{ "format_version": "2.0", "generated": "2026-03-09", "operation": "INFRASTRUCTURE-MAP-SYNC", "source": "main.tf, terraform.tfstate, live-host-platform-docs, RUNBOOK-ZITI-DNS-HARDENING, PLATFORM-DOMAINS-FULL-LIST", "nodes": [ { "id": "netbird-caddy", "role": "reverse_proxy_registry", "public_ip": "213.149.161.255", "lan_ip": null, "description": "NetBird Caddy + Docker Registry (5000/5001)" }, { "id": "atlas", "role": "edge_proxy_ziti_controller", "public_ip": "157.180.94.199", "lan_ip": null, "description": "Caddy, Ziti Controller :1280, ZAC :1408" }, { "id": "storage", "role": "terraform_docker_api", "public_ip": null, "lan_ip": "192.168.178.23", "description": "Docker stack live-host-net, API 45000, Ziti gateway AXFR" }, { "id": "vm701", "role": "dns_primary", "public_ip": null, "lan_ip": "192.168.178.41", "description": "PowerDNS Master :5353, PowerDNS-Admin :9191, API :8081" }, { "id": "ns2", "role": "dns_secondary", "public_ip": "77.42.17.218", "lan_ip": null, "description": "PowerDNS Slave, AXFR via Ziti" }, { "id": "pve0", "role": "edge_gateway", "public_ip": "77.42.17.218", "lan_ip": null, "description": "global-edge-gateway-proxy, Hetzner, Ziti controller" }, { "id": "pve1", "role": "proxmox", "public_ip": null, "lan_ip": "192.168.178.210", "description": "Proxmox" }, { "id": "pve2", "role": "proxmox", "public_ip": null, "lan_ip": "192.168.178.25", "description": "Proxmox, VM 701 host" }, { "id": "pve3", "role": "proxmox", "public_ip": null, "lan_ip": null, "description": "Proxmox" }, { "id": "pve4", "role": "proxmox", "public_ip": null, "lan_ip": "192.168.178.20", "description": "Proxmox" }, { "id": "pve5", "role": "proxmox_truenas_host", "public_ip": null, "lan_ip": "192.168.178.27", "description": "Proxmox, VM 600 TrueNAS" }, { "id": "truenas_vm600", "role": "storage_nas", "public_ip": null, "lan_ip": "192.168.178.28", "description": "TrueNAS CORE, ZFS, MinIO jail 192.168.178.29:9000" }, { "id": "mailcow", "role": "mail", "public_ip": null, "lan_ip": "192.168.178.24", "description": "Mailcow VM 400, :8080 web, :587/:465 SMTP" }, { "id": "coolify", "role": "paas", "public_ip": null, "lan_ip": "192.168.178.26", "description": "Coolify" } ], "services": [ { "name": "appsmith", "host": "storage", "port": 45080, "domain": "admin.live-host.net", "image": "appsmith/appsmith-ce:release" }, { "name": "directus", "host": "storage", "port": 8055, "domain": "control.live-host.net", "image": "directus/directus:latest" }, { "name": "grafana", "host": "storage", "port": 3000, "domain": "logs.live-host.net", "image": "grafana/grafana:10.4.2" }, { "name": "loki", "host": "storage", "port": 3100, "domain": "loki.live-host.net", "image": "grafana/loki:2.9.4" }, { "name": "windmill-server", "host": "storage", "port": 8008, "domain": "manage.live-host.net", "image": "ghcr.io/windmill-labs/windmill:main" }, { "name": "node-red", "host": "storage", "port": 1880, "domain": "flow.live-host.net", "image": "nodered/node-red:latest" }, { "name": "baserow-app", "host": "storage", "port": 8081, "domain": "inventory.live-host.net", "image": "baserow/baserow" }, { "name": "traccar", "host": "storage", "port": 8083, "domain": "map.live-host.net", "image": "traccar/traccar" }, { "name": "lowdefy", "host": "storage", "port": 