System Context
Map View
The following diagram provides a high-level orientation of the actors and systems involved in the Home Lab ecosystem.
flowchart TD
subgraph Users [Users]
Family["Family User"]
Owner["Admin"]
Public["Public Visitor"]
end
PublicPlane["Public Platform (behind Public Ingress)"]
InternalPlane["Internal Platform (LAN/VPN only)"]
subgraph Control ["Change Automation"]
Automation["CI/CD + IaC Pipelines"]
end
subgraph External ["External Dependencies"]
DNS["Cloud DNS"]
Internet["The Internet"]
end
Family -- "HTTPS / LAN / VPN" --> InternalPlane
Owner -- "SSH / Git / HTTPS" --> InternalPlane
Owner -- "Git / CI/CD" --> Automation
Public -- "HTTPS" --> PublicPlane
Automation -- "Deploys / Config" --> InternalPlane
Automation -- "Deploys / Config" --> PublicPlane
Automation -- "DNS record management (automation)" --> DNS
PublicPlane -- "Traffic" --> Internet
InternalPlane -- "Traffic" --> Internet
Actors & Systems
| Entity | Role | Description |
|---|---|---|
| Family User | Internal User | Accesses personal services (Wiki, Photos, Chat) from within the LAN or via VPN. |
| Admin | Infrastructure Owner | Manages the platform, security, and service configurations via SSH, Git, and HTTPS. |
| Public Visitor | External User | Accesses public-facing content and websites hosted on the platform. |
| Public Platform | Public Plane | Internet-facing services reachable through the public ingress. |
| Internal Platform | Internal Plane | Core services and management endpoints reachable only from LAN or VPN. |
| Change Automation | Control Plane | CI/CD and IaC pipelines that apply platform changes and manage DNS records. |
| Cloud DNS | External System | Managed DNS provider (risu.tech) updated by automation for split-horizon or public resolution. |
| The Internet | Network | Public network through which external visitors arrive and internal resources are reached. |