Architectural design

%%{init: { "theme": "dark" } }%%
graph TD
    Internet-In[Internet In]
    Internet-Out[Internet Out]

    subgraph LAN1["LAN 1 (10.0.1.0/24)"]
        Router1["Gateway 1 (10.0.1.1)"]
    end

    subgraph LAN2["LAN 2 (10.0.2.0/24)"]
        Router2["Gateway 2 (10.0.2.1)"]
        Device2["MacBook Pro (10.0.2.2)"]
        Device3["Macbook Air (10.0.2.3)"]
        Device4["Mac Mini (10.0.2.4)"]
        Device5["iPhone (10.0.2.5)"]
    end

    subgraph LAN10["LAN 10 (10.0.10.0/24)"]
        Router10["Gateway 3 (10.0.10.1)"]
        Server["Server (10.0.10.2)"]
        subgraph ServerSystem["Server (10.0.10.2)"]
            subgraph Docker[Docker]
                Pi-hole[Pi-hole]
                subgraph ingress[ingress network]
                    Tunnel[cloudflared tunnel]
                    Traefik[Traefik]
                end
                subgraph web[web network]
                    Ghost[Ghost]
                    Shlink[Shlink]
                    Jellyfin[Jellyfin]
                end
                Ghost-db[Ghost DB]
                Shlink-db[Shlink DB]
            end
        end
    end

    Internet-In -- "Ingress" --> Tunnel
    Tunnel --> Traefik
    Device2 & Device3 & Device4 & Device5 -- "LAN" --> Router2
    Router2 -- "WAN" --> Router1
    Router2 -. "One Way VLAN" .-> Router10
    Router2 -. "DNS" .-> Server
    Router10 -- "LAN" --> Server
    Server -. "Port 53 (DNS)" .-> Pi-hole
    Server -. "Port 443 (HTTPS)" .-> Traefik
    Router1 -- "Egress" --> Internet-Out
    Pi-hole -. "Internal DNS" .-> Server
    Pi-hole -. "External DNS" .-> Internet-Out
    Internet-Out -.-> Internet-In
    Traefik --> Ghost & Shlink & Jellyfin
    Ghost --> Ghost-db
    Shlink --> Shlink-db