Differences

This shows you the differences between two versions of the page.

--- architecture:overview [2026/01/23 20:27] – created nathna
+++ architecture:overview [2026/02/23 13:41] (current) – 192.168.1.189
@@ Line 1: / Line 1: @@
 ===== TorresVault Architecture Overview =====
-This page documents the high-level architecture of the **TorresVault** home lab:
+This page documents the updated, high-level architecture of the **TorresVault** home lab as of **2026**, following consolidation into the new **PVE-NAS** system.
-  * Proxmox cluster and storage
-  * Network (UniFi, VLANs, WiFi)
+Core components included:
-  * Core services (DNS, reverse proxy, storage, monitoring)
-  * Automation & lighting (Home Assistant, FPP)
+  * Proxmox (single-node) + TrueNAS VM
-  * Future expansion plans (NAS hybrid box, mini PC cluster)
+  * All storage (HBA → TrueNAS)
+  * Network (UniFi, VLANs, WiFi, APs, switches)
+  * Core services (DNS, reverse proxy, Pi-hole, monitoring, media)
+  * Home Automation (HA, BLE, FPP)
+  * Future expansion: backup NAS + AI cluster
 ----
@@ Line 12: / Line 16: @@
 ==== 1. High-Level Diagram ====
-This is the birds-eye view of TorresVault as it exists today + near-term plans.
+<code ->
+┌──────────────── Internet ────────────────┐
-<code>
+│ Ting Fiber (WAN1) │
-                  ┌──────────────── Internet ────────────────┐
+└────────────────────┬─────────────────────┘
-                  │         Ting Fiber (WAN1)                │
+│
-                  └────────────────────┬─────────────────────┘
+[ WAN1 @ Port 5 ]
-                                       │
+│
-                             [ WAN1 @ Port 5 ]
+┌────────────────────────────────┐
-                                       │
+│ UCG Max (192.168.1.1) │
-                        ┌────────────────────────────────┐
+│ - Router / Firewall │
-                        │   UCG Max (192.168.1.1)        │
+│ - DHCP for all VLANs │
-                        │   - Router / Firewall          │
+└─────┬───────────┬──────────────┘
-                        │   - DHCP for all VLANs         │
+│ │
-                        └─────┬───────────┬──────────────┘
+VLAN 1 (192.168.1.0/24) │ │ VLAN 10 (192.168.10.0/24)
-                              │           │
+│ │
-     VLAN 1 (192.168.1.0/24)  │           │  VLAN 10 (192.168.10.0/24)
+┌─────┴───────┐ │
-                              │           │
+│ USW-Lite-8 │ │
-                        ┌─────┴───────┐   │
+│ 8-PoE │ │
-                        │ USW-Lite-8  │   │
+│ 192.168.1.194 │
-                        │ 8-PoE       │   │
+└─────┬───────┘ │
-                        │ 192.168.1.194  │
+│ │
-                        └─────┬───────┘   │
+┌───────────────────┼───────────┼────────────────────┐
-                              │           │
+│ │ │ │
-          ┌───────────────────┼───────────┼────────────────────┐
+[Hallway AP] [Front-end [Other wired [Downstream
-          │                   │           │                    │
+.168.1.236 devices] devices] uplinks]
-   [Hallway AP]         [Front-end   [Other wired         [Downstream
+(WiFi for multiple
-.168.1.236        devices]     devices]             uplinks]
+VLANs via SSIDs)
-   (WiFi for multiple
-   VLANs via SSIDs)
-      Hallway AP (mesh) ──► UDB Switch (192.168.1.98)
+  Hallway AP (mesh) ──► UDB Switch (192.168.1.98)
 </code>
-<code>
+<code ->
-                  ┌────────── Proxmox / Compute Layer ──────────┐
+┌────────── Compute + Storage Layer ───────────┐
-   VLAN 10 / 20 uplinks via:
-     - USW Flex (192.168.10.7)
-     - USW Flex 2.5G 5 (192.168.10.104)
-     ┌────────────────────────────────────────────┐
-     │              Proxmox Cluster              │
-     │                                            │
-     │  PVE1:  (details TBD)                      │
-     │    - CPU:                                  │
-     │    - RAM:                                  │
-     │    - Storage: 12–14 × 1TB 2.5" disks       │
-     │    - HBA:                                  │
