yepoleb/its-network
1
0
Fork 0
forked from IT-Syndikat/its-network
Code Pull requests Activity

Compare commits

...

No commits in common. "main" and "master" have entirely different histories.
main ... master

83 changed files with 0 additions and 25787 deletions

27
.forgejo/workflows/deploy.yml
View file

@ -1,27 +0,0 @@
name: ci # (1)!
on:
push:
branches:
- master # (2)!
- main
workflow_dispatch:
permissions:
contents: write
jobs:
deploy:
container:
image: tea.srv.it-syndikat.org/arch/archimage:latest
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
lfs: true
- run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV # (3)!
- name: "Build mkdocs site"
run: |
mkdocs build
echo "${{ secrets.SSH_DOCS }}" > ~/.ssh/id_ed25519
echo "web.srv.it-syndikat.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHBRXGn/UNvz31QMDm1jqR+97aZ0xy6kQS9wnuDOukET" >> ~/.ssh/known_hosts
chmod -R 700 ~/.ssh
rsync -vva --delete-after site/* deployer@web.srv.it-syndikat.org:/

3
.gitattributes vendored
View file

@ -1,3 +0,0 @@
*.jpeg filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored
View file

@ -1 +0,0 @@
site/

86
docs/README.md
View file

@ -1,86 +0,0 @@
# IT-Syndikat Documentation
You reached the IT-Syndikat network, hardware, and catchall "I want to document"
dump. If stuff is down, shortly ahead of going down, feels like its' about to
go down or just in general interests you, this is the place to look.
## Space Local Documentation
The [space](space/README.md) hase some hardware infrastructure:
- IP [Router](space/router.md)
- 802.1 Ethernet [Switches](space/switch.md)
- 802.11 WLAN [Access-Points](space/access_points.md)
a general purpose hypervisor:
- Proxmox Hypervisor [acraze](space/srv-acraze/acraze.md) running
- Database VM [pgsql](space/srv-acraze/database.md)
- Local recursive resolver and Auth. NS [velcro](space/srv-acraze/dns.md)
- Git forge [tea](space/srv-acraze/gitea.md)
- Mail VM [blackmail](space/srv-acraze/mail.md)
- Matrix chat VM [matrix](space/srv-acraze/matrix.md)
- Bitwarden team PW manager VM [vaultwarden](space/srv-acraze/vaultwarden.md)
- "New" General web VM [web-general](space/srv-acraze/web-general.md)
- "Old" web VM for it-s.org blog [web-its](space/srv-acraze/web-its.md)
- Calamity Monitoring [zabbix](space/srv-acraze/zabbix.md)
as well as nerd entertainment
- [Schmuddelkiste](space/schmuddelkiste.md) General Purpose PC
and manufacturing equipment
- [ITS-MIMAKI](space/mimaki.md) CNC Plotter/Cutter
- [2D Printers](space/2d-printer.md)
- [3D Printers](space/3d-printer.md)
The Electrical Infrastructure powering it all also got some documentation as of
lately:
* [Electrical Behind the scenes](space/electrical/README.md)
## Remote VMs
We own and operate VMs on other peoples hardware, also known as VPSes. These are
currently limited to:
- Hetzner VPS, reverse proxy [srv.hc](cloud/srv.md)
- Alwyzon VPS, IPv6 and DNS [hannibass](cloud/hannibass.md)
## Archival links
Repositories of deprecated services, devices and other related things may be
linked below:
- Some Network documentation, mainly on the access points, by dxld:
<https://github.com/IT-Syndikat/its-network-docs>
- Mimaki vinyl Cutter:
<https://github.com/IT-Syndikat/its-mimaki>
- Oki Printer
<https://github.com/IT-Syndikat/oki-c8600-ppd>
- Router
<https://github.com/IT-Syndikat/its-gateway>
<https://github.com/IT-Syndikat/its-sozial>
- ITS isitopen
<https://github.com/IT-Syndikat/its-syn-open>
Note: This list is still incomplete. You can help by expanding it.
# LICENSE
This document, and all other documents in this repository, except stated
otherwise, are licensed under the creative commons cc-by 4.0 liense. A copy of
the license may be obtained here:
<https://creativecommons.org/licenses/by/4.0/legalcode>

36
docs/cloud/hannibass.md
View file

@ -1,36 +0,0 @@
# Location
The VM is running as hannibass.it-syndikat.org somewhere in an alwyzon
datacenter.
# Maintainers
- @tyrolyean: Entire suite of garbage
# Technical
## Routing
The server has a publicly routable IPv4 and IPv6 address, as well as the current
IPv6 subnet used by the IT-Syndikat: `2a0d:f302:e054::/48`. Only the 00 block of
this /48 is routed towards the space, see the
[Router documentation](../space/router.md) for space IP-Address allocations.
## Firewalling
The firewall is configured to allow all outbound traffic, and deny all inbound
traffic. If you want to allow inbound IPv6 for your service, use the subnet it
is in as a general direction, and specify closer inside the firewall on sozial.
## DNS
Hannibass is the recursor for all queries originating from the space, as well as
one of our authoritative NSes. See the
[DNS master docs](../space/srv-acraze/dns.md) for further details.
# History
This vps replaces the previous BGP routed subnet entirely. The original idea of
the space being the IPv6 ISP of multiple people never reached it's final goal,
and was ultimately abandoned because the community did not feel like bearing
the cost of multiple BGP providers.

