Commit files for public release

2024-10-02 16:52:04 +03:00 · 2024-10-02 16:52:04 +03:00 · fef2377502
commit fef2377502
174 changed files with 7423 additions and 0 deletions
--- a/defaults/meta/default.nix
+++ b/defaults/meta/default.nix
@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ./hosts.nix
+    ./network-physical.nix
+    ./network-virtual.nix
+  ];
+}
--- a/defaults/meta/hosts.json
+++ b/defaults/meta/hosts.json
@ -0,0 +1,44 @@
+{
+  "fulberg": {
+    "hostName": "fulberg",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCG9qqpUOJ2RsohIqhMuw3YZZSrnPqhf5ayh5y0Cq/I"
+  },
+  "calanda": {
+    "hostName": "calanda",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdoOZcFFRXIqEWqUnwCk/kqP8DZw6/4omDefCT6aNN4"
+  },
+  "lindberg": {
+    "hostName": "lindberg",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDksfXKLgPJVuWHAl/pxWRhghun8U6asTZNHa34u+gJw"
+  },
+  "lindberg-nextcloud": {
+    "hostName": "lindberg-nextcloud",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR5U4yhZ2x/WN9dO+hVVSTCPMyv/1TB8mbuCXxexZOo"
+  },
+  "lindberg-build": {
+    "hostName": "lindberg-build",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnDwwGiucyTI2U8o2rC53weJwp6dO8zcF7BZjkvVq7e"
+  },
+  "lindberg-webapps": {
+    "hostName": "lindberg-webapps",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJT99lj5OI+V1PlZl/T2ikBORwMiXjDfWpHYfq/GvUM5"
+  },
+  "batzberg": {
+    "hostName": "batzberg"
+  },
+  "tierberg": {
+    "hostName": "tierberg",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJS2v0mUDJsNr1DHdgjxEQRnoVaEmExFfvHqpvagYLi6"
+  },
+  "stompert": {
+    "hostName": "stompert",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKuqMPLbREFIrYcmReaRoHdz1TatpvlrZN14L6cikia"
+  },
+  "router-coredump": {
+    "hostName": "router"
+  },
+  "cyprianspitz": {
+    "hostName": "cyprianspitz",
+    "sshKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE4udYgCfxHEAkM9r8yaerk7l+BgW7039imM0moKpTbB"
+  }
+}
--- a/defaults/meta/hosts.nix
+++ b/defaults/meta/hosts.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  qois.meta.hosts = builtins.fromJSON (builtins.readFile ./hosts.json);
+}
--- a/defaults/meta/network-physical.nix
+++ b/defaults/meta/network-physical.nix
@ -0,0 +1,114 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  qois.meta.network.physical = {
+    plessur-ext = {
+      v4 = {
+        id = "85.195.200.253";
+        prefixLength = 24;
+      };
+      v6 = {
+        id = "2a02:169:1e02::";
+        prefixLength = 48;
+      };
+      domain = "plessur-ext.net.qo.is";
+      hosts = {
+        calanda = {
+          v4.ip = "85.195.200.253";
+        };
+      };
+    };
+
+    plessur-dmz = {
+      v4 = {
+        id = "10.1.2.0";
+        prefixLength = 24;
+        gateway = "10.1.2.1";
+        nameservers = [ "10.1.2.1" ];
+      };
+      domain = "plessur-dmz.net.qo.is";
+
+      hosts = {
+        calanda = {
+          v4.ip = "10.1.2.1";
+        };
+        fulberg = {
+          v4.ip = "10.1.2.2";
+        };
+      };
+    };
+
+    plessur-lan = {
+      v4 = {
+        id = "10.1.1.0";
+        prefixLength = 24;
+      };
+      domain = "plessur-lan.net.qo.is";
+
+      hosts = {
+        calanda = {
+          v4.ip = "10.1.1.1";
+        };
+      };
+    };
+
+    eem-lan = {
+      domain = "eem-lan.net.qo.is";
+      hosts = {
+        stompert.v4.ip = ""; # TODO
+      };
+    };
+
+    riedbach-ext = {
+      # IP: Dynamic
+      domain = "riedbach-ext.net.qo.is";
+
+      hosts = {
+        lindberg = {
+          # TODO: This is the router, not really lindberg.
