// architecture
Infrastructure architecture
A top-to-bottom view of my self-hosted environment — how traffic flows from the internet through security controls down to storage and backups.
Internet
Dual-stack IPv4 & IPv6 ingress with dynamic DNS keeping public records current.
OPNsense Firewall
Edge firewall enforcing default-deny policy, IDS/IPS, and inter-VLAN routing rules.
Internal Networks (VLANs)
Segmented trusted, IoT, guest, and DMZ VLANs isolating traffic by trust level.
Reverse Proxy & SSL
Nginx reverse proxy with automated Let's Encrypt certificates for safe service exposure.
Virtual Machines
Hypervisor hosting isolated VMs and containerised Docker/Podman workloads.
NAS Storage
Synology NAS with RAID redundancy serving media, photos, and application data.
Monitoring Systems
Observability stack tracking uptime, resource usage, and service health.
Backup Architecture
3-2-1 strategy with local snapshots and encrypted offsite cloud synchronisation.