diff --git a/README.md b/README.md
index b49daec..5ad9606 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,20 @@
-# ingress
+# `network.tjo.cloud`
-Handling all Ingress traffic
+Handling networking between nodes and between virtual machines.
-## Setting up
+# Architecture
+
+
+
+ eyJ2ZXJzaW9uIjoiMSIsImVuY29kaW5nIjoiYnN0cmluZyIsImNvbXByZXNzZWQiOnRydWUsImVuY29kZWQiOiJ4nO1cXFlX4khcdTAwMTR+71/BcV6HTO1Lv6Fii1x1MDAwYtqK6/RcdTAwMWNPTFx1MDAwMkRCgiFcYjqn//tUUMnKXHUwMDEyxK2n6XNaqSSVW5X7fferWzf++6VUWlx1MDAwYu571trX0po1MnTHNn19uPZn2H5n+X3bc9UhNP7e91x1MDAwNr4xPrNcdTAwMWRcdTAwMDS9/te//oqu0Fxmr/t4leVYXctccvrqvL/V91Lp3/H/6ohthtdcdTAwMDZGdfNcdTAwMDHrZ9XW5ZZ5rG+TVv9Gji9cdTAwMWSf9GyMb1x1MDAxOYHutlx1MDAxYys6NFLtXHUwMDA0wsn3+9AyhDU6aVx1MDAxOdpm0Fx1MDAwZVtcdTAwMDWbtLUtu9VcdTAwMGVUI8N40vjY89dcdTAwMTKYtPRcdTAwMDPf61hcdTAwMWKe4/nh7f+AVvgvuvm1bnRavjdwzck5ga+7/Z7uq9FG5zVtxzlcdTAwMGXux72rXHUwMDE5U7OzlrrH2bORqfZpV6mbttqu1Vx1MDAwZmc0XHUwMDFhvNfTXHI7XGKnXHUwMDAwgmhcdTAwMTShhb2aOZ78f1wim3y9a9XC2XdcdTAwMDeOM2m2XdNcbud0TYeJu7nm092en1xc9FjwU8vPyHbLXG47hpJIiClikS2R+0DA0q11z1x1MDAxZLtcdTAwMTKEmFx1MDAxMUxcdTAwMDWPzrD7m8qHgnG3Td3pW9EzXGJtq8b8K1x1MDAxYeKgZ+qPl0COXHUwMDAxQ0RAgXHUqWO7nfT4XHUwMDFkz+hEd/lcdTAwMTJcdTAwMWJXymWNXVx1MDAxM7q7t3r9flhcdTAwMWTSKrr3z0+OXHUwMDE3dlksQdJlXHR+J4f9ozn+fHZnPX25t3KOIUNcdTAwMDCiXHUwMDFjb8268MRZKZSYYiHRMs46MS8ydOJh1lx1MDAxNTq4pdXKPofB4HRcdTAwMWbu7o2G+mSYXHQv033fXHUwMDFirk2O/Hz6bTpcdTAwMTSoMlx1MDAxYkm4XHUwMDFhKDjdzlXLrNTv6cA7qNxd7Fx1MDAxZFx1MDAxOTuNxaHAU1Cg8t3Y+9dcdTAwMDBcdTAwMDN6MVx1MDAxNlx1MDAxOOIhbdM8KCh3n4ZcdTAwMDVcdTAwMDRcdTAwMTCigjG6Qiw8e09gjYKk8z8631x1MDAwZWHYPOjt2sb5UVx1MDAxYuzsVfbuKnohKFx1MDAwMMFcdTAwMDBHq4FCvjVcdTAwMTkoJFx1MDAwNvOEXHUwMDAymkRcdTAwMDEjOShQgVFjiU9cdTAwMTZcdTAwMTSIrlx1MDAxNlx1MDAxM7+OokEkXHUwMDFmXHUwMDE4idOfo4HAnDOOXHUwMDExyYFcdTAwMDCZXHUwMDFlXHKQxFLFgqWkS8KOl7tp5HWht6lcdDj0vVHXXHUwMDFilba9fvxRem5wbD884jfRuqV3bSece5roquLYLXfM+1Yz1o+aicBW0n9yOPB60VFD9afbruXXXHUwMDE2XHRcdTAwMTmeb7dsV3dcdTAwMWEzLddcdTAwMDeBd2T1XHUwMDFmbVx1MDAwZvyBXHUwMDE1n1x1MDAxY2v7XHUwMDE5XHUwMDEwUEN0XHUwMDA2ZK9qh9+7h/WgXHUwMDA2T8pux240bftcXFx1MDAxNFx1MDAxMHJJ3GJcdTAwMTQ57yR2oYgxJzCFiGoy/uFFYCs5NNBnhm1cdTAwMTSLnPa3043j1jZsN6ujq2DwcO6W+89cdTAwMDReXHUwMDAw3XRcdTAwMDVcdTAwMTKQQiBcdTAwMTlhJFx1MDAwZvRCTlxye5hcdTAwMTLM4lTx6lFv98A9lj1cdTAwMTB4VefS275nOzv7W91Y1Pszv9vHi+3K0UZfXHUwMDFjnXs3XHUwMDAxXHUwMDFjnoiWe3q3cbaYsJzZ76dcdTAwMTGs+bO3QJQmXHUwMDAwpNDOsmhcdTAwMDdYgzj+yYKfgt9gf1x1MDAxMdjZ4pGcUIFcYlRLu1x1MDAxY0zzqZjGXHUwMDEwU6AkwDJKdnZcdTAwMWOHXHUwMDAws9iSZ4k47lrB0PM7WnDjaYbjXHLM0un+XHUwMDBm9+Cw3rfcvvXOkX1OOE1H9kXHsppYb3BkXHUwMDA25duOXWnsUX3n5OLS31xmXHUwMDE2XHUwMDAyPqSaXHUwMDEweZhcdTAwMWXTgMhcdTAwMTPrTGhopTzw6bX6K/DAt1x1MDAwMpKeck7VylaIvFUtnKHpXHUwMDA1UME9XHUwMDA2oVx1MDAxNSV4ek2zTS3u351cXLdcdTAwMWE9XHRH7GhIV1x1MDAxNS9cdTAwMTFcdTAwMTQ8pjuXoFx1MDAxOTgqnVXqP1xc9XOvUl9cdTAwMDWtXHUwMDE4alYsf1x1MDAwNrF0bdOMK+wktySMT1x1MDAxM8k0a1dDXHUwMDFj91x1MDAwZnhcdTAwMDSdPbC+V3ZuTas3sHWjlyWOaVx1MDAxYlx1MDAxNChC1nh68jcoINZA/JO3aph+znxcdTAwMDJBTWlcdTAwMTHya1x1MDAxMMgm73Xcc+9cdTAwMTbinavGXHLavsGnfnlcdTAwMTlcdTAwMDJ5+aqBXHUwMDAyqZZccjSbXHUwMDE0XHUwMDE4L1xyptNcboSMcYLxXHUwMDFiJsvu6WmgX3y7uDk+//7dUavuh3r1bFF5/3C77TTWb9qVy+P2RcDYaL/hXHUwMDFkrIyuMGeYxrG5vLzPXHUwMDFm5VwiUVx1MDAxZfFcdTAwMTRORV5cdTAwMTKO8iwwXHUwMDBiRfLfQMxcdTAwMDKRXHUwMDE3XGLkXFxcdTAwMTGq8lx1MDAxYpG7r1x1MDAxOFskpjU9QZDR5XJzM7ZcdTAwMTUpXHUwMDAykmNZwHczodZ2W75cdTAwMWFvpIJ/uPVvtfr5O2v5OVEvXHUwMDFkguePYjXBmJTL112MxNZ95Wrr+PSQU9o4X1xi35hrIes+f5JoZ1x1MDAwMOapeKrxeMI9XHUwMDA3+/+zjPvqsS9cbmBfSCSZpCBPxKvF9dRoiyXmVLDVq/jXXHKLRIpYNnI5XHUwMDE1/znU+yuo9uv6XHUwMDE2umUsOCPNnVx1MDAxYl5cdTAwMWVeXFxcdTAwMTmyXFygrCjFXHUwMDBmMndjOpb2jcl0tHxyX1x1MDAxYZhd01+DIc5qm43a+pG/eVx0ROW2XGYsXHQvq0swhMxniFwiuX3AMFTBX+blXHUwMDAxXHUwMDExztDJM3FIXHUwMDA2MGRcdTAwMDIvJVx1MDAxYZZT6ftOp79+/HBcbst73vpWJTjZ/T4wXHUwMDE3VelcdTAwMWYrqTBcdTAwMDOc+aNcXEilJ1fTXHUwMDFj5G6VS6qFXHQ7JFx1MDAxMOGA5y2mXHUwMDBiafbfqMyislIgbkPImYCS5MZtPL1cdTAwMTaQIcTwsnF7pitcdTAwMDMpiuwnZVwia2dwbfmuMiSheHcnraW6Z753Nn5OXHUwMDA0TIfhgkNakZxfL9dccv9cdTAwMWLdNGqbjr1Bt3e6/e3F5LycIec5y0uy/ZbzpVenhfVcIkt5yVx1MDAwNWFcdTAwMDTly/nptCAh4Vx1MDAxNMZWXHUwMDAxn1wiJ69cIlFs9+G3mi/EXHUwMDEzs8tcdTAwMTZSjyVBXHUwMDE0QiapgcQ0+0THx/aCJ1RcdTAwMTCdNp9cdDDBOlx1MDAwMe/CXHUwMDA0pt5vW29bS7exqCBHU1x1MDAwNbngYUG+zM3iIZApwZlAn3NcdTAwMDEpR/BccvPmXHUwMDA3zj25glV5yjq3+/tS75iN5kYh6EuBiVxcKkfY8+y07X/HLFx1MDAwNHFzweT3f/7MPbssXHUwMDEy55fh3Fx1MDAwYmK4XHUwMDE4fyfRXHUwMDE1mVE7ej/Y8LpdO1BjP1xm7c7QfqD7wbpyI9ttpY9Zrlx1MDAxOVx1MDAxZIk50tPLQ4uUXHUwMDE3jLnPXHUwMDE4hLNcdTAwMDU0ilx1MDAwMZVAXHUwMDEwgJAgMFrMh06v9+LQXHUwMDE4o3CUNDnrtqHplZBcXNqWnkGGMj5+LM1ClnPtXHJcdTAwMTdaXHUwMDE25bvaXHUwMDAyaojHXHUwMDAywJjkXHUwMDAwz928yKG5Qorn/8Vzm4trXHUwMDE5XHUwMDA0lCghXHUwMDEy5pZcZqPp+4Bqlap8lLFlVjhzSo0wXHUwMDA07EV6ozpSXCJBRfZSw9ebTdv4XHUwMDAwymOeXHUwMDBlSIuR6UNYjSyZXfU4S5YwXHUwMDE4PZtxXHUwMDE5XHUwMDExXHUwMDA3mqRcdTAwMDCDMGfBXGIg2eJCyISGoVxugGpdTDklOfX/XHUwMDFjaVx1MDAxMFx1MDAwYsyIkJRcdTAwMDNQbDXzfqWG74DtrVx1MDAxN2tcdTAwMTikXHUwMDEwRrmUOO9FXHUwMDE5nF3URC+NXHUwMDAxXHUwMDFjvl3wlnv/NYibXHUwMDFlrp32alu9dWe9vXezW21cdTAwMTfTMFLFlKUqXHUwMDE3i2iYMtSYXHUwMDEy7Fx1MDAxMlxuhqWCgnLyeVwiXHUwMDA1MqZhgVx1MDAwMKYq0NPYhsn4IE7hYX5vUzA2to5SXHJCQlx1MDAxOYJMkTZhYG5/Qlx1MDAxMVxiwlx1MDAxMKt7XHUwMDBiXHUwMDBlOKTJ/uQqXHUwMDA11YtlU1x1MDAxOWhYzVx1MDAxNmKQQMSB5Cx63WtJ4bSQrpv9Om3SQC6kipaUcywpVVx1MDAwZiljXHUwMDFmwslcdTAwMTmPP8KPo/TyXHUwMDAxuYjSXHUwMDAzTFPjXHUwMDAynFOgJC5MpsNxWFxcJlx1MDAxNDFBgDijSGbfLIaSaSysSIVIXG6BRKyHT1