MakerFLOSS/docs/infrastruktur/labdesign.md

---
marp: true
pagination: true
---

<style>
.mermaid svg { max-width: 100% !important; height: auto !important; }
</style>

# Introduction

This is assorted notes on what could go into the MakerFLOSS lab

---

# Requirements

- A space to experiment with new software
- A place where software could be "test run" for some time
- A place where errors are not causing IP loss
  - even if errors are real big !!

## More details

- Firewalled off from the production network
- Accessible from outside
- Potential for exposing services externally

---

## Constraints

- Cost conscious
- Support constant change

---

# Proposals

## Short term

A VPS in a (European) cloud with one public IP

---

## Midterm

Complement the VPS with some local hardware:

- Firewall with zones (VLANs, DNS/DHCP)
- Netbird access to services in Lab
- Switching infrastructure
- A primary "stable" Proxmox host
- A secondary experimentation machine
- A backup server
- Tunnel for external access via VPS public IP

---

### Basic Services in Lab

- Git: Forgejo
- ...

---

### Lab Diagram

```mermaid
graph LR
    subgraph External
        Internet[🌐 Internet]
        VPS[FLOSS VPS<br/>88.99.32.236]
    end

    subgraph OrangeMaker["Orange Makerspace"]
        OMFirewall[OrangeMaker Firewall]
        ProdNet[Production Network]
    end

    subgraph FLOSSLab["MakerFLOSS Lab"]
        Switch[Switch]
        Proxmox1[LabZone 1<br/>Test Proxmox]
        Proxmox2[LabZone 2<br/>Experimental]

        subgraph TAPPaaS
            FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]
            PreProd[Pre-production Zone]
            Backup[Backup Server]
        end
    end

    Internet --> VPS
    Internet --> OMFirewall
    VPS -.->|Tunnel| FLOSSFirewall
    VPS -.->|Netbird| FLOSSFirewall
    OMFirewall --> ProdNet
    OMFirewall --> FLOSSFirewall
    FLOSSFirewall --> Switch
    FLOSSFirewall --> PreProd
    Switch --> Proxmox1
    Switch --> Proxmox2
    Switch --> Backup
```

---

### TAPPaaS Diagram

```mermaid
graph TB
    subgraph TAPPaaS
        subgraph Firewall["Firewall"]
            Zones[Zones]
            Caddy[Caddy]
            Certs[Certificates]
            DHCPDNS[DHCP/DNS]
        end

        subgraph PreProd["Pre-Production"]
            Proxmox[Proxmox]
            Authentik[Authentik]
            CICD[CI/CD]
            Forgejo[Forgejo]
            More[...]
        end

        subgraph BackupSrv["Backup"]
            BackupService[PBS Backup Service]
        end
    end

    Firewall --> PreProd
    Firewall --> BackupSrv
```

---

## Long term

replace VPS with a direct IP pinhole access

replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally


# Design of Mid term solution
made it into a slide show 2026-05-10 11:49:48 +02:00			`---`
			`marp: true`
reverting changes 2026-05-10 12:21:09 +02:00			`pagination: true`
made it into a slide show 2026-05-10 11:49:48 +02:00			`---`

fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`<style>`
			`.mermaid svg { max-width: 100% !important; height: auto !important; }`
			`</style>`

made diagrams better 2026-05-10 11:41:22 +02:00			`# Introduction`

			`This is assorted notes on what could go into the MakerFLOSS lab`

made it into a slide show 2026-05-10 11:49:48 +02:00			`---`

made diagrams better 2026-05-10 11:41:22 +02:00			`# Requirements`

			`- A space to experiment with new software`
			`- A place where software could be "test run" for some time`
			`- A place where errors are not causing IP loss`
			`- even if errors are real big !!`

			`## More details`

fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`- Firewalled off from the production network`
			`- Accessible from outside`
			`- Potential for exposing services externally`

