MakerFLOSS_Troubleshooting/network-map.md
sjat ade2dafee7 access: fisi enrolled in netbird (on-demand), record overlay facts
- fisi peer 100.99.61.26, service kept stopped+disabled
- documented on-demand bring-up/tear-down (no key needed; cached enrollment)
- overlay is 100.99.0.0/16; mf04 = 100.99.133.190
- note on policy 0/0-peers gotcha + re-enroll-with-key fallback

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 13:39:34 +02:00

2.9 KiB
Raw Permalink Blame History

Network map (thin)

Pointers, not the source of truth. Authoritative data is in the source repos — links below. Confirm live values before acting.

Subnets seen across the repos

Subnet Role Source of truth
10.2.30.0/24 CRS310 data VLAN 30 (the new switch). Uplink ether1 → gateway 10.2.30.1; access ports ether27. MakerFLOSS_Mikrotik/host_vars/crs310-maker.yml, docs/superpowers/specs/2026-06-09-crs310-flat-mgmtvlan-design.md
192.168.88.0/24 CRS310 mgmt VLAN 99 — isolated, switch at 192.168.88.1, reachable only from ether8. DHCP .10.254. same
172.17.3.0/24 OrangeMakers LAN — makerfloss1 at .51. AnsibleBaobabV4/host_vars/makerfloss1.yml
10.0.0.0/24 Makerspace LAN — mf04 at .184. AnsibleBaobabV4/host_vars/mf04.yml
10.13.0.0/24 makerfloss WireGuard plane (wg1). Hub 10.13.0.1 (VPS), makerfloss1 .2, mf04 .3, sjat-roaming .5. UDP :51820. AnsibleBaobabV4/host_vars/makerfloss.yml, specs/2026-05-12-makerfloss-wireguard-design.md
100.99.0.0/16 Netbird overlay (wt0), control plane nb.makerfloss.eu. Peers: mf04 100.99.133.190, fisi 100.99.61.26 (on-demand, normally down). specs/2026-05-27-makerspace-vpn-design.md
10.8.0.0/24 baobab (home) WireGuard plane. Hub kuku 10.8.0.1 (UDP :51194); mamba 10.8.0.4. AnsibleBaobabV4
10.20.10.0/24 homelab LAN — fisi .17, kuku .118, papa .11. AnsibleBaobabV4

Makerspace addressing — mostly resolved (2026-06-09)

Confirmed on-site:

  • A client on the new switch's data ports (ether27) gets a 10.2.30.0/24 lease (sjat's laptop got 10.2.30.227); gateway 10.2.30.1.
  • The data VLAN 10.2.30.0/24 and the existing makerspace 10.0.0.0/24 inter-route: from mf04 (10.0.0.183, gw 10.0.0.1), both 10.2.30.1 and 10.2.30.227 ping at <1ms. So the two subnets are different segments joined by the makerspace router (10.0.0.110.2.30.1), not isolated from each other.

Still loose:

  • makerfloss1 is recorded as 172.17.3.51 — a third subnet. Not yet confirmed whether it's still on 172.17.3.x or has moved onto 10.0.0.x / 10.2.30.x. Confirm when next on-site.
  • IP drift: mf04 is actually 10.0.0.183 (DHCP), but AnsibleBaobabV4/host_vars/mf04.yml says ansible_host: 10.0.0.184. The ProxyJump-via-mamba path there targets the stale .184. Either pin a DHCP reservation or update host_vars. (Reaching mf04 over wg1 10.13.0.3 is unaffected.)

Public services (makerfloss VPS, 88.99.32.236)

All TLS-terminated at the VPS via Traefik, certs via Gandi DNS-01: docs.makerfloss.eu, slides.makerfloss.eu, forgejo.makerfloss.eu (git SSH :7577), mail.makerfloss.eu (Poste.io), discourse.makerfloss.eu, snipeit.makerfloss.eu, nb.makerfloss.eu (Netbird). Source: AnsibleBaobabV4/host_vars/makerfloss.yml.