-     │                                            │
-     │  PVE2:  (details TBD)                      │
-     │    - CPU:                                  │
-     │    - RAM:                                  │
-     │    - Storage: 12–14 × 1TB 2.5" disks       │
-     │    - HBA:                                  │
-     │                                            │
-     │  QDevice: Raspberry Pi (corosync qdevice)  │
-     └────────────────────────────────────────────┘
-     ┌────────────────────────────────────────────┐
+   ┌─────────────────────────────────────────────────────────┐
-     │    Future: NAS / Proxmox Hybrid (Define 7) │
+   │                     **PVE-NAS (Primary)**               │
-     │    - ASRock Rack X570D4U                   │
+   │    Hostname: pve-nas                                    │
-     │    - Ryzen CPU                             │
+   │    Mgmt IP: 192.168.1.153                               │
-     │    - RAM: TBD                              │
+   │    IPMI:     192.168.1.145                              │
-     │    - 2 × HBAs                              │
+   │                                                         │
-     │    - 16 × 6TB SAS enterprise drives        │
+   │    **Hardware**                                         │
-     │    - Dual Intel X550 10GbE                 │
+   │      - ASRock Rack X570D4U-2L2T                         │
-     │    - 1 mgmt, 2 × 1G, 2 × 10G               │
+   │      - AMD Ryzen 7 5700G (8c/16t)                       │
-     └────────────────────────────────────────────┘
+   │      - 64 GiB DDR4 ECC                                  │
+   │      - Boot: 2 × NVMe SSD (mirror, Proxmox OS)         │
+   │      - VM Disks: 2 × 1.9 TB Samsung PM863 SSD           │
+   │      - HBA: 1 × LSI (IT Mode)                           │
+   │                                                         │
+   │    **Disks Passed Through to TrueNAS VM:**              │
+   │      - 8 × Samsung PM863 1.92 TB SSD (enterprise SATA)  │
+   │                                                         │
+   │    **Networking**                                       │
+   │      - Dual 1 GbE                                       │
+   │      - Dual 10 GbE (Intel X550) – future storage uplink │
+   └─────────────────────────────────────────────────────────┘
-     ┌────────────────────────────────────────────┐
+   ┌─────────────────────────────────────────────────────────┐
-     │   Services Cluster (Mini PCs)              │
+   │        **TrueNAS VM (on PVE-NAS)**                      │
-     │   - 2 × MINISFORUM UM890 Pro               │
+   │        - Receives all 8 × PM863 via HBA passthrough     │
-     │   - Future use: k3s / services / AI        │
+   │        - Will expand with future SSDs (goal: 11 drives) │
-     └────────────────────────────────────────────┘
+   │        - Main storage pools for:                         │
+   │            - Immich                                      │
+   │            - Jellyfin                                   │
+   │            - Nextcloud                                  │
+   │            - NPM / Web / internal services              │
+   └─────────────────────────────────────────────────────────┘
 </code>
-<code>
+<code ->
-         ┌────────────── Automation & Lighting Layer ─────────────┐
+┌──────────── Automation & Lighting Layer ─────────────┐
-   VLAN 60  (Torres Family Lights)  →  192.168.60.0/24
+VLAN 60 (Torres Family Lights) → 192.168.60.0/24
-        - FPP Controller: 192.168.60.55
+    - FPP Controller: 192.168.60.55
-        - Kulp controllers / smart receivers
+    - Kulp controllers / smart receivers
-        - WLED instances (including wled_car_warning)
+    - WLED instances (including wled_car_warning)
 </code>
-----
+==== ==== 2. Network & VLAN Layout ==== ====
-==== 2. Network & VLAN Layout ====
+The **UCG Max** serves as the router, firewall, and DHCP server for all networks.
-The network core is provided by the **UCG Max** gateway and a UniFi switch/AP stack.
