32 architektur diagramm
graph TB
subgraph Internet ["☁ Internet / Cloud"]
HTTPS["anknorr.ddnss.de"]
MS365["Microsoft 365"]
SophosCentral["Sophos Central"]
CK_VPN["vpn.creative-kirche.de"]
end
HTTPS -->|HTTPS| Caddy
CK_VPN -.->|OpenVPN| VPS
Sophos_Exp -->|API| SophosCentral
D365_Exp -->|API| MS365
subgraph VPS ["VPS sck-debian-nbg (178.104.125.96) — 18 Container"]
Caddy["Caddy :443"]
Grafana["Grafana :3000"]
Gitea["Gitea :3003"]
Gatus["Gatus :8091"]
Prom["Prometheus :9090<br/>80 Targets"]
Alert["Alertmanager → ntfy"]
Loki["Loki + Promtail"]
BB_VPS["Blackbox Remote"]
Sophos_Exp["Sophos-Central-Exp"]
D365_Exp["D365-Exporter"]
Oxidized["Oxidized"]
Salto_Proxy["Salto-Metrics-Proxy"]
end
Caddy --> Grafana
Caddy --> Gatus
Caddy --> Gitea
Prom --> Alert
Prom --> Loki
VPS ===|"WireGuard<br/>10.100.0.1 ↔ .0.2"| Pi5
subgraph Pi5 ["Pi5 raspip5 (192.168.178.199) — 11 Container"]
HA["Home Assistant :8123"]
Z2M["Z2M + Mosquitto"]
PiHole["Pi-hole :53"]
BB_Pi["Blackbox Referenz"]
Fritz_Exp["FritzBox-Exp"]
Sungrow_Exp["Sungrow-Exp"]
Syslog["rsyslog"]
Samba["Samba-TM"]
end
Prom -.->|WG| BB_Pi
Prom -.->|WG| Fritz_Exp
Prom -.->|WG| Sungrow_Exp
Syslog -->|Logs| Loki
subgraph Heim ["Heimnetz 192.168.178.x"]
Fritz["FritzBox .10"]
rpp1["rpp1 .67<br/>VPN-GW 10.244.2.130"]
Mac["Mac .72"]
Zigbee["Zigbee-Geräte"]
PV["Sungrow SH10RT<br/>192.168.100.75"]
end
Fritz_Exp --> Fritz
Sungrow_Exp -->|Modbus| PV
Z2M -->|USB| Zigbee
PiHole -.-> Fritz
Samba -.->|TM| Mac
rpp1 -->|OpenVPN| CK_VPN
Pi5 -->|"NAT 9101→9100"| rpp1
Gitea -.->|"sync 5m"| Pi5
Gitea -.->|"sync 5m"| Mac
Alert -.->|Push| Mac
subgraph Pferdebach ["Pferdebachstr. 31 — 40er-Netz"]
XGS40["Sophos XGS-40<br/>10.128.40.1"]
Salto["SaltoServer<br/>10.128.40.6"]
AP40["5 APs: .31 .32 .33 .37 .43"]
LAN40["Büro-LAN + WLAN<br/>10.128.40.0/24<br/>SSID: ckoffice-static"]
Gast40["Gast-WLAN<br/>10.128.15.0/24<br/>VLAN 15"]
XGS40 --- Salto
XGS40 --- AP40
XGS40 --- LAN40
XGS40 --- Gast40
end
subgraph Ruhrstr ["Ruhrstr. — 30er-Netz"]
XGS30["Sophos XGS-30<br/>10.128.30.1"]
Drucker30["Drucker<br/>10.128.30.10"]
AP30["8 APs: .31 .32 .33 .34 .35 .36 .37 .38"]
LAN30["Büro-LAN + WLAN<br/>10.128.30.0/24<br/>SSID: ckoffice-static"]
Gast30["Gast-WLAN<br/>10.128.11.0/24<br/>VLAN 11"]
XGS30 --- Drucker30
XGS30 --- AP30
XGS30 --- LAN30
XGS30 --- Gast30
end
XGS40 ===|"S2S IPsec"| XGS30
SophosCentral -.->|Mgmt| XGS40
SophosCentral -.->|Mgmt| XGS30
BB_VPS -->|"VPN: ICMP/DNS"| XGS40
BB_VPS -->|"VPN: ICMP/DNS"| XGS30
BB_VPS -->|"VPN: ICMP"| AP40
BB_VPS -->|"VPN: ICMP"| AP30
Oxidized -->|"VPN: HTTPS :4444"| XGS40
Oxidized -->|"VPN: HTTPS :4444"| XGS30
Salto_Proxy -->|"VPN: :8100"| Salto
Prom -->|"VPN: SNMP"| Salto
XGS40 -.->|Syslog| rpp1
rpp1 -.->|"UDP 1514"| Syslog
XGS30 -.->|Syslog| Salto
Salto -.->|"TCP 5514 SSH"| Syslog
classDef vps fill:#4a9eff,color:#fff,stroke:#2670c4
classDef pi5 fill:#50b848,color:#fff,stroke:#3a8a34
classDef ck fill:#e05555,color:#fff,stroke:#b33333
classDef heim fill:#ffa94d,color:#fff,stroke:#cc7a22
classDef internet fill:#888,color:#fff,stroke:#666
classDef lan fill:#ffe0e0,color:#333,stroke:#cc4444
classDef gast fill:#eee,color:#666,stroke:#999
class Caddy,Grafana,Gatus,Gitea,Prom,Alert,Loki,BB_VPS,Sophos_Exp,D365_Exp,Oxidized,Salto_Proxy vps
class HA,Z2M,PiHole,BB_Pi,Fritz_Exp,Sungrow_Exp,Syslog,Samba pi5
class XGS40,XGS30,Salto,Drucker30 ck
class AP40,AP30,LAN40,LAN30 lan
class Gast40,Gast30 gast
class Fritz,rpp1,Mac,Zigbee,PV heim
class HTTPS,CK_VPN,MS365,SophosCentral internet