first commit

2025-12-27 14:10:39 +00:00
commit 023eeee11c
3 changed files with 299 additions and 0 deletions
--- a/Inventory.docx
+++ b/Inventory.docx
--- a/README.md
+++ b/README.md
@@ -0,0 +1,265 @@
+# Home Network Infrastructure Documentation
+
+## Overview
+
+This documentation covers the complete home network setup including IP allocation scheme, DHCP reservations, VLANs, and device inventory for a 192.168.0.0/24 network managed by OPNsense.
+
+**Network:** 192.168.0.0/24  
+**Router:** OPNsense at 192.168.0.1  
+**Last Updated:** December 27, 2025
+
+## Network Architecture
+
+### Core Infrastructure
+- **Router/Firewall:** OPNsense (192.168.0.1)
+- **DNS/Ad Blocking:** AdGuard Home (192.168.0.11)
+- **Reverse Proxy:** Nginx Proxy Manager (192.168.0.10)
+- **VPN:** Tailscale integration
+
+### IP Allocation Scheme
+
+```
+192.168.0.1         - OPNsense Router
+192.168.0.2-9       - Reserved for future infrastructure
+192.168.0.10-29     - Core Services (VMs/Containers)
+192.168.0.30-49     - User Computers & Laptops
+192.168.0.50-69     - Mobile Devices & Tablets
+192.168.0.70-79     - TVs & Media Devices
+192.168.0.80-99     - Smart Home IoT
+192.168.0.100-119   - Network Infrastructure (APs, switches, extenders)
+192.168.0.120-139   - Hypervisors & Storage
+192.168.0.140-149   - Reserved for expansion
+192.168.0.150-200   - DHCP Pool (Guest devices only)
+192.168.0.201-254   - Future expansion
+```
+
+## Infrastructure - Core Services (10-29)
+
+| Hostname | Service | IP | MAC Address | Type | Status |
+|----------|---------|-----|-------------|------|--------|
+| npm | Nginx Proxy Manager | 192.168.0.10 | bc:24:11:5b:1d:a2 | Docker | ✅ Active |
+| adguard | AdGuard Home | 192.168.0.11 | BC:24:11:47:27:43 | LXC | ✅ Active |
+| vaultwarden | Vaultwarden | 192.168.0.12 | BC:24:11:A8:44:A1 | LXC | ✅ Active |
+| crafty | Crafty Controller | 192.168.0.13 | BC:24:11:70:10:E5 | LXC | ✅ Active |
+| nextcloud | Nextcloud | 192.168.0.14 | 02:99:5b:4c:b3:e6 | VM | ✅ Active |
+| homeassistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active |
+| foundryvtt | FoundryVTT | 192.168.0.16 | bc:24:11:ad:cb:f6 | VM | ✅ Active |
+| openmediavault | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:2c:68:58 | VM | ✅ Active |
+| wordpress-irodori | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | VM | ✅ Active |
+| wordpress-dustin | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | VM | ✅ Active |
+
+## User Devices - Computers (30-49)
+
+| Hostname | Device | IP | MAC Address | Notes |
+|----------|--------|-----|-------------|-------|
+| jamiepc | Jamie's PC | 192.168.0.30 | 50:eb:f6:5a:71:f2 | Primary workstation |
+| jamie-gaming-vm | Linux Gaming VM | 192.168.0.31 | bc:24:11:b2:20:b0 | Gaming VM |
+| 3d-printer | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | Network printer |
+| haruka-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | Laptop |
+| hp-printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | Network printer |
+
+## Mobile Devices (50-69)
+
+| Hostname | Device | IP | MAC Address | Notes |
+|----------|--------|-----|-------------|-------|
+| jamie-phone | Jamie's Mobile (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | Samsung Galaxy S23 |
+| haruka-phone | Haruka's Mobile (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | Samsung Galaxy S25 |