ei/lx1MDAwZXGjSM2pZGFxXGLLLmfDKc5Ejef4oFiHo8R7KCuThEKSQnVWXHUwMDE5SdjQbaev5JpV2vBcXNcyXHUwMDAyZfdcdTAwMGb32lxuhpblltpeX1nxXHUwMDAxVOJcdTAwMWNZllaJeaMqTVx1MDAxOdRqdOPsTOMs3Zj+e1x1MDAxN3npLJyT2MYxh/vQmH77V0O3XyxcdTAwMDUxopRKnluXgtnURDZcdTAwMDLKekDpckpwVq6ZSlx1MDAxMCtUfLeEXHUwMDEzwvHzMeBz5VdCvSmffVx1MDAwYn00+8WQmPyAXHUwMDFhoJgwiDDAQkBcdTAwMGWz6oMk31x1MDAxNEHFxMdCamn2lllcXC0pe0VI+VxiU4k5XHUwMDA38dl9VnMksYvGOClk8Fx1MDAxYqml2WVWs+hcdTAwMTKnsv8sVtczocu8WvvfZJlPlrVcdTAwMTeTJVx1MDAwNVx1MDAwNFx1MDAwMixZniqSUzP/Ku6pZyfp6t+tXHUwMDFmV7YslShbKVniXHUwMDA0V8aT86/HfLNrfEuJhHpYO02BxEKJWpElXHUwMDEyROOXrYjpZtb6JteFgFxuzFx1MDAxNX9JpKxUz1RkLORcdTAwMWaM6b48PdI1vdc7XHUwMDBllE9OZmLtzraG69P/Qs2XJ8NCXHUwMDA2scbo+/nl539cdTAwMDBMKlQifQ==
+
+
+
+
+ Proxmox Host network.tjo.cloud VM OPNsense 1x WAN 1x LAN ingress.tjo.cloud NGINX 1x LAN kubernetes.tjo.cloud Kubernetes Node 1x LAN External Traffic Tailscale Connection between hosts
\ No newline at end of file
+
+__WAN interface__ either represents an actual public interface (on Hetzner) or an interface in home LAN that has port-forwarded ports to it from home router.
+
+__LAN interface__ is an ordinary lan network.
+
+__ingress.tjo.cloud__ has port-forwarded all public ports to it (22, 25, 80, 443, 587 etc.). No other VM is accessible from the internet.
+
+__network.tjo.cloud__ establishes Tailscale VPN connection between other network.tjo.cloud VMs. Using subnet routing it makes it possible that each VM can connect to all other VMs on any Proxmox host.
+
+# Setting up new Host
### 1. Add new device to terraform.tfvars.
diff --git a/docs/arhitecture.excalidraw.svg b/docs/arhitecture.excalidraw.svg
new file mode 100644
index 0000000..d966dff
--- /dev/null
+++ b/docs/arhitecture.excalidraw.svg
@@ -0,0 +1,10 @@
+
\ No newline at end of file