--- owner: gmikcon status: active last_reviewed: 2026-05-10 review_interval: 90d confidence: medium source_of_truth: owner-described-and-nmap-observed --- # Smart Home Overview The smart-home environment is a separate operational domain inside the home infrastructure. It is connected to both local networks through the dual-homed smart-home server. ## Core Host - Host inventory id: `smart-home-server`. - Home LAN address: `192.168.1.101`. - Home IoT LAN address: `192.168.2.101`. - Related host document: [../servers/smart-home-server.md](../servers/smart-home-server.md) ## Network Context Smart-home and IoT devices primarily belong to `home-iot-lan`: - CIDR: `192.168.2.0/24`. - Gateway: `192.168.2.1`. - Router interface: `re0` / `LANTECH`. - Wi-Fi nodes: `home_iot_0`, `home_iot_1`, `home_iot_2`. - Mesh mode: disabled intentionally. The smart-home server is also present on `home-lan`: - CIDR: `192.168.1.0/24`. - Gateway: `192.168.1.1`. - Router interface: `re2` / `LANMAIN`. Current policy allows full access between `home-lan` and `home-iot-lan`. Future policy may isolate the networks and may deny internet access from the IoT network. ## Known Service Surface Observed on `smart-home-server`: - SSH on TCP `22`. - HTTP on TCP `80`. - HTTPS on TCP `443`. - rpcbind on TCP `111`. The exact smart-home application stack still needs to be documented. ## Documentation Policy Document smart-home knowledge at three levels: - network topology and trust boundaries; - controller/server stack and backup procedure; - important device classes and automations. Do not promote every sensor, lamp, phone, TV, or temporary device into canonical inventory. Keep dynamic device sightings in discovery observations unless the device is infrastructure-relevant, has a static/reserved address, or participates in critical automation. ## Open Questions - Exact smart-home platform and version. - Backup procedure for smart-home configuration. - Device classes present in `home-iot-lan`. - Which devices require internet access. - Which devices should remain reachable from `home-lan` after future isolation.