4000, "domain": "panel.live-host.net", "image": "node:20-alpine" }, { "name": "live-host-shop-app", "host": "storage", "port": 8080, "domain": "shop.live-host.net", "image": "wordpress" }, { "name": "vault-node1", "host": "storage", "port": 8200, "domain": "vault.live-host.net", "image": "hashicorp/vault:1.16" }, { "name": "n8n-app", "host": "storage", "port": 5678, "domain": "n8n.live-host.net", "image": "n8nio/n8n" }, { "name": "fossbilling", "host": "storage", "port": 45090, "domain": null, "image": "fossbilling/fossbilling:latest" }, { "name": "vaultwarden", "host": "storage", "port": 8082, "domain": null, "image": "vaultwarden/server" }, { "name": "infrastructure_api", "host": "storage", "port": 45000, "domain": "infra.live-host.net", "description": "infrastructure_api.py" }, { "name": "cecs-dns-pdns", "host": "vm701", "port": 5353, "domain": null, "description": "PowerDNS authoritative" }, { "name": "cecs-dns-pda", "host": "vm701", "port": 9191, "domain": "dns.live-host.net", "description": "PowerDNS-Admin" }, { "name": "registry", "host": "netbird-caddy", "port": 5000, "domain": "registry.live-host.net", "description": "Docker Registry main" }, { "name": "registry-canary", "host": "netbird-caddy", "port": 5001, "domain": "registry.live-host.net", "description": "Docker Registry canary" } ], "dns": { "zone": "live-host.net", "primary": { "host": "vm701", "ip": "192.168.178.41", "port": 5353, "description": "PowerDNS Master" }, "secondary": { "host": "ns2", "ip": "77.42.17.218", "description": "PowerDNS Slave, AXFR via Ziti" }, "nameservers": ["ns1.live-host.net", "ns2.live-host.net"], "ns1_ip": "157.180.94.199", "ns2_ip": "77.42.17.218", "axfr_path": "ns2 -> 127.0.0.1:5353 (socat) -> 100.64.0.4:5353 (Ziti) -> Storage axfr-ziti-host -> 192.168.178.41:5353 (VM701)", "allow_axfr_from": "192.168.178.23" }, "network": { "segments": [ { "name": "live-host-net", "type": "docker_bridge", "subnet": "192.168.0.0/20", "gateway": "192.168.0.1" }, { "name": "lan", "description": "192.168.178.0/24", "hosts": ["storage", "vm701", "mailcow", "truenas_vm600", "pve1-pve5", "coolify"] }, { "name": "public", "description": "Public IPs for Atlas, ns2, netbird-caddy" } ] }, "ziti": { "controller_atlas": { "url": "https://127.0.0.1:1280", "public_edge": "https://console.live-host.net/edge/v1" }, "controller_hetzner": { "host": "77.42.17.218", "port": 1280 }, "edge_routers": [ { "name": "atlas-edge-router", "server": "Atlas", "host": "157.180.94.199" }, { "name": "storage-er-mesh", "server": "Storage", "host": "192.168.178.23" }, { "name": "pve0-edge-router", "server": "pve0", "host": "77.42.17.218" }, { "name": "pve1-edge-router", "server": "pve1", "host": "100.89.104.112" }, { "name": "pve2-edge-router", "server": "pve2", "host": "100.89.175.5" }, { "name": "pve3-edge-router", "server": "pve3", "host": "100.89.254.197" }, { "name": "pve4-edge-router", "server": "pve4", "host": "100.89.25.229" }, { "name": "pve5-edge-router", "server": "pve5", "host": "100.89.169.224" }, { "name": "mailcow-edge-router", "server": "Mailcow", "host": "100.89.69.213" }, { "name": "storage-edge-router-v2", "server": "Storage", "host": "100.89.136.163" } ], "identities": [ { "name": "primary-dns", "role": "Bind", "service": "dns-axfr", "host": "storage" }, { "name": "ns2-dns-client", "role": "Dial", "service": "dns-axfr", "host": "ns2" }, { "name": "dns-host-storage", "role": "Bind", "service": "pdns-api-service", "host": "storage" }, { "name": "atlas-dns-client", "role": "Dial", "service": "pdns-api-service", "host": "atlas" } ], "services": [ "dns-axfr", "pdns-api-service", "vault-service", "dns-live-host-net", "pve1-proxmox", "pve2-proxmox", "pve3-proxmox", "pve4-proxmox", "pve5-proxmox" ] }, "reverse_proxy": { "atlas_caddy": { "host": "157.180.94.199", "port": 443, "tls": "ZeroSSL ACME, *.live-host.net DNS-01", "backends": "Ziti tunnels 127.0.0.1:18xxx/28xxx, local :80/:1408/:1280" }, "netbird_caddy": { "host": "213.149.161.255", "domains": ["hub.live-host.net", "auth.live-host.net", "registry.live-host.net"] }, "endpoints": [ { "domain": "hub.live-host.net", "backend": "Atlas 127.0.0.1:80 or 213.149.161.255" }, { "domain": "manage.live-host.net", "backend": "127.0.0.1:28008 (Ziti)" }, { "domain": "control.live-host.net", "backend": "127.0.0.1:18055 (Ziti)" }, { "domain": "logs.live-host.net", "backend": "127.0.0.1:13000 (Ziti)" }, { "domain": "admin.live-host.net", "backend": "127.0.0.1:45080 (Ziti)" }, { "domain": "console.live-host.net", "backend": "/edge/v1 -> 127.0.0.1:1280, else :1408" }, { "domain": "dns.live-host.net", "backend": "127.0.0.1:9443 (Ziti to VM701:9191)" }, { "domain": "mail.live-host.net", "backend": "127.0.0.1:28081 (Ziti to Mailcow)" }, { "domain": "pve1.live-host.net", "backend": "127.0.0.1:18006 (Ziti)" }, { "domain": "archive.live-host.net", "backend": "127.0.0.1:19080 (Ziti to TrueNAS)" } ] }, "tunnels": [ { "type": "ziti", "name": "dns-axfr", "from": "ns2", "to": "vm701", "via": "Storage axfr-ziti-host", "listen_ns2": "127.0.0.1:5353" }, { "type": "socat", "name": "axfr-socat", "host": "ns2", "listen": "5353", "forward": "100.64.0.4:5353" }, { "type": "ziti", "name": "pdns-api", "from": "atlas", "to": "vm701:8081", "listen_atlas": "127.0.0.1:18081" }, { "type": "ziti", "name": "vault", "from": "atlas", "to": "storage:8082", "listen_atlas": "127.0.0.1:18082" }, { "type": "ziti", "name": "pve1-pve5-proxmox", "listen_atlas": "127.0.0.1:18006-18010" } ], "terraform": { "state_path": "terraform.tfstate", "terraform_version": "1.9.0", "resources": { "docker_network": ["live_host_net"], "docker_image": ["appsmith", "directus", "directus_db", "fossbilling", "fossbilling_db", "grafana", "loki", "node_red", "promtail", "windmill", "windmill_extra"], "docker_volume": ["directus_pg", "fossbilling_data", "fossbilling_mysql", "windmill_cache", "windmill_logs"] } }, "dependencies": [ { "from": "atlas", "to": "storage", "via": "ziti", "services": ["manage", "control", "logs", "admin", "flow", "inventory", "map", "panel", "shop", "vault", "n8n", "infra"] }, { "from": "atlas", "to": "vm701", "via": "ziti", "services": ["dns", "pdns-api"] }, { "from": "atlas", "to": "mailcow", "via": "ziti", "services": ["mail", "autoconfig", "autodiscover"] }, { "from": "ns2", "to": "vm701", "via": "ziti_axfr", "service": "dns-axfr" }, { "from": "storage", "to": "vm701", "via": "tcp", "service": "axfr host bind 192.168.178.41:5353" } ] }