MakerFLOSS_Troubleshooting/network-map.md
sjat ade2dafee7 access: fisi enrolled in netbird (on-demand), record overlay facts
- fisi peer 100.99.61.26, service kept stopped+disabled
- documented on-demand bring-up/tear-down (no key needed; cached enrollment)
- overlay is 100.99.0.0/16; mf04 = 100.99.133.190
- note on policy 0/0-peers gotcha + re-enroll-with-key fallback

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 13:39:34 +02:00

47 lines
2.9 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Network map (thin)
Pointers, not the source of truth. Authoritative data is in the source repos —
links below. Confirm live values before acting.
## Subnets seen across the repos
| Subnet | Role | Source of truth |
|--------|------|-----------------|
| `10.2.30.0/24` | **CRS310 data VLAN 30** (the new switch). Uplink `ether1` → gateway `10.2.30.1`; access ports `ether27`. | `MakerFLOSS_Mikrotik/host_vars/crs310-maker.yml`, `docs/superpowers/specs/2026-06-09-crs310-flat-mgmtvlan-design.md` |
| `192.168.88.0/24` | **CRS310 mgmt VLAN 99** — isolated, switch at `192.168.88.1`, reachable only from `ether8`. DHCP `.10.254`. | same |
| `172.17.3.0/24` | OrangeMakers LAN — `makerfloss1` at `.51`. | `AnsibleBaobabV4/host_vars/makerfloss1.yml` |
| `10.0.0.0/24` | Makerspace LAN — `mf04` at `.184`. | `AnsibleBaobabV4/host_vars/mf04.yml` |
| `10.13.0.0/24` | **makerfloss WireGuard plane (`wg1`)**. Hub `10.13.0.1` (VPS), `makerfloss1` `.2`, `mf04` `.3`, `sjat-roaming` `.5`. UDP `:51820`. | `AnsibleBaobabV4/host_vars/makerfloss.yml`, `specs/2026-05-12-makerfloss-wireguard-design.md` |
| `100.99.0.0/16` | **Netbird overlay** (`wt0`), control plane `nb.makerfloss.eu`. Peers: mf04 `100.99.133.190`, fisi `100.99.61.26` (on-demand, normally down). | `specs/2026-05-27-makerspace-vpn-design.md` |
| `10.8.0.0/24` | baobab (home) WireGuard plane. Hub **kuku** `10.8.0.1` (UDP `:51194`); mamba `10.8.0.4`. | `AnsibleBaobabV4` |
| `10.20.10.0/24` | homelab LAN — **fisi** `.17`, kuku `.118`, papa `.11`. | `AnsibleBaobabV4` |
## Makerspace addressing — mostly resolved (2026-06-09)
Confirmed on-site:
- A client on the new switch's **data ports** (`ether27`) gets a
`10.2.30.0/24` lease (sjat's laptop got `10.2.30.227`); gateway `10.2.30.1`.
- The data VLAN `10.2.30.0/24` and the existing makerspace `10.0.0.0/24`
**inter-route**: from `mf04` (`10.0.0.183`, gw `10.0.0.1`), both
`10.2.30.1` and `10.2.30.227` ping at <1ms. So the two subnets are different
segments joined by the makerspace router (`10.0.0.1` `10.2.30.1`), not
isolated from each other.
Still loose:
- `makerfloss1` is recorded as `172.17.3.51` a *third* subnet. Not yet
confirmed whether it's still on `172.17.3.x` or has moved onto `10.0.0.x` /
`10.2.30.x`. Confirm when next on-site.
- **IP drift:** `mf04` is actually `10.0.0.183` (DHCP), but
`AnsibleBaobabV4/host_vars/mf04.yml` says `ansible_host: 10.0.0.184`. The
ProxyJump-via-mamba path there targets the stale `.184`. Either pin a DHCP
reservation or update host_vars. (Reaching mf04 over `wg1` `10.13.0.3` is
unaffected.)
## Public services (makerfloss VPS, `88.99.32.236`)
All TLS-terminated at the VPS via Traefik, certs via Gandi DNS-01:
`docs.makerfloss.eu`, `slides.makerfloss.eu`, `forgejo.makerfloss.eu` (git SSH
`:7577`), `mail.makerfloss.eu` (Poste.io), `discourse.makerfloss.eu`,
`snipeit.makerfloss.eu`, `nb.makerfloss.eu` (Netbird).
Source: `AnsibleBaobabV4/host_vars/makerfloss.yml`.