Differences

This shows you the differences between two versions of the page.

--- infra [2025/01/09 23:13] – 6b86b273-ff34-fce1-9d6b-804eff5a3f57
+++ infra [2026/01/18 00:12] (current) – removed ef2d127d-e37b-942b-aad0-6145e54b0c61
@@ Line 1: / Line 1: @@
-----
-**Please don't tinker with the IT infrastructure - the daily operations of the space depend on it! If you want to change something, ask someone who's been around for a while first.**
-----
-# IT Infrastructure
-The acting CTO is responsible for maintaining TheLab's network/server infrastructure.
-## Network
-TheLab has a MikroTik router with a handful of APs, and a Cisco switch for PoE and extra ports.
-The network is divided up into a few subnets, each on their own vlan.
-- Members: 10.200.1.0/24
-- Members Static IPs: 10.200.0.0/24
-- Infrastructure: 10.200.10.0/24
-- Cameras: 10.200.20.0/24
-- Access Control: 10.220.4.0/24
-Management points:
-- 10.200.10.1: Mikrotik router web interface
-- 10.200.10.2: Cisco network switch
-### Switch Ports
-The switch has 4 obvious bays of ports, each assigned to a VLAN like:
-- Cameras
-- Members
-- Infrastructure
-- Access Control
-## CDN (Cloudflare)
-We use Cloudflare for various things including (most importantly) DNS. The account is associated with [email protected], so new CTOs should go reset the password to get access. Things don't change often in this account but it's worth knowing that it exists.
-## Servers
-### foobar.thelab.ms
-Foobar is the main internet-facing server running [Conway](https://github.com/TheLab-ms/conway) and [Dokuwiki](https://docs.thelab.ms).
-#### Provisioning Process
-- Azure Standard_B1s running Ubuntu 24.04 in southcentralus.
-- Enable daily Azure backups during provisioning.
-- Manually populate IP in Cloudflare dns record (foobar.thelab.ms)
-- The cto user should trust the current acting CTO's ssh pubkey. It can always be updated through the Azure portal.
-- Manually install cloudflared for tunneling. It would be hard to automate, very easy to do by hand.
-  - Make sure to run as a service i.e. `cloudflared service install`
-- Run `make ansible`!
-Here's the cloudflared config at the time of provisioning:
-```yaml
-tunnel: <redacted>
-credentials-file: /root/.cloudflared/<redacted>.json
-originRequest:
-  connectTimeout: 10s
-ingress:
-  - hostname: members.thelab.ms
-    service: http://localhost:8080
-  - hostname: docs.thelab.ms
-    service: http://localhost:8081
-  - service: http_status:404
-```
-### baz.thelab.ms
-Baz is the main on-prem server at TheLab.
-#### Provisioning Process
-- Dell 16 core by 96gb r710 with a bunch of SSDs
-- Manually configure the RAID controller with a keyboard/monitor
-  - One RAID 1 group for the first two disks (boot/os drive)
-  - One RAID 0 group for the rest
-- Make sure the system option is set to turn on when power is lost
-- Install Ubuntu 24 from a flash drive
-  - Create a LACP bond for NICs 1 and 2 with the IP: 10.200.10.234
-  - Mount the data drive to /mnt/data
-- Make the default username "cto" with a reasonable password
-- Run `make ansible`!
-Here's the cloudflared config at the time of provisioning:
-```yaml
-tunnel: <redacted>
-credentials-file: /root/.cloudflared/<redacted>.json
-originRequest:
-  connectTimeout: 10s
-ingress:
-  - hostname: frigate.thelab.ms
-    service: http://127.0.0.1:8971
-  - service: http_status:404
-```