Infrastructure Overview

graph TD
  Internet --> VPS[(RackNerd VPS)]
  VPS -->|WireGuard| pfSense
  pfSense --> VLAN10[Mgmt VLAN]
  pfSense --> VLAN20[Servers VLAN]
  VLAN20 --> Proxmox --> TrueNAS
  Proxmox --> Authentik
  VPS --> HugoSite[Hugo @ /]
  VPS --> DocsSite[MkDocs @ /docs]
  HugoSite -->|Links/Embeds| NocoDB

Components

• VPS Edge (Caddy): TLS termination, static hosting, reverse proxy.
• pfSense: primary router/firewall; handles VLANs and VPN.
• Proxmox VE: compute layer; VLAN bridges; containers/VMs.
• TrueNAS SCALE: storage (NFS shares), snapshot/replication.
• Authentik: SSO for applications.
• NocoDB: simple backend for forms (account requests, bug reports).

Data Flows

• Public → VPS (Caddy) → reverse proxy/serve static.
• Internal services live on VLAN20 and are fronted by Authentik when exposed.