67
docs/cloud/srv.md
View file

@ -1,67 +0,0 @@
# Location
The VM is running as srv.hc.it-syndikat.org in the hetzner cloud.
# Maintainers
- @dxld @lambda dns/VM Maintenance
- @tyrolyean @minato: Mail services
- @tyrolyean: Proxy services
# Technical
## Routing
The server itself has IPv6 and IPv4 addresses from hetzner, which it uses to
access (and be accessed by) the broader internet. It is connected to the ITS
intranet via a wireguard tunnel using the 10.17.7.0/24 and
2a0c:9a40:8070:70::/64 subnets. It can access internal services dual stack via
this tunnel. The tunnel interface has a record at `srv.srv.it-syndikat.org`.
## DNS
SRV is one of our authoritative NSes, please see the
[DNS master docs](../space/srv-acraze/dns.md) for further details.
## mail server
The system is running a postfix instance which solely acts as a relay for
outbound mail traffic. All inbound mail traffic is being processed on
`blackmail.srv.it-syndikat.org`. Postfix therefore only accepts mail inbound
on the wg0 interface on port 25 and only from the server subnets.
Traffic is relayed to and from this host to avoid mail being classified as spam
due to the originating ip being a dynamic.
## Proxy server
The server utilizes a haproxy to redirect inbound traffic to backend servers.
Services have been moved from `infectedmushroom.srv.it-syndikat.org` to this
server on 2022-11-28, which effectively obsoletes infectedmushroom.
Services have been migrated after a reboot of the machine managed to brick the
snid proxy setup we previously had.
If you would like to add a service which connects inbound via http/s, please
add it to the haproxy config at `/etc/haproxy/haproxy.cfg`. Check wether the
configuration is valid using the
`sudo haproxy -c -V -f /etc/haproxy/haproxy.cfg` command.
## NGINX
The server also operates an NGINX webserver to host the `it-syndik.at` and
`spaceapi.it-syndikat.org` domains. The former is merely used to redirect
matrix to the correct subdomains whilest the latter is hosted there to
achieve a better uptime (though that was up for debate at the time wether it
was actually nescessary).
After changes check wether the configuration you have produced is valid using
the `sudo nginx -T` command.
### SpaceAPI
The server hosts the [API endpoints](https://git.it-syndikat.org/IT-Syndikat/ITSynOpen/src/branch/master/server)
to read and update the [SpaceAPI](https://spaceapi.io/) status, as well as to
handle the "spaceping".
This service produces a hard dependency on php and php-fpm. Please don't remove
those.

42
docs/disaster_recovery.md
View file

@ -1,42 +0,0 @@
% ITS Disaster recovery plan
# About
This file describes how to perform disaster recovery if everything breaks down.
As I cannot cover all of the catastrophic events that may occur, I will cover
what comes to my mind why everything would stop working.
## Scenario 1: Hypervisor dies
The current hypervisor (namely acraze.srv.it-syndikat.org) may spontaneously
die. First check wether the server is just hanging in unlock (it probably is).
If the server has died for real this time: that may happen at any time for any
reason. The most simple and probably
fastest recovery method is putting all hard disks inside a new similar server
and booting from those. If that is not an option, we have daily backups on
`bringmethehorizon.cuco` (the server inside of cuco which is now virtualized).
You can of course restore from there at any point in time. The servers are all
connected to a single port on the firewall. Restoring should be a pretty fast
operation overall. Network configuration is handled entirely by the firewall.
## Scenario 2: The firewall dies
The current firewall (namely sozial.asozial.it-syndikat.org) may spontaneously
catch fire and die at any time. To recover from this event try booting the
internal ssd on any hardware having the same or more network ports. The os will
detect the interface changes and ask you to reassign them. If that is not an
option I have copied a few router configurations inside this git repository
inside the resources section. Install pfsense and restore this configuration
on alternative hardware. This process should be fairly straightforward.
## Scenario 3: The ldap server dies
This may happen for a very large amount of reasons. If you are relying on ldap
for authorization on hosts, this may be disaster for you. If you have access to
the vaultwarden (which does not rely on ldap) you can use the recovery root ssh
key and ssh into the ldap machine (currently blacksunempire.srv.it-syndikat.org)
and diagnose slapd. This may be resolved by simply restarting slapd.service, or
less easily by actually debugging slapd, in which case you should probably
contact someone who has knowledge of ldap. If you don't have access to the
vaultwarden, contact someone who has. If you are reading this as a precautionary
measure: register inside the vaultwarden and download the ssh key.

BIN
docs/img/its.ico
View file

Binary file not shown.
Side by side

Before

(image error) Size: 1.1 KiB

BIN
docs/img/its.png (Stored with Git LFS)
View file

Binary file not shown.

75
docs/img/its.svg
View file

@ -1,75 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Generator: Adobe Illustrator 15.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg
version="1.1"
id="Ebene_1"
x="0px"
y="0px"
width="600"
height="408.35593"
viewBox="0 0 600.00001 408.35595"
enable-background="new 0 0 327.228 277.8"
xml:space="preserve"
inkscape:version="1.4 (e7c3feb100, 2024-10-09)"
sodipodi:docname="its.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"><metadata
id="metadata45"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs43" /><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1916"
inkscape:window-height="1033"
id="namedview41"
showgrid="false"
inkscape:zoom="0.84953207"
inkscape:cx="-7.0627116"
inkscape:cy="91.815251"
inkscape:window-x="0"
inkscape:window-y="22"
inkscape:window-maximized="1"
inkscape:current-layer="Ebene_1"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0"
inkscape:showpageshadow="2"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1" /><g
id="g5"
style="fill:#00ff00"
transform="matrix(2.5688994,0,0,2.5688994,-123.72546,-101.79263)"><circle
id="circle7"
r="18.76"
cy="58.384998"
cx="70.221001"
style="fill:#00ff00" /><g
id="g9"
style="fill:#00ff00"><path
inkscape:connector-curvature="0"
id="path11"
d="m 262.107,86.738 c -3.213,0 -6.232,0.814 -8.875,2.241 -0.67,0.362 -1.623,-0.303 -1.623,-1.102 0,-4.884 -3.959,-8.843 -8.842,-8.843 -4.885,0 -8.844,3.959 -8.844,8.843 0,4.882 3.959,8.841 8.844,8.841 1.088,0 2.217,1.077 1.875,1.947 -0.834,2.116 -1.297,4.417 -1.297,6.829 0,10.36 8.4,18.759 18.762,18.759 10.359,0 18.758,-8.398 18.758,-18.759 0,-10.357 -8.398,-18.756 -18.758,-18.756 z"
style="fill:#00ff00" /><path
inkscape:connector-curvature="0"
id="path13"
d="m 281.6,166.018 c -0.426,-13.476 -8.039,-26.154 -21.037,-30.815 -6.316,-2.266 -12.584,-2.097 -19.143,-1.548 -2.504,0.207 -5.115,0.693 -7.545,-0.168 -3.383,-1.199 -5.777,-4.411 -5.953,-7.996 -0.127,-2.584 1.693,-5.291 2.309,-7.762 0.76,-3.033 0.848,-6.188 0.344,-9.268 -0.879,-5.357 -3.512,-10.425 -7.691,-13.939 C 217.603,90.081 210.993,88.96 204.345,88.95 189.107,88.929 173.866,88.908 158.63,88.888 138.362,88.86 118.099,88.831 97.833,88.804 90.925,88.794 84.015,88.784 77.104,88.775 72.858,88.769 68.733,88.523 64.655,89.65 51.843,93.193 44.8,107.625 49.76,119.909 c 1.41,3.497 3.818,6.201 6.164,8.867 2.588,2.939 4.389,6.54 5.176,10.377 0.807,3.958 0.543,8.126 -0.777,11.946 -0.633,1.834 -1.508,3.583 -2.59,5.195 -0.314,0.469 -3.422,4.006 -3.377,4.082 -10.48,10.483 -6.988,28.797 5.797,35.582 12.314,6.535 28.111,0.018 32.213,-13.344 1.848,-6.009 1.201,-13.42 -2.039,-18.833 -1.775,-2.968 -4.666,-4.768 -6.547,-7.612 -2.336,-3.533 -3.637,-7.697 -3.734,-11.931 -0.348,-15.086 14.549,-26.507 29.035,-22.224 15.182,4.486 21.156,23.603 11.15,35.934 -1.215,1.498 -2.682,2.75 -3.855,4.284 -1.271,1.659 -2.312,3.495 -3.078,5.44 -1.586,4.026 -1.977,8.496 -1.129,12.74 1.693,8.469 7.9,15.123 16.26,17.384 15.057,4.076 30.102,-8.317 28.67,-23.922 -0.383,-4.166 -1.941,-8.187 -4.461,-11.523 -2.379,-3.148 -5.146,-5.7 -6.75,-9.476 -2.992,-7.047 -2.146,-15.347 2.191,-21.644 4.018,-5.829 10.674,-9.511 17.752,-9.784 5.588,-0.216 12.305,1.91 16.301,5.852 2.236,2.206 3.898,4.965 4.977,7.906 0.975,2.665 1.064,5.205 1.393,7.972 0.705,6.001 5.246,8.878 10.697,10.235 2.617,0.65 5.291,1.038 7.914,1.656 2.998,0.706 6.211,1.38 8.324,3.799 4.691,5.369 0.896,16.088 -7.031,14.802 -2.611,-0.423 -4.932,-1.22 -7.586,-0.677 -3.43,0.701 -6.479,2.824 -8.342,5.783 -4.154,6.598 -1.408,16.133 6.053,18.896 3.768,1.395 8.891,1.33 12.236,-1.135 2.721,-2.005 3.162,-6.658 6.869,-7.48 4.391,-1.783 7.611,0.51 10.893,3.162 1.859,1.504 4.049,2.544 6.309,3.296 3.5,1.167 7.193,1.71 10.857,2.037 3.994,0.354 7.908,0.403 11.818,-0.595 6.818,-1.745 12.807,-6.023 17.115,-11.533 4.268,-5.45 7.194,-12.396 6.972,-19.405 -0.553,-17.409 0.466,14.73 0,0 z"
style="fill:#00ff00" /><path
style="fill:#00ff00;stroke:#000000;stroke-miterlimit:10"
inkscape:connector-curvature="0"
id="path15"
d="M 209.236,167.063"
stroke-miterlimit="10" /></g></g></svg>
Side by side

