TheLab.ms Wiki

User Tools

Site Tools

infra

**This is an old revision of the document!**

Table of Contents

IT Infrastructure

Network

TheLab has a MikroTik router with a handful of APs, and a Cisco switch for PoE and extra ports.

The network is divided up into a few subnets, each on their own vlan.

  • Members: 10.200.1.0/24
  • Members Static IPs: 10.200.0.0/24
  • Infrastructure: 10.200.10.0/24
  • Cameras: 10.200.20.0/24
  • Access Control: 10.220.4.0/24

Management points:

  • 10.200.10.1: Mikrotik router web interface
  • 10.200.10.2: Cisco network switch

Switch Ports

The switch has 4 obvious bays of ports, each assigned to a VLAN like:

  • Cameras
  • Members
  • Infrastructure
  • Access Control

Servers

foobar.thelab.ms

Foobar is the main internet-facing server running Conway and Dokuwiki.

Provisioning Process

  • Azure Standard_B1s running Ubuntu 24.04 in southcentralus.
  • Enable daily Azure backups during provisioning.
  • Manually populate IP in Cloudflare dns record (foobar.thelab.ms)
  • The cto user should trust the current acting CTO's ssh pubkey. It can always be updated through the Azure portal.
  • Manually install cloudflared for tunneling. It would be hard to automate, very easy to do by hand.
    • Make sure to run as a service i.e. cloudflared service install
  • Run make ansible!

Here's the cloudflared config at the time of provisioning:

snippet.yaml
tunnel: 496df05d-fb69-4164-8f85-25d9805d028b
credentials-file: /root/.cloudflared/496df05d-fb69-4164-8f85-25d9805d028b.json

originRequest:
  connectTimeout: 10s

ingress:
  - hostname: members.thelab.ms
    service: http://localhost:8080

  - hostname: docs.thelab.ms
    service: http://localhost:8081

  - service: http_status:404

baz.thelab.ms

Baz is the main on-prem server at TheLab.

Provisioning Process

  • Dell 16 core by 96gb r710 with a bunch of SSDs
  • Manually configure the RAID controller with a keyboard/monitor
    • One RAID 1 group for the first two disks (boot/os drive)
    • One RAID 0 group for the rest
  • Make sure the system option is set to turn on when power is lost
  • Install Ubuntu 24 from a flash drive
    • Create a LACP bond for NICs 1 and 2 with the IP: 10.200.10.234
    • Mount the data drive to /mnt/data
  • Make the default username “cto” with a reasonable password
  • Run make ansible!

Here's the cloudflared config at the time of provisioning:

snippet.yaml
tunnel: ef56e4b9-3eb1-4525-8b77-dcc2625247bd
credentials-file: /root/.cloudflared/ef56e4b9-3eb1-4525-8b77-dcc2625247bd.json

originRequest:
  connectTimeout: 10s

ingress:
  - hostname: frigate.thelab.ms
    service: http://127.0.0.1:8971

  - service: http_status:404
infra.1735831872.txt.gz · Last modified: 2025/01/02 15:31 by cto
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki