Prattenburg 19 — Installatiegids

Prattenburg 19 — Installatiegids

Alle configuratiecode per stap · Klik de kopieerknop en plak in terminal of UniFi · v2.0 · 2026

Hardware per locatie Netwerk

📦 Meterkast

ApparaatFunctieVLANIPVoeding
KPN GlasvezelkastISP modem/ONT230V
UCG-UltraRouter, firewall, UniFi controllerMgmt10.2.1.1230V
USW Lite 8 PoEMeterkast hoofdswitchTrunk10.2.1.2230V
HA NUC (primair)Home Assistant primairVLAN 2110.2.21.10230V
HA Yellow (failover)HA warm-standbyVLAN 2110.2.21.11USB-C
SLZB-06 #1 (Zigbee/Thread)Zigbee2MQTT coordinator #1VLAN 2110.2.21.12USB-C
SLZB-06 #2 (Zigbee/Thread)Zigbee2MQTT coordinator #2VLAN 2110.2.21.13USB-C
Hue Hub ProPhilips Hue verlichtingVLAN 10710.2.107.10230V
Somfy TaHoma SwitchRolluiken & zonweringVLAN 10710.2.107.14230V
Aqara Hub M2Zigbee + IR hubVLAN 10710.2.107.15230V
G400 Doorbell (PoE)UniFi deurbel cameraVLAN 4010.2.40.10PoE
USW Flex Mini (sub-switch)Extra poorten voor hubsTrunk10.2.1.5PoE

🛋️ Woonkamer

ApparaatFunctieVLANIPVoeding
U7 Pro WiFi 7Access point tri-bandTrunk10.2.1.4PoE+
Samsung TVSmart TV, Plex clientVLAN 3010.2.30.20230V
Google Hub(s)HA passief dashboardVLAN 10710.2.107.11/12230V

🔧 Hobbykamer

ApparaatFunctieVLANIPVoeding
Switch Ultra 42WHobbykamer switch + PoETrunk10.2.1.3230V
Minisforum UM890 Pro (HumLab)Docker stack, Plex, FrigateVLAN 3010.2.30.10230V
Buitencamera (outdoor)Achtertuin / zijkantVLAN 4010.2.40.11PoE

VLAN schema

VLANNaamSubnetDHCP poolDNSWiFi SSID
1Mgmt10.2.1.0/24geen DHCP
21Trusted10.2.21.0/24.100–.19910.2.30.10WiFi4Home
30Media10.2.30.0/24.100–.19910.2.30.10WiFi4Media
40Camera10.2.40.0/24.100–.1291.1.1.1
107IoT10.2.107.0/24.100–.25010.2.30.10IoT-Net
161Gasten10.2.161.0/24.100–.2501.1.1.1Gasten
VLAN 1 (Management) heeft geen DHCP. UniFi-apparaten krijgen hun management-IP automatisch via het UniFi Inform-mechanisme.

Switch configuratie — USW Lite 8 PoE (Meterkast)

PoortAangeslotenVLAN profielPoEOpmerking
P1UCG-Ultra (uplink)Trunk — alle VLANsUITUplink naar router
P2U7 Pro WiFi 7Trunk — alle WiFi VLANsPoE+ (~13W)AP woonkamer
P3Switch Ultra 42W (hobbykamer)TrunkUITCascade naar hobbykamer
P4HA NUC (primair)VLAN 21 untaggedUITVaste IP 10.2.21.10
P5HA Yellow (failover)VLAN 21 untaggedUIT!USB-C voeding — PoE ALTIJD UIT
P6G400 Doorbell CameraVLAN 40 untaggedPoE+ (~15W)Deurbel camera voordeur
P7USW Flex Mini (sub-switch hubs)TrunkPoE (~5W)Hue Pro + Somfy + Aqara + SLZB
P8ReservePoE beschikbaar

PoE budget: P2 13W + P6 15W + P7 5W = 33W van 52W totaal ✓

USW Flex Mini poortindeling (aan P7)

PoortAangeslotenVLANOpmerking
FM-P1SLZB-06 #1VLAN 21 untaggedUSB-C gevoed, data via eth
FM-P2SLZB-06 #2VLAN 21 untaggedUSB-C gevoed
FM-P3Hue Hub ProVLAN 107 untaggedSmart verlichting
FM-P4Somfy TaHoma SwitchVLAN 107 untaggedRolluiken
FM-P5Aqara Hub M2VLAN 107 untaggedZigbee + IR
HA Yellow: PoE ALTIJD uitschakelen op P5. De Yellow heeft geen 802.3af/at bescherming op de ethernet poort — PoE spanning beschadigt het apparaat.

