Network Layout

This is an article discussing my network configuration and services I run in my home. I have also attempted to show the network segmentation and the services I run in my homelab. I need to figure out routing of storage to the servers in DMZ. Jellyfin and Media stack is only accessible using Netbird outside. The access controls for media stack is managed using Netbird ACLs. This helps with difficulty in configuring SSO in Jellyfin, and also secure access outside my LAN for my family. Jellyfin and Other media tools are available inside my Lan network using Caddy module in OPNsesne. All the containers hosted inside the DMZ is also accessible using OPNsense Caddy. This results in insecure traffic in DMZ. I need to decide if I need the VMS isolated using firewalls from each other in the DMZ and if I want independent Caddy/Traefik instances inside all the DMZ VMs.

I use my Qnap TBS-h574tx thunderbolt connection to have a fast network storage available on my Macbook (I have been having some issues with thunderbolt connection. Might migrate to connecting using RJ45). I also use it to share internet with the device. The data on the Qnap is backed up using rsync to the Unraid servers (both offsite and onsite) and also some important documents/items are backed up using Duplicacy to Backblaze B2.

Plan: