2026-06-09 13:24:26 +02:00
|
|
|
|
# Network map (thin)
|
|
|
|
|
|
|
|
|
|
|
|
Pointers, not the source of truth. Authoritative data is in the source repos —
|
|
|
|
|
|
links below. Confirm live values before acting.
|
|
|
|
|
|
|
|
|
|
|
|
## Subnets seen across the repos
|
|
|
|
|
|
|
|
|
|
|
|
| Subnet | Role | Source of truth |
|
|
|
|
|
|
|--------|------|-----------------|
|
|
|
|
|
|
| `10.2.30.0/24` | **CRS310 data VLAN 30** (the new switch). Uplink `ether1` → gateway `10.2.30.1`; access ports `ether2–7`. | `MakerFLOSS_Mikrotik/host_vars/crs310-maker.yml`, `docs/superpowers/specs/2026-06-09-crs310-flat-mgmtvlan-design.md` |
|
|
|
|
|
|
| `192.168.88.0/24` | **CRS310 mgmt VLAN 99** — isolated, switch at `192.168.88.1`, reachable only from `ether8`. DHCP `.10–.254`. | same |
|
|
|
|
|
|
| `172.17.3.0/24` | OrangeMakers LAN — `makerfloss1` at `.51`. | `AnsibleBaobabV4/host_vars/makerfloss1.yml` |
|
|
|
|
|
|
| `10.0.0.0/24` | Makerspace LAN — `mf04` at `.184`. | `AnsibleBaobabV4/host_vars/mf04.yml` |
|
|
|
|
|
|
| `10.13.0.0/24` | **makerfloss WireGuard plane (`wg1`)**. Hub `10.13.0.1` (VPS), `makerfloss1` `.2`, `mf04` `.3`, `sjat-roaming` `.5`. UDP `:51820`. | `AnsibleBaobabV4/host_vars/makerfloss.yml`, `specs/2026-05-12-makerfloss-wireguard-design.md` |
|
2026-06-09 13:39:34 +02:00
|
|
|
|
| `100.99.0.0/16` | **Netbird overlay** (`wt0`), control plane `nb.makerfloss.eu`. Peers: mf04 `100.99.133.190`, fisi `100.99.61.26` (on-demand, normally down). | `specs/2026-05-27-makerspace-vpn-design.md` |
|
2026-06-09 13:24:26 +02:00
|
|
|
|
| `10.8.0.0/24` | baobab (home) WireGuard plane. Hub **kuku** `10.8.0.1` (UDP `:51194`); mamba `10.8.0.4`. | `AnsibleBaobabV4` |
|
|
|
|
|
|
| `10.20.10.0/24` | homelab LAN — **fisi** `.17`, kuku `.118`, papa `.11`. | `AnsibleBaobabV4` |
|
|
|
|
|
|
|
2026-06-09 13:32:36 +02:00
|
|
|
|
## Makerspace addressing — mostly resolved (2026-06-09)
|
|
|
|
|
|
|
|
|
|
|
|
Confirmed on-site:
|
|
|
|
|
|
|
|
|
|
|
|
- A client on the new switch's **data ports** (`ether2–7`) gets a
|
|
|
|
|
|
`10.2.30.0/24` lease (sjat's laptop got `10.2.30.227`); gateway `10.2.30.1`.
|
|
|
|
|
|
- The data VLAN `10.2.30.0/24` and the existing makerspace `10.0.0.0/24`
|
|
|
|
|
|
**inter-route**: from `mf04` (`10.0.0.183`, gw `10.0.0.1`), both
|
|
|
|
|
|
`10.2.30.1` and `10.2.30.227` ping at <1ms. So the two subnets are different
|
|
|
|
|
|
segments joined by the makerspace router (`10.0.0.1` ↔ `10.2.30.1`), not
|
|
|
|
|
|
isolated from each other.
|
|
|
|
|
|
|
|
|
|
|
|
Still loose:
|
|
|
|
|
|
- `makerfloss1` is recorded as `172.17.3.51` — a *third* subnet. Not yet
|
|
|
|
|
|
confirmed whether it's still on `172.17.3.x` or has moved onto `10.0.0.x` /
|
|
|
|
|
|
`10.2.30.x`. Confirm when next on-site.
|
|
|
|
|
|
- **IP drift:** `mf04` is actually `10.0.0.183` (DHCP), but
|
|
|
|
|
|
`AnsibleBaobabV4/host_vars/mf04.yml` says `ansible_host: 10.0.0.184`. The
|
|
|
|
|
|
ProxyJump-via-mamba path there targets the stale `.184`. Either pin a DHCP
|
|
|
|
|
|
reservation or update host_vars. (Reaching mf04 over `wg1` `10.13.0.3` is
|
|
|
|
|
|
unaffected.)
|
2026-06-09 13:24:26 +02:00
|
|
|
|
|
|
|
|
|
|
## Public services (makerfloss VPS, `88.99.32.236`)
|
|
|
|
|
|
|
|
|
|
|
|
All TLS-terminated at the VPS via Traefik, certs via Gandi DNS-01:
|
|
|
|
|
|
`docs.makerfloss.eu`, `slides.makerfloss.eu`, `forgejo.makerfloss.eu` (git SSH
|
|
|
|
|
|
`:7577`), `mail.makerfloss.eu` (Poste.io), `discourse.makerfloss.eu`,
|
|
|
|
|
|
`snipeit.makerfloss.eu`, `nb.makerfloss.eu` (Netbird).
|
|
|
|
|
|
Source: `AnsibleBaobabV4/host_vars/makerfloss.yml`.
|