Before

(image error) Size: 4.9 KiB

42
docs/space/2d-printer.md
View file

@ -1,42 +0,0 @@
# About
This file contains the documentation of 2D printers in the IT-Syndikat. It
currently boils down to two working devices.
# Devices
- A KONICA MINOLTA BIZHUB 20P
OWNER AND MAINTANIER: the space itself
- A OKI C8600
OWNER AND MAINTAINER: @gwrx
# Technicals
## KONICA MINOLTA BIZHUB 20P
The printer was gifted via the CUCO and has a local IP. It was tested with a
fedora 32 and worked out of the box via local printer discovery magic. IPP
should do you just fine.
## OKI C8600
The Oki Printer has only 1 Slot for Paper: A4. It is not working on linux, and
is owned and maintained by @gwrx. It has a pre-instelled ethernet card. It is
capable of priting colors.
# Network
All printers get their ips via DHCP. The dhcp server is configured to give the
printers a static IP-Address. The printer VLAN has been removed in consultation
with the network maintainer(s).
## KONICA MINOLTA BIZHUB 20P
Should be reachable at BIZHUB.asozial.it-syndikat.org or IP-Address 10.17.54.12.
## OKI C8600
Should be reachable at C8600.asozial.it-syndikat.org; IP-Address is dynamic.

15
docs/space/3d-printer.md
View file

@ -1,15 +0,0 @@
# About
This file contains the documentation of 3D Printers in the IT-Syndikat. It
currently boils down to one octopi installation.
Current Maintainer:
- Lux: Hardware and Software Maintainer and magician
# Hardware
We have 2 3d-printers as of now:
* [Wan-Hao Duplicator I3](3d-printer/wanhao/README.md)
* [Ender 3](3d-printer/ender/README.md)

5
docs/space/3d-printer/ender/README.md
View file

@ -1,5 +0,0 @@
# 3D printer Creality Ender-3
Fluidd web GUI: <http://kmfdm.asozial.it-syndikat.org/>
Cura printer profile should work as-is

8
docs/space/3d-printer/wanhao/README.md
View file

@ -1,8 +0,0 @@
# 3d-Printer Wanhao Duplicator
* Fluidd Webgui: <http://fluidd.asozial.it-syndikat.org/> (user / passwowrd no longer required)
* send-to-octoprint api still works

578
docs/space/3d-printer/wanhao/prusa-slicer/PrusaSlicer_config_bundle.ini
View file

