diff --git a/docs/adr/0017-cctv-physical-cabling.svg b/docs/adr/0017-cctv-physical-cabling.svg new file mode 100644 index 00000000..6088f9e3 --- /dev/null +++ b/docs/adr/0017-cctv-physical-cabling.svg @@ -0,0 +1,126 @@ + + + + + + + + + + + ADR-0017 — physical cabling (single-switch, rev 3) + wires only — no VLANs, no traffic · solid = in place · dashed = camera-day · ~ = radio + + + + APARTMENT + + ☁ ISP (internet) + + + + AX6000 router + 192.168.1.1 · WAN←ISP · 8×LAN + + + Synology NAS · .13 + on an AX6000 LAN port + + + 📶 wifi clients (phones, laptops) + + + + + in-wall run → garage + + + + GARAGE — RACK + + + + TL-SG105PE · 5-port gigabit PoE switch + mgmt 192.168.1.6 · replaces the old TL-SG105E (→ shelf, cold spare) + + + P1 + ← apartment + + P2 + ← 4G router + + P3 + ← UPS mgmt + + P4 ⚡PoE + ← camera + + P5 + ← R730 eno1 + + every cable below re-plugs old-switch → PE on camera day (≈3 min) + + + + 4G router · 192.168.1.7 + ~cellular uplink (out-of-band) + + + 📡 cellular + + + + UPS (Huawei) + network mgmt card + + + + + Dell R730 · PVE host · 192.168.1.127 + + + eno1 · LAN1 + ← switch P5 · 1GbE + + eno2 · LAN2 + dark · fallback leg + + eno3 / eno4 + free, uncabled + + iDRAC · .4 + shared-LOM/eno1 + + no other network cables — everything else on this host is VIRTUAL: + pfSense · ha-sofia (HA) · devvm · k8s-master + node1-6 · registry VM … + (power: host + switch fed from the UPS — power wiring not drawn) + + + LAN1 cable + + + + GARAGE ENTRANCE + + vermont-garage camera + HiLook IPC-T241H-C · 10.0.30.70 + powered over the data cable (PoE) + outdoor · armored conduit + + + single cat6 in conduit · data + PoE power (camera day) + + + + + copper, in place + + camera-day cable / dark port + + radio (wifi / cellular) + total wired links at the rack: 5 (all on the one switch) · ADR-0017 rev 3 + + diff --git a/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md b/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md index 3936d505..152e177b 100644 --- a/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md +++ b/docs/adr/0017-cctv-segment-dedicated-pfsense-leg.md @@ -4,6 +4,8 @@ Status: accepted (2026-07-02, rev 3 — single-switch) ![Network topology — dCCTV segment, flows, and camera-day steps](./0017-cctv-segment-topology.svg) +![Physical cabling — wires only, no VLANs](./0017-cctv-physical-cabling.svg) + The first owned camera at the Sofia/Vermont site (`vermont-garage`, HiLook IPC-T241H-C at the garage entrance) needs to be network-isolated: its cable is physically exposed outside the apartment, so anything plugged into that cable