @@
+{{define "title"}}Infrastructure — Ridgway Systems{{end}}
+{{define "meta-desc"}}Hardware inventory and network diagram for the Ridgway Systems OpenBSD homelab.{{end}}
+
+{{define "content"}}
+<div class="page-header">
+  <h1>Infrastructure</h1>
+  <p class="page-desc">Physical hardware, network layout, and service placement.</p>
+</div>
+
+<section class="infra-section">
+  <h2>Hardware</h2>
+  <table class="hw-table">
+    <thead>
+      <tr>
+        <th>Host</th>
+        <th>Hardware</th>
+        <th>OS</th>
+        <th>Role</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td class="hw-name">fw01</td>
+        <td>SuperMicro 1U<br><span class="hw-spec">E3-1230v2 &bull; 16 GB RAM</span></td>
+        <td>OpenBSD</td>
+        <td>Firewall, router, VPN, reverse proxy<br><span class="hw-spec">pf &bull; relayd &bull; WireGuard &bull; unbound</span></td>
+      </tr>
+      <tr>
+        <td class="hw-name">srv01</td>
+        <td>Dell R720<br><span class="hw-spec">Xeon E5-2600 &bull; 64 GB RAM</span></td>
+        <td>OpenBSD</td>
+        <td>Primary server<br><span class="hw-spec">Gitea &bull; httpd &bull; OpenSMTPD &bull; Prometheus &bull; Grafana &bull; Matrix</span></td>
+      </tr>
+      <tr>
+        <td class="hw-name">srv02</td>
+        <td>Dell R710<br><span class="hw-spec">Xeon 5500/5600 &bull; 48 GB RAM</span></td>
+        <td>OpenBSD + Linux VMs</td>
+        <td>Backup, game servers<br><span class="hw-spec">nsd &bull; vmm &bull; Jellyfin &bull; secondary DNS</span></td>
+      </tr>
+      <tr>
+        <td class="hw-name">ws01</td>
+        <td>Desktop<br><span class="hw-spec">Ryzen &bull; 32 GB RAM</span></td>
+        <td>Linux</td>
+        <td>Daily driver, Ansible control node<br><span class="hw-spec">Development &bull; playbook management</span></td>
+      </tr>
+    </tbody>
+  </table>
+</section>
+
+<section class="infra-section">
+  <h2>Network Diagram</h2>
+  <pre class="network-diagram">
+  Internet
+      |
+  [WAN interface]
+      |
+  +=================+
+  |   fw01          |   SuperMicro 1U
+  |   OpenBSD       |   pf firewall
+  |   relayd        |   WireGuard VPN
+  +=====+===========+
+        |
+        +-- [Management VLAN 1]  -- fw01, switches, OOB
+        |
+        +-- [Servers VLAN 10]    -- srv01, srv02
+        |       |
+        |       +-- srv01 (R720)
+        |       |     httpd / relayd (external traffic routed here)
+        |       |     Gitea, mail, monitoring, Matrix
+        |       |
+        |       +-- srv02 (R710)
+        |             DNS (nsd), Jellyfin, game VMs
+        |
+        +-- [Desktop VLAN 20]    -- ws01, personal devices
+        |
+        +-- [Game VLAN 30]       -- game clients, gaming VMs
+        |
+        +-- [IoT/Guest VLAN 40]  -- untrusted devices
+
+  External traffic flow:
+  Internet --&gt; fw01 (relayd) --&gt; srv01 (httpd/app)
+
+  VPN:
+  WireGuard on fw01 --&gt; routed to server VLANs
+  </pre>
+</section>
+
+<section class="infra-section">
+  <h2>Services</h2>
+  <table class="hw-table">
+    <thead>
+      <tr><th>Service</th><th>Host</th><th>URL</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>Web / httpd</td><td>srv01</td><td>ridgwaysystems.org</td></tr>
+      <tr><td>Gitea</td><td>srv01</td><td>git.ridgwaysystems.org</td></tr>
+      <tr><td>Email (OpenSMTPD)</td><td>srv01</td><td>&mdash;</td></tr>
+      <tr><td>DNS (unbound)</td><td>fw01</td><td>internal resolver</td></tr>
+      <tr><td>DNS (nsd)</td><td>srv02</td><td>authoritative</td></tr>
+      <tr><td>Prometheus + Grafana</td><td>srv01</td><td>monitoring.ridgwaysystems.org</td></tr>
+      <tr><td>Matrix</td><td>srv01</td><td>matrix.ridgwaysystems.org</td></tr>
+      <tr><td>Jellyfin</td><td>srv02</td><td>jellyfin.ridgwaysystems.org</td></tr>
+      <tr><td>WireGuard VPN</td><td>fw01</td><td>vpn.ridgwaysystems.org</td></tr>
+    </tbody>
+  </table>
+</section>
+
+<section class="infra-section">
+  <h2>VLAN Layout</h2>
+  <table class="hw-table">
+    <thead>
+      <tr><th>VLAN</th><th>ID</th><th>Subnet</th><th>Purpose</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>Management</td><td>1</td><td>10.0.1.0/24</td><td>Switches, OOB, firewall management</td></tr>
+      <tr><td>Servers</td><td>10</td><td>10.0.10.0/24</td><td>srv01, srv02 — all hosted services</td></tr>
+      <tr><td>Desktop</td><td>20</td><td>10.0.20.0/24</td><td>ws01 and personal devices</td></tr>
+      <tr><td>Game</td><td>30</td><td>10.0.30.0/24</td><td>Gaming VMs and clients</td></tr>
+      <tr><td>IoT/Guest</td><td>40</td><td>10.0.40.0/24</td><td>Untrusted / isolated devices</td></tr>
+    </tbody>
+  </table>
+</section>
+{{end}}