docs: replace ASCII diagram with mermaid in remote-access plan

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 16:28:57 +01:00
parent 59f0c7ceda
commit fcc410afad
1 changed files with 19 additions and 23 deletions
--- a/docs/plans/remote-access.md
+++ b/docs/plans/remote-access.md
@@ -24,29 +24,25 @@ After evaluating WireGuard gateway vs Headscale (self-hosted Tailscale), the **W
 ## Architecture
-```
+```mermaid
-                    ┌─────────────────────────────────┐
+graph TD
-                    │  VPS (OpenStack)                │
+    clients["Laptop / Phone\n(WireGuard clients)"]
-  Laptop/Phone ──→ │  WireGuard endpoint             │
+
-  (WireGuard)      │  Client peers: laptop, phone    │
+    vps["VPS (OpenStack)\nWireGuard endpoint\nClient peers: laptop, phone\nRoutes 10.69.13.0/24 via tunnel"]
-                    │  Routes 10.69.13.0/24 via tunnel│
+
-                    └──────────┬──────────────────────┘
+    extgw["extgw01 (gateway + bastion)\nWireGuard tunnel to VPS\nFirewall (allowlist only)\nSSH + 2FA (full access)"]
-                               │ WireGuard tunnel
+
-                               ▼
+    internal["Internal network 10.69.13.0/24"]
-                    ┌─────────────────────────────────┐
+    grafana["monitoring01:3000\nGrafana"]
-                    │  extgw01 (gateway + bastion)    │
+    jellyfin["jelly01:8096\nJellyfin"]
-                    │  - WireGuard tunnel to VPS      │
+    arr["*-jail hosts\narr stack"]
-                    │  - Firewall (allowlist only)    │
+
-                    │  - SSH + 2FA (full access)      │
+    clients -->|"WireGuard"| vps
-                    └──────────┬──────────────────────┘
+    vps -->|"WireGuard tunnel"| extgw
-                               │ allowed traffic only
+    extgw -->|"allowed traffic only"| internal
-                               ▼
+    internal --- grafana
-                    ┌─────────────────────────────────┐
+    internal --- jellyfin
-                    │  Internal network 10.69.13.0/24 │
+    internal --- arr
                    │  - monitoring01:3000 (Grafana)  │
                    │  - jelly01:8096 (Jellyfin)      │
                    │  - *-jail hosts (arr stack)     │
                    └─────────────────────────────────┘
 ```
 ### Existing path (unchanged)