Infrastructure

Network Documentation

Self-hosted home infrastructure - gateway, server, IoT, and cloud services

Architecture

Network Topology

Internet

Telstra - 946 / 96 Mbps

WAN

UniFi Dream Router 7

Gateway / AP / Switch - WiFi 6E

1 Gbps

Elysium

Pi-hole DNS / Docker / Cloudflare Tunnel

PCs
Desktop PCWindows 11
HP LaptopWindows 11
MacBook AirM1
MacBook ProM4
MacBook Pro2019
Gaming
XboxMicrosoft
PS5Sony
Switch 2Nintendo
Switch OLEDNintendo
Steam DeckValve
Media
Apple TVStreaming
Sony BraviaSmart TV
Sony BraviaSmart TV
Sonos BeamSoundbar
Sonos SpeakersMulti-room
HomePod MiniApple
HomePod MiniApple
IoT + Mobile
Bambu Lab P1S3D Printer
Panda TouchDisplay
Hue BridgeWired
iPhonesiOS
iPadsiOS

Gateway

UniFi Dream Router 7

All-in-one gateway, access point, and managed switch. Single SSID with Multi-PSK - devices are automatically routed to VLANs based on their pre-shared key.

Model
UDR7 (UDMA67A)
WiFi
WiFi 6E (Tri-band)
UniFi OS
v5.1.12
Network App
v10.3.58
WAN
Telstra DHCP
Speed
946 / 96 Mbps
Clients
18 devices
Architecture
aarch64

WiFi Radios

BandChannelWidthClientsProtocol
2.4 GHz 1 20 MHz 4 WiFi 4
5 GHz 100 40 MHz 12 WiFi 6
6 GHz 53 40 MHz 0 WiFi 6E

Physical Ports

PortMediaLink SpeedConnected Device
Port 1 2.5GbE 1 Gbps Elysium (Home Server)
Port 2 2.5GbE - Not connected
Port 3 2.5GbE 100 Mbps Philips Hue Bridge
Port 4 2.5GbE 1 Gbps WAN Uplink (Telstra)
SFP+ 1 SFP+ - WAN2 (unused)

VLANs

NetworkVLANPurposeTypeNotes
Core Untagged Primary LAN Corporate Default network, DNS via Pi-hole, mDNS enabled
Trusted 20 Trusted devices Corporate High-trust devices with elevated access
IoT 30 IoT isolation Corporate Smart home devices, isolated from primary LAN
Media 40 Gaming and media Corporate Streaming and gaming devices
Guest 60 Guest access Guest Isolated guest network, no LAN access
ElysiumAdmin - Remote access VPN WireGuard tunnel for remote admin via vpn.motawehsolutions.com

Server

Elysium

Self-hosted home server running all containerized services, DNS filtering, game servers, and the Cloudflare Tunnel for public access.

Hardware
Mac Mini (2012)
OS
Debian 13 (Trixie)
Kernel
6.12.73
RAM
16 GB
Storage
217 GB SSD
Connection
1Gbps Ethernet (Port 1)
Failover
WiFi (auto)
SSH
Key-only (ed25519)

Core Services

ServiceRoleType
Pi-hole v6 Network-wide DNS ad blocking and filtering (v6.4.2 / FTL v6.6.2) Native
Cloudflare Tunnel Secure public access to services (token-based, no open ports) Native
Minecraft Server Paper + Geyser/Floodgate - Java and Bedrock crossplay, family server Native
Plex Media Server Media streaming for the household Native
Samba Network file sharing (ROM library access) Native
ttyd Read-only web terminal (btop system monitor) Native
Avahi mDNS/DNS-SD for local service discovery Native

Containers

Docker Stacks

All public-facing services run in Docker with automatic restart policies. Public access routes through a Cloudflare Tunnel with no inbound ports exposed.

RomM Stack 4 containers

Retro game ROM management and browser-based emulation platform

romm - App server
romm-nginx - Reverse proxy
romm-mariadb - Database
romm-redis - Cache
Printer Camera Stack 3 containers

Live camera feed and MQTT status from the Bambu Lab P1S

bambu-camera - go2rtc stream proxy
bambu-status - MQTT status API
bambu-nginx - Web UI + stream

Cloudflare Tunnel Routes

HostnameBackendService
games.motawehsolutions.com RomM Nginx ROM library + emulator
elysium.motawehsolutions.com Static site + stats API Server dashboard
printer.motawehsolutions.com Bambu Nginx P1S camera + print status

3D Printing

Bambu Lab P1S

Fully enclosed CoreXY 3D printer running in LAN-only mode with Developer Mode enabled. Connected to the network via WiFi with a static DHCP lease.

