eae-am-deutschen-platz/documentation/README.md

Doku: EAE - Am deutschen Platz
==============================

Overview:
--------

![Layer 1 Overview of Network](layer1_overview.png)

IPAM / Device Overview:
-----------------------

| Name           | Location  | MGMT IPv4    | MAC                 | Device               | Notes |
| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- |
| `gw-core01`    | Büro      | `10.84.1.1`  | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX |       |
| `sw-access01`  | Büro      | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP     |       |
| `sw-access02`  | Zelt 5    | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP     |       |
| `hyper01`      | Büro      | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? |       |
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM           |       |
| `ap-2bbf`      | Zelt 4    | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105         |       |
| `ap-1a38`      | Zelt 5    | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105         |       |
| `ap-0b99`      | Zelt 2    | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105         |       |
| `ap-c5d1`      | Büro      | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105         |       |
| `ap-c495`      | Zelt 3    | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105         |       |
| `ap-8f42`      | Zelt 1    | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105         |       |

Cloud VMs:
----------

| VM Name          | IPv4           | IPv6                     | Location                   | Provider | Type | Description                         | Notes                       |
| ---------------- | -------------- | ------------------------ | -------------------------- | -------- | ---- | ----------------------------------- | --------------------------- |
| `eae-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner  | CX11 | vpn and jump host for remote access | kvm access: `@hirnpfirsich` |


Networks:
---------

| Name       | VLAN | v4 Space          | v6 Space | Description                                                           |
| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
| `mgmt`     |   1  | `10.84.1.0/24`    | /        | default network which is used for administrative and monitoring tasks |
| `clients`  |   2  | `10.84.2.0/22`    | /        | this is where the wifi clients live                                   |
| `gigacube` |   /  | `192.168.8.0/24`  | /        | created by the gigacube. wan for our gateway                          |
| `backbone` |   /  | `10.254.254.0/30` | /        | tunnel network between `gw-core01` and `eae-adp-jump01`               |

Configuration:
--------------

### `sw-access0{1-2}`

OS:
- `OpenWrt 21.02.3`
- custom build with [garet](https://git.sr.ht/~hirnpfirsich/garet)
- profile: `zyxel-gs1900-8hp_21.02.3`
- commit: `31b86557add49187a2ee161465b51fe120076a3c`

Config:
1. configure `sw-access01`:
```
uci batch << EOF
# configure hostname
set system.@system[0].hostname=sw-access01

# configure mgmt ip
set network.mgmt.ipaddr=10.84.1.11
EOF
```
2. configure `sw-access02`:
```
uci batch << EOF
# configure hostname
set system.@system[0].hostname=sw-access02

# configure mgmt ip
set network.mgmt.ipaddr=10.84.1.12
EOF
```
3. finish config on both nodes:
```
# configure root password
passwd

uci batch << EOF
# configure mgmt ip
set network.mgmt.proto=static
set network.mgmt.netmask=255.255.255.0
set network.mgmt.gateway=10.84.1.1
add_list network.mgmt.dns=10.84.1.1

# create clients vlan for switch
set network.clients_vlan=bridge-vlan
set network.clients_vlan.device=switch
set network.clients_vlan.vlan=2
set network.clients_vlan.ports="lan1:t lan2:t lan3:t lan4:t lan5:t lan6:t lan7:t lan8:t"
EOF

uci commit
/etc/init.d/system reload
/etc/init.d/network reload
```
4. install `rsync` (will be included in the next image!)

### `ap-xxxx`

OS:
- `OpenWrt 21.02.3`
- custom build with [garet](https://git.sr.ht/~hirnpfirsich/garet)
- profile: `aruba-ap-105_21.02.3`
- commit: `18ced036173a23280efd3b87df06ccaa46eb9a04`

1. initially configure password and ip for every ap:
```
passwd

uci batch << EOF
set network.mgmt.proto=static
set network.mgmt.ipaddr=10.84.1.37
set network.mgmt.netmask=255.255.255.0
set network.mgmt.gateway=10.84.1.1
add_list network.mgmt.dns=10.84.1.1
EOF
uci commit network
/etc/init.d/network reload
```

2. configure network via `playbook_provision_aps.yml`

### hyper01

OS:
- Proxmox VE 7.2-1

Installation Questions:
- Proxmox Virtual Environment (PVE)
- Target Harddrive: Options
    - Filesystem: `zfs (RAID0)`
    - Disk Setup
        - Harddisk 0: /dev/sda (300GB)
    - Advanced Options:
        - copies: 2
- Location and Time Zone selection:
    - Country: Germany
    - Time zone: Europe/Berlin
    - Keyboard Layout: German
- Administration Password and Email Address
    - Password: `pass EAE_Am-Deutschen-Platz/hyper01`
    - EMail: `info@freifunk-leipzig.de`
- Mangement Network Configuration
    - Management Interface: `enp2s0`
    - Hostname (FQDN): `hyper01.eae-adp.freifunk-leipzig.de`
    - IP Address (CIDR): `10.84.1.21/24`
    - Gateway: `10.84.1.1`
    - DNS Server: `10.84.1.1`

Postinstall cleanup:

* remove enterprise repos and activate community repo:
```
root@hyper01:/etc/apt# rm /etc/apt/sources.list.d/pve-enterprise.list 
root@hyper01:/etc/apt# cat > /etc/apt/sources.list.d/pve-no-subscription.list << EOF
> # PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
> EOF
root@hyper01:/etc/apt#
```
* update: `apt update && apt dist-upgrade -y && reboot`
* install alpine template: `pveam update && pveam download local alpine-3.16-default_20220622_amd64.tar.xz`
* remove alpine template and download debian template

### eap-adp-jump01

OS:
- OpenBSD 7.1

Installation:
- with full disk encryption: https://www.openbsd.org/faq/faq14.html#softraidFDE
- via autoinstall

1. boot into OpenBSD iso
2. type s to open the shell after booting
```
Welcome to the OpenBSD/amd64 7.1 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
```
3. create encrypted drive
```
# cd /dev && sh MAKEDEV sd0
# dd if=/dev/urandom of=/dev/rsd0c bs=1m
# fdisk -iy sd0
# disklabel -E sd0
[...]
> a a
> 64
> *
> RAID
> w
> q
# bioctl -c C -l sd0a softraid0
[...]
passphrase
passphrase again
# cd /dev && sh MAKEDEV sd1
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
```
4. execute autoinstall
```
# cd /
# ifconfig vio0 autoconf
# ftp https://git.sr.ht/~hirnpfirsich/ffl-eae-adp/blob/master/files/eae-adp-jump01.install.conf
# install -a -f eae-adp-jump01.install.conf
[...]
# reboot
```
5. install syspatches
```
eae-adp-jump01# syspatch
[...]
eae-adp-jump01# syspatch
[...]
eae-adp-jump01# reboot
```
6. install python3 for ansible
```
eae-adp-jump01# pkg_add python3
```