64 lines
2.5 KiB
Plaintext
64 lines
2.5 KiB
Plaintext
flowchart TB
|
|
subgraph TAILSCALE["🛡️ TAILSCALE OVERLAY — Tailscale Inc. (Admin/Management)"]
|
|
direction TB
|
|
TSCOORD["Tailscale Coordination Server<br/>(proprietary SaaS)"]
|
|
TSART["🤖 Artemis (AI Foreman)<br/>100.100.97.18"]
|
|
TSM44["🔧 Mark44 (Ollama)<br/>100.75.26.83"]
|
|
TSM5["📚 Mark5 (Research)<br/>100.118.67.105"]
|
|
TSM7["⚡ MK7 Swarm Manager<br/>100.66.70.51"]
|
|
TSNEO["🖥️ Neo (SSH mgmt only)<br/>Tailscale IP — admin access"]
|
|
end
|
|
|
|
subgraph NETBIRD["🕊️ NETBIRD OVERLAY — WireTrustee SA (User-facing)"]
|
|
direction TB
|
|
NBCOORD["NetBird Coordination Server<br/>(cloud or self-hosted)"]
|
|
NBNEO["🖥️ Neo (Service host)<br/>NetBird IP — user access"]
|
|
NBNC["☁️ Nextcloud AIO"]
|
|
NBVW["🔐 Vaultwarden"]
|
|
NBDOCK["🐳 Dockhand"]
|
|
NBTRIL["📝 Trilium Notes"]
|
|
end
|
|
|
|
subgraph LAN["🏠 LAN BACKBONE — Beryl Router (OpenWrt)"]
|
|
direction TB
|
|
BERYL["🌐 Beryl 7<br/>Gateway + DHCP<br/>192.168.0.0/18"]
|
|
MK7LAN["⚡ MK7<br/>Traefik · Technitium · Prometheus<br/>Beszel Hub · Portainer CE · Dozzle · Homepage<br/>Node Exporter (global)<br/>192.168.7.7"]
|
|
WORKERS["🔩 MK33 · MK34 · MK39 · MK42<br/>Swarm Workers (G9 nodes)<br/>192.168.0.x"]
|
|
end
|
|
|
|
%% Tailscale mesh
|
|
TSCOORD ---|"admin mesh<br/>WireGuard tunnel"| TSART
|
|
TSCOORD ---|"admin mesh"| TSM44
|
|
TSCOORD ---|"admin mesh"| TSM5
|
|
TSCOORD ---|"admin mesh"| TSM7
|
|
TSCOORD ---|"admin mesh"| TSNEO
|
|
|
|
%% NetBird mesh
|
|
NBCOORD ---|"user mesh<br/>WireGuard tunnel"| NBNEO
|
|
NBNEO ---|"Docker Compose"| NBNC
|
|
NBNEO ---|"Docker Compose"| NBVW
|
|
NBNEO ---|"Docker Compose"| NBDOCK
|
|
NBNEO ---|"Docker Compose"| NBTRIL
|
|
|
|
%% LAN connections
|
|
BERYL -.->|"DHCP lease"| MK7LAN
|
|
BERYL -.->|"DHCP lease"| WORKERS
|
|
MK7LAN ---|"swarm overlay"| WORKERS
|
|
|
|
%% Cross-plane: management SSH from Tailscale to LAN nodes
|
|
TSART --"SSH mgmt"--> MK7LAN
|
|
TSART --"SSH mgmt"--> TSNEO
|
|
TSM7 --"SSH mgmt"--> MK7LAN
|
|
|
|
%% Neo dual-homed indicator
|
|
TSNEO -.->|"same physical host"| NBNEO
|
|
|
|
%% Isolation boundaries
|
|
NBNEO -.-x|"🔒 INTENTIONAL ISOLATION<br/>services NOT on Tailscale"| LAN
|
|
NBNEO -.-x|"🔒 INTENTIONAL ISOLATION<br/>services NOT on Tailscale"| TAILSCALE
|
|
TSART -.-x|"🔒 no route"| NBNEO
|
|
TSM7 -.-x|"🔒 no route"| NBNEO
|
|
|
|
style TSNEO fill:#2d3748,stroke:#63b3ed,stroke-width:2px,stroke-dasharray: 5 5
|
|
style NBNEO fill:#2d3748,stroke:#f6ad55,stroke-width:2px,stroke-dasharray: 5 5
|