 === Core UniFi Devices ===
-  * **UCG Max** – 192.168.1.1
+**Gateway**
-    * WAN1: Ting Fiber
-    * Handles DHCP for all VLANs
-    * Router for all subnets
-  * **Switches**
+  * UCG Max – 192.168.1.1
-    * USW Flex – 192.168.10.7 (uplink from UCG Max Port 4)
+    * WAN → Ting Fiber
-    * USW Flex 2.5G 5 – 192.168.10.104 (uplink from USW Flex Port 5)
+    * DHCP → all VLANs
-    * USW-Lite-8-PoE – 192.168.1.194 (uplink from UCG Max Port 1)
+    * Firewall + inter-VLAN rules
-    * UDB Switch – 192.168.1.98 (meshed via Hallway AP)
-  * **Access Points**
+**Switches**
-    * Master Bedroom AP – 192.168.10.201 (uplink from USW Flex Port 4)
-    * Hallway AP – 192.168.1.236 (uplink from USW-Lite-8-PoE, provides mesh to UDB)
-=== VLANs & Subnets ===
+  * USW Flex – 192.168.10.7
+  * USW Flex 2.5G 5 – 192.168.10.104
+  * USW-Lite-8-PoE – 192.168.1.194
+  * UDB Mesh Switch – 192.168.1.98
-Current layer-3 networks:
+**APs**
-^ Name                ^ VLAN ID ^ Subnet            ^ DHCP  ^ Notes                          ^
+  * Master Bedroom AP – 192.168.10.201
-| Default             | 1       | 192.168.1.0/24    | Yes   | Core LAN / Infra              |
+  * Hallway AP – 192.168.1.236
-| stark_user          | 10      | 192.168.10.0/24   | Yes   | User devices                  |
-| stark_IOT           | 20      | 192.168.20.0/24   | Yes   | Home IoT                      |
-| guest               | 30      | 192.168.30.0/24   | Yes   | Guest WiFi                    |
-| IOT+                | 50      | 192.168.50.0/24   | Yes   | Higher-trust IoT / bridge     |
-| Torres Family lights| 60      | 192.168.60.0/24   | Yes   | FPP, controllers, WLED etc.   |
-=== WiFi SSIDs ===
+=== VLANs ===
-^ SSID        ^ VLAN / Network ^ Bands       ^ Purpose                  ^
+^ Name ^ VLAN ID ^ Subnet ^ DHCP ^ Notes ^
-| stark_IOT   | stark_IOT (20) | 2.4 / 5 GHz | Bulk IoT                 |
+| Default | 1 | 192.168.1.0/24 | Yes | Infra / servers / storage |
-| stark_user  | stark_user (10)| 2.4 / 5 GHz | User phones / laptops    |
+| stark_user | 10 | 192.168.10.0/24 | Yes | Laptops / phones |
-| stark_IOT+  | IOT+ (50)      | 2.4 / 5 GHz | Special IoT / bridges    |
+| stark_IOT | 20 | 192.168.20.0/24 | Yes | Low-trust IoT |
+| guest | 30 | 192.168.30.0/24 | Yes | Guest WiFi |
+| IOT+ | 50 | 192.168.50.0/24 | Yes | Trusted IoT / bridges |
+| Torres Family lights | 60 | 192.168.60.0/24 | Yes | FPP / WLED |
-----
+=== WiFi SSIDs ===
+^ SSID ^ VLAN ^ Bands ^ Purpose ^
+| stark_IOT | 20 | 2.4 / 5 GHz | IoT |
+| stark_user | 10 | 2.4 / 5 GHz | Users |
+| stark_IOT+ | 50 | 2.4 / 5 GHz | Bridges / cameras |
-==== 3. Proxmox Cluster Architecture ====
+==== 3. Proxmox Architecture (Updated 2026) ====
-The hypervisor layer currently consists of **two main Proxmox nodes plus a qdevice**, with a future third node / NAS hybrid.