@ -1,578 +0,0 @@
# generated by PrusaSlicer 2.7.1 on 2024-02-01 at 00:47:45 UTC
[print:Wanhao i3]
arc_fitting = disabled
avoid_crossing_curled_overhangs = 0
avoid_crossing_perimeters = 0
avoid_crossing_perimeters_max_detour = 0
bottom_fill_pattern = monotonic
bottom_solid_layers = 3
bottom_solid_min_thickness = 0
bridge_acceleration = 0
bridge_angle = 0
bridge_flow_ratio = 1
bridge_speed = 60
brim_separation = 0
brim_type = outer_only
brim_width = 0
compatible_printers =
compatible_printers_condition =
complete_objects = 0
default_acceleration = 0
dont_support_bridges = 1
draft_shield = disabled
elefant_foot_compensation = 0
enable_dynamic_overhang_speeds = 0
external_perimeter_acceleration = 0
external_perimeter_extrusion_width = 0.45
external_perimeter_speed = 50%
external_perimeters_first = 0
extra_perimeters = 1
extra_perimeters_on_overhangs = 0
extruder_clearance_height = 20
extruder_clearance_radius = 20
extrusion_width = 0.45
fill_angle = 45
fill_density = 20%
fill_pattern = stars
first_layer_acceleration = 0
first_layer_acceleration_over_raft = 0
first_layer_extrusion_width = 120%
first_layer_height = 0.35
first_layer_speed = 30
first_layer_speed_over_raft = 30
fuzzy_skin = none
fuzzy_skin_point_dist = 0.8
fuzzy_skin_thickness = 0.3
gap_fill_enabled = 1
gap_fill_speed = 20
gcode_comments = 0
gcode_label_objects = disabled
gcode_resolution = 0.0125
gcode_substitutions =
infill_acceleration = 0
infill_anchor = 600%
infill_anchor_max = 50
infill_every_layers = 1
infill_extruder = 1
infill_extrusion_width = 0.45
infill_first = 0
infill_overlap = 25%
infill_speed = 80
inherits =
interface_shells = 0
ironing = 0
ironing_flowrate = 15%
ironing_spacing = 0.1
ironing_speed = 15
ironing_type = top
layer_height = 0.3
max_print_speed = 80
max_volumetric_extrusion_rate_slope_negative = 0
max_volumetric_extrusion_rate_slope_positive = 0
max_volumetric_speed = 0
min_bead_width = 85%
min_feature_size = 25%
min_skirt_length = 0
mmu_segmented_region_interlocking_depth = 0
mmu_segmented_region_max_width = 0
notes =
only_retract_when_crossing_perimeters = 0
ooze_prevention = 0
output_filename_format = [input_filename_base].gcode
overhang_speed_0 = 15
overhang_speed_1 = 15
overhang_speed_2 = 20
overhang_speed_3 = 25
overhangs = 1
perimeter_acceleration = 0
perimeter_extruder = 1
perimeter_extrusion_width = 0.45
perimeter_generator = arachne
perimeter_speed = 60
perimeters = 3
post_process =
print_settings_id =
raft_contact_distance = 0.1
raft_expansion = 1.5
raft_first_layer_density = 90%
raft_first_layer_expansion = 3
raft_layers = 0
resolution = 0
seam_position = aligned
single_extruder_multi_material_priming = 1
skirt_distance = 6
skirt_height = 1
skirts = 4
slice_closing_radius = 0.049
slicing_mode = regular
small_perimeter_speed = 15
solid_infill_acceleration = 0
solid_infill_below_area = 70
solid_infill_every_layers = 0
solid_infill_extruder = 1
solid_infill_extrusion_width = 0.45
solid_infill_speed = 20
spiral_vase = 0
staggered_inner_seams = 0
standby_temperature_delta = -5
support_material = 0
support_material_angle = 0
support_material_auto = 1
support_material_bottom_contact_distance = 0
support_material_bottom_interface_layers = -1
support_material_buildplate_only = 0
support_material_closing_radius = 2
support_material_contact_distance = 0.2
support_material_enforce_layers = 0
support_material_extruder = 1
support_material_extrusion_width = 0.35
support_material_interface_contact_loops = 0
support_material_interface_extruder = 1
support_material_interface_layers = 3
support_material_interface_pattern = rectilinear
support_material_interface_spacing = 0
support_material_interface_speed = 100%
support_material_pattern = rectilinear
support_material_spacing = 2.5
support_material_speed = 60
support_material_style = grid
support_material_synchronize_layers = 0
support_material_threshold = 0
support_material_with_sheath = 1
support_material_xy_spacing = 50%
support_tree_angle = 40
support_tree_angle_slow = 25
support_tree_branch_diameter = 2
support_tree_branch_diameter_angle = 5
support_tree_branch_diameter_double_wall = 3
support_tree_branch_distance = 1
support_tree_tip_diameter = 0.8
support_tree_top_rate = 15%
thick_bridges = 1
thin_walls = 1
top_fill_pattern = monotonic
top_infill_extrusion_width = 0.4
top_solid_infill_acceleration = 0
top_solid_infill_speed = 15
top_solid_layers = 3
top_solid_min_thickness = 0
travel_acceleration = 0
travel_speed = 130
travel_speed_z = 0
wall_distribution_count = 1
wall_transition_angle = 10
wall_transition_filter_deviation = 25%
wall_transition_length = 100%
wipe_tower = 0
wipe_tower_bridging = 10
wipe_tower_brim_width = 2
wipe_tower_cone_angle = 0
wipe_tower_extra_spacing = 100%
wipe_tower_extruder = 0
wipe_tower_no_sparse_layers = 0
wipe_tower_rotation_angle = 0
wipe_tower_width = 60
wipe_tower_x = 180
wipe_tower_y = 140
xy_size_compensation = 0
[filament:Extrudr Biofusion]
bed_temperature = 75
bridge_fan_speed = 0
compatible_printers =
compatible_printers_condition = printer_notes!~/.*PRINTER_VENDOR_TRILAB.*/ and printer_notes!~/.*PRINTER_MODEL_MK4IS.*/ and ! (printer_notes=~/.*PRINTER_VENDOR_PRUSA3D.*/ and num_extruders>1)
compatible_prints =
compatible_prints_condition =
cooling = 0
disable_fan_first_layers = 3
enable_dynamic_fan_speeds = 0
end_filament_gcode = "; Filament-specific end gcode"
extrusion_multiplier = 1
fan_always_on = 0
fan_below_layer_time = 20
filament_colour = #FF8000
filament_cooling_final_speed = 2
filament_cooling_initial_speed = 3
filament_cooling_moves = 1
filament_cost = 35.45
filament_density = 1.29
filament_deretract_speed = nil
filament_diameter = 1.75
filament_load_time = 0
filament_loading_speed = 14
filament_loading_speed_start = 19
filament_max_volumetric_speed = 0
filament_minimal_purge_on_wipe_tower = 0
