| Property | Value |
|---|---|
| Role | Active — primary site for public-facing services (auth, mail, wiki, GitLab, Plex public, websites, customer-facing apps). |
| Hypervisor | Single VMware ESXi 7 host (ESXi-RZ). Proxmox migration planned — out of scope for current phase. |
| Router | pfSense RZ (10.100.0.1). |
| Primary LAN | 10.200.0.0/24 (DMZA, primary service subnet, vlan-id=200) + 10.210.0.0/24 (DMZB, vlan-id=210) + 10.100.0.0/24 (SERVER, vlan-id=100, AD/DBs) + 10.250.0.0/24 (LAB, vlan-id=300) |
| NAS | — (no NAS at RZ; PBS targets the Home Synology over the VPN tunnel for off-site backup of selected VMs.) |
| Internet | Hetzner datacenter, public IPv4 + IPv6. |
mx.mx0.me, hosting 9 domains incl. korff.wtf, blackreset.com, xio.bio, ticket.ink, io-event.com).pg_dump.| VM | Rolle | IP |
|---|---|---|
| VM-RZ-EDGE-01 | Traefik + CrowdSec public ingress | 10.250.0.101 / 46.4.105.246 |
| VM-RZ-SVC-PROD-01 | Authentik + GitLab + NC + Wiki.js + LDAP-Outpost | 10.200.0.101 |
| VM-RZ-DB-01 | Postgres 17.6 + MariaDB Container | 10.100.0.111 |
| VM-RZ-REG-01 | Harbor proxy-cache | 10.100.0.121 |
| VM-RZ-APP-PROD-01 | io / ink / websites apps + GitLab-Runner | (siehe DHCP/RZ) |
| VM-RZ-APP-STAGE-01 | Staging + Builds | (siehe DHCP/RZ) |
| VM-SL-02 | Mailcow (wird zu VM-RZ-MAIL-01) | unverändert |
| VM-SL-09 | Pterodactyl Game Panel (stays local) | unverändert |
Decom (Karenz läuft): vm-sl-00, vm-sl-01, vm-sl-03, vm-sl-04, vm-sl-05, vm-sl-06, vm-db-01.