Differences

This shows you the differences between two versions of the page.

--- infra [2025/01/02 15:31] – cto
+++ infra [2025/10/12 21:27] (current) – ef2d127d-e37b-942b-aad0-6145e54b0c61
@@ Line 1: / Line 1: @@
 # IT Infrastructure
-## Network
+----
-TheLab has a MikroTik router with a handful of APs, and a Cisco switch for PoE and extra ports.
-The network is divided up into a few subnets, each on their own vlan.
-- Members: 10.200.1.0/24
-- Members Static IPs: 10.200.0.0/24
-- Infrastructure: 10.200.10.0/24
-- Cameras: 10.200.20.0/24
-- Access Control: 10.220.4.0/24
-Management points:
-- 10.200.10.1: Mikrotik router web interface
-- 10.200.10.2: Cisco network switch
-### Switch Ports
-The switch has 4 obvious bays of ports, each assigned to a VLAN like:
+**Please don't tinker with the infra - daily operations of the space depend on it! If you want to change something, ask someone who's been around for a while first.**
-- Cameras
+----
-- Members
-- Infrastructure
-- Access Control
 ## Servers
-### foobar.thelab.ms
+<nspages :servers -customTitle="{title}" -textPages="" -tree>
-Foobar is the main internet-facing server running [Conway](https://github.com/TheLab-ms/conway) and [Dokuwiki](https://docs.thelab.ms).
+## Cloudflare
-#### Provisioning Process
+We use Cloudflare for various things including (most importantly) DNS. The account is associated with [email protected], so new CTOs should go reset the password to get access. Things don't change often in this account but it's worth knowing that it exists.
-- Azure Standard_B1s running Ubuntu 24.04 in southcentralus.
+Cloudflare tunnels are used for all ingress to our servers - no need to worry about rotating TLS certs, free DDoS protection, etc.
-- Enable daily Azure backups during provisioning.
-- Manually populate IP in Cloudflare dns record (foobar.thelab.ms)
-- The cto user should trust the current acting CTO's ssh pubkey. It can always be updated through the Azure portal.
-- Manually install cloudflared for tunneling. It would be hard to automate, very easy to do by hand.
-  - Make sure to run as a service i.e. `cloudflared service install`
-- Run `make ansible`!
-Here's the cloudflared config at the time of provisioning:
-```yaml
+## Github
-tunnel: 496df05d-fb69-4164-8f85-25d9805d028b
-credentials-file: /root/.cloudflared/496df05d-fb69-4164-8f85-25d9805d028b.json
-originRequest:
+Any active members working on code-related projects can be added as a member of TheLab's Github org: https://github.com/TheLab-ms.
-  connectTimeout: 10s
-ingress:
-  - hostname: members.thelab.ms
-    service: http://localhost:8080
-  - hostname: docs.thelab.ms
+## Monitoring
-    service: http://localhost:8081
-  - service: http_status:404
+We have a shared [cronitor](https://cronitor.io) account used for uptime checks. Failing checks are posted to #it and visible publicly at https://status.thelab.ms
-```
-### baz.thelab.ms
+## Network
-Baz is the main on-prem server at TheLab.
+TheLab has a MikroTik router with a handful of APs, and a Cisco switch for PoE and extra ports.
-#### Provisioning Process
+The network is divided up into a few subnets, each on their own vlan.
-- Dell 16 core by 96gb r710 with a bunch of SSDs
+- Members: **10.200.1.0/24**
-- Manually configure the RAID controller with a keyboard/monitor
+- Members Static IPs: **10.200.0.0/24**
-  - One RAID 1 group for the first two disks (boot/os drive)
+- Admin: **10.200.10.0/24**
-  - One RAID 0 group for the rest
+- IoT **10.200.20.0/24**
-- Make sure the system option is set to turn on when power is lost
-- Install Ubuntu 24 from a flash drive
-  - Create a LACP bond for NICs 1 and 2 with the IP: 10.200.10.234
-  - Mount the data drive to /mnt/data
-- Make the default username "cto" with a reasonable password
-- Run `make ansible`!
-Here's the cloudflared config at the time of provisioning:
+Management points:
-```yaml
+- **10.200.10.1**: Mikrotik router web interface (get creds from acting CTO)
-tunnel: ef56e4b9-3eb1-4525-8b77-dcc2625247bd
-credentials-file: /root/.cloudflared/ef56e4b9-3eb1-4525-8b77-dcc2625247bd.json
-originRequest:
+### Switch Ports
-  connectTimeout: 10s
-ingress:
+TODO
-  - hostname: frigate.thelab.ms
-    service: http://127.0.0.1:8971
-  - service: http_status:404
-```