+| samsung-tablet | Samsung Galaxy Tablet | 192.168.0.52 | ee:a1:23:9f:1e:c5 | Tablet |
+
+## TVs & Media Devices (70-79)
+
+| Hostname | Device | IP | MAC Address | Notes |
+|----------|--------|-----|-------------|-------|
+| unknown-media-1 | Unknown Media Device | 192.168.0.70 | e8:ca:c8:6d:b0:7f | Likely TV or streaming |
+| unknown-media-2 | Unknown Media Device | 192.168.0.71 | a0:d0:5b:c7:13:28 | Likely TV or streaming |
+| unknown-media-3 | Unknown Media Device | 192.168.0.72 | 20:23:51:08:19:76 | Likely TV or streaming |
+
+## Smart Home / IoT (80-99)
+
+| Hostname | Device | IP | MAC Address | Notes |
+|----------|--------|-----|-------------|-------|
+| tapo-hub-h100 | Tapo Hub/Chime H100 | 192.168.0.80 | a8:29:48:88:84:d6 | Smart home hub |
+| tapo-leak-t300 | Tapo Water Leak Sensor T300 | 192.168.0.81 | 20:23:51:d0:b1:7d | Battery powered |
+| tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 192.168.0.82 | 20:23:51:08:19:76 | Smart bulb |
+| tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | 192.168.0.83 | b0:19:21:17:a7:c3 | Smart bulb |
+| tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | 192.168.0.84 | f0:09:0d:b6:4a:8d | Smart bulb |
+| tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 192.168.0.85 | 40:ae:30:67:a2:46 | Smart bulb |
+| tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 192.168.0.86 | 3c:64:cf:63:58:da | Smart bulb |
+| tapo-plug-jamiepc-p110 | Tapo P110 Smart Plug - Jamie PC | 192.168.0.87 | 40:ae:30:50:c8:62 | PC power monitoring |
+| tapo-plug-3dprinter-p110 | Tapo P110 Smart Plug - 3D Printer | 192.168.0.88 | b0:19:21:17:a5:7e | 3D printer power |
+| yeelight-plug | Yeelight Smart Plug | 192.168.0.89 | 58:b6:23:41:e1:ff | Smart plug |
+| reolink-kitchen | Reolink E1 Camera - Kitchen | 192.168.0.90 | 54:ef:33:bd:be:e0 | Security camera |
+| reolink-outdoor | Reolink Camera - Outdoor | 192.168.0.91 | e8:ca:c8:6d:b0:7f | Security camera |
+| tuya-unknown-1 | Tuya Device - Unknown | 192.168.0.92 | a8:b1:3b:01:c2:ce | Dehumidifier/lights/IR |
+
+## Network Infrastructure (100-119)
+
+| Hostname | Device | IP | MAC Address | Notes |
+|----------|--------|-----|-------------|-------|
+| tplink-ax55 | TP-Link AX55 Router/AP | 192.168.0.100 | 40:ae:30:f8:27:f0 | WiFi Access Point |
+| tplink-re450 | TP-Link RE450 Range Extender | 192.168.0.101 | 5c:62:8b:8d:cb:d6 | WiFi Extender |
+
+## Hypervisors & Storage (120-139)
+
+| Hostname | Device | IP | MAC Address | Notes |
+|----------|--------|-----|-------------|-------|
+| proxmox-1 | Proxmox Server 1 | 192.168.0.120 | 10:ff:e0:11:46:9f | Primary hypervisor |
+| proxmox-2 | Proxmox Server 2 | 192.168.0.121 | 74:d4:35:97:f4:9d | Secondary hypervisor |
+
+## DHCP Configuration
+
+### Current Settings
+- **DHCP Pool:** 192.168.0.150 - 192.168.0.200 (51 addresses)
+- **Purpose:** Guest devices and temporary connections
+- **Static Reservations:** 33 devices with confirmed MACs
+
+### DNS Settings
+- **Primary DNS:** 192.168.0.11 (AdGuard Home)
+- **Secondary DNS:** 192.168.0.1 (OPNsense fallback)
+
+## VPN / Tailscale
+
+| IP | MAC Address | Purpose |
+|----|-------------|---------|
+| 100.65.128.1 | e0:cb:19:60:87:70 | Tailscale VLAN device |
+| 100.65.159.134 | bc:24:11:be:cf:af | Tailscale VLAN device (permanent) |
+
+## Unknown/Unidentified Devices
+
+| Current IP | MAC Address | Hostname | Notes |
+|------------|-------------|----------|-------|
+| 192.168.0.110 | 5e:81:ec:77:6b:73 | sm-l305f | Unknown Samsung device |
+| 192.168.0.153 | d4:54:8b:29:2a:07 | kansaigaijinpc | Jamie's PC (secondary/ignore) |
+| 192.168.0.155 | 76:13:3f:a1:13:74 | harukasan-notab-a8 | Unknown - possibly old tablet |
+
+## Network Statistics
+
+- **Total Active Devices:** 35
+- **VMs/Containers:** 10
+- **User Computers:** 5 (3 PCs + 2 printers)
+- **Mobile Devices:** 3 (2 phones + 1 tablet)
+- **TVs & Media:** 3
+- **Smart Home/IoT:** 13 (9 Tapo + 1 Yeelight + 2 Reolink + 1 Tuya)
+- **Network Infrastructure:** 2 (AP + Extender)
+- **Hypervisors:** 2
+- **Static Assignments:** 33 devices
+- **DHCP Pool Size:** 51 addresses
+- **Unknown Devices:** 3
+
+## Known Issues
+
+### Tapo App Issues
+- **Bedroom light** (192.168.0.83): Showing incorrect info in app
+- **3D printer plug** (192.168.0.88): App showing wrong MAC, verify after print finishes
+- **Resolution:** Use ARP table MACs as source of truth
+
+### Devices Needing Attention
+- Factory reset recommended for Tapo devices showing app glitches after migration
+- Unknown devices at .110, .153, .155 need identification
+
+## Maintenance Tasks
+
+### Regular Tasks
+- [ ] Monthly: Review DHCP leases for new unknown devices
+- [ ] Quarterly: Audit static IP assignments
+- [ ] Quarterly: Update device firmware (routers, APs, cameras)
+- [ ] Yearly: Review and optimize IP allocation scheme
+
+### Pending Tasks
+- [ ] Identify unknown Samsung device at 192.168.0.110
+- [ ] Review secondary PC at 192.168.0.153
+- [ ] Identify/remove old tablet lease at 192.168.0.155
+- [ ] Factory reset Tapo devices with app issues
+
+## Security Considerations
+
+1. **Network Segmentation:** Consider VLANs for IoT devices
+2. **Guest Network:** DHCP pool isolated from static devices
+3. **Firewall Rules:** OPNsense manages inter-VLAN traffic
+4. **DNS Filtering:** AdGuard Home provides ad/tracker blocking
+5. **Remote Access:** Tailscale VPN for secure remote access
+
+## Backup Strategy
+
+### What to Backup
+1. **OPNsense Configuration:** XML backup from web interface
+2. **DHCP Reservations:** CSV export (included in this repo)
+3. **Network Documentation:** This README and related files
+4. **AdGuard Home Config:** Settings and filter lists
+
+### Restoration Process
+See `NETWORK-RESTORE.md` for detailed restoration procedures.
+
+## Migration Notes
+
+### Completed Migrations ✅
+- Jamie's PC (192.168.0.30)
+- Jamie Gaming VM (192.168.0.31)
+- 3D Printer (192.168.0.32)
+- Jamie's Phone (192.168.0.50)
+- Haruka's Phone (192.168.0.51)
+
+### Pending Migrations 🔄
+- Haruka's Laptop → 192.168.0.33
+- HP Printer → 192.168.0.34
+- Samsung Tablet → 192.168.0.52
+
+### Waiting for DHCP Renewal ⏳
+- Samsung Tablet (will get .52 on next renewal)
+
+## Troubleshooting
+
+### Device Not Getting Reserved IP
+1. Check MAC address in router's ARP table
+2. Verify DHCP reservation exists
+3. Release/renew DHCP lease on device
+4. Check for MAC address conflicts
+
+### Cannot Access Device
+1. Verify device is online (ping IP)
+2. Check if device changed MAC (WiFi vs Ethernet)
+3. Review firewall rules in OPNsense
+4. Check DNS resolution in AdGuard Home
+
