MakerFLOSS/docs/infrastructure/labdesign.md
sjat 16f56fd961
All checks were successful
Build docs site / build (push) Successful in 30s
Build slides / build (push) Successful in 48s
docs: standardise filenames to ASCII kebab-case + ISO date prefix
Adopt one filename convention everywhere except hardware host pages
(those are pinned to their hostnames by the index validator):

  - ASCII lowercase
  - kebab-case word separator
  - dated docs: YYYY-MM-DD-label.md (hyphen between date and label)
  - English regardless of content language

Renames:
  docs/makerFLOSS_house_rules.md                        -> docs/house-rules.md
  docs/infrastruktur/                                   -> docs/infrastructure/
  docs/infrastructure/vps-og-dns.md                     -> docs/infrastructure/vps-and-dns.md
  docs/presentations/2026-05-11_messaging.md            -> docs/presentations/2026-05-11-messaging.md
  docs/presentations/2026-05-11_SoMe-taxonomi.md        -> docs/presentations/2026-05-11-social-media-taxonomy.md
  notes/todo/2026-04-14_todo.md                         -> notes/todo/2026-04-14-todo.md
  notes/todo/OM_services.md                             -> notes/todo/om-services.md
  notes/todo/indkøbsliste.md                            -> notes/todo/wishlist.md
  notes/communications/2026-03-16_facebookpost.md       -> notes/communications/2026-03-16-facebook-post.md

Other touches:
- Document the convention in CLAUDE.md under Working Norms.
- Refresh the stale Repository Structure block in CLAUDE.md to reflect
  the docs/ vs notes/ split introduced in f6d589e.
- Update the House rules link in docs/index.md and the nav entry in
  mkdocs.yml to the new house-rules.md path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 17:07:26 +02:00

2.7 KiB

marp pagination
true true

Introduction

This is assorted notes on what could go into the MakerFLOSS lab


Requirements

  • A space to experiment with new software
  • A place where software could be "test run" for some time
  • A place where errors are not causing IP loss
    • even if errors are real big !!

More details

  • Firewalled off from the production network
  • Accessible from outside
  • Potential for exposing services externally

Constraints

  • Cost conscious
  • Support constant change

Proposals

Short term

A VPS in a (European) cloud with one public IP


Midterm

Complement the VPS with some local hardware:

  • Firewall with zones (VLANs, DNS/DHCP)
  • Netbird access to services in Lab
  • Switching infrastructure
  • A primary "stable" Proxmox host
  • A secondary experimentation machine
  • A backup server
  • Tunnel for external access via VPS public IP

Basic Services in Lab

  • Git: Forgejo
  • ...

Lab Diagram

graph LR
    subgraph External
        Internet[🌐 Internet]
        VPS[FLOSS VPS<br/>88.99.32.236]
    end

    subgraph OrangeMaker["Orange Makerspace"]
        OMFirewall[OrangeMaker Firewall]
        ProdNet[Production Network]
    end

    subgraph FLOSSLab["MakerFLOSS Lab"]
        Switch[Switch]
        Proxmox1[LabZone 1<br/>Test Proxmox]
        Proxmox2[LabZone 2<br/>Experimental]

        subgraph TAPPaaS
            FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]
            PreProd[Pre-production Zone]
            Backup[Backup Server]
        end
    end

    Internet --> VPS
    Internet --> OMFirewall
    VPS -.->|Tunnel| FLOSSFirewall
    VPS -.->|Netbird| FLOSSFirewall
    OMFirewall --> ProdNet
    OMFirewall --> FLOSSFirewall
    FLOSSFirewall --> Switch
    FLOSSFirewall --> PreProd
    Switch --> Proxmox1
    Switch --> Proxmox2
    Switch --> Backup

TAPPaaS Diagram

graph TB
    subgraph TAPPaaS
        subgraph Firewall["Firewall"]
            Zones[Zones]
            Caddy[Caddy]
            Certs[Certificates]
            DHCPDNS[DHCP/DNS]
        end

        subgraph PreProd["Pre-Production"]
            Proxmox[Proxmox]
            Authentik[Authentik]
            CICD[CI/CD]
            Forgejo[Forgejo]
            More[...]
        end

        subgraph BackupSrv["Backup"]
            BackupService[PBS Backup Service]
        end
    end

    Firewall --> PreProd
    Firewall --> BackupSrv

Long term

replace VPS with a direct IP pinhole access

replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally

Design of Mid term solution