---
marp: true
pagination: true
size: 16:9
---

<!--
  Option 2 (larger canvas — NOT applied here): the `size:` frontmatter
  only accepts sizes the active theme has declared via @size. The
  bundled `default`/`gaia` themes only declare 16:9 (1280x720) and 4:3
  (960x720). To get a 1920x1080 canvas you must register a custom
  theme via marp.config.mjs / --theme that contains
      @size fhd 1920px 1080px;
  and then reference it as `size: fhd`. Inline <style> blocks cannot
  declare theme metadata, so a one-file demo of option 2 isn't possible
  without touching the build pipeline.
-->

<style>
/* Option 5: make each slide a query container so children can size
   themselves relative to the slide (1cqh = 1% of slide height). */
section {
  container-type: size;
  font-size: clamp(0.9rem, 2.4cqh, 1.6rem);
}
section h1 { font-size: clamp(1.8rem, 5.5cqh, 3.6rem); }
section h2 { font-size: clamp(1.4rem, 4.2cqh, 2.8rem); }
section h3 { font-size: clamp(1.2rem, 3.4cqh, 2.2rem); }

/* Option 4: cap mermaid by BOTH width and height so tall diagrams
   shrink to fit instead of overflowing the slide vertically.
   85cqh = at most 85% of slide height, leaving room for the heading. */
.mermaid svg {
  max-width: 100% !important;
  max-height: 85cqh !important;
  width: auto !important;
  height: auto !important;
}
</style>

# Introduction

This is assorted notes on what could go into the MakerFLOSS lab

---

# Requirements

- A space to experiment with new software
- A place where software could be "test run" for some time
- A place where errors are not causing IP loss
  - even if errors are real big !!

## More details

- Firewalled off from the production network
- Accessible from outside
- Potential for exposing services externally

---

## Constraints

- Cost conscious
- Support constant change

---

# Proposals

## Short term

A VPS in a (European) cloud with one public IP

---

## Midterm

Complement the VPS with some local hardware:

- Firewall with zones (VLANs, DNS/DHCP)
- Netbird access to services in Lab
- Switching infrastructure
- A primary "stable" Proxmox host
- A secondary experimentation machine
- A backup server
- Tunnel for external access via VPS public IP

---

### Basic Services in Lab

- Git: Forgejo
- ...

---

### Lab Diagram

```mermaid
graph LR
    subgraph External
        Internet[🌐 Internet]
        VPS[FLOSS VPS<br/>88.99.32.236]
    end

    subgraph OrangeMaker["Orange Makerspace"]
        OMFirewall[OrangeMaker Firewall]
        ProdNet[Production Network]
    end

    subgraph FLOSSLab["MakerFLOSS Lab"]
        Switch[Switch]
        Proxmox1[LabZone 1<br/>Test Proxmox]
        Proxmox2[LabZone 2<br/>Experimental]

        subgraph TAPPaaS
            FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]
            PreProd[Pre-production Zone]
            Backup[Backup Server]
        end
    end

    Internet --> VPS
    Internet --> OMFirewall
    VPS -.->|Tunnel| FLOSSFirewall
    VPS -.->|Netbird| FLOSSFirewall
    OMFirewall --> ProdNet
    OMFirewall --> FLOSSFirewall
    FLOSSFirewall --> Switch
    FLOSSFirewall --> PreProd
    Switch --> Proxmox1
    Switch --> Proxmox2
    Switch --> Backup
```

---

### TAPPaaS Diagram

```mermaid
graph TB
    subgraph TAPPaaS
        subgraph Firewall["Firewall"]
            Zones[Zones]
            Caddy[Caddy]
            Certs[Certificates]
            DHCPDNS[DHCP/DNS]
        end

        subgraph PreProd["Pre-Production"]
            Proxmox[Proxmox]
            Authentik[Authentik]
            CICD[CI/CD]
            Forgejo[Forgejo]
            More[...]
        end

        subgraph BackupSrv["Backup"]
            BackupService[PBS Backup Service]
        end
    end

    Firewall --> PreProd
    Firewall --> BackupSrv
```

---

## Long term

replace VPS with a direct IP pinhole access

replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally


# Design of Mid term solution