filament_multitool_ramming = 0
filament_multitool_ramming_flow = 10
filament_multitool_ramming_volume = 10
filament_notes = https://www.extrudr.com/en/products/catalogue/?material=94
filament_ramming_parameters = "130 120 2.70968 2.93548 3.32258 3.83871 4.58065 5.54839 6.51613 7.35484 7.93548 8.16129| 0.05 2.66451 0.45 3.05805 0.95 4.05807 1.45 5.97742 1.95 7.69999 2.45 8.1936 2.95 11.342 3.45 11.4065 3.95 7.6 4.45 7.6 4.95 7.6"
filament_retract_before_travel = nil
filament_retract_before_wipe = nil
filament_retract_layer_change = nil
filament_retract_length = nil
filament_retract_length_toolchange = nil
filament_retract_lift = 0.5
filament_retract_lift_above = nil
filament_retract_lift_below = nil
filament_retract_restart_extra = nil
filament_retract_restart_extra_toolchange = nil
filament_retract_speed = nil
filament_settings_id = ""
filament_soluble = 0
filament_spool_weight = 262
filament_toolchange_delay = 0
filament_travel_lift_before_obstacle = nil
filament_travel_max_lift = nil
filament_travel_ramping_lift = nil
filament_travel_slope = nil
filament_type = PLA
filament_unload_time = 0
filament_unloading_speed = 20
filament_unloading_speed_start = 100
filament_vendor = Extrudr
filament_wipe = nil
first_layer_bed_temperature = 85
first_layer_temperature = 225
full_fan_speed_layer = 0
idle_temperature = nil
inherits = Extrudr PETG @Template
max_fan_speed = 0
min_fan_speed = 0
min_print_speed = 10
overhang_fan_speed_0 = 0
overhang_fan_speed_1 = 0
overhang_fan_speed_2 = 0
overhang_fan_speed_3 = 0
slowdown_below_layer_time = 20
start_filament_gcode = "; Filament gcode\n"
temperature = 225
[filament:TPU 60A]
bed_temperature = 30
bridge_fan_speed = 80
compatible_printers =
compatible_printers_condition = printer_notes!~/.*PRINTER_VENDOR_TRILAB.*/ and printer_notes!~/.*PRINTER_MODEL_MK4IS.*/ and ! (printer_notes=~/.*PRINTER_VENDOR_PRUSA3D.*/ and num_extruders>1)
compatible_prints =
compatible_prints_condition =
cooling = 0
disable_fan_first_layers = 1
enable_dynamic_fan_speeds = 0
end_filament_gcode = "; Filament-specific end gcode"
extrusion_multiplier = 1.15
fan_always_on = 0
fan_below_layer_time = 100
filament_colour = #008000
filament_cooling_final_speed = 2
filament_cooling_initial_speed = 3
filament_cooling_moves = 1
filament_cost = 100
filament_density = 1.18
filament_deretract_speed = nil
filament_diameter = 1.75
filament_load_time = 0
filament_loading_speed = 14
filament_loading_speed_start = 19
filament_max_volumetric_speed = 1.8
filament_minimal_purge_on_wipe_tower = 0
filament_multitool_ramming = 0
filament_multitool_ramming_flow = 10
filament_multitool_ramming_volume = 10
filament_notes = https://www.extrudr.com/en/products/catalogue/?material=116
filament_ramming_parameters = "130 120 2.70968 2.93548 3.32258 3.83871 4.58065 5.54839 6.51613 7.35484 7.93548 8.16129| 0.05 2.66451 0.45 3.05805 0.95 4.05807 1.45 5.97742 1.95 7.69999 2.45 8.1936 2.95 11.342 3.45 11.4065 3.95 7.6 4.45 7.6 4.95 7.6"
filament_retract_before_travel = nil
filament_retract_before_wipe = nil
filament_retract_layer_change = nil
filament_retract_length = nil
filament_retract_length_toolchange = nil
filament_retract_lift = nil
filament_retract_lift_above = nil
filament_retract_lift_below = nil
filament_retract_restart_extra = nil
filament_retract_restart_extra_toolchange = nil
filament_retract_speed = nil
filament_settings_id = ""
filament_soluble = 0
filament_spool_weight = 230
filament_toolchange_delay = 0
filament_travel_lift_before_obstacle = nil
filament_travel_max_lift = nil
filament_travel_ramping_lift = nil
filament_travel_slope = nil
filament_type = FLEX
filament_unload_time = 0
filament_unloading_speed = 20
filament_unloading_speed_start = 100
filament_vendor = Extrudr
filament_wipe = nil
first_layer_bed_temperature = 40
first_layer_temperature = 230
full_fan_speed_layer = 0
idle_temperature = nil
inherits = Extrudr Flex SemiSoft @Template
max_fan_speed = 90
min_fan_speed = 70
min_print_speed = 10
overhang_fan_speed_0 = 0
overhang_fan_speed_1 = 0
overhang_fan_speed_2 = 0
overhang_fan_speed_3 = 0
slowdown_below_layer_time = 20
start_filament_gcode = "; Filament gcode\n"
temperature = 225
[filament:Wanhao i3]
bed_temperature = 50
bridge_fan_speed = 100
compatible_printers =
compatible_printers_condition =
compatible_prints =
compatible_prints_condition =
cooling = 1
disable_fan_first_layers = 3
enable_dynamic_fan_speeds = 0
end_filament_gcode = "; Filament-specific end gcode \n;END gcode for filament\n"
extrusion_multiplier = 1
fan_always_on = 0
fan_below_layer_time = 60
filament_colour = #29B2B2
filament_cooling_final_speed = 3.4
filament_cooling_initial_speed = 2.2
filament_cooling_moves = 4
filament_cost = 0
filament_density = 0
filament_deretract_speed = nil
filament_diameter = 1.75
filament_load_time = 0
filament_loading_speed = 28
filament_loading_speed_start = 3
filament_max_volumetric_speed = 0
filament_minimal_purge_on_wipe_tower = 15
filament_multitool_ramming = 0
filament_multitool_ramming_flow = 10
filament_multitool_ramming_volume = 10
filament_notes = ""
filament_ramming_parameters = "120 100 6.6 6.8 7.2 7.6 7.9 8.2 8.7 9.4 9.9 10.0| 0.05 6.6 0.45 6.8 0.95 7.8 1.45 8.3 1.95 9.7 2.45 10 2.95 7.6 3.45 7.6 3.95 7.6 4.45 7.6 4.95 7.6"
filament_retract_before_travel = nil
filament_retract_before_wipe = nil
filament_retract_layer_change = nil
filament_retract_length = nil
filament_retract_length_toolchange = nil
filament_retract_lift = nil
filament_retract_lift_above = nil
filament_retract_lift_below = nil
filament_retract_restart_extra = nil
filament_retract_restart_extra_toolchange = nil
filament_retract_speed = nil
filament_settings_id = ""
filament_soluble = 0
filament_spool_weight = 0
filament_toolchange_delay = 0
filament_travel_lift_before_obstacle = nil
filament_travel_max_lift = nil
filament_travel_ramping_lift = nil
filament_travel_slope = nil
filament_type = PLA
filament_unload_time = 0
filament_unloading_speed = 90
filament_unloading_speed_start = 100
filament_vendor = (Unknown)
filament_wipe = nil
first_layer_bed_temperature = 50
first_layer_temperature = 210
full_fan_speed_layer = 0
idle_temperature = nil
inherits =
max_fan_speed = 100
min_fan_speed = 35
min_print_speed = 10
overhang_fan_speed_0 = 0
overhang_fan_speed_1 = 0
overhang_fan_speed_2 = 0
overhang_fan_speed_3 = 0
slowdown_below_layer_time = 5
start_filament_gcode = "; Filament gcode\n"
temperature = 210
[filament:default PLA]
bed_temperature = 50
bridge_fan_speed = 100
compatible_printers =
compatible_printers_condition = printer_notes!~/.*PRINTER_VENDOR_TRILAB.*/ and printer_notes!~/.*PRINTER_MODEL_MK4IS.*/ and ! (printer_notes=~/.*PRINTER_VENDOR_PRUSA3D.*/ and num_extruders>1)
compatible_prints =
compatible_prints_condition =
cooling = 1
disable_fan_first_layers = 1
enable_dynamic_fan_speeds = 0
end_filament_gcode = "; Filament-specific end gcode"
extrusion_multiplier = 1
fan_always_on = 1
fan_below_layer_time = 100
filament_colour = #FF8000
filament_cooling_final_speed = 2
filament_cooling_initial_speed = 3
filament_cooling_moves = 1
filament_cost = 25.4
filament_density = 1.24
filament_deretract_speed = nil
filament_diameter = 1.75
filament_load_time = 0
filament_loading_speed = 14
filament_loading_speed_start = 19
filament_max_volumetric_speed = 0
filament_minimal_purge_on_wipe_tower = 0
filament_multitool_ramming = 0
filament_multitool_ramming_flow = 10
filament_multitool_ramming_volume = 10
filament_notes = ""
filament_ramming_parameters = "130 120 2.70968 2.93548 3.32258 3.83871 4.58065 5.54839 6.51613 7.35484 7.93548 8.16129| 0.05 2.66451 0.45 3.05805 0.95 4.05807 1.45 5.97742 1.95 7.69999 2.45 8.1936 2.95 11.342 3.45 11.4065 3.95 7.6 4.45 7.6 4.95 7.6"
filament_retract_before_travel = nil
filament_retract_before_wipe = nil
filament_retract_layer_change = nil
filament_retract_length = nil
filament_retract_length_toolchange = nil
filament_retract_lift = nil
filament_retract_lift_above = nil
filament_retract_lift_below = nil
filament_retract_restart_extra = nil
filament_retract_restart_extra_toolchange = nil
filament_retract_speed = nil
filament_settings_id = ""
filament_soluble = 0
filament_spool_weight = 0
filament_toolchange_delay = 0
filament_travel_lift_before_obstacle = nil
filament_travel_max_lift = nil
filament_travel_ramping_lift = nil
filament_travel_slope = nil
filament_type = PLA
filament_unload_time = 0
filament_unloading_speed = 20
filament_unloading_speed_start = 100
filament_vendor = Generic
filament_wipe = nil
first_layer_bed_temperature = 60
first_layer_temperature = 215
full_fan_speed_layer = 3
idle_temperature = nil
inherits = Generic PLA @Template
max_fan_speed = 100
min_fan_speed = 100
min_print_speed = 10
overhang_fan_speed_0 = 0
overhang_fan_speed_1 = 0
overhang_fan_speed_2 = 0
overhang_fan_speed_3 = 0
slowdown_below_layer_time = 10
start_filament_gcode = "; Filament gcode\n"
temperature = 210
[printer:Wanhao i3]
autoemit_temperature_commands = 1
bed_custom_model =
bed_custom_texture =
bed_shape = 0x0,200x0,200x200,0x200
before_layer_gcode =
between_objects_gcode =
binary_gcode = 0
color_change_gcode = M600
cooling_tube_length = 5
cooling_tube_retraction = 91.5
default_filament_profile =
default_print_profile =
deretract_speed = 0
end_gcode = M104 S0 ; turn off temperature\nG28 X0 ; home X axis\nM84 ; disable motors\n
extra_loading_move = -2
extruder_colour = ""
extruder_offset = 0x0
gcode_flavor = klipper
high_current_on_filament_swap = 0
host_type = prusalink
inherits =
layer_gcode =
machine_limits_usage = time_estimate_only
machine_max_acceleration_e = 10000,5000
machine_max_acceleration_extruding = 1500,1250
machine_max_acceleration_retracting = 1500,1250
machine_max_acceleration_travel = 1500,1250
machine_max_acceleration_x = 9000,1000
machine_max_acceleration_y = 9000,1000
machine_max_acceleration_z = 500,200
machine_max_feedrate_e = 120,120
machine_max_feedrate_x = 500,200
machine_max_feedrate_y = 500,200
machine_max_feedrate_z = 12,12
machine_max_jerk_e = 2.5,2.5
machine_max_jerk_x = 10,10
machine_max_jerk_y = 10,10
machine_max_jerk_z = 0.2,0.4
machine_min_extruding_rate = 0,0
machine_min_travel_rate = 0,0
max_layer_height = 0
max_print_height = 180
min_layer_height = 0.07
nozzle_diameter = 0.4
parking_pos_retraction = 92
pause_print_gcode = M601
print_host =
printer_model =
printer_notes =
printer_settings_id =
printer_technology = FFF
printer_variant =
printer_vendor =
printhost_apikey =
printhost_cafile =
remaining_times = 0
retract_before_travel = 2
retract_before_wipe = 0%
retract_layer_change = 0
retract_length = 2
retract_length_toolchange = 10
retract_lift = 0.5
retract_lift_above = 0
retract_lift_below = 0
retract_restart_extra = 0
retract_restart_extra_toolchange = 0
retract_speed = 40
silent_mode = 1
single_extruder_multi_material = 0
start_gcode = G28 ; home all axes\nG1 Z5 F5000 ; lift nozzle\n
template_custom_gcode =
thumbnails =
thumbnails_format = PNG
toolchange_gcode =
travel_lift_before_obstacle = 0
travel_max_lift = 0
travel_ramping_lift = 0
travel_slope = 0
use_firmware_retraction = 0
use_relative_e_distances = 0
use_volumetric_e = 0
variable_layer_height = 1
wipe = 0
z_offset = 0
[physical_printer:Octoprint]
host_type = octoprint
preset_name = Wanhao i3
preset_names = "Wanhao i3"
print_host = http://octopi/
printer_technology = FFF
printhost_apikey = 81AC53F751474F66B7B82E00A7D3DC73
printhost_authorization_type = key
printhost_cafile =
printhost_password =
printhost_port =
printhost_ssl_ignore_revoke = 0
printhost_user =
[presets]
print = Wanhao i3
sla_print =
sla_material =
printer = Wanhao i3
filament = default PLA
physical_printer = Octoprint

