MakerFLOSS/docs/infrastructure/labdesign.md
sjat 16f56fd961
All checks were successful
Build docs site / build (push) Successful in 30s
Build slides / build (push) Successful in 48s
docs: standardise filenames to ASCII kebab-case + ISO date prefix
Adopt one filename convention everywhere except hardware host pages
(those are pinned to their hostnames by the index validator):

  - ASCII lowercase
  - kebab-case word separator
  - dated docs: YYYY-MM-DD-label.md (hyphen between date and label)
  - English regardless of content language

Renames:
  docs/makerFLOSS_house_rules.md                        -> docs/house-rules.md
  docs/infrastruktur/                                   -> docs/infrastructure/
  docs/infrastructure/vps-og-dns.md                     -> docs/infrastructure/vps-and-dns.md
  docs/presentations/2026-05-11_messaging.md            -> docs/presentations/2026-05-11-messaging.md
  docs/presentations/2026-05-11_SoMe-taxonomi.md        -> docs/presentations/2026-05-11-social-media-taxonomy.md
  notes/todo/2026-04-14_todo.md                         -> notes/todo/2026-04-14-todo.md
  notes/todo/OM_services.md                             -> notes/todo/om-services.md
  notes/todo/indkøbsliste.md                            -> notes/todo/wishlist.md
  notes/communications/2026-03-16_facebookpost.md       -> notes/communications/2026-03-16-facebook-post.md

Other touches:
- Document the convention in CLAUDE.md under Working Norms.
- Refresh the stale Repository Structure block in CLAUDE.md to reflect
  the docs/ vs notes/ split introduced in f6d589e.
- Update the House rules link in docs/index.md and the nav entry in
  mkdocs.yml to the new house-rules.md path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 17:07:26 +02:00

147 lines
2.7 KiB
Markdown

---
marp: true
pagination: true
---
<style>
.mermaid svg { max-width: 100% !important; height: auto !important; }
</style>
# Introduction
This is assorted notes on what could go into the MakerFLOSS lab
---
# Requirements
- A space to experiment with new software
- A place where software could be "test run" for some time
- A place where errors are not causing IP loss
- even if errors are real big !!
## More details
- Firewalled off from the production network
- Accessible from outside
- Potential for exposing services externally
---
## Constraints
- Cost conscious
- Support constant change
---
# Proposals
## Short term
A VPS in a (European) cloud with one public IP
---
## Midterm
Complement the VPS with some local hardware:
- Firewall with zones (VLANs, DNS/DHCP)
- Netbird access to services in Lab
- Switching infrastructure
- A primary "stable" Proxmox host
- A secondary experimentation machine
- A backup server
- Tunnel for external access via VPS public IP
---
### Basic Services in Lab
- Git: Forgejo
- ...
---
### Lab Diagram
```mermaid
graph LR
subgraph External
Internet[🌐 Internet]
VPS[FLOSS VPS<br/>88.99.32.236]
end
subgraph OrangeMaker["Orange Makerspace"]
OMFirewall[OrangeMaker Firewall]
ProdNet[Production Network]
end
subgraph FLOSSLab["MakerFLOSS Lab"]
Switch[Switch]
Proxmox1[LabZone 1<br/>Test Proxmox]
Proxmox2[LabZone 2<br/>Experimental]
subgraph TAPPaaS
FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]
PreProd[Pre-production Zone]
Backup[Backup Server]
end
end
Internet --> VPS
Internet --> OMFirewall
VPS -.->|Tunnel| FLOSSFirewall
VPS -.->|Netbird| FLOSSFirewall
OMFirewall --> ProdNet
OMFirewall --> FLOSSFirewall
FLOSSFirewall --> Switch
FLOSSFirewall --> PreProd
Switch --> Proxmox1
Switch --> Proxmox2
Switch --> Backup
```
---
### TAPPaaS Diagram
```mermaid
graph TB
subgraph TAPPaaS
subgraph Firewall["Firewall"]
Zones[Zones]
Caddy[Caddy]
Certs[Certificates]
DHCPDNS[DHCP/DNS]
end
subgraph PreProd["Pre-Production"]
Proxmox[Proxmox]
Authentik[Authentik]
CICD[CI/CD]
Forgejo[Forgejo]
More[...]
end
subgraph BackupSrv["Backup"]
BackupService[PBS Backup Service]
end
end
Firewall --> PreProd
Firewall --> BackupSrv
```
---
## Long term
replace VPS with a direct IP pinhole access
replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally
# Design of Mid term solution