			`---`
made diagrams better 2026-05-10 11:41:22 +02:00
fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`## Constraints`
made diagrams better 2026-05-10 11:41:22 +02:00
			`- Cost conscious`
fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`- Support constant change`
made diagrams better 2026-05-10 11:41:22 +02:00
made it into a slide show 2026-05-10 11:49:48 +02:00			`---`

made diagrams better 2026-05-10 11:41:22 +02:00			`# Proposals`

			`## Short term`

			`A VPS in a (European) cloud with one public IP`

fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`---`

made diagrams better 2026-05-10 11:41:22 +02:00			`## Midterm`

fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`Complement the VPS with some local hardware:`
made diagrams better 2026-05-10 11:41:22 +02:00
fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`- Firewall with zones (VLANs, DNS/DHCP)`
made diagrams better 2026-05-10 11:41:22 +02:00			`- Netbird access to services in Lab`
fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`- Switching infrastructure`
			`- A primary "stable" Proxmox host`
			`- A secondary experimentation machine`
			`- A backup server`
			`- Tunnel for external access via VPS public IP`
made diagrams better 2026-05-10 11:41:22 +02:00
made it into a slide show 2026-05-10 11:49:48 +02:00			`---`

made diagrams better 2026-05-10 11:41:22 +02:00			`### Basic Services in Lab`

			`- Git: Forgejo`
			`- ...`

made it into a slide show 2026-05-10 11:49:48 +02:00			`---`

made diagrams better 2026-05-10 11:41:22 +02:00			`### Lab Diagram`

			```mermaid
fix: split long slides and auto-fit diagrams in labdesign - Add .mermaid svg CSS to scale diagrams to fit slide bounds - Split Requirements into Requirements+Details / Constraints - Split Proposals into Short term / Midterm - Switch Lab Diagram to graph LR (left-to-right fits the Internet→VPS→Firewall→Lab flow and uses vertical space better) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-10 21:27:49 +02:00			`graph LR`
made diagrams better 2026-05-10 11:41:22 +02:00			`subgraph External`
			`Internet[🌐 Internet]`
			`VPS[FLOSS VPS<br/>88.99.32.236]`
			`end`

			`subgraph OrangeMaker["Orange Makerspace"]`
			`OMFirewall[OrangeMaker Firewall]`
			`ProdNet[Production Network]`
			`end`

			`subgraph FLOSSLab["MakerFLOSS Lab"]`
			`Switch[Switch]`
			`Proxmox1[LabZone 1<br/>Test Proxmox]`
			`Proxmox2[LabZone 2<br/>Experimental]`

			`subgraph TAPPaaS`
			`FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]`
			`PreProd[Pre-production Zone]`
			`Backup[Backup Server]`
			`end`
			`end`

			`Internet --> VPS`
			`Internet --> OMFirewall`
			`VPS -.->\|Tunnel\| FLOSSFirewall`
			`VPS -.->\|Netbird\| FLOSSFirewall`
			`OMFirewall --> ProdNet`
			`OMFirewall --> FLOSSFirewall`
			`FLOSSFirewall --> Switch`
			`FLOSSFirewall --> PreProd`
			`Switch --> Proxmox1`
			`Switch --> Proxmox2`
			`Switch --> Backup`
			```

made it into a slide show 2026-05-10 11:49:48 +02:00			`---`

made diagrams better 2026-05-10 11:41:22 +02:00			`### TAPPaaS Diagram`

			```mermaid
			`graph TB`
			`subgraph TAPPaaS`
			`subgraph Firewall["Firewall"]`
			`Zones[Zones]`
			`Caddy[Caddy]`
			`Certs[Certificates]`
			`DHCPDNS[DHCP/DNS]`
			`end`

			`subgraph PreProd["Pre-Production"]`
			`Proxmox[Proxmox]`
			`Authentik[Authentik]`
			`CICD[CI/CD]`
			`Forgejo[Forgejo]`
			`More[...]`
			`end`

			`subgraph BackupSrv["Backup"]`
			`BackupService[PBS Backup Service]`
			`end`
			`end`

			`Firewall --> PreProd`
			`Firewall --> BackupSrv`
			```

trying to get mermaid diagrams to work 2026-05-10 12:18:02 +02:00			`---`
made it into a slide show 2026-05-10 11:49:48 +02:00
made diagrams better 2026-05-10 11:41:22 +02:00			`## Long term`

			`replace VPS with a direct IP pinhole access`

			`replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally`


			`# Design of Mid term solution`