infrastructure/NETWORK.md

# Infrastructure Overview – Wheatley

This document describes the network and infrastructure architecture of the *Wheatley* environment. Its purpose is to clearly document **connectivity, routing, and responsibilities per site**, enabling predictable operations, troubleshooting, and future expansion.

---

## Overview

The infrastructure consists of three primary sites:

| Site | Role | Subnet |
|------|------|--------|
| **Hobbyrack** | Central hub, homelab, workloads | `10.13.37.0/24` |
| **MAPPS** | Externally managed platform services | `10.7.65.192/26` |
| **Home** | Client network | `192.168.1.0/24` |

Connectivity between sites is provided via **IPSec** and **WireGuard**, with *Hobbyrack* acting as the central routing and transit hub.

---

## Network Diagram

```mermaid
flowchart LR
    %% Hobbyrack
    subgraph HR["Hobbyrack"]
        HR_OPN["OPNsense Gateway
10.13.37.1"]
        HR_LAN["10.13.37.0/24"]
        HR_CLUSTER["k8s-wheatley
(Servarr stack)"]
        HR_OPN --- HR_LAN
        HR_LAN --- HR_CLUSTER
    end

    %% Managed Apps
    subgraph MA["Forti – Managed"]
        MA_GW["Gateway
10.7.65.193"]
        MA_LAN["10.7.65.192/26"]
        MA_CLUSTER["MAPPS Cluster
(Mimir, Loki, Vault)"]
        MA_CLUSTER2["k8s-peterg
(ArgoCD)"]
        MA_GW --- MA_LAN
        MA_LAN --- MA_CLUSTER
        MA_LAN --- MA_CLUSTER2
    end

    %% Home
    subgraph TH["Home"]
        TH_GW["UniFi Gateway
192.168.1.1"]
        TH_LAN["192.168.1.0/24"]
        TH_CLIENTS["Clients"]
        TH_GW --- TH_LAN
        TH_LAN --- TH_CLIENTS
    end

    %% Tunnels
    HR_OPN <==>|"IPSec
10.13.37.0/24 ↔ 10.7.65.192/26"| MA_GW
    HR_OPN <==>|"WireGuard Hub
10.167.84.0/24"| TH_GW