+**This replaces the old PVE1/PVE2 cluster.\\ You now run a single powerful PVE-NAS node.**
-=== PVE1 ===
+=== PVE-NAS ===
-  * Hostname: **pve1**
+  * Hostname: **pve-nas**
-  * CPU: **Intel Core i5-2500 @ 3.30 GHz (4 cores / 4 threads, 1 socket)**
+  * Mgmt: **192.168.1.153**
-  * RAM: **32 GB DDR3L 1600 MHz**
+  * IPMI: **192.168.1.145**
-    * 4 × 8 GB Timetec DDR3L (PC3L-12800) UDIMMs
+  * CPU: **Ryzen 7 5700G (8c/16t)**
-  * Disks (approximate):
+  * RAM: **64 GiB ECC**
-    * Multiple **1 TB WDC WD1003FBYX** enterprise HDDs
+  * Boot: **2 × NVMe SSD (ZFS mirror)**
-    * Multiple **1 TB Seagate ST91000640NS** drives
+  * VM Storage: **2 × 1.9 TB Samsung PM863 (VMs/OS)**
-    * Total of ~12 × 1 TB disks for VM storage
+  * HBA: **1 × LSI (IT mode)**
-  * Storage stack:
+  * Passthrough Disks:
-    * System disk on onboard Intel SATA controller
+    * **8 × 1.92 TB PM863 SSD** (see pic you uploaded)
-    * Data disks on GLOTRENDS SATA card, grouped into Proxmox storage (LVM/ZFS + zvols)
-  * HBAs / SATA:
-    * Onboard **Intel SATA controller (RAID mode)**
-    * **ASMedia ASM1064 SATA controller**
-    * **GLOTRENDS SA3112-C 12-Port PCIe x1 SATA Expansion Card**
-  * Networking:
-    * Onboard **Intel 82579LM Gigabit NIC**
-    * **Intel I350 quad-port 1 GbE** PCIe NIC
-    * vmbr interfaces used for:
-      * LAN / management
-      * Cluster interconnect (10.10.10.0/30 link to PVE2)
-  * Roles:
-    * Hosts many of the core VMs (Nextcloud, NPM, Jellyfin, Prometheus/Grafana, etc.)
-    * Part of 2-node Proxmox cluster
-=== PVE2 ===
-  * Hostname: **pve2**
-  * CPU: **Intel Core i5-4570 @ 3.20 GHz (4 cores / 4 threads, 1 socket)**
-  * RAM: **32 GB DDR3L 1600 MHz**
-    * Same Timetec 4 × 8 GB kit as PVE1
-  * Disks (approximate):
-    * Multiple **1 TB Seagate ST91000640NS** drives
-    * Total of ~12 × 1 TB disks for VM storage
-  * Storage stack:
-    * System disk on onboard Intel 9-Series SATA controller (AHCI)
-    * Data disks on GLOTRENDS SATA card
-  * HBAs / SATA:
-    * **Intel 9 Series SATA controller (AHCI mode)**
-    * **ASMedia ASM1064 SATA controller**
-    * **GLOTRENDS SA3112-C 12-Port PCIe x1 SATA Expansion Card**
-  * Networking:
-    * Same **Intel I350 quad-port 1 GbE** NIC family as PVE1 (4 ports)
-    * Bridges mirror PVE1 layout for easy VM migration
-  * Roles:
-    * Redundant node for critical services
-    * General lab workloads and testing
-=== QDevice ===
-  * Hardware: **Raspberry Pi**
-  * Purpose: runs **corosync-qdevice** to provide quorum for the 2-node Proxmox cluster
-  * Goal: avoid split-brain if one Proxmox node goes offline
-=== Future: NAS / Proxmox Hybrid (Define 7 XL) ===
-  * Case: **Fractal Design Define 7 XL**
-  * Motherboard: **ASRock Rack X570D4U**
-  * CPU: **Ryzen (exact model TBD)**
-  * RAM: **TBD (planned upgrade path from 32 GB → higher)**
-  * Disks: **16 × 6 TB SAS enterprise drives** via dual HBAs
   * Network:
-    * 1 × dedicated management port
     * 2 × 1 GbE
-    * 2 × 10 GbE (Intel X550)
+    * 2 × 10 GbE (future storage uplink to Flex 10G or host-to-host)
-  * Role:
-    * High-capacity NAS for the cluster
-    * Additional Proxmox node for storage-heavy workloads
-    * Long-term “set it and forget it” anchor of **TorresVault 2.0**
-=== Future: Services / Mini-PC Cluster ===
+=== TrueNAS VM ===
-  * **2 × MINISFORUM UM890 Pro** mini PCs
-  * Planned roles:
-    * Lightweight Kubernetes / k3s or Docker swarm node(s)
-    * Local AI / automation services
-    * Offload non-critical or experimental workloads from PVE1/PVE2
+  * Receives full HBA passthrough
+  * Controls all 8 × PM863 SSDs
+  * Pool growth planned to 11-drive configuration
