sjat/MakerFLOSS
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
MakerFLOSS/docs/infrastruktur/labdesign.md

2.9 KiB
Raw Blame History

marp theme class paginate
true gaia invert true

Introduction

This is assorted notes on what could go into the MakerFLOSS lab

Requirements

  • A space to experiment with new software
  • A place where software could be "test run" for some time
  • A place where errors are not causing IP loss
    • even if errors are real big !!

More details

  • firewalled off from production network of Maker Space
  • accessible from outside
  • potential for exposing services externally

Non functions

  • Cost conscious
  • support constant change

Proposals

Short term

A VPS in a (European) cloud with one public IP

Midterm

Complement the VPS with some local Hardware. This include

  • Firewall with zones implemented using VLANs, DNS/DHCP
  • Netbird access to services in Lab
  • switching infrastructure
  • a primary "stable" proxmox host
  • a seconday experimentation machine
  • a Backup server
  • Use a tunnel to establish external access via public IP on VPS

Basic Services in Lab

  • Git: Forgejo
  • ...

Lab Diagram

graph TB
    subgraph External
        Internet[🌐 Internet]
        VPS[FLOSS VPS<br/>88.99.32.236]
    end

    subgraph OrangeMaker["Orange Makerspace"]
        OMFirewall[OrangeMaker Firewall]
        ProdNet[Production Network]
    end

    subgraph FLOSSLab["MakerFLOSS Lab"]
        Switch[Switch]
        Proxmox1[LabZone 1<br/>Test Proxmox]
        Proxmox2[LabZone 2<br/>Experimental]

        subgraph TAPPaaS
            FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]
            PreProd[Pre-production Zone]
            Backup[Backup Server]
        end
    end

    Internet --> VPS
    Internet --> OMFirewall
    VPS -.->|Tunnel| FLOSSFirewall
    VPS -.->|Netbird| FLOSSFirewall
    OMFirewall --> ProdNet
    OMFirewall --> FLOSSFirewall
    FLOSSFirewall --> Switch
    FLOSSFirewall --> PreProd
    Switch --> Proxmox1
    Switch --> Proxmox2
    Switch --> Backup

TAPPaaS Diagram

graph TB
    subgraph TAPPaaS
        subgraph Firewall["Firewall"]
            Zones[Zones]
            Caddy[Caddy]
            Certs[Certificates]
            DHCPDNS[DHCP/DNS]
        end

        subgraph PreProd["Pre-Production"]
            Proxmox[Proxmox]
            Authentik[Authentik]
            CICD[CI/CD]
            Forgejo[Forgejo]
            More[...]
        end

        subgraph BackupSrv["Backup"]
            BackupService[PBS Backup Service]
        end
    end

    Firewall --> PreProd
    Firewall --> BackupSrv

Long term

replace VPS with a direct IP pinhole access

replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally

Design of Mid term solution