TheLab.ms Wiki

User Tools

Site Tools

infra

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infra [2025/01/09 23:13] 6b86b273-ff34-fce1-9d6b-804eff5a3f57infra [2025/03/07 22:37] (current) ef2d127d-e37b-942b-aad0-6145e54b0c61
Line 1: Line 1:
 +# IT Infrastructure
 +
 ---- ----
  
-**Please don't tinker with the IT infrastructure the daily operations of the space depend on it! If you want to change something, ask someone who's been around for a while first.**+**Please don't tinker with the infra - daily operations of the space depend on it! If you want to change something, ask someone who's been around for a while first.**
  
 ---- ----
  
 +## Servers
  
-# IT Infrastructure+<nspages :servers -customTitle="{title}" -textPages="" -tree>
  
-The acting CTO is responsible for maintaining TheLab'network/server infrastructure.+## Cloudflare 
 + 
 +We use Cloudflare for various things including (most importantly) DNS. The account is associated with [email protected], so new CTOs should go reset the password to get access. Things don't change often in this account but it'worth knowing that it exists. 
 + 
 +Cloudflare tunnels are used for all ingress to our servers - no need to worry about rotating TLS certs, free DDoS protection, etc.
  
 +
 +## Github
 +
 +Any active members working on code-related projects can be added as a member of TheLab's Github org: https://github.com/TheLab-ms.
 +
 +
 +## Monitoring
 +
 +We have a shared [cronitor](https://cronitor.io) account used for uptime checks. Failing checks are posted to #it and visible publicly at https://status.thelab.ms
  
 ## Network ## Network
Line 17: Line 33:
 The network is divided up into a few subnets, each on their own vlan. The network is divided up into a few subnets, each on their own vlan.
  
-- Members: 10.200.1.0/24 +- Members: **10.200.1.0/24** 
-- Members Static IPs: 10.200.0.0/24 +- Members Static IPs: **10.200.0.0/24** 
-- Infrastructure: 10.200.10.0/24 +- Infrastructure: **10.200.10.0/24** 
-- Cameras: 10.200.20.0/24 +- Cameras: **10.200.20.0/24** 
-- Access Control: 10.220.4.0/24+- Access Control: **10.220.4.0/24**
  
 Management points: Management points:
  
-- 10.200.10.1: Mikrotik router web interface +**10.200.10.1**: Mikrotik router web interface (get creds from acting CTO) 
-- 10.200.10.2: Cisco network switch+**10.200.10.2**: Cisco network switch 
 +  - `ssh [email protected] -c aes256-cbc -o KexAlgorithms=diffie-hellman-group-exchange-sha1 -o PubkeyAcceptedAlgorithms=+ssh-rsa -o HostKeyAlgorithms=+ssh-rsa`
  
 ### Switch Ports ### Switch Ports
Line 36: Line 53:
 - Infrastructure - Infrastructure
 - Access Control - Access Control
- 
-## CDN (Cloudflare) 
- 
-We use Cloudflare for various things including (most importantly) DNS. The account is associated with [email protected], so new CTOs should go reset the password to get access. Things don't change often in this account but it's worth knowing that it exists. 
- 
-## Servers 
- 
-### foobar.thelab.ms 
- 
-Foobar is the main internet-facing server running [Conway](https://github.com/TheLab-ms/conway) and [Dokuwiki](https://docs.thelab.ms). 
- 
-#### Provisioning Process 
- 
-- Azure Standard_B1s running Ubuntu 24.04 in southcentralus. 
-- Enable daily Azure backups during provisioning. 
-- Manually populate IP in Cloudflare dns record (foobar.thelab.ms) 
-- The cto user should trust the current acting CTO's ssh pubkey. It can always be updated through the Azure portal. 
-- Manually install cloudflared for tunneling. It would be hard to automate, very easy to do by hand. 
-  - Make sure to run as a service i.e. `cloudflared service install` 
-- Run `make ansible`! 
- 
-Here's the cloudflared config at the time of provisioning: 
- 
-```yaml 
-tunnel: <redacted> 
-credentials-file: /root/.cloudflared/<redacted>.json 
- 
-originRequest: 
-  connectTimeout: 10s 
- 
-ingress: 
-  - hostname: members.thelab.ms 
-    service: http://localhost:8080 
- 
-  - hostname: docs.thelab.ms 
-    service: http://localhost:8081 
- 
-  - service: http_status:404 
-``` 
- 
-### baz.thelab.ms 
- 
-Baz is the main on-prem server at TheLab. 
- 
-#### Provisioning Process 
- 
-- Dell 16 core by 96gb r710 with a bunch of SSDs 
-- Manually configure the RAID controller with a keyboard/monitor 
-  - One RAID 1 group for the first two disks (boot/os drive) 
-  - One RAID 0 group for the rest 
-- Make sure the system option is set to turn on when power is lost 
-- Install Ubuntu 24 from a flash drive 
-  - Create a LACP bond for NICs 1 and 2 with the IP: 10.200.10.234 
-  - Mount the data drive to /mnt/data 
-- Make the default username "cto" with a reasonable password 
-- Run `make ansible`! 
- 
-Here's the cloudflared config at the time of provisioning: 
- 
-```yaml 
-tunnel: <redacted> 
-credentials-file: /root/.cloudflared/<redacted>.json 
- 
-originRequest: 
-  connectTimeout: 10s 
- 
-ingress: 
-  - hostname: frigate.thelab.ms 
-    service: http://127.0.0.1:8971 
- 
-  - service: http_status:404 
-``` 
  
infra.1736464408.txt.gz · Last modified: 2025/01/09 23:13 by 6b86b273-ff34-fce1-9d6b-804eff5a3f57
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki