// classified infrastructure  •  clearance: owner //

Naptown Homelab

harmjoy.us  •  Proxmox Cluster: Naptown  •  3 Nodes  •  35+ services

Cloudflare Tunnel Active Proxmox 8.x Naptown Cluster Docker Host Hetzner VPS Arc A310 GPU
3PVE Nodes
25Containers
16Docker
33NPM Routes
1Hetzner VPS
Services Up
// External Traffic Architecture
🌐 INTERNET ☁️ CLOUDFLARE EDGE harmjoy.us  •  DDoS protection  •  DNS proxied cloudflared lilbox 192.168.1.35  •  QUIC outbound Tunnel: c3b4b47d… Nginx Proxy Manager CT105  •  192.168.10.2:80 + CrowdSec IDS Home Assistant n8n Homarr… Vaultwarden Authentik… +25 more services Hetzner VPS 5.161.204.42  •  Frankfurt Caddy + PM2 api. status. leadgen. harmjoy.us vault. vps. HTTPS / QUIC CNAME → tunnel A record → direct
View all 37 routed services
🔒 Tunnel → Homelab 24 routes
home Landing
ha Home Assistant
n8n Automation
homarr Dashboard
auth Authentik SSO
vault Vaultwarden
adguard DNS
npm Proxy Manager
uptime Kuma
portainer Docker
claudevault Agent Workspace
lore Chat App
loreapi Chat API
karakeep Bookmarks
govdeals Arbitrage
musicbot Creepin Bot
stream RTMP Live
deploy Firebase Deploy
tools IT Tools
smokeping Latency
speedtest ISP Speed
changes Web Monitor
immich Photo Library
pterodactyl Game Panel
🎬 Tunnel → Media Stack 5 routes
jellyfin Media Server
request Jellyseerr
sonarr TV Automation
prowlarr Indexer
qbittorrent Downloads
☁️ A Record → Hetzner VPS 4 routes
api Webhook Relay
status Uptime Status
leadgen Website CRM
honeypot Cowrie SSH
🖥️ Proxmox Admin Panels 4 routes
lilbox PVE Primary
middy PVE Secondary
bigblack PVE GPU Node
pbs Backup Server
// Naptown PVE Cluster
🖥️
lilbox
192.168.1.35  •  Proxmox PVE 8
Primary
VM100
Home Assistant OS
192.168.1.37:8123
VM108
Docker Host
192.168.1.23
CT102
Pterodactyl Panel
192.168.1.40:80
CT105
NPM + CrowdSec ★
192.168.10.2:80
CT107
Vaultwarden
192.168.1.44:8000
CT110
GovDeals Arbitrage
192.168.1.43:3001
CT111
ClaudeVault
192.168.1.55
CT115
Stream Server
192.168.1.45:1935
CT200
Creepin Bot + Landing
192.168.1.48:3001
CT211
LeadGen Staging
192.168.1.56:3000
CT212
Fakenet (isolated)
192.168.1.57
VM101
OPNsense
unused / stopped
🖥️
middy
192.168.1.150  •  Proxmox PVE 8
Secondary
CT120
Proxmox Backup Server
192.168.1.46:8007
CT202
Uptime Kuma
192.168.1.50:3001
CT203
Tailscale Router
192.168.1.51
CT204
Karakeep
192.168.1.52:3000
CT205
AdGuard Home DNS
192.168.1.53:80
CT206
Authentik SSO
192.168.1.54:9000
CT207
Claude Code
192.168.1.58
🖥️
bigblack
192.168.1.43 (via ProxyJump)  •  Proxmox PVE 8
AMD Ryzen 5 2600X • 16GB • Intel Arc A310 GPU
GPU Node
CT103
Immich
192.168.1.38:2283
CT300
Devbox
192.168.1.62
CT900
qBittorrent
192.168.100.1:8090
CT901
Sonarr
192.168.100.3:8989
CT902
Prowlarr
192.168.100.2:9696
CT903
Jellyfin
192.168.100.4:8096
CT904
Jellyseerr
192.168.100.5:5055
// Docker Host — VM108 @ 192.168.1.23
🐳
Docker Host
192.168.1.23  •  VM108 on lilbox  •  16 containers
Docker
n8n
:5678
Automation workflows
homarr
:7575
Dashboard
smokeping
:8083
Latency monitor
speedtest-tracker
:8081
ISP speed tracking
changedetection
:8082
Web change alerts
it-tools
:8080
Dev utilities
portainer
:9443
Docker manager
adguardhome
:80 :53
DNS (secondary)
lore-web
:3001
Lore frontend
lore-api
:4000
Lore API
lore-postgres
:5432
PostgreSQL
lore-redis
:6379
Redis cache
lore-minio
:9000–9001
Object storage
lore-livekit
:7880–7882
Media server
deep-health-checker
:3005
Service health checker
lore-typesense
:8108
Search engine
// Hetzner VPS — External Cloud
☁️
Hetzner VPS
5.161.204.42  •  Frankfurt  •  [email protected]
External
Public Domains
api.harmjoy.us status.harmjoy.us leadgen.harmjoy.us vault.harmjoy.us vps.harmjoy.us honeypot.harmjoy.us
PM2 Services
webhook-relay (cluster) leadgen-pro :3001 cowrie-honeypot :4000
Stack
Caddy reverse proxy Node.js + nvm SQLite Cowrie SSH Honeypot
Routing
Direct A record Bypasses Cloudflare Tunnel ISP-independent
// NPM Proxy Routes — CT105 @ 192.168.10.2
33 routes
SubdomainBackend
// ISP Failure Resilience
🛡️
Tunnel-Protected
All CNAME subdomains use Cloudflare Tunnel — outbound QUIC survives ISP IP changes and router reboots entirely.
ha.harmjoy.us homarr.harmjoy.us n8n.harmjoy.us auth.harmjoy.us +25 more
🌍
VPS-Hosted
Hetzner VPS services use A records to 5.161.204.42 in Frankfurt — fully independent of home ISP. Survive complete home outage.
api.harmjoy.us status.harmjoy.us leadgen.harmjoy.us vault.harmjoy.us
🔒
Tailscale Backup
CT203 on middy acts as a Tailscale subnet router — encrypted remote access to full LAN with no open ports required.
Full 192.168.1.x access No port forwarding ISP-IP agnostic
🔄
Auto-Recovery
pve-autostart-catchup timer on all 3 nodes starts missed VMs/CTs 5 minutes after boot. Handles Proxmox cluster autostart bugs after hard power-off.
All 3 nodes 5 min post-boot Deployed 2026-02-25
100% Tunnel Coverage
Every harmjoy.us subdomain now routes through Cloudflare Tunnel or a VPS A record. Zero direct home-IP A records remain.
stream.harmjoy.us ✓ Migrated 2026-02-21 No fragile records