TheLab.ms Wiki

User Tools

Site Tools

infra

**This is an old revision of the document!**

Table of Contents

Please don't tinker with the IT infrastructure - the daily operations of the space depend on it! If you want to change something, ask someone who's been around for a while first.

IT Infrastructure

The acting CTO is responsible for maintaining TheLab's network/server infrastructure.

Network

TheLab has a MikroTik router with a handful of APs, and a Cisco switch for PoE and extra ports.

The network is divided up into a few subnets, each on their own vlan.

  • Members: 10.200.1.0/24
  • Members Static IPs: 10.200.0.0/24
  • Infrastructure: 10.200.10.0/24
  • Cameras: 10.200.20.0/24
  • Access Control: 10.220.4.0/24

Management points:

  • 10.200.10.1: Mikrotik router web interface
  • 10.200.10.2: Cisco network switch

Switch Ports

The switch has 4 obvious bays of ports, each assigned to a VLAN like:

  • Cameras
  • Members
  • Infrastructure
  • Access Control

CDN (Cloudflare)

We use Cloudflare for various things including (most importantly) DNS. The account is associated with [email protected], so new CTOs should go reset the password to get access. Things don't change often in this account but it's worth knowing that it exists.

Servers

foobar.thelab.ms

Foobar is the main internet-facing server running Conway and Dokuwiki.

Provisioning Process

  • Azure Standard_B1s running Ubuntu 24.04 in southcentralus.
  • Enable daily Azure backups during provisioning.
  • Manually populate IP in Cloudflare dns record (foobar.thelab.ms)
  • The cto user should trust the current acting CTO's ssh pubkey. It can always be updated through the Azure portal.
  • Manually install cloudflared for tunneling. It would be hard to automate, very easy to do by hand.
    • Make sure to run as a service i.e. cloudflared service install
  • Run make ansible!

Here's the cloudflared config at the time of provisioning:

snippet.yaml
tunnel: <redacted>
credentials-file: /root/.cloudflared/<redacted>.json

originRequest:
  connectTimeout: 10s

ingress:
  - hostname: members.thelab.ms
    service: http://localhost:8080

  - hostname: docs.thelab.ms
    service: http://localhost:8081

  - service: http_status:404

baz.thelab.ms

Baz is the main on-prem server at TheLab.

Provisioning Process

  • Dell 16 core by 96gb r710 with a bunch of SSDs
  • Manually configure the RAID controller with a keyboard/monitor
    • One RAID 1 group for the first two disks (boot/os drive)
    • One RAID 0 group for the rest
  • Make sure the system option is set to turn on when power is lost
  • Install Ubuntu 24 from a flash drive
    • Create a LACP bond for NICs 1 and 2 with the IP: 10.200.10.234
    • Mount the data drive to /mnt/data
  • Make the default username “cto” with a reasonable password
  • Run make ansible!

Here's the cloudflared config at the time of provisioning:

snippet.yaml
tunnel: <redacted>
credentials-file: /root/.cloudflared/<redacted>.json

originRequest:
  connectTimeout: 10s

ingress:
  - hostname: frigate.thelab.ms
    service: http://127.0.0.1:8971

  - service: http_status:404
infra.1736464408.txt.gz · Last modified: 2025/01/09 23:13 by 6b86b273-ff34-fce1-9d6b-804eff5a3f57
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki