Architectural design

%%{init: { "theme": "dark" } }%%
graph TD
  Internet-In[Internet In]
  Internet-Out[Internet Out]

  subgraph LAN1["LAN 1 (10.0.1.0/24)"]
    Router1["Gateway 1 (10.0.1.1)"]
  end

  subgraph LAN2["LAN 2 (10.0.2.0/24)"]
    Router2["Gateway 2 (10.0.2.1)"]
    Device2["MacBook Pro (10.0.2.2)"]
    Device3["Macbook Air (10.0.2.3)"]
    Device4["Mac Mini (10.0.2.4)"]
    Device5["iPhone (10.0.2.5)"]
  end

  subgraph LAN10["LAN 10 (10.0.10.0/24)"]
    Router10["Gateway 3 (10.0.10.1)"]
    Server["Server (10.0.10.2)"]
    subgraph ServerSystem["Server (10.0.10.2)"]
      subgraph Docker[Docker]
        Pi-hole[Pi-hole]
        subgraph ingress[ingress network]
          Tunnel[cloudflared tunnel]
          Traefik[Traefik]
        end
        subgraph web[web network]
          Ghost[Ghost]
          Shlink[Shlink]
          Jellyfin[Jellyfin]
        end
        Ghost-db[Ghost DB]
        Shlink-db[Shlink DB]
      end
    end
  end

  Internet-In -- "Ingress" --> Tunnel
  Tunnel --> Traefik
  Device2 & Device3 & Device4 & Device5 -- "LAN" --> Router2
  Router2 -- "WAN" --> Router1
  Router2 -. "One Way VLAN" .-> Router10
  Router2 -. "DNS" .-> Server
  Router10 -- "LAN" --> Server
  Server -. "Port 53 (DNS)" .-> Pi-hole
  Server -. "Port 443 (HTTPS)" .-> Traefik
  Router1 -- "Egress" --> Internet-Out
  Pi-hole -. "Internal DNS" .-> Server
  Pi-hole -. "External DNS" .-> Internet-Out
  Internet-Out -.-> Internet-In
  Traefik --> Ghost & Shlink & Jellyfin
  Ghost --> Ghost-db
  Shlink --> Shlink-db