Build Volume
256 x 256 x 256mm
Max Speed
500mm/s
Acceleration
20,000mm/s²
Hotend
300°C max
Firmware
01.08.02.00
Nozzle
0.4mm
AMS
4-slot
Display
BTT Panda Touch

Software Stack

ComponentDescription
FULU Foundation OrcaSlicer Fork with Bambu network plugin via WSL2 bridge for LAN printing
go2rtc (Docker) Proxies the P1S proprietary camera protocol (TCP 6000) to MJPEG
MQTT Status Service (Docker) Subscribes to printer telemetry (TLS 8883) and serves JSON status API
Developer Mode Unlocks MQTT, FTPS, and video stream for third-party integrations

Camera Access

The P1S camera (~1 fps, 720p, ESP32 hardware) streams via a go2rtc proxy on Elysium. The feed is exposed publicly at printer.motawehsolutions.com through the Cloudflare Tunnel with a live web dashboard showing print name, progress, temps, and layer count.

Connected Devices

Device Inventory

PCs
5 machines + server
  • Desktop PC Windows 11
  • HP Laptop Windows 11
  • MacBook Air M1
  • MacBook Pro M4
  • MacBook Pro 2019
  • Elysium Debian (Wired 1Gbps)
Gaming
5 consoles + handhelds
  • Xbox Microsoft
  • PS5 Sony
  • Nintendo Switch 2 Nintendo
  • Nintendo Switch OLED Nintendo
  • Steam Deck Valve
Media
Streaming + Audio
  • Apple TV Streaming
  • Sony Bravia Smart TV
  • Sony Bravia Smart TV
  • Sonos Beam Soundbar
  • Sonos Speakers Multi-room
  • HomePod Mini Apple
  • HomePod Mini Apple
Smart Home
Lighting + 3D Printing
  • Philips Hue Bridge Wired (Port 3)
  • Hue Lights Zigbee mesh
  • Bambu Lab P1S 3D Printer
  • BTT Panda Touch Printer Display
Mobile
Phones + Tablets
  • iPhones iOS
  • iPads iOS
Controllers
Input Devices
  • Xbox Controller Bluetooth
  • PS4 Controller Bluetooth
  • PS3 Controller Bluetooth
  • Switch Pro Bluetooth

Web Properties

motawehsolutions.com

All sites deploy to Cloudflare Pages or route through the Cloudflare Tunnel from Elysium. DNS managed via Cloudflare.

DomainDescriptionPlatform
motawehsolutions.com Personal portfolio Cloudflare Pages
home.motawehsolutions.com Project Ghan dashboard Cloudflare Pages
photo.motawehsolutions.com Photography portfolio Cloudflare Pages
elysium.motawehsolutions.com Server dashboard + live stats Tunnel
games.motawehsolutions.com RomM - retro game library Tunnel
printer.motawehsolutions.com P1S live camera + print status Tunnel
bullfighter.motawehsolutions.com BullFighter3D - Unity WebGL game Cloudflare Pages
vpn.motawehsolutions.com WireGuard VPN endpoint DDNS

Observability

Monitoring

Elysium runs health checks every 60 seconds and generates real-time stats every 5 seconds, both via systemd timers.

Health Checks
60s interval via systemd timer
  • Network interfaces Eth + WiFi failover
  • Systemd services Pi-hole, tunnel, Minecraft, Samba
  • Docker containers All running containers
  • HTTP endpoints RomM availability
  • Disk usage Tiered thresholds
Stats Generation
5s interval via systemd timer
  • CPU usage Per-core sampling
  • Temperature CPU thermal
  • Memory Used / Total / Swap
  • Disk / and /srv
  • Network I/O RX/TX bytes
Alerting
Slack + Healthchecks.io
  • Slack webhook Down + recovery alerts
  • State tracking Change detection via files
  • Heartbeat ping External dead-man switch
  • Disk thresholds 25 / 50 / 75 / 80 / 90%

Security

Security Posture

Geo-IP Blocking
Router + Cloudflare
  • UniFi firewall 7 countries blocked
  • Cloudflare WAF Same countries on all zones
  • Direction Both inbound + outbound
DNS Filtering
Pi-hole v6
  • StevenBlack blocklist Ads + malware
  • Smart TV telemetry Blocked
  • Plex domains Allowlisted
  • All DHCP clients Forced through Pi-hole
Access Control
Network + Remote
  • WireGuard VPN Remote admin access
  • SSH Key-only, no passwords
  • Cloudflare Tunnel No inbound ports
  • 1Password All credentials managed
Port Forwards
Minimal exposure
  • Minecraft Bedrock UDP
  • Minecraft Java TCP
  • WireGuard UDP