Network Overview
All hosts are on 192.168.1.0/24. Gateway and DNS: 192.168.1.1.
Host map
| Host |
IP |
Type |
Purpose |
| The-Egg |
192.168.1.1 |
UDM |
Gateway, router, WAP, IPS, DNS |
| PENFOLD-SW01 |
192.168.1.3 |
MikroTik CRS326-24G-2S+ |
Managed switch — wired LAN distribution |
| proxfold |
192.168.1.250 |
Proxmox host (Dell R430) |
Hypervisor, ZFS pool owner, NFS server |
| plex |
192.168.1.230 |
CT 100 (privileged LXC) |
Plex Media Server |
| arrstack |
192.168.1.252 |
VM 101 |
Docker host for arr stack services |
| control |
192.168.1.245 |
CT 104 (unprivileged LXC) |
Ansible control node + drift detection runner |
| pbs |
192.168.1.246 |
CT 105 (privileged LXC) |
Proxmox Backup Server (Phase 5A) |
| beszel |
192.168.1.247 |
CT 106 (unprivileged LXC) |
Beszel monitoring hub (Phase 5B) |
| n8n |
192.168.1.248 |
VM 108 |
Docker host for n8n + Hawser (Phase 5C) |
| edge |
192.168.1.244 |
CT 107 (unprivileged LXC) |
Caddy reverse proxy (Phase 5D) |
| vintage |
192.168.1.235 |
CT 201 (unprivileged LXC) |
Vintage Story dedicated server (side-project) |
| ~~stash~~ |
~~192.168.1.251~~ |
~~CT 103~~ |
Destroyed April 2026 — was legacy SMB bridge to ZFS (IP available for reuse) |
| NAS |
192.168.1.253 |
Standalone QNAP TS-269L |
NFS export to PBS (nas-primary) + legacy CIFS (nasbackup, transitional) |
Service ports
| Service |
Host |
Port |
URL |
| UniFi UI |
The-Egg |
443 |
https://192.168.1.1 |
| WireGuard VPN |
The-Egg |
51820/UDP |
— |
| Proxmox UI |
proxfold |
8006 |
https://192.168.1.250:8006 |
| Plex |
plex |
32400 |
http://192.168.1.230:32400 |
| Seerr |
arrstack |
5055 |
http://192.168.1.252:5055 |
| Sonarr |
arrstack |
8989 |
http://192.168.1.252:8989 |
| Radarr |
arrstack |
7878 |
http://192.168.1.252:7878 |
| Prowlarr |
arrstack |
9696 |
http://192.168.1.252:9696 |
| qBittorrent |
arrstack |
8080 |
http://192.168.1.252:8080 |
| Flaresolverr |
arrstack |
8191 |
http://192.168.1.252:8191 |
| Tautulli |
arrstack |
8181 |
http://192.168.1.252:8181 |
| Dockhand UI |
arrstack |
3000 |
http://192.168.1.252:3000 |
| Caddy (edge) |
edge |
80/443 |
http://192.168.1.244 (LAN) — terminates *.rampancy.cloud via LE DNS-01 wildcard |
| PBS UI |
pbs |
8007 |
https://192.168.1.246:8007 |
| Beszel hub |
beszel |
8090 |
http://192.168.1.247:8090 (LAN) / https://dash.rampancy.cloud (via Caddy) |
| n8n |
n8n |
5678 |
http://192.168.1.248:5678 (LAN) / https://n8n.rampancy.cloud (via Caddy) |
| Forgejo |
forgejo |
3000 |
http://192.168.1.249:3000 (LAN) / https://git.rampancy.cloud (via Caddy) |
| Matrix homeserver |
matrix |
81 |
http://192.168.1.243:81 (LAN — Traefik web entrypoint, bypasses well-known delegation) / https://matrix.rampancy.cloud (via Caddy) |
| Overseerr |
arrstack |
5055 |
http://192.168.1.252:5055 (LAN) / https://requests.rampancy.cloud (via Caddy) |
| korrosync |
arrstack |
3030 |
http://192.168.1.252:3030 (LAN) / https://kosync.rampancy.cloud (via Caddy) |
| Home Assistant |
hass |
8123 |
http://192.168.1.241:8123 (LAN) / https://home.rampancy.cloud (via Caddy) |
| Vintage Story |
vintage |
42420/TCP+UDP |
vintage.rampancy.cloud:42420 (direct WAN forward, no proxy) |