Switch configuratie — Switch Ultra 42W (Hobbykamer)

PoortAangeslotenVLAN profielPoEOpmerking
P1USW Lite 8 PoE (uplink)TrunkUITUplink naar meterkast
P2HumLab Minisforum UM890 ProVLAN 30 untaggedUIT2.5 GbE — vaste IP 10.2.30.10
P3Buitencamera (outdoor)VLAN 40 untaggedPoE (~15W)Achtertuin/zijkant camera
P4–P8ReservePoE beschikbaarMax 42W totaal
Switch Ultra 42W heeft 8 PoE-poorten maar max 42W totaal budget. Met de buitencamera op ~15W blijft er 27W over voor eventuele toekomstige PoE-apparaten in de hobbykamer.

DHCP pools instellen in UniFi

Ga naar Settings → Networks → [VLAN naam] → DHCP

VLANStart IPEnd IPLeaseDNS serverOpmerking
VLAN 21 Trusted10.2.21.10010.2.21.19924u10.2.30.10AdGuard DNS
VLAN 30 Media10.2.30.10010.2.30.19924u10.2.30.10AdGuard DNS
VLAN 40 Camera10.2.40.10010.2.40.12912u1.1.1.1Geen AdGuard nodig
VLAN 107 IoT10.2.107.10010.2.107.25012u10.2.30.10AdGuard filtert telemetrie
VLAN 161 Gasten10.2.161.10010.2.161.2502u1.1.1.1Nooit intern DNS!
Gasten (VLAN 161) krijgen NOOIT 10.2.30.10 als DNS. Ze zouden anders interne hostnamen kunnen queryen. Gebruik altijd 1.1.1.1 of 8.8.8.8.

IP Reserveringen (MAC binding in UniFi)

Ga naar UniFi → Clients → [apparaat] → Fixed IP

VLAN 21 — Trusted

IPApparaatPrioriteit
10.2.21.10HA NUC (primair)🔴 Kritiek
10.2.21.11HA Yellow (failover)🔴 Kritiek
10.2.21.12SLZB-06 #1🟡 Aanbevolen
10.2.21.13SLZB-06 #2🟡 Aanbevolen
10.2.21.20HA Voice PE🟡 Aanbevolen
10.2.21.30Laptop AlwinOptioneel

VLAN 30 — Media

IPApparaatPrioriteit
10.2.30.10HumLab Minisforum UM890 Pro🔴 Kritiek — nooit wijzigen
10.2.30.20Samsung TV🟡 Aanbevolen (Wake-on-LAN)

VLAN 40 — Camera

IPApparaatPrioriteit
10.2.40.10G400 Doorbell Camera🔴 Kritiek (Frigate RTSP)
10.2.40.11Buitencamera (outdoor)🔴 Kritiek (Frigate RTSP)

VLAN 107 — IoT

IPApparaatPrioriteit
10.2.107.10Hue Hub Pro🟡 Aanbevolen
10.2.107.11Google Hub Keuken🟡 Aanbevolen
10.2.107.12Google Hub Woonkamer🟡 Aanbevolen
10.2.107.14Somfy TaHoma Switch🟡 Aanbevolen
10.2.107.15Aqara Hub M2🟡 Aanbevolen

VLAN 1 — Management

IPApparaat
10.2.1.1UCG-Ultra (gateway)
10.2.1.2USW Lite 8 PoE (meterkast)
10.2.1.3Switch Ultra 42W (hobbykamer)
10.2.1.4U7 Pro WiFi 7
10.2.1.5USW Flex Mini

Firewall rules (LAN-In, volgorde belangrijk)

#ActieBronDoelPoort
1ALLOWAlle VLANsestablished/related
2ALLOW10.2.21.10 (HA NUC)10.2.30.10 (HumLab)1883 (MQTT)
3ALLOW10.2.21.10 (HA NUC)10.2.30.10 (HumLab)5000 (Frigate)
4ALLOW10.2.21.10 (HA NUC)VLAN 107 (IoT)8008–8009 (Cast)
5ALLOW10.2.21.10 (HA NUC)10.2.107.10 (Hue Pro)80/443
6ALLOW10.2.21.12/13 (SLZB)10.2.21.10 (HA NUC)8123
7ALLOW10.2.30.10 (Frigate)VLAN 40 (Camera)554 (RTSP)
8ALLOWVLAN 2110.2.30.1032400 (Plex)
9DROPVLAN 107 (IoT)10.2.1.0/24 + 10.2.21.0/24Alles
10DROPVLAN 40 (Camera)10.2.21.0/24Alles
11DROPVLAN 161 (Gasten)10.2.0.0/16Alles
mDNS inschakelen: Settings → Security → Advanced → Multicast DNS → AAN voor alle VLANs. Hierdoor werkt Google Cast over VLAN-grenzen.

Smart Home Hubs overzicht Hubs

HubProtocolVLANIPHA integratie
Hue Hub ProZigbee (Hue)10710.2.107.10Philips Hue (native)
SLZB-06 #1Zigbee / Thread over Ethernet2110.2.21.12Zigbee2MQTT of ZHA
SLZB-06 #2Zigbee / Thread over Ethernet2110.2.21.13Zigbee2MQTT of ZHA
Somfy TaHoma SwitchRTS/io-homecontrol10710.2.107.14Overkiz / TaHoma (HACS)
Aqara Hub M2Zigbee + IR10710.2.107.15Xiaomi Miot (HACS)

SMLIGHT SLZB-06 configuratie

De SLZB-06 is een Zigbee/Thread coordinator die via ethernet communiceert. Verbind met het webinterface op het toegewezen IP.

Stap 1 — Webinterface openen

browser
http://10.2.21.12    # SLZB-06 #1
http://10.2.21.13    # SLZB-06 #2

Stap 2 — Zigbee2MQTT toevoegen aan docker-compose.yml

docker-compose.yml — toevoegen aan services:
  zigbee2mqtt:
    image: koenkk/zigbee2mqtt:latest
    container_name: zigbee2mqtt
    restart: unless-stopped
    ports:
      - "8099:8080"
    volumes:
      - /opt/humlab/zigbee2mqtt:/app/data
    environment:
      - TZ=Europe/Amsterdam

Stap 3 — Zigbee2MQTT configuratie

/opt/humlab/zigbee2mqtt/configuration.yaml
homeassistant: true
permit_join: false
mqtt:
  base_topic: zigbee2mqtt
  server: mqtt://10.2.30.10:1883
serial:
  port: tcp://10.2.21.12:6638   # SLZB-06 #1
  adapter: ember                 # voor Thread/Matter
frontend:
  port: 8080
advanced:
  log_level: info
Gebruik poort 6638 voor Zigbee en 6639 voor Thread op de SLZB-06. Check de exacte poort in het SLZB-06 webinterface onder "Serial settings".

HA Yellow — Failover setup

PoE ALTIJD uitgeschakeld op de switchpoort van de HA Yellow! Gebruik uitsluitend de meegeleverde USB-C voedingsadapter.

Failover workflow

  1. HA NUC (10.2.21.10) valt uit
  2. Open browser → ga naar http://10.2.21.11:8123
  3. HA Yellow heeft identieke config (gesynchroniseerd via backup)
  4. Herstel indien nodig de laatste backup van de NUC op de Yellow

Wekelijkse backup synchronisatie (cron op NUC)

HA → Settings → System → Backups → automatisch
# In Home Assistant: Settings → Add-ons → Google Drive Backup
# Of via de ingebouwde backup-scheduler:
# Settings → System → Backups → Schedule: dagelijks
# Bewaar: 7 kopieën

Ubuntu Desktop — Basisinstallatie HumLab

HumLab (Minisforum UM890 Pro) staat in de hobbykamer. Verbonden via Switch Ultra 42W poort P2, bedraad 2.5 GbE, VLAN 30, IP 10.2.30.10.
1 — systeem bijwerken
sudo apt update && sudo apt upgrade -y
sudo apt install -y curl wget git htop vainfo usbutils lm-sensors
2 — slaapstand uitschakelen
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
gsettings set org.gnome.desktop.session idle-delay 0
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
3 — autologin inschakelen (GNOME)
sudo nano /etc/gdm3/custom.conf
# Voeg toe of uncomment onder [daemon]:
# AutomaticLoginEnable = true
# AutomaticLogin = jouw-gebruikersnaam
4 — Coral TPU drivers
echo "deb https://packages.cloud.google.com/apt coral-edgetpu-stable main" | \
  sudo tee /etc/apt/sources.list.d/coral-edgetpu.list
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
sudo apt update && sudo apt install -y libedgetpu1-std
5 — AMD GPU verificatie (VAAPI)
vainfo 2>&1 | grep VAProfile   # verwacht: H264, HEVC
ls /dev/dri/                   # verwacht: card0, renderD128

MergerFS opslag (3× 4TB USB-C SSD = 12TB)

Gebruik ALTIJD UUID= in fstab voor USB-schijven. /dev/sdb etc. kunnen wisselen bij herstart en dan mount je verkeerde schijven!
1 — installeren & mountpunten aanmaken
sudo apt install -y mergerfs
sudo mkdir -p /mnt/disk1 /mnt/disk2 /mnt/disk3 /mnt/storage
sudo mkdir -p /mnt/storage/{media/{films,series},downloads/{complete,incomplete},backups,frigate}
2 — UUIDs opzoeken (noteer elke UUID)
sudo blkid | grep -E "sd[b-z]"
3 — /etc/fstab toevoegen (vervang UUID-waarden)
UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX  /mnt/disk1  ext4  defaults,nofail,x-systemd.device-timeout=30  0  2
UUID=YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY  /mnt/disk2  ext4  defaults,nofail,x-systemd.device-timeout=30  0  2
UUID=ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ  /mnt/disk3  ext4  defaults,nofail,x-systemd.device-timeout=30  0  2
/mnt/disk1:/mnt/disk2:/mnt/disk3  /mnt/storage  fuse.mergerfs  defaults,allow_other,use_ino,cache.files=off,moveonenospc=true,dropcacheonclose=true,category.create=mfs,nofail  0  0
4 — testen
sudo mount -a && df -h /mnt/storage   # verwacht: ~12TB zichtbaar

Docker Engine installeren

Docker installeren (officiële methode)
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
  sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
  https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list
sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker $USER && newgrp docker
Directory structuur aanmaken
sudo mkdir -p /opt/humlab/{adguard/{work,conf},mosquitto/{config,data,log},frigate/{config,media},zigbee2mqtt,plex/{config,transcode},prowlarr,sabnzbd,sonarr,radarr,bazarr,npm/{data,letsencrypt},homarr/{configs,data,icons},uptime-kuma}
sudo chown -R $USER:$USER /opt/humlab

Docker Compose — volledige stack

Geen "version:" veld in docker-compose.yml — dit is deprecated in Docker Compose v2 (Docker 25+) en geeft een waarschuwing.
/opt/humlab/docker-compose.yml
# /opt/humlab/docker-compose.yml
# Geen "version:" field — deprecated in Docker Compose v2

services:

  adguard:
    image: adguard/adguardhome:latest
    container_name: adguard
    restart: unless-stopped
    network_mode: host
    volumes:
      - /opt/humlab/adguard/work:/opt/adguardhome/work
      - /opt/humlab/adguard/conf:/opt/adguardhome/conf

  mosquitto:
    image: eclipse-mosquitto:latest
    container_name: mosquitto
    restart: unless-stopped
    ports:
      - "1883:1883"
      - "9001:9001"
    volumes:
      - /opt/humlab/mosquitto/config:/mosquitto/config
      - /opt/humlab/mosquitto/data:/mosquitto/data
      - /opt/humlab/mosquitto/log:/mosquitto/log

  zigbee2mqtt:
    image: koenkk/zigbee2mqtt:latest
    container_name: zigbee2mqtt
    restart: unless-stopped
    ports:
      - "8099:8080"
    volumes:
      - /opt/humlab/zigbee2mqtt:/app/data
    environment:
      - TZ=Europe/Amsterdam

  frigate:
    image: ghcr.io/blakeblackshear/frigate:stable
    container_name: frigate
    privileged: true
    restart: unless-stopped
    shm_size: "256mb"
    devices:
      - /dev/dri/renderD128:/dev/dri/renderD128   # AMD VAAPI
      - /dev/bus/usb:/dev/bus/usb                 # Coral USB TPU
    volumes:
      - /opt/humlab/frigate/config:/config
      - /opt/humlab/frigate/media:/media/frigate
      - /mnt/storage/frigate:/media/storage
      - type: tmpfs
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    ports:
      - "5000:5000"   # web UI
      - "8554:8554"   # RTSP
      - "8555:8555/tcp"
      - "8555:8555/udp"
    environment:
      FRIGATE_RTSP_PASSWORD: "jouw_rtsp_wachtwoord"
    labels:
      - "com.centurylinklabs.watchtower.enable=false"

  plex:
    image: lscr.io/linuxserver/plex:latest
    container_name: plex
    restart: unless-stopped
    network_mode: host
    devices:
      - /dev/dri:/dev/dri                         # AMD VAAPI hardware transcoding
    environment:
      - PUID=1000
      - PGID=1000
      - VERSION=docker
      - PLEX_CLAIM=claim-XXXXXX   # éénmalig via plex.tv/claim
    volumes:
      - /opt/humlab/plex/config:/config
      - /opt/humlab/plex/transcode:/transcode
      - /mnt/storage/media:/data/media

  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    restart: unless-stopped
    ports:
      - "9696:9696"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /opt/humlab/prowlarr:/config

  sabnzbd:
    image: lscr.io/linuxserver/sabnzbd:latest
    container_name: sabnzbd
    restart: unless-stopped
    ports:
      - "8080:8080"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /opt/humlab/sabnzbd:/config
      - /mnt/storage/downloads:/downloads

  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: sonarr
    restart: unless-stopped
    ports:
      - "8989:8989"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /opt/humlab/sonarr:/config
      - /mnt/storage:/data

  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    restart: unless-stopped
    ports:
      - "7878:7878"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /opt/humlab/radarr:/config
      - /mnt/storage:/data

  bazarr:
    image: lscr.io/linuxserver/bazarr:latest
    container_name: bazarr
    restart: unless-stopped
    ports:
      - "6767:6767"
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /opt/humlab/bazarr:/config
      - /mnt/storage/media:/data/media

  npm:
    image: jc21/nginx-proxy-manager:latest
    container_name: npm
    restart: unless-stopped
    ports:
      - "80:80"
      - "81:81"
      - "443:443"
    volumes:
      - /opt/humlab/npm/data:/data
      - /opt/humlab/npm/letsencrypt:/etc/letsencrypt

  watchtower:
    image: containrrr/watchtower:latest
    container_name: watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_SCHEDULE=0 0 4 * * *

  homarr:
    image: ghcr.io/ajnart/homarr:latest
    container_name: homarr
    restart: unless-stopped
    ports:
      - "7575:7575"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/humlab/homarr/configs:/app/data/configs
      - /opt/humlab/homarr/data:/data
      - /opt/humlab/homarr/icons:/app/public/icons

  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    restart: unless-stopped
    ports:
      - "3001:3001"
    volumes:
      - /opt/humlab/uptime-kuma:/app/data
Stack starten
cd /opt/humlab && docker compose up -d
docker compose ps   # alles should show "running"

AdGuard Home — DNS blokkering

Doe dit EERST vóór je AdGuard start. Ubuntu gebruikt systemd-resolved op poort 53 — dat conflicteert met AdGuard.
1 — systemd-resolved uitschakelen
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo rm /etc/resolv.conf
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
sudo chattr +i /etc/resolv.conf
2 — na AdGuard setup: lokale DNS
sudo chattr -i /etc/resolv.conf
echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
sudo chattr +i /etc/resolv.conf

Setup: open http://10.2.30.10:3000 → wizard → listening interface: eth0, DNS poort: 53, upstream: 1.1.1.1 + 9.9.9.9

Aanbevolen blocklists (AdGuard → Filters → DNS blocklists)

NaamURL (plak in AdGuard)
AdGuard DNS filterhttps://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
OISD (groot)https://big.oisd.nl/domainswild
Steven Black hostshttps://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

Mosquitto MQTT configuratie

Een lege mosquitto.conf start NIET — je moet minimaal listener en allow_anonymous definiëren.
/opt/humlab/mosquitto/config/mosquitto.conf
listener 1883
allow_anonymous true
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
verbinding testen (op HumLab of HA NUC)
mosquitto_sub -h 10.2.30.10 -t "#" -v &   # subscribe op alles
mosquitto_pub -h 10.2.30.10 -t test -m "hallo"   # publish test

