Data Flows & State Machines (Current Stack)
This page captures data-flow diagrams and state machines for the current home stack so we can replicate it in the office with Docker Compose.
A) Network flow (public → home)
flowchart TB
CF[Cloudflare DNS\nDNS-only] --> IP[203.76.123.78]
IP --> MT[MikroTik\nPort forward 80/443]
MT --> W[VM103 Web-edge\n10.10.9.103]
W --> C[Caddy TLS + forward_auth]
C --> AK[Authentik\nauth.aurbotstem.com]
C --> DOCS[Docs\ndocs.aurbotstem.com]
C --> PORTAL[Portal\nportal.aurbotstem.com]
C --> DASH[Dash\ndash.aurbotstem.com]
note right of MT
Known: add hairpin NAT or split-DNS
for LAN clients using public domains
end note
B) Authenticated web data-flow (Portal as the hub)
flowchart LR
U[User Browser] -->|HTTPS| C[Caddy (VM103)]
C -->|forward_auth| OP[Authentik Outpost]
OP --> AK[Authentik Server]
C --> PORTAL[Portal UI]
PORTAL -->|JSON fetch| VH[/api/vm-health/v1/status/]
VH --> SB[Second-brain :8000 /health]
VH --> AO[Agents-orchestrator :8090 /health]
VH --> MCP[Core VM102 10.10.9.104 :8787 /health]
C) Sensors pipeline (demo)
flowchart LR
DEV[RAK3112 device\nserial logs] -->|USB serial| SVC[Sensors Web (FastAPI)\n127.0.0.1:8510]
SVC -->|SSE /v1/events| UI[Browser UI /sensors/]
SVC --> PARSER[parse_sensor_line]\n(contract: sensor=... fields=... err=...)
D) State machine — “User experience” availability
stateDiagram-v2
[*] --> DNS_OK
DNS_OK --> Edge_OK: TCP 443 reachable
DNS_OK --> Fail: DNS wrong / AAAA / ISP issue
Edge_OK --> Auth_OK: forward_auth reachable
Edge_OK --> Fail: Caddy down / NAT broken
Auth_OK --> App_OK: login ok + proxy allow
Auth_OK --> Fail: Authentik down / hairpin NAT issue
App_OK --> Degraded: upstream partial failures
Degraded --> App_OK: upstream recovers
App_OK --> Fail: upstream dead
Fail --> DNS_OK: issue fixed
E) What’s next (office portability)
- Convert systemd-only apps into containers (agents-orchestrator, second-brain backend, vm-health, sensors) so office can run a pure
docker compose up -d. - Ensure all health checks go through SSO-protected
/api/...routes.