75549ae079
that looks pretty shitty :) |
||
---|---|---|
.. | ||
INCIDENTS.md | ||
README.md | ||
TODO.md | ||
build | ||
layer1_overview.drawio | ||
layer1_overview.png |
README.md
Doku: EAE - Am deutschen Platz
Overview:
IPAM / Device Overview:
Name | Location | MGMT IPv4 | MAC | Device | Notes |
---|---|---|---|---|---|
gw-core01 |
Büro | 10.84.1.1 |
78:8a:20:bd:b6:ae |
Ubiquiti EdgeRouterX | |
sw-access01 |
Büro | 10.84.1.10 |
bc:cf:4f:e3:bb:8d |
Zyxel GS1800-8HP | |
sw-access02 |
Zelt 5 | 10.84.1.11 |
bc:cf:4f:e3:ac:39 |
Zyxel GS1800-8HP | |
hyper01 |
Büro | 10.84.1.21 |
00:23:24:54:f0:fe |
Lenovo ThinkCentre ? | |
monitoring01 |
hyper01 |
10.84.1.51 |
16:b9:13:c3:10:5e |
Proxmox VM | |
ap-2bbf |
Zelt 4 | 10.84.1.30 |
24:de:c6:cc:2b:bf |
Aruba AP-105 | |
ap-1a38 |
Zelt 5 | 10.84.1.35 |
24:de:c6:c3:ac:7c |
Aruba AP-105 | |
ap-0b99 |
Zelt 2 | 10.84.1.32 |
6c:f3:7f:c9:0b:99 |
Aruba AP-105 | |
ap-c5d1 |
Büro | 10.84.1.33 |
ac:a3:1e:cf:c5:d1 |
Aruba AP-105 | |
ap-c495 |
Zelt 3 | 10.84.1.34 |
ac:a3:1e:cf:c4:95 |
Aruba AP-105 | |
ap-8f42 |
Zelt 1 | 10.84.1.36 |
d8:c7:c8:c2:8f:42 |
Aruba AP-105 |
Cloud VMs:
VM Name | IPv4 | IPv6 | Location | Provider | Type | Description | Notes |
---|---|---|---|---|---|---|---|
eae-adp-jump01 |
162.55.53.85 |
2a01:4f8:c0c:1281::/64 |
Germany - Nuerenberg - DC3 | Hetzner | CX11 | vpn and jump host for remote access | kvm access: @hirnpfirsich |
Networks:
Name | VLAN | v4 Space | v6 Space | Description |
---|---|---|---|---|
mgmt |
1 | 10.84.1.0/24 |
/ | default network which is used for administrative and monitoring tasks |
clients |
2 | 10.84.2.0/22 |
/ | this is where the wifi clients live |
gigacube |
/ | 192.168.8.0/24 |
/ | created by the gigacube. wan for our gateway |
backbone |
/ | 10.254.254.0/30 |
/ | tunnel network between gw-core01 and eae-adp-jump01 |
Configuration:
sw-access0{1-2}
OS:
OpenWrt 21.02.3
- custom build with garet
- profile:
zyxel-gs1900-8hp_21.02.3
- commit:
31b86557add49187a2ee161465b51fe120076a3c
Config:
- configure
sw-access01
:
uci batch << EOF
# configure hostname
set system.@system[0].hostname=sw-access01
# configure mgmt ip
set network.mgmt.ipaddr=10.84.1.11
EOF
- configure
sw-access02
:
uci batch << EOF
# configure hostname
set system.@system[0].hostname=sw-access02
# configure mgmt ip
set network.mgmt.ipaddr=10.84.1.12
EOF
- finish config on both nodes:
# configure root password
passwd
uci batch << EOF
# configure mgmt ip
set network.mgmt.proto=static
set network.mgmt.netmask=255.255.255.0
set network.mgmt.gateway=10.84.1.1
add_list network.mgmt.dns=10.84.1.1
# create clients vlan for switch
set network.clients_vlan=bridge-vlan
set network.clients_vlan.device=switch
set network.clients_vlan.vlan=2
set network.clients_vlan.ports="lan1:t lan2:t lan3:t lan4:t lan5:t lan6:t lan7:t lan8:t"
EOF
uci commit
/etc/init.d/system reload
/etc/init.d/network reload
- install
rsync
(will be included in the next image!)
ap-xxxx
OS:
OpenWrt 21.02.3
- custom build with garet
- profile:
aruba-ap-105_21.02.3
- commit:
18ced036173a23280efd3b87df06ccaa46eb9a04
- initially configure password and ip for every ap:
passwd
uci batch << EOF
set network.mgmt.proto=static
set network.mgmt.ipaddr=10.84.1.37
set network.mgmt.netmask=255.255.255.0
set network.mgmt.gateway=10.84.1.1
add_list network.mgmt.dns=10.84.1.1
EOF
uci commit network
/etc/init.d/network reload
- configure network via
playbook_provision_aps.yml
hyper01
OS:
- Proxmox VE 7.2-1
Installation Questions:
- Proxmox Virtual Environment (PVE)
- Target Harddrive: Options
- Filesystem:
zfs (RAID0)
- Disk Setup
- Harddisk 0: /dev/sda (300GB)
- Advanced Options:
- copies: 2
- Filesystem:
- Location and Time Zone selection:
- Country: Germany
- Time zone: Europe/Berlin
- Keyboard Layout: German
- Administration Password and Email Address
- Password:
pass EAE_Am-Deutschen-Platz/hyper01
- EMail:
info@freifunk-leipzig.de
- Password:
- Mangement Network Configuration
- Management Interface:
enp2s0
- Hostname (FQDN):
hyper01.eae-adp.freifunk-leipzig.de
- IP Address (CIDR):
10.84.1.21/24
- Gateway:
10.84.1.1
- DNS Server:
10.84.1.1
- Management Interface:
Postinstall cleanup:
- remove enterprise repos and activate community repo:
root@hyper01:/etc/apt# rm /etc/apt/sources.list.d/pve-enterprise.list
root@hyper01:/etc/apt# cat > /etc/apt/sources.list.d/pve-no-subscription.list << EOF
> # PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
> EOF
root@hyper01:/etc/apt#
- update:
apt update && apt dist-upgrade -y && reboot
- install alpine template:
pveam update && pveam download local alpine-3.16-default_20220622_amd64.tar.xz
- remove alpine template and download debian template
eap-adp-jump01
OS:
- OpenBSD 7.1
Installation:
- with full disk encryption: https://www.openbsd.org/faq/faq14.html#softraidFDE
- via autoinstall
- boot into OpenBSD iso
- type s to open the shell after booting
Welcome to the OpenBSD/amd64 7.1 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
- create encrypted drive
# cd /dev && sh MAKEDEV sd0
# dd if=/dev/urandom of=/dev/rsd0c bs=1m
# fdisk -iy sd0
# disklabel -E sd0
[...]
> a a
> 64
> *
> RAID
> w
> q
# bioctl -c C -l sd0a softraid0
[...]
passphrase
passphrase again
# cd /dev && sh MAKEDEV sd1
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
- execute autoinstall
# cd /
# ifconfig vio0 autoconf
# ftp https://git.sr.ht/~hirnpfirsich/ffl-eae-adp/blob/master/files/eae-adp-jump01.install.conf
# install -a -f eae-adp-jump01.install.conf
[...]
# reboot
- install syspatches
eae-adp-jump01# syspatch
[...]
eae-adp-jump01# syspatch
[...]
eae-adp-jump01# reboot
- install python3 for ansible
eae-adp-jump01# pkg_add python3