Problem & Solution

Problem: I needed a reliable and secure environment for automation, CI/CD testing, Git hosting, and local infrastructure— without relying on cloud platforms or exposing services to the internet.

Additionally, the solution had to run on low-powered, repurposed hardware with minimal overhead and support remote access, internal DNS resolution, and segmented security domains.

Solution: I architected a network centered around an OpenWRT-based router with VLAN segmentation, isolated zones for each function, and layered services:

• Tailscale provides secure access to internal services, even when offsite.
• Cloudflare Tunnel allows for secure access to internal services from the internet.
• AdGuard Home filters DNS-based ads and trackers at the router level.
• TinyDNS + BIND handle authoritative DNS within the homelab.
• Traefik serves as the reverse proxy using a wildcard cert via DNS verification.
• Prometheus + Grafana provide observability for all infrastructure nodes.
• A D-Link 3782 router is used as a wireless bridge to isolate the IoT network.

The OpenWRT router also provides wireless access to mobile and personal devices, which are segmented into their own VLAN. These include laptops, phones, and tablets used for managing or testing infrastructure services.

For mobile devices, Syncthing is used to selectively back up content to the NAS. While backups are not fully automated, this gives more control over what is stored. I am considering adding a backup option to Dropbox for external redundancy.

The entire infrastructure is provisioned via Ansible playbooks, which manage deployment and configuration across the environment. These playbooks live on an internal Git server and may be shared publicly in the future.

The system emphasizes modularity, resilience, and observability, ensuring that each component is isolated but observable.

Full Network Topology (Combined)

This shows how DNS resolution, secure access, proxy routing, and monitoring interconnect.

Layered Views (Progressive Breakdown)