+### IoT Device Issues
+1. Tapo devices: Check app vs ARP table for correct MAC
+2. Battery devices (water sensor): Won't always appear in ARP
+3. For offline devices: Power cycle or factory reset
+
+## Tools & Commands
+
+### Identify Device by MAC
+```bash
+# Online MAC lookup
+curl -s "https://api.macvendors.com/5c:62:8b:8d:cb:d6"
+
+# Or use OUI lookup
+# First 6 characters (3 octets) identify manufacturer
+```
+
+### Scan Network
+```bash
+# Using nmap
+nmap -sn 192.168.0.0/24
+
+# Using arp-scan (more reliable)
+sudo arp-scan --interface=eth0 192.168.0.0/24
+```
+
+### Check Current IP/MAC
+```bash
+# View ARP table
+arp -a
+
+# Or on OPNsense
+arp -an | grep 192.168.0
+```
+
+---
+
+**Configuration Files:**
+- `dhcp-reservations.csv` - DHCP static assignments export
+- `Network Inventory.docx` - Human-readable network map
+- `opnsense-config.xml` - OPNsense configuration backup (not in repo)
+
+**Last Updated:** December 28, 2025
--- a/download_reservations.csv
+++ b/download_reservations.csv
@@ -0,0 +1,34 @@
+entry,ip_address,hw_address,hostname,description
+1,192.168.000.010,BC:24:11:5b:1d:a2,docker,Docker LXC
+2,192.168.000.011,BC:24:11:47:27:43,adguard,Adguard Home LXC
+3,192.168.000.012,BC:24:11:A8:44:A1,vaultwarden,Vaultwarden LXC
+4,192.168.000.013,BC:24:11:70:10:ff,crafty-controller,Crafty Controller LXC
+5,192.168.000.014,02:99:5b:4c:b3:e6,nextcloud,Nextcloud VM
+6,192.168.000.015,02:46:0b:d8:35:7c,home-assistant,Home Assistant VM
+7,192.168.000.016,BC:24:11:2D:63:66,foundryvtt,FoundryVTT VM
+8,192.168.000.017,bc:24:11:2c:68:58,omv,OpenMediaVault VM
+9,192.168.000.018,bc:24:11:42:70:2a,irodori-wp,Wordpress LXC - Irodori
+10,192.168.000.019,bc:24:11:7e:fc:ff,dustin-wp,Wordpress LXC - Dustin
+11,192.168.000.030,50:EB:F6:5A:71:F2,jamie-pc,Main PC - Ethernet
+12,192.168.000.031,bc:24:11:b2:20:b0,pop_os,Linux Gaming VM
+13,192.168.000.032,10:b4:1d:d7:02:2c,bambu-a1,3D Printer
+14,192.168.000.033,a8:41:f4:8d:b9:5b,harukas-laptop,Haruka's Laptop
+15,192.168.000.034,a8:b1:3b:01:c2:ce,printer,HP Printer
+16,192.168.000.050,1a:de:e8:f1:a5:d3,jamies-s23,Jamies Phone
+17,192.168.000.051,4e:c7:f7:bc:f1:c5,harukas-s25,Harukas Phone
+18,192.168.000.052,ee:a1:23:9f:1e:c5,tablet-a8,Samsung Tablet A8
+19,192.168.000.070,a0:d0:5b:c7:13:28,livingroom-tv,Samsung TV
+20,192.168.000.071,b0:e4:5c:9e:ad:ca,samsung-soundbar,Samsung Soundbar-maybe
+21,192.168.000.080,a8:29:48:88:84:d6,chime,Tapo Hub/Chime H100
+22,192.168.000.081,20:23:51:d0:b1:7d,water-leak-sensor,Tapo Water Leak Sensor T300
+23,192.168.000.082,20:23:51:08:19:76,bedside-light,Tapo Light L530 - Bedisde
+24,192.168.000.084,f0:09:0d:b6:4a:8d,hallway-a-light,Tapo Light L530 - Hallway A
+25,192.168.000.085,40:ae:30:67:a2:46,hallway-b-light,Tapo Light L530 - Hallway B
+26,192.168.000.086,3c:64:cf:63:58:da,porch-light,Tapo Light L530 - Porch
+27,192.168.000.089,58:b6:23:41:e1:ff,standing-lamp,Yeelight Color4 - Standing Lamp
+28,192.168.000.090,54:ef:33:bd:be:e0,kitchen-camera,Reolink E1
+29,192.168.000.091,e8:ca:c8:6d:b0:7f,outdoor-camera,Reolink Argus Eco
+30,192.168.000.100,40-AE-30-F8-27-F0,AX55,TP-Link AX55 Access Point
+31,192.168.000.101,5c:62:8b:8d:cb:d6,RE450,TP-Link RE450 Range Extender
+32,192.168.000.120,10:ff:e0:11:46:9f,proxmox-1,Proxmox 1
+33,192.168.000.121,74:d4:35:97:f4:9d,proxmox-2,Proxmox 2