+          v4.ip = "145.40.194.243";
+        };
+      };
+    };
+
+    lattenbach-ext = {
+      # Forwarded ports:
+      # udp:51820 -> 10.0.0.60:51820
+      # tcp:51022 -> 10.0.0.60:22
+      # tcp:51023 -> 10.0.0.60:2222
+      domain = "lattenbach-ext.net.qo.is";
+      hosts.router-coredump.v4.ip = "5.226.148.126";
+    };
+
+    lattenbach-lan = {
+      # Coredump LAN
+      v4 = {
+        id = "10.0.0.0";
+        prefixLength = 16;
+      };
+      domain = "lattenbach-lan.net.qo.is";
+      hosts = {
+        tierberg = {
+          v4.ip = "10.0.0.60";
+        };
+      };
+    };
+
+    lattenbach-nas = {
+      # Coredump net between apu and nas
+      v4 = {
+        id = "192.168.254.0";
+        prefixLength = 24;
+      };
+      domain = "lattenbach-nas.net.qo.is";
+      hosts = {
+        tierberg.v4.ip = "192.168.254.2";
+        batzberg.v4.ip = "192.168.254.1";
+      };
+    };
+  };
+}
--- a/defaults/meta/network-virtual.nix
+++ b/defaults/meta/network-virtual.nix
@ -0,0 +1,114 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  qois.meta.network.virtual =
+    let
+      physical-network = config.qois.meta.network.physical;
+    in
+    {
+      vpn = {
+        v4 = {
+          id = "100.64.0.0";
+          prefixLength = 10;
+        };
+        domain = "vpn.qo.is";
+        hosts = { };
+      };
+
+      backplane = {
+        v4 = {
+          id = "10.250.0.0";
+          prefixLength = 24;
+        };
+        domain = "backplane.net.qo.is";
+
+        hosts = {
+          fulberg = {
+            v4.ip = "10.250.0.1";
+            endpoint = {
+              fqdn = physical-network.plessur-ext.hosts.calanda.fqdn;
+              port = 51821;
+            };
+            publicKey = "xcQOu+pp4ckNygcsLmJL1NmUzbbC+k3I7y+hJ9Ul4nk=";
+            persistentKeepalive = 25;
+          };
+          lindberg = {
+            v4.ip = "10.250.0.2";
+            #endpoint = { # TODO: Port forwarding
+            #  fqdn = physical-network.riedbach-ext.hosts.lindberg.fqdn;
+            #  port = 51821;
+            #};
+            publicKey = "uxxdpFXSTnfTvzSEzrUq4DuWSILJD5tNj6ks2jhWF10=";
+            persistentKeepalive = 25; # TODO: Remove when port forwarding enabled
+          };
+          lindberg-nextcloud = {
+            v4.ip = "10.250.0.3";
+            publicKey = "6XGL4QKB8AMpm/VGcTgWqk9RiSws7DmY5TpIDkXbwlg=";
+            persistentKeepalive = 25;
+          };
+          tierberg = {
+            v4.ip = "10.250.0.4";
+            publicKey = "51j1l+pT9W61wx4y2KyUb1seLdCHs3FUKAjmrHBFz1w=";
+            persistentKeepalive = 25;
+          };
+          stompert = {
+            v4.ip = "10.250.0.5";
+            publicKey = "CHTjQbmN9WhbRCxKgowxpMx4c5Zu0NDk0rRXEvuB3XA=";
+            persistentKeepalive = 25;
+          };
+          calanda = {
+            v4.ip = "10.250.0.6";
+            publicKey = "WMuMCzo8e/aNeGP7256mhK0Fe+x06Ws7a9hOZDPCr0M=";
