arvandor/network/ip-schema.example

# Arvandor IP Schema
#
# This documents the IP addressing scheme for the infrastructure.

## Networks

| Network | CIDR | Purpose |
|---------|------|---------|
| Public | 203.0.113.10 | External access (vmbr0) |
| Bridge | 192.168.100.0/24 | VM provisioning network (vmbr1) |
| Nebula | 10.10.10.0/24 | Encrypted overlay network |

## VMID Ranges

| Range | Domain | Nebula Group | Purpose |
|-------|--------|--------------|---------|
| 1000-1999 | Management | infrastructure | DNS, Caddy, Lighthouse |
| 2000-2999 | Services | infrastructure | Vault, Gitea |
| 3000-3999 | Data | infrastructure | PostgreSQL, Valkey, Garage |
| 4000-4999 | Workloads | projects/games | Applications, game servers |
| 5000-5999 | Monitoring | infrastructure | Prometheus, Grafana, Loki |

## IP Pattern

VMID determines IP address. Last 2-3 digits become the last octet:
- VMID 1001 → 192.168.100.11 / 10.10.10.11
- VMID 2000 → 192.168.100.20 / 10.10.10.20
- VMID 3009 → 192.168.100.39 / 10.10.10.39

## Reserved Addresses

| IP | Host | Purpose |
|----|------|---------|
| 192.168.100.1 | Proxmox host | Gateway, Ansible jump host |
| 10.10.10.1 | Proxmox host | Nebula endpoint for management |
| 10.10.10.10 | Lighthouse | Nebula discovery/relay |
| 10.10.10.11 | DNS | Internal DNS server |
| 10.10.10.12 | Caddy | Reverse proxy |
| 10.10.10.20-22 | Vault cluster | Secrets management |
| 10.10.10.30-32 | PostgreSQL | Database cluster |
| 10.10.10.33-35 | Valkey | Cache/queue cluster |
| 10.10.10.39-41 | Garage | S3 storage cluster |

## Example VM Allocation

```
VMID 1001 - dns
  Bridge: 192.168.100.11
  Nebula: 10.10.10.11
  Group: infrastructure

VMID 2000 - vault-01
  Bridge: 192.168.100.20
  Nebula: 10.10.10.20
  Group: infrastructure

VMID 4050 - app-server
  Bridge: 192.168.100.50
  Nebula: 10.10.10.50
  Group: projects
```