Infrastructure
Physical hardware, network layout, and service placement.
Hardware
| Host | Hardware | OS | Role |
|---|---|---|---|
| fw01 | SuperMicro 1U E3-1230v2 • 16 GB RAM |
OpenBSD | Firewall, router, VPN, reverse proxy pf • relayd • WireGuard • unbound |
| srv01 | Dell R720 Xeon E5-2620 • 96 GB RAM |
OpenBSD | Primary server Gitea • httpd • OpenSMTPD • Prometheus • Grafana • Matrix |
| srv02 | Dell R710 Xeon X5560 • 288 GB RAM |
OpenBSD + Linux VMs | Backup, game servers nsd • qemu • Jellyfin • secondary DNS |
| ws01 | Desktop Intel Core i9-12900K • 64 GB RAM |
Fedora Linux 43 | Daily driver, Ansible control node Development • playbook management |
Network Diagram
Internet
|
[WAN interface]
|
+=================+
| fw01 | SuperMicro 1U
| OpenBSD | pf firewall
| relayd | WireGuard VPN
+=====+===========+
|
+-- [Management VLAN 1] -- fw01, switches, OOB
|
+-- [Servers VLAN 10] -- srv01, srv02
| |
| +-- srv01 (R720)
| | httpd / relayd (external traffic routed here)
| | Gitea, mail, monitoring, Matrix
| |
| +-- srv02 (R710)
| DNS (nsd), Jellyfin, game VMs
|
+-- [Desktop VLAN 20] -- ws01, personal devices
|
+-- [Game VLAN 30] -- game clients, gaming VMs
|
+-- [IoT/Guest VLAN 40] -- untrusted devices
External traffic flow:
Internet --> fw01 (relayd) --> srv01 (httpd/app)
VPN:
WireGuard on fw01 --> routed to server VLANs
Services
| Service | Host | URL |
|---|---|---|
| Web / httpd | srv01 | ridgwaysystems.org |
| Gitea | srv01 | git.ridgwaysystems.org |
| Email (OpenSMTPD) | srv01 | — |
| DNS (unbound) | fw01 | internal resolver |
| DNS (nsd) | srv02 | authoritative |
| Prometheus + Grafana | srv01 | monitoring.ridgwaysystems.org |
| Matrix | srv01 | matrix.ridgwaysystems.org |
| Jellyfin | srv02 | jellyfin.ridgwaysystems.org |
| WireGuard VPN | fw01 | vpn.ridgwaysystems.org |
VLAN Layout
| VLAN | ID | Subnet | Purpose |
|---|---|---|---|
| Management | 1 | 10.0.1.0/24 | Switches, OOB, firewall management |
| Servers | 10 | 10.0.10.0/24 | srv01, srv02 — all hosted services |
| Desktop | 20 | 10.0.20.0/24 | ws01 and personal devices |
| Game | 30 | 10.0.30.0/24 | Gaming VMs and clients |
| IoT/Guest | 40 | 10.0.40.0/24 | Untrusted / isolated devices |