Frigate NVR — config.yml

/opt/humlab/frigate/config/config.yml
mqtt:
  host: 10.2.30.10
  port: 1883

detectors:
  coral:
    type: edgetpu
    device: usb

ffmpeg:
  hwaccel_args: preset-vaapi   # AMD Radeon 780M

cameras:
  voordeur:
    ffmpeg:
      inputs:
        - path: rtsp://10.2.40.10:554/stream   # G400 deurbel
          roles: [detect, record]
    detect:
      width: 1920
      height: 1080
      fps: 5
    record:
      enabled: true
      retain:
        days: 14
        mode: motion

  achtertuin:
    ffmpeg:
      inputs:
        - path: rtsp://10.2.40.11:554/stream   # outdoor camera
          roles: [detect, record]
    detect:
      width: 1920
      height: 1080
      fps: 5
    record:
      enabled: true
      retain:
        days: 7
        mode: motion
Coral TPU verificatie
lsusb | grep -i google          # verwacht: "Google Inc. Coral USB"
docker logs frigate 2>&1 | grep -i "coral\|detector"

Plex Media Server — hardware transcoding

Plex Pass hardware transcoding inschakelen
# In Plex Web UI (http://10.2.30.10:32400/web):
# Settings → Troubleshooting → Hardware-Accelerated Transcoding: AAN
# Settings → Transcoder → Hardware transcoding: enable
VAAPI verificatie in Plex container
docker exec plex vainfo 2>&1 | head -20   # verwacht: VAProfileH264, HEVC

Backup strategie

/opt/humlab/backup.sh — aanmaken
#!/bin/bash
DATUM=$(date +%Y-%m-%d)
DEST="/mnt/storage/backups/humlab-$DATUM.tar.gz"
tar -czf "$DEST" /opt/humlab --exclude /opt/humlab/plex/transcode
# Verwijder backups ouder dan 7 dagen
find /mnt/storage/backups -name "humlab-*.tar.gz" -mtime +7 -delete
echo "Backup klaar: $DEST"
cron instellen (dagelijks 03:00)
chmod +x /opt/humlab/backup.sh
(crontab -l 2>/dev/null; echo "0 3 * * * /opt/humlab/backup.sh") | crontab -

SSID strategie & WiFi instellingen WiFi

SSIDVLANBandBeveiligingZichtbaarGebruik
WiFi4Home212.4 + 5 + 6 GHzWPA3✅ JaTelefoons, laptops, HA-apparaten
WiFi4Media302.4 + 5 GHzWPA2/3🔒 VerborgenChromecast, Smart TV
IoT-Net1072.4 GHz onlyWPA2🔒 VerborgenGoogle Hubs, sensoren, IoT
Gasten1612.4 + 5 GHzWPA2✅ JaBezoekers
SSID verbergen: Settings → WiFi → [SSID] → Advanced → Hide SSID. Apparaten die al verbonden waren blijven verbonden — ze onthouden het netwerk.
IoT-Net: Fast Roaming UIT zetten! Veel IoT-apparaten (incl. Google Hubs) hebben problemen met 802.11r. DTIM period: 3 voor batterijbesparing.

mDNS & Cross-VLAN casting

Inschakelen: UniFi → Settings → Security → Advanced → Multicast DNS → AAN voor alle VLANs.

Google Cast benodigde poorten (firewall rule)

ProtocolPoort(en)Richting
TCP8008, 8009HA (VLAN 21) → Google Hub (VLAN 107)
UDP32768–61000Beide richtingen
UDP Multicast5353mDNS (verwerkt door UniFi proxy)

Home Assistant automatisering — Google Hub dashboard HA

automation.yaml — permanent dashboard casten
alias: "Google Hub Keuken: Permanent Dashboard"
description: "Houdt HA dashboard actief — herstart elke 9 min"
trigger:
  - platform: time_pattern
    minutes: "/9"
  - platform: state
    entity_id: media_player.google_hub_keuken
    to: "idle"
  - platform: homeassistant
    event: start
condition: []
action:
  - action: cast.show_lovelace_view
    data:
      dashboard_path: dashboard-hub
      view_path: home
      entity_id: media_player.google_hub_keuken
mode: restart
automation.yaml — meerdere Hubs tegelijk
action:
  - repeat:
      for_each:
        - media_player.google_hub_keuken
        - media_player.google_hub_woonkamer
      sequence:
        - action: cast.show_lovelace_view
          data:
            dashboard_path: dashboard-hub
            view_path: home
            entity_id: "{{ repeat.item }}"

