Home Lab — na prvi pogled
Oracle VPS
| Hostname | vpn-server |
| IP | 130.162.209.80 |
| OS | Ubuntu 22.04 |
| CPU / RAM | 2 core / 1 GB |
| Uptime | 528 dana |
Mini PC
| Hostname | home-core-dev |
| LAN IP | 192.168.0.240 |
| WiFi IP | 192.168.0.241 |
| WireGuard IP | 10.8.0.6 |
| OS | Debian 13 (trixie) |
Aktivni URL-ovi
| URL | Servis | Status |
|---|---|---|
| ha.dzonicasa.xyz | Home Assistant | live |
| pihole.dzonicasa.xyz | Pi-hole DNS + AdBlock | live |
| docs.dzonicasa.xyz | Dokumentacija (ovo) | live |
Brzi linkovi
Svi servisi
Home Assistant
externiport 8123
Smart-home kontrola, automations, dashboardovi.
| URL | https://ha.dzonicasa.xyz |
| Lokalni | http://192.168.0.240:8123 |
| App (S22) | Unesi https://ha.dzonicasa.xyz |
| Trusted proxies | 172.18.0.0/16, 10.8.0.0/24 |
Pi-hole
externiDNS 53web 8180
DNS resolver + ad blocker + network monitoring. Vidi koji uređaj šta posećuje.
| URL | https://pihole.dzonicasa.xyz |
| Lokalni | http://192.168.0.240:8180/admin |
| Admin pass | dzonicasa2026 |
| DNS adresa | 192.168.0.240:53 |
Mosquitto MQTT
port 1883anon auth on
Message broker za IoT uređaje i Home Assistant komunikaciju.
OpenClaw Gateway
port 18789port 18790
Smart-home automation gateway. Trenutna verzija: v2026.3.25 (dostupna v2026.5.12).
Guest Portal
port 8090
Welcome stranica za goste, QR kod za WiFi, light-control webhooks.
SSH & Pristup
Oracle VPS SSH
ssh -i ~/.ssh/ssh-key-2024-10-17.key ubuntu@130.162.209.80Alias na WSL mašini: oracle-vps
Mini PC SSH
ssh devops@192.168.0.240 # LAN
ssh devops@192.168.0.241 # WiFiAliasi: mini-pc, mini-pc-lan, mini-pc-wifi
WireGuard Admin Panel
Port 51821 je blokiran spolja. Pristup samo kroz SSH tunel:
ssh -L 51821:localhost:51821 ubuntu@130.162.209.80
# Onda otvori: http://localhost:51821
# Lozinka: WZaadgj6Home Assistant App — Samsung S22
- Google Play → Home Assistant
- Unesi:
https://ha.dzonicasa.xyz - Loguj se svojim kredencijalima
- Dozvoli notifikacije i lokaciju
Security Hardening
Oracle VPS
| fail2ban | Aktivan — 3 neuspela SSH = 1h ban |
| Whitelist | 188.2.11.65 (kuća), 79.101.44.157 (office) |
| Port 111 rpcbind | zatvoren |
| Port 51821 wg-easy UI | zatvoren — samo SSH tunel |
| Otvoreno spolja | 22, 80, 443, 51820/udp |
Mini PC
| SSH | Key-only auth, root login off, X11 off |
| Firewall | INPUT DROP — samo potrebni portovi |
| Dozvoljeni portovi | 22, 53, 1883, 8090, 8123, 8180, 18555, 18789, 18790 |
| WireGuard | Ceo wg0 interfejs propušten |
| Docker subnetovi | 172.17/16, 172.18/16, 172.19/16 propušteni |
SSL Certifikati
| Domen | Izdaje | Ističe |
|---|---|---|
| ha.dzonicasa.xyz | Let's Encrypt | 15.08.2026 |
| pihole.dzonicasa.xyz | Let's Encrypt | 15.08.2026 |
| docs.dzonicasa.xyz | Let's Encrypt | 15.08.2026 |
Auto-renew na 12h kroz certbot kontejner.
⚠️ Mosquitto MQTT —
allow_anonymous true. Bilo ko na LAN-u može publish/subscribe. Treba dodati user/password — ali prvo proveri IoT uređaje.
Arhitektura
# Internet
│
▼
Oracle VPS 130.162.209.80 — vpn-server
├── Nginx HTTPS (80/443)
│ ├── ha.dzonicasa.xyz → Home Assistant
│ ├── docs.dzonicasa.xyz → Dokumentacija
│ └── pihole.dzonicasa.xyz → Pi-hole Admin
├── WireGuard Easy (Docker, 51820/udp)
├── Certbot (Let's Encrypt auto-renew, 12h)
├── fail2ban (SSH protection)
└── Firewall (iptables: 22, 80, 443, 51820/udp)
│
▼ WireGuard tunel (10.8.0.0/24)
│
Mini PC 10.8.0.6 — home-core-dev (Debian 13)
├── Home Assistant (192.168.0.240:8123, host net)
├── Pi-hole (53 DNS + 8180 web, Docker)
├── Mosquitto MQTT (1883, Docker)
├── Guest Portal (8090, Docker)
├── OpenClaw Gateway (18789/18790, Docker)
├── go2rtc (18555)
└── Firewall (INPUT DROP, allowlist portova)
WireGuard Peers
| Naziv | IP | Poslednji handshake |
|---|---|---|
| mini-pc | 10.8.0.6 | aktivan |
| dzoni-mob | 10.8.0.2 | 365d ago |
| dzoni-lenovo | 10.8.0.3 | 228d ago |
| vuk | 10.8.0.4 | ~1y ago |
| Cveta-laptop | 10.8.0.5 | nikad |
| vindoza | 10.8.0.7 | 243d ago |
Održavanje & Kako-da
SSL cert obnova
Automatski na svakih 12h (certbot kontejner). Ručno:
ssh oracle-vps
docker exec certbot certbot renew
docker exec nginx-proxy nginx -s reloadDodavanje novog subdomain-a
- Napravi nginx konfig u
~/nginx-proxy/conf.d/ - Izgeneriši SSL:
docker run --rm \
-v ~/nginx-proxy/certbot/www:/var/www/certbot \
-v ~/nginx-proxy/certbot/conf:/etc/letsencrypt \
certbot/certbot certonly --webroot \
--webroot-path=/var/www/certbot \
-d NOVI.dzonicasa.xyz- Aktiviraj HTTPS konfig i reload:
docker exec nginx-proxy nginx -s reload
Pi-hole update / restart
ssh mini-pc
docker pull pihole/pihole:latest
docker stop pihole && docker rm pihole
# pa ponovo docker run sa istim parametrimaKorisni aliasi (WSL ~/.bashrc)
alias mini-pc='ssh devops@192.168.0.240'
alias mini-pc-wifi='ssh devops@192.168.0.241'
alias oracle-vps='ssh -i ~/.ssh/ssh-key-2024-10-17.key ubuntu@130.162.209.80'
alias wg-ui='ssh -L 51821:localhost:51821 ubuntu@130.162.209.80'Domen i DNS
| Registrar | Spaceship |
| Domen | dzonicasa.xyz |
| Nameserveri | launch1.spaceship.net, launch2.spaceship.net |
| A record | * → 130.162.209.80 |