diff --git a/README.md b/README.md index da17371..aa508e7 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ This repo contains the config and documentation for our installation at the "Ers * [Documentation](documentation/README.md) * [Incidents](documentation/INCIDENTS.md) -* [TODO](documentation/TODO.md) +* [Todo](documentation/TODO.md) ## Usage diff --git a/documentation/README.md b/documentation/CONFIGURATION.md similarity index 60% rename from documentation/README.md rename to documentation/CONFIGURATION.md index 11148ad..7e9a598 100644 --- a/documentation/README.md +++ b/documentation/CONFIGURATION.md @@ -1,49 +1,6 @@ -Doku: EAE - Am deutschen Platz +Installation and Confguration ============================== -Overview: --------- - -![Layer 1 Overview of Network](layer1_overview.png) - -IPAM / Device Overview: ------------------------ - -| Name | Location | MGMT IPv4 | MAC | Device | Notes | -| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- | -| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | | -| `sw-access01` | Büro | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | | -| `sw-access02` | Zelt 5 | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | | -| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | | -| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM | | -| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | | -| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | | -| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | | -| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | | -| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | | -| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | | - -Cloud VMs: ----------- - -| VM Name | IPv4 | IPv6 | Location | Provider | Type | Description | Notes | -| ---------------- | -------------- | ------------------------ | -------------------------- | -------- | ---- | ----------------------------------- | --------------------------- | -| `eae-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access | kvm access: `@hirnpfirsich` | - - -Networks: ---------- - -| Name | VLAN | v4 Space | v6 Space | Description | -| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- | -| `mgmt` | 1 | `10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks | -| `clients` | 2 | `10.84.2.0/22` | / | this is where the wifi clients live | -| `gigacube` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway | -| `backbone` | / | `10.254.254.0/30` | / | tunnel network between `gw-core01` and `eae-adp-jump01` | - -Configuration: --------------- - ### `sw-access0{1-2}` OS: diff --git a/documentation/MAIN.md b/documentation/MAIN.md new file mode 100644 index 0000000..7d44e4b --- /dev/null +++ b/documentation/MAIN.md @@ -0,0 +1,6 @@ +# Documentation + +* [System/Network Overview](OVERVIEW.md) +* [Installation and Configuration of Systems](CONFIGURATION.md) +* [Incidents](INCIDENTS.md) +* [Todo](TODO.md) diff --git a/documentation/OVERVIEW.md b/documentation/OVERVIEW.md new file mode 100644 index 0000000..6955e01 --- /dev/null +++ b/documentation/OVERVIEW.md @@ -0,0 +1,62 @@ +System/Network Overview +======================= + +Diagram: +-------- + +![Layer 1 Overview of Network](layer1_overview.png) + +IPAM / Device Overview: +----------------------- + +| Name | Location | MGMT IPv4 | MAC | Device | Notes | +| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- | +| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | | +| `sw-access01` | Büro | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | | +| `sw-access02` | Zelt 5 | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | | +| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | | +| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM | | +| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | | +| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | | +| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | | +| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | | +| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | | +| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | | + +Cloud VMs: +---------- + +| VM Name | IPv4 | IPv6 | Location | Provider | Type | Description | Notes | +| ---------------- | -------------- | ------------------------ | -------------------------- | -------- | ---- | ----------------------------------- | --------------------------- | +| `eae-adp-jump01` | `162.55.53.85` | `2a01:4f8:c0c:1281::/64` | Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access | kvm access: `@hirnpfirsich` | + + +Networks: +--------- + +| Name | VLAN | v4 Space | v6 Space | Description | +| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- | +| `mgmt` | 1 | `10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks | +| `clients` | 2 | `10.84.2.0/22` | / | this is where the wifi clients live | +| `gigacube` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway | +| `backbone` | / | `10.84.254.0/30` | / | tunnel network between `gw-core01` and `eae-adp-jump01` | + +WiFi Networks: +-------------- + +| SSID | Encryption | VLAN | Description | +| -------------------- | ---------- | ---- | ----------- | +| `GU Deutscher Platz` | / | 2 | | + +Remote Access / VPN: +-------------------- + +Remote access is possible via a `eae-adp-jump01`. +`gw-core01` digs a wireguard tunnel into `eae-adp-jump01` (network: `10.54.254.0/30`, wg port `51820`). +This point-to-point link is used to establish an ospf adjacency between the two routers. +(`gw-core01` uses `frr` as the routing daemon, `eae-adp-jump01` uses openbsds own `ospfd`). + +The most straight forward way to access machines inside the EAE is to use the `ProxyJump` feature of `ssh`. +Take a look at the `README.md` in the root of this repo for details. + +In the future there maybe wg profiles for admins to directly route into the network. diff --git a/documentation/layer1_overview.drawio b/documentation/layer1_overview.drawio index 565ab2a..45b69d2 100644 --- a/documentation/layer1_overview.drawio +++ b/documentation/layer1_overview.drawio @@ -1 +1 @@ -7V1tc5s6Fv41+dgMQgjwxyZtsruznelMZvZu75cOxrLNXmx5sBI799evAGGDjmJoakCO1aZ1OALZnOe8PDqS8A2+X+0fs2iz/MZmNL1xndn+Bn+5cd3QD8X/ueC1FHgBKgWLLJmVoprgKfmbSqEjpc/JjG4bJ3LGUp5smsKYrdc05g1ZlGVs1zxtztLmu26iBQWCpzhKofSPZMaX8raIc5T/gyaLZfXOyJEtq6g6WQq2y2jGdjUR/nqD7zPGePnban9P01x3lV7K6x7eaD18sIyueZcL8FPwn38tH/jrPnH/fnz6svqx/+OT55fdvETps7xj+Wn5a6WCjD2vZzTvBd3gu90y4fRpE8V5605gLmRLvkpl85ytuUQR+flxkqb3LGVZ0Reez6kfx0K+5Rn7i9ZaZsFkKnSH7+B9yVt9oRmn+5pI3ucjZSvKs1dximwlE1JeIo0OY4nB7gghqnBZ1uHzpDCSZrM49H3UrPhFKvdXFO0Nq+hZRMO5VtF+HNLp/DyKdkN8G7TrOhxW1QSo+k+aciHBQOXiPnlTr019rdmanlBulCaLtZDFQoVUNN7lqktE9PgsG1bJbJa/lxbNI96ODtD8WH5SjbP/OlYTgJXnQax8DVa4N6jcgcNPGFN9+JmGxCNnCj8ocFpdYjKsS+C3XALq+x0uIUWX5A0oNM0VnIETBKHhzNO5QuhOse+fxxX8dk8YNjngcFg1UyQUHejUPPEDHJ1JzSrhQR35Tn/mjM9OLFUiOXffIJL+1Cdn0isirXrFLhlSr6hdrdu/KI+XMo5uWLLmxYcgd+LHuRWf9t4p/hFx8r2QofxIyitZeYyaMu15yCsk1WutJSTkRFPRUp2i6S88toifYy75dzSl6Xe2TXjC8pwyZZyzVdNW1LzDWW5M0XZTjhDnyT63OpivCmXR7OsLLXVWJL9ltMkVu9ov8gHubZxsY4Ymt1nR190m+2dcfI5dktGUbrc/hVWXvSkW+/A5/6uzWMchToDPY7Ge04y4mrRGNIHA781eHWCfdCZG2PJQModm7mcZX7IFWwuwWY5cgcP/KOevMtBGz5w1Eaf7hP83v1zYZ3n0o9byZS97Lg5eq4O1uMHaRfnhj3rb8bLiqHHdd5olQkM50FI4+5yXG473JCQPSa6sLydp5ZY9ZzE9oUHp4DzKFpSfOE9SvFy7Jw1FmGnEk5dmfePsuENi/5gsovh5Sg0lnGfwPQyycDdO6fbmfAgou1fnq7ne0RHfcD5xAH1IOiRquOPRO81wSNzRIYlRDom8QW0BncsWnAFsYSuw5MoZ77cPEnQ0EGRWyIY1AkstjaCWZjFK5HejlKS3Sgmw08XuU8wy6sB092G5hW4oOiy3CEYk9ocU8o580iT7B6rxZj7pi0aQjlkiNCtJwKRQh/2I8Nej1ECGqQ75brFnFsnsah2uZ5Z5nGaZPZtHk3QG1j6EfZgVPuDU7C9yTAeVHE6+1tjdJGxrka+1lqo32OJCMqsjuIWV6VmvSzRCnSxQ3zvQEGQdaS7fQsek1S519Fr5kBfBhFP353aXFOYxDhlGE8PIMIZrGobMx+cotxoXW/2usdU3KrbCGbft7lMUx3S7/cgjIxS0j4x0c8y9jYyC9hwH0xouwnE+a9osWYRvpaHca5TKh6s5dxLoOi4Tjx+Ak2U6BClJl30c942zlc67ZZZG2h84zRzm7kpv+VlcC1PMIZFoPaWH7NJx8q635ALXSkSbTzGZXVE0mYwcTA6rh22Z5X3JHHWdrkETo7I5+u1yvB0q2aHSiEMlH5s2VCJ2qHT26Np1rFQZgynR9dRgCQbaD0NvfGTYYAl1WI9rR0t2tNQhwYw9WqoIZHO4hKJqyfk1xJPRh0u/vT7asuZrYs1bmr3oltb0Hrwwag1ebnBLnPofb8Bg5p6eVzBk3Xa+oqvBj2sCMwhyFX8ubfm2C+Lo8nVDs488kaDZIKtJZ4MusnI77Bq37NiyY401q9vyx66+VNvkmuw4nHvQoj9MRFF2v3pjD7bdDpsybTix4aTD1OT48QROs4t44kwnk48bT9TJyfEDiq3e2YDyXrYdgkcHjR5TtBW82Kv2XnzEmKJ5hNPoYaUq7NqwYsPKb04KYDJyTMGwIi1iijudzj9uTFFnBTzNRvhhAwoki3c39/jm7j5jhsIwwuPgOm4p7O+ZQTD9yqeUmZp/+wbJd81CyIPBTCJkal24b4SUR/2N/xg5GOkkQnBn3nUgpPrQ+BDBQTPlS7jO1zx4HAUefAZ4PDXEaeCpVu4NwhU8mIUEPKZWqfuGB/sKPJopsUHhIXBsKOC5hODWCzxhM/+M7j0EMgQBz1kevHyB8HhEgScYGx4XwJNG60sgb33Ac1h1Yww8cNOHgOcSRj+9wENAidjVVBKGRQiuyBAIXWt8A8/HHd2B4CoDAc+1sgNXWWR40Pto8MAFCAKea+XWKjzjkzdYPLhidgAeqj56cOsw234Rz/RUnu8atK/ZHf1ZrtIzzrc8V176vZgne3vAUH1NRdVFeUfyqqM9gY7A7ku1o/KWQUeFYR7u5zdsFVZRrjjS+75hkd6HVZQrprE+MYwn+bCKQpzVBaFT323+4Dihito5CvtEpU+a/FzVO4ZBDRZXLGqtvhaOjRqsuVjUWkeSo6MG6zChRU2dHXBNQw2WZ7BFTS2qVd9TaQxqsGqDHi8TNMfJYeslQAa3ympmXak6GBI2WM2xsKm+hhzjYINVHuQ43yxwSmrzwfaB0ZGDNQ/rcID+h2aBFsBKiAUNjLTV5KZdBjQobLBCYmEDKx+bRBLpylqDggYLJBa0li/6GR80WB+xoAE20sxq2vr+oKDB8ogFTeX+ocr9x/c1WB+xsIENqxOwcUk3Mz8obroHa/jRKtdammMl2oitc4GZgA7+N2ilK9B9d4PFsWWRM/KNw1G3Usbi2EJivNAwFGE9xaLYiiJCXdLjoECGsMZigWzlOQ6ocPbokeIwY4zXF4Hlz3f4xmY0P+P/ \ No newline at end of file +7V1Zc6O4Fv41ebQLIcTy2Fmnb92e6Zr0nb7dLykMss2MbVyYxE7/+hEgDOjIhjhsjnEvCZKQ4XxnRzpc4Zvl7iGw1/MvvksXV6ri7q7w7ZWqmrrJ/o8aXpMGRAyUtMwCz+VtWcOj94vyRoW3Pnsu3RQGhr6/CL11sdHxVyvqhIU2Owj8bXHY1F8Uv3VtzyhoeHTsBWz97rnhnN8XUbL236g3m6ffjBTes7TTwbxhM7ddf5trwndX+Cbw/TD5bbm7oYuIeCldkvPuD/TuLyygq7DKCfjR+Os/8/vwdeepvx4eb5c/dt9Hmp5M82Ivnvkd86sNX1MSBP7zyqXRLOgKX2/nXkgf17YT9W4Z6KxtHi4XvHvqr0KOItKjY2+xuPEXfhDPhadTqjsOa9+Egf8PzfW4hjVhtMPX8L74rb7QIKS7XBO/zwfqL2kYvLIhvJdYJDmFcx3GHINtBiFKcZnn4dN4o83ZZrafO6Ms+4UT9y2E1toltGtTcyoltO6YdDKth9CqicdGOa3NdklNAKl/0kXIWjAgObvPsEjXIr1W/ooeIa698GYr1uYwElLWeR2RzmPa4xPvWHquG32XFM0Mb0UGaHTMr1Qi7G/HygJYaRrESpdghRuDSm1Z/ZgOlaufiUk0UpP6QYZSKhJWuyKBD4kEpPcJIsGbzkkakNk3UVBaNhCEmq4mEwVTnWBdr0cU9HJJaNc4YLNdMlPECG3IyGzpBrZrIrPo8KCK/k5z7IxrdyxFR3KqHnAk9YlOaqIrIqV0xSppk66onKybf2jozLkeXfveKowvglyzv8qYXe2NEv8jbPANa0PREW9P25JjVGyTjkNa3JL+zPWYhBzpinvSIZL5zKyH/c1syX/tCV189Tde6PmRTZn4Yegvi7wi2p3Qj5jJ3qyTCHHq7SKug/YqJhYN7l5oQrPY+M3tdUTY5W4WRbhjx9s4PrLGQTzX9Tr47MTXsfUCuqCbzRPj6mQ2gWPvP0V/ZByrKEQxcD0cqylFjSsxa0SiCPTG+FUB/EldFmHzQ+45FG2/H4Rzf+avGNh+hFyMw980DF+5orWfQ7+ION154f+j0xl/Jkc/cj23Oz5zfPCaHqzYDeZOig5/5Puy0+KjwnlfaeAxCkVA80b3U5RuyO6Jtdx7EbFuj7qVG/85cOgRCnIBD+1gRsMj47iLF1H3KKMwNrVD76WY36gdd+jYP3gz23me0J46nDXIHgZWuJpPqTYmfAgQu1Hhy4leJogHhI8dQBniAokK4phJZz8EElcUSNIrgURaq7yA6uIFpQVe2DAsQ2HE6fxBjIoMgjpT2dT6EXpf/vo5+/zd+fRt9r8/ft7+OZK4knkOyZjhLmu9dp6Dl70LX6MZjz3DPAtFfmGnCsW1N/P9neajvkMcFLfluCzHhc7C3mw8p8CI0PDFrmH02fekjyDUPYMKvFObRpNyCH4ne8anMhrYr7kBPELJZv4aNeRiW1L0aJFu5Fm9dPwIcbOcyUZyCZmk7O/lHfHuEJf1My7rVziG9GrxGGkszQj4dLYdOX5AFegrfljHXJbHadcxN9p1zAtR8d50nuCMFSPlvVk9aEeb8sFJRRfL7JUPjk/xsPoXnon5kjHW+hWhVeUOVesXexwP0Rpmj2LEZgz8wfijX+oDrmt4o4+poMSH4z9z3p1llvXwn7medDbYo0JnVubgxlwm93pVImmUtRnidxsSB1nmNCdfIfOkxSll7rVwkWfhCS/Up83Wi9mjG2cYWT1zhjFcENSmPa7jWUXvdKteVbfqvdKt8HH1ZjuyHYduNh85MkJGeWQkW6DRWGRklNs4aNZwrI6jJQfFlIV5yAxFUiNkPlTJWMuQTZwYHt0Ag7k5BCZJZn0U9cBoYfJqlqVg9ls2M/sH34m0PMXnQhOzNyRSSWnAulR88t2YcYELjez1yCHuBWkTq2Nlsl96P6RZTjPmqOqzTmT1ypqjd6fjh1BpCJU6DJV03LdQiQyhUu3atWqslDJDX7TrsWAJKtoP497oqGfBEqqwmH2IloZoqYKB6TpaSh3IYriE7HS/xiXok87DpXdvLhi85kvymjc0eJEtrWlceWFUqrxUY0yU/EdrUZmpx58r9GTTA19RmfnHuYZ+OMip/jm3vQ8q0KPz1zUNPvKDBMnucok5a3WRlVqh5MLgHQ/esYSbxZoWXWdf0j2mRe/YnGqQoz+MRhG2jmtdB9tqhR3NgzoZ1EmFR5Pd6xP4mJ3pE2ViWR9Xn4gPJ7tXKEP2blAop3rbJqi71blOkWbwHC3de/ERdYqk/lnnaiVN7A5qZVAr73wogEnHOgXDjDTTKepkMv24OkV8KqBJqki0q1Cgs3h9dYOvrm8Cv6cwdFBLseKWwuYKbkHzy0v89dX+Ng2SrvYLIQ0qM45QX/PCTSMk1MnsvgYj1HQcIbgz7zIQEmWoe4hg0EzDOVzn2z94FAEeXAM8mqjiJPCkK/da8RU0aIUYPH3NUjcND9YFeCSPxFqFh8DYkMFzDsqtEXjMov3pXHoI9BAYPLVULT9DeDSx8I/RNTwqgGdhr87BeWsCnv2qm97AAzd9MHjOIfppBB4CUsSqJJPQLkJwRQZD6FL1Gygu3bkAwVUGDJ5L9Q5UYZHhnu6dwQMXIDB4LtW3FuHp3nmDyYML9g7AGwk6V24VnrafRUFcoZapUb5mt/NCyFwy6luey08VKn+CgCF9x0s6RXJH/KyMn8BEYPelOFFyy2CiuoqJEphFuWBNr+s90/Q6zKJcsBurk575STrMohBleUbo5Heb3yuKKaJWR2KfiO6TxD6n+Y52UIPJlQG1Ulkzu0YN5lwG1Eojyc5Rg3kYc0BNfDqg9g01mJ7BA2piUi19yWtvUINZG/RwnqApSgRbIwrSGAurmWWpaqNN2GA2Z4BNlDWk9A42mOVBivJlAE4wbTrYPtA5cjDnMQgccP/NfoFmwEzIABqItEXjJl0G1CpsMEMywAZWPhYdSSRLa7UKGkyQDKCVvOine9BgfmQADXgjRasmze+3ChpMjwygib6/Kfr+3csazI8MsIENqxbYuCR7Mt8qbrLCGrq9jKi2iLBifWTIc4EnARXkr9VMlyF7d8OAY8kiZ6T3DkfZSpkBxxInRjN7hiLMpwwolqKIUBXz2CqQJsyxDECW+jkKyHC2KZHSt2ejCvUIZ4x86wM3qyqOv1pRJ7Qn6XDlAKkOMzixxki3so9eoNEISTZJI10f65Jz8kTbn1f/W+nLiSZWM0nqf4jlSdS4GZQfjoeNFbG4SKQ+D5UJ1sU54iIpY1MsnhJt+AZVS5AuDO5/eRJn4T+7qqAsmPRiJr/394c0y0EuznPrEUGBPCzypCRIQUpTfCh1imL9O2G/zKJfPv/+7e7P3+++pR3se/Z9PdXP9YO0z8SNTQzLLx8u2GwiiGYdu8jlF39SLUeFlzC3xEJEsiJJhn5YgViqWPiIt1ug7pFxoEPRePEjAnr4ZWr4fDQMnj1psydv5bIvCiNef1vpI9HLCPzQ5reHMGmSzQk5xuaS5zypyW7H44CbH7suOq5dFXYvKOXvNpNUHBfxLtviIHlVU/TZ93zn+KA9qwhbFUr3R0jJz5khvz/isIvzjt0Q7+ORk964OajC81OFI62yKizLWYlrRzpWczDVsZ2dcUmYd4FDiCYkFEct7peR67cKFSkbD3yFWh8j2TYVS8K1VlNUefcrKg+92qZC7UzpOMT1KP+Zj28JOdKVxLMEaN90PjPr6eVrbMSXPzJODGWvtan85sdT/MyEG4/kswCzNlWI85grky9MY9OR7a5Hfz8v11H2hMfCQRrw/rGmq+vHW9jxGw1/rRh9+6me60fwtQhNibrR3o4gOwx8P8xvQY34+4vv0mjEvw== \ No newline at end of file diff --git a/documentation/layer1_overview.png b/documentation/layer1_overview.png index 9ec0775..0a223e0 100644 Binary files a/documentation/layer1_overview.png and b/documentation/layer1_overview.png differ