Filmmodus automatisering

automation.yaml — filmmodus via spraak
alias: "Filmmodus activeren"
trigger:
  - platform: conversation
    command: "filmmodus"
action:
  - service: media_player.turn_on
    target:
      entity_id: media_player.samsung_tv
  - service: media_player.select_source
    data:
      source: "HDMI 1"
    target:
      entity_id: media_player.samsung_tv
  - service: light.turn_off
    target:
      area_id: woonkamer

Frigate ↔ Home Assistant MQTT integratie

Stap 1 — MQTT integratie in HA

  1. Settings → Integrations → MQTT → Broker: 10.2.30.10, Poort: 1883
  2. Test verbinding → Save
  3. Frigate HACS integratie installeren: HACS → Integrations → "Frigate NVR Integration"
  4. Herstart HA → Settings → Integrations → Frigate → Host: http://10.2.30.10:5000
automation.yaml — persoon gedetecteerd notificatie
alias: "Frigate: Persoon bij voordeur"
trigger:
  - platform: mqtt
    topic: frigate/voordeur/person
    payload: "1"
action:
  - service: notify.mobile_app_alwin
    data:
      title: "Beweging gedetecteerd"
      message: "Persoon gezien bij de voordeur"
      data:
        url: /lovelace/cameras
        image: /api/frigate/notifications/{{trigger.payload_json.id}}/snapshot.jpg
  - service: notify.mobile_app_renate
    data:
      title: "Beweging voordeur"
      message: "Iemand bij de voordeur"

Frigate MQTT topics overzicht

TopicPayloadBeschrijving
frigate/eventsJSONAlle detectie-events
frigate/voordeur/person0/1Persoon bij voordeur
frigate/achtertuin/person0/1Persoon achtertuin
frigate/statsJSONFPS, detectie statistieken

Poorten & services quickref Referentie

ServicePoortIPURL
UCG-Ultra (UniFi)44310.2.1.1https://10.2.1.1
Home Assistant (primair)812310.2.21.10http://10.2.21.10:8123
Home Assistant (failover)812310.2.21.11http://10.2.21.11:8123
SLZB-06 #1 (webUI)8010.2.21.12http://10.2.21.12
SLZB-06 #2 (webUI)8010.2.21.13http://10.2.21.13
AdGuard Home300010.2.30.10http://10.2.30.10:3000
Mosquitto MQTT188310.2.30.10mqtt://10.2.30.10:1883
Zigbee2MQTT809910.2.30.10http://10.2.30.10:8099
Frigate NVR500010.2.30.10http://10.2.30.10:5000
Plex Media Server3240010.2.30.10http://10.2.30.10:32400/web
SABnzbd808010.2.30.10http://10.2.30.10:8080
Sonarr898910.2.30.10http://10.2.30.10:8989
Radarr787810.2.30.10http://10.2.30.10:7878
Prowlarr969610.2.30.10http://10.2.30.10:9696
Bazarr676710.2.30.10http://10.2.30.10:6767
Nginx Proxy Manager8110.2.30.10http://10.2.30.10:81
Homarr dashboard757510.2.30.10http://10.2.30.10:7575
Uptime Kuma300110.2.30.10http://10.2.30.10:3001
Hue Hub Pro80/44310.2.107.10http://10.2.107.10
Somfy TaHoma Switch8010.2.107.14http://10.2.107.14
Aqara Hub M28010.2.107.15http://10.2.107.15

Docker commando's quickref

stack beheer
cd /opt/humlab
docker compose up -d                          # start alle containers
docker compose down                           # stop alle containers
docker compose pull && docker compose up -d   # update alle images
docker compose ps                             # status overzicht
docker compose logs -f frigate                # live logs van één service
onderhoud
docker restart plex          # herstart één container
docker image prune -f        # verwijder ongebruikte images
docker stats                 # live CPU/geheugen gebruik

Systeemcommando's quickref

diagnostiek
df -h /mnt/storage && df -h /           # schijfruimte
mount | grep mergerfs                   # MergerFS status
lsusb | grep -i google                  # Coral TPU detectie
vainfo 2>&1 | grep VAProfile            # GPU VAAPI check
sensors | grep -E "Tctl|Tdie|edge"      # temperaturen
sudo blkid | grep -E "sd[b-z]"          # USB-schijf UUIDs
sudo systemctl status sleep.target      # slaapstand status