+            endpoint = {
+              fqdn = physical-network.plessur-ext.hosts.calanda.fqdn;
+              port = 51823;
+            };
+          };
+          lindberg-build = {
+            v4.ip = "10.250.0.7";
+            publicKey = "eWuvGpNVl601VDIgshOm287dlZa/5gF9lL4SjYEbIG8=";
+            persistentKeepalive = 25;
+          };
+          lindberg-webapps = {
+            v4.ip = "10.250.0.8";
+            publicKey = "LOA3Kumg8FV4DJxONwv+/8l/jOQLJ6SD2k/RegerR04=";
+            persistentKeepalive = 25;
+          };
+          cyprianspitz = {
+            v4.ip = "10.250.0.9";
+            endpoint = {
+              fqdn = physical-network.plessur-ext.hosts.calanda.fqdn;
+              port = 51824;
+            };
+            publicKey = "iLzHSgIwZz44AF7961mwEbK9AnSwcr+aKpd7XAAVTHo=";
+          };
+        };
+      };
+
+      lindberg-vms-nat = {
+        v4 = {
+          id = "10.247.0.0";
+          prefixLength = 24;
+        };
+        domain = "lindberg-vms-nat.net.qo.is";
+        hosts = {
+          lindberg.v4.ip = "10.247.0.1";
+        };
+      };
+
+      cyprianspitz-vms-nat = {
+        v4 = {
+          id = "10.247.0.0";
+          prefixLength = 24;
+        };
+        domain = "cyprianspitz-vms-nat.net.qo.is";
+        hosts = {
+          cyprianspitz.v4.ip = "10.248.0.1";
+        };
+      };
+    };
+}
--- a/defaults/meta/network.md
+++ b/defaults/meta/network.md
@ -0,0 +1,83 @@
+# Network
+
+This document provides an overview over the qo.is network structure.
+
+## Physical View
+
+```plantuml
+@startuml
+skinparam style strictuml
+left to right direction
+
+package "plessur.net.qo.is" {
+
+  entity mediaconvchur [
+    Media
+    Converter
+    (Passive)
+  ]
+
+  node calanda 
+  node fulberg
+  
+  cloud plessurnet [
+    <i>LAN Plessur
+  ]
+  
+  mediaconvchur - "enp4" calanda
+  calanda "br0 (enp2, wlp1, wlp5)" --- plessurnet
+  calanda "enp4" -- "eno1" fulberg
+} 
+
+package "riedbach.net.qo.is" {
+  node riedbachrouter
+
+  node lindberg
+
+  riedbachrouter -- "enp5s0" lindberg
+}
+
+package "eem.net.qo.is" {
+  node eemrouter
+
+  node stompert
+
+  eemrouter -- "enp2s0" stompert
+}
+
+cloud internet[
+<b>@
+]
+
+package "coredump.net.qo.is" {
+  node coredumprouter
+
+  node tierberg
+
+  coredumprouter -- "enpXs0" tierberg
+}
+
+internet .. mediaconvchur: INIT7 Fiber (1G/1G)
+internet .. riedbachrouter: iway Fiber (1G/1G)
+internet .. eemrouter: KPN NL Fiber
+internet .. coredumprouter: Openfactory DSL
+@enduml
+```
+
+## DNS
+
+All Services are published under the *qo.is* domain name. Following services are available:
+
+`qo.is` Primery Domain - Redirect to docs.qo.is and some .well-known ressources
+
+{{#include ../backplane-net/README.md}}
+
+## Contacts
+
+
+### Init7
+
+- [Status Netzwerkdienste](https://www.init7.net/status/)
+- [NOC E-Mail](mailto:noc@init7.net)
+- +41 44 315 44 00
+- Init7 (Schweiz) AG, Technoparkstrasse 5, CH-8406 Winterthur