- fisi peer 100.99.61.26, service kept stopped+disabled - documented on-demand bring-up/tear-down (no key needed; cached enrollment) - overlay is 100.99.0.0/16; mf04 = 100.99.133.190 - note on policy 0/0-peers gotcha + re-enroll-with-key fallback Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2.9 KiB
2.9 KiB
Network map (thin)
Pointers, not the source of truth. Authoritative data is in the source repos — links below. Confirm live values before acting.
Subnets seen across the repos
| Subnet | Role | Source of truth |
|---|---|---|
10.2.30.0/24 |
CRS310 data VLAN 30 (the new switch). Uplink ether1 → gateway 10.2.30.1; access ports ether2–7. |
MakerFLOSS_Mikrotik/host_vars/crs310-maker.yml, docs/superpowers/specs/2026-06-09-crs310-flat-mgmtvlan-design.md |
192.168.88.0/24 |
CRS310 mgmt VLAN 99 — isolated, switch at 192.168.88.1, reachable only from ether8. DHCP .10–.254. |
same |
172.17.3.0/24 |
OrangeMakers LAN — makerfloss1 at .51. |
AnsibleBaobabV4/host_vars/makerfloss1.yml |
10.0.0.0/24 |
Makerspace LAN — mf04 at .184. |
AnsibleBaobabV4/host_vars/mf04.yml |
10.13.0.0/24 |
makerfloss WireGuard plane (wg1). Hub 10.13.0.1 (VPS), makerfloss1 .2, mf04 .3, sjat-roaming .5. UDP :51820. |
AnsibleBaobabV4/host_vars/makerfloss.yml, specs/2026-05-12-makerfloss-wireguard-design.md |
100.99.0.0/16 |
Netbird overlay (wt0), control plane nb.makerfloss.eu. Peers: mf04 100.99.133.190, fisi 100.99.61.26 (on-demand, normally down). |
specs/2026-05-27-makerspace-vpn-design.md |
10.8.0.0/24 |
baobab (home) WireGuard plane. Hub kuku 10.8.0.1 (UDP :51194); mamba 10.8.0.4. |
AnsibleBaobabV4 |
10.20.10.0/24 |
homelab LAN — fisi .17, kuku .118, papa .11. |
AnsibleBaobabV4 |
Makerspace addressing — mostly resolved (2026-06-09)
Confirmed on-site:
- A client on the new switch's data ports (
ether2–7) gets a10.2.30.0/24lease (sjat's laptop got10.2.30.227); gateway10.2.30.1. - The data VLAN
10.2.30.0/24and the existing makerspace10.0.0.0/24inter-route: frommf04(10.0.0.183, gw10.0.0.1), both10.2.30.1and10.2.30.227ping at <1ms. So the two subnets are different segments joined by the makerspace router (10.0.0.1↔10.2.30.1), not isolated from each other.
Still loose:
makerfloss1is recorded as172.17.3.51— a third subnet. Not yet confirmed whether it's still on172.17.3.xor has moved onto10.0.0.x/10.2.30.x. Confirm when next on-site.- IP drift:
mf04is actually10.0.0.183(DHCP), butAnsibleBaobabV4/host_vars/mf04.ymlsaysansible_host: 10.0.0.184. The ProxyJump-via-mamba path there targets the stale.184. Either pin a DHCP reservation or update host_vars. (Reaching mf04 overwg110.13.0.3is unaffected.)
Public services (makerfloss VPS, 88.99.32.236)
All TLS-terminated at the VPS via Traefik, certs via Gandi DNS-01:
docs.makerfloss.eu, slides.makerfloss.eu, forgejo.makerfloss.eu (git SSH
:7577), mail.makerfloss.eu (Poste.io), discourse.makerfloss.eu,
snipeit.makerfloss.eu, nb.makerfloss.eu (Netbird).
Source: AnsibleBaobabV4/host_vars/makerfloss.yml.