====== Network Overview ======

Last updated: 2026-02-06

===== Gateway =====

^ Device ^ Model ^ IP ^ Version ^
| gw-01.prod.wow | UDM Pro | 10.100.161.254 | v4.4.6 |

  * **WAN IP:** 92.79.55.46 (Vodafone DE)
  * **Domains:** wow.mgmt (management), srv.internal (servers)

===== Switches =====

^ Device ^ Version ^
| sw-01 | v7.2.123 |
| sw-02 | v7.2.123 |
| sw-03 | v7.2.123 |

===== Access Points =====

^ Device ^ Version ^
| ap-01 | v6.7.31 |
| ap-02 | v6.7.31 |

===== Port Forwarding =====

^ External Port ^ Internal Target ^ Service ^
| 80 | 10.100.161.102 | Traefik HTTP |
| 443 | 10.100.161.102 | Traefik HTTPS |

===== VPN =====

  * **WireGuard:** 192.168.7.0/24
  * Server on UDM gateway

===== DNS =====

==== Dual-Domain Setup ====

^ Domain ^ Purpose ^ Provider ^ Target ^
| *.home.miskam.xyz | Valid SSL (public) | Cloudflare | 10.100.161.102 |
| *.srv.internal | Internal only | UniFi Local DNS | per-service |

==== Cloudflare (*.home.miskam.xyz) ====

  * **Zone:** miskam.xyz
  * **Record:** *.home.miskam.xyz → 10.100.161.102 (A)
  * **API Token:** Vaultwarden (Network Automation)
  * **Used for:** Let's Encrypt DNS-01 challenge

==== UniFi (*.srv.internal) ====

  * **Location:** Settings → Networks → SRV → DHCP → Local DNS Records
  * **Note:** API-Zugriff funktioniert nicht — manuell über UI hinzufügen

===== Related =====

  * [[network:vlans|VLANs]] - VLAN configuration
  * [[network:tls|TLS Certificates]] - SSL setup
  * [[services:traefik|Traefik]] - Reverse proxy