New Grimoire

2026-04-12 09:53:51 -05:00 · 2026-04-12 09:53:51 -05:00 · cc574f8aed
commit cc574f8aed
parent 77d589a13d
157 changed files with 29420 additions and 0 deletions
--- a/Keystone-Grimoire/Network/Topology.md
+++ b/Keystone-Grimoire/Network/Topology.md
@ -0,0 +1,49 @@
+---
+title: Network Topology
+description: Netgrimoire network layout — VLANs, subnets, routing
+published: true
+date: 2026-04-12T00:00:00.000Z
+tags: keystone, network
+editor: markdown
+dateCreated: 2026-04-12T00:00:00.000Z
+---
+
+# Network Topology
+
+## Subnets
+
+| Subnet | Purpose |
+|--------|---------|
+| 192.168.3.0/24 | OPNsense / firewall management |
+| 192.168.4.0/24 | ISPConfig / web hosting |
+| 192.168.5.0/24 | Primary LAN — all Docker hosts |
+| 192.168.8.0/24 | Pocket Grimoire (GL.iNet Beryl AX) |
+| 192.168.32.0/24 | WireGuard VPN peers |
+
+## WireGuard Peers
+
+| Peer | IP | Device |
+|------|----|--------|
+| Obie | 192.168.32.2 | — |
+| pncfishandmore | 192.168.32.3 | — |
+| GLNet | 192.168.32.4 | GL.iNet router |
+| PortaPotty | 192.168.32.5 | Pocket Grimoire laptop |
+| GLNet | 192.168.32.6 | Second GL.iNet |
+
+## DNS
+
+Internal DNS runs on Technitium at `192.168.5.7` (`dns.netgrimoire.com`), behind Authentik.
+
+All `*.netgrimoire.com` and `*.wasted-bandwidth.net` internal hostnames resolve via Technitium. Public DNS managed via ISPConfig and domain registrars.
+
+## Docker Overlay Network
+
+All Swarm services share the `netgrimoire` external overlay network (VIP mode). This is the only overlay network in use.
+
+```
+Name:   netgrimoire
+Driver: overlay
+Mode:   VIP (always — dnsrr is banned)
+```
+
+See [Docker Swarm Template](/Keystone-Grimoire/Docker/Swarm-Template) for attachment rules.