+  * Hosts:
+    * Immich storage
+    * Jellyfin media
+    * Nextcloud files
+    * Backups (PBS target)
 ----
-==== 4. Core Services Layout ====
+==== 4. Core Services (Current Deployment) ====
-Key always-on services and where they live conceptually:
-  * **DNS & Filtering**
-    * Pi-hole pair with VIP **192.168.1.5**
-    * Handles internal DNS including `torresvault.com` / `in.torresvault.com`
+  * **DNS / Filtering**
+    * Pi-hole pair
+    * VIP: **192.168.1.5**
   * **Reverse Proxy**
     * NGINX Proxy Manager
-    * Exposes external services under `torresvault.com`
+    * External: ''torresvault.com''
-    * Internal apps reachable via `in.torresvault.com`
+    * Internal: ''in.torresvault.com''
+  * **Storage**
-  * **Storage & Files**
+    * TrueNAS (VM on PVE-NAS)
-    * Nextcloud VM
-    * Backed by Proxmox storage + future NAS
   * **Monitoring**
-    * Prometheus + Grafana
+    * Prometheus
-    * Targets: Proxmox nodes, UniFi, FPP, key VMs & containers
+    * Grafana
+    * UniFi metrics
-  * **Home Automation**
+    * Proxmox exporter + TrueNAS telemetry
-    * Home Assistant (currently on a Pi)
+  * **Automation / Smart Home**
-    * Integrations:
+    * Home Assistant (Pi)
-      * UniFi presence / network health
+    * BLE tracking (Atom Lite / Echo / EP1)
-      * BLE tracking
+    * FPP integration (192.168.60.55)
-      * FPP (192.168.60.55)
+    * WLED (''wled_car_warning'')
-      * WLED (including car warning instance)
-      * Zigbee/Z-Wave/other smart devices
   * **Media**
     * Jellyfin VM
-    * Access protected via NPM / auth
+  * **Photos**
+    * Immich VM
+    * Data stored fully on TrueNAS
 ----
-==== 5. Automation & Lighting (Torres Family Lights) ====
+==== 5. Torres Family Lights ====
-The holiday light show runs on a dedicated VLAN and infrastructure:
-  * VLAN 60 – **Torres Family lights** – 192.168.60.0/24
-  * FPP primary controller – 192.168.60.55
-  * Kulp 32 controllers and smart receivers
-  * Mega tree, matrix, rooflines, and other props
-  * Home Assistant controls:
-    * Start/Stop show
-    * Sequence selection
-    * Monitoring FPP state
-  * WLED instances:
-    * `wled_car_warning` used for in-car item reminders
-This layer is intentionally isolated using its own VLAN and firewall rules, while still tightly integrated with Home Assistant for automations.
+  * VLAN 60 – 192.168.60.0/24
+  * FPP – 192.168.60.55
+  * Mega tree + matrix + roofline + props
+  * Kulp controllers
+  * WLED instances (car, garage, etc.)
+  * HA controls:
+    * Start/stop show
+    * Playlist control
+    * Monitoring + notifications
 ----
-==== 6. Future Direction (TorresVault 2.0) ====
+==== 6. Future Direction (TorresVault 2.0 Roadmap) ====
-Planned upgrades and architectural goals:
+  * Add backup NAS (mirrored SSD/SAS)
+  * Expand TrueNAS pool with remaining SSDs
+  * Add Flex 10G for full 10GbE storage
+  * Add 2 × UM890 Pro mini-PCs for AI / services cluster
+  * Add GPU node (3060-based Jarvis system)
+  * Migrate more services to containers
+  * Fully integrate Home Assistant Voice across home
+  * Unify monitoring and alerts across entire stack
+  * Improve full documentation in DokuWiki
-  * Bring NAS / Proxmox hybrid online as a third cluster member and storage anchor.
-  * Deploy the 2 × MINISFORUM UM890 Pro mini PCs as a lightweight services/AI cluster.
-  * Migrate more VMs to containerized services (Docker / k3s) where it makes sense.
-  * Standardize on voice + automation (Home Assistant Voice, local AI).
-  * Tighten monitoring + alerting across Proxmox, UniFi, FPP, Pi-hole, and services.
-  * Document **every** major component and procedure in this wiki for future you.