36
docs/space/README.md
View file

@ -1,36 +0,0 @@
# IT-Syndikat local infrastructure
Most of our infrastructure is hosted locally on our own hardware.
## Virtualized Infrastructure
On our proxmox hypervisor [Acraze](srv-acraze/acraze.md), we operate a number of
services:
* [Database server](srv-acraze/database.md)
* [Discourse Instance](srv-acraze/discourse.md)
* [DNS Master](srv-acraze/dns.md)
* [Forgejo instance](srv-acraze/gitea.md)
* [LDAP server](srv-acraze/ldap.md)
* [Centralized logging](srv-acraze/logging.md)
* [E-Mail](srv-acraze/mail.md)
* [Synapse - Matrix Homeserver](srv-acraze/matrix.md)
* [Member IRC Bouncer](srv-acraze/thelounge.md)
* [Vaultwarden](srv-acraze/vaultwarden.md)
* [New old web](srv-acraze/web-general.md)
* [Old web](srv-acraze/web-its.md)
* [Our Zabbix monitoring](srv-acraze/zabbix.md)
## Hardware infrastructure
We do operate non-virtual infrastructure as well:
* [VoIP Telephony thingimagic](voip.md)
* [PF-Sense Router](router.md)
* [2D printers](2d-printer.md)
* [3d-printer.md](3d-printer.md)
* [WIFI APs](access_points.md)
* [Mimaki Plotter](mimaki.md)
* [Switch(es)](switch.md)
* [LaaS - Lo-Fi as a Service](laas.md)
* [Member PC - Schmuddelkiste](schmuddelkiste.md)

26
docs/space/access_points.md
View file

@ -1,26 +0,0 @@
# About
This file contains the documentation of the it-sydikat access points on the
2.4 AND 5.0 GHz Wifi channels. CuCo and various other SSIDs are also provided
through the same infrastructure.
# Maintainers
Current Maintainers:
- @everyone: Responsible for the entire wifi setup, openwrt and AP-management
# Technical
There are 2 access points inside the building, one atop the entrance to the
IT-Syndikat area, and one on the other side of the building on the wooden wall
towards the dusty workshop. Both APs are `Extreme Networks WS-AP3825i`
powered via POE from jex1.
# Software
The APs are currently running stock OpenWRT, user is root, password is in
vaultwarden. They are reachable as:
- <https://mdma.asozial.it-syndikat.org> for the AP towards the TAK office
- <https://psylocibin.asozial.it-syndikat.org> for the AP towards the IT-Syndikat

172
docs/space/electrical/README.md
View file

@ -1,172 +0,0 @@
# IT-Syndikat Electrical Infrastructure
## Maintainer
* @all: Keep shit operational. If something breaks off or looks dangerous,
please fix it to the extend you feel capable of.
* @tyrolyean: Generic garbage based catch-all
## Installation History
The current electrical installation was constructed during the space moving and
renovation phase of 2023-09 to 2023-12. During this time, the distribution box,
the wires in the wall, including their support and mounting equeipment, all
outlets, and the network Infrastructure was constructed. Allthough having seen
some changes over the last 2ish years since it was first powered on, most of the
initial construction phase has proven to be working as of now. So here I go
documenting it.
## General
### Room Names
The electrical Infrastruture had the need to define room names before their
usage was entirely sorted out, which can take years in some cases inside this
community. At time of construction they were as shown in the picture below:
![Plan No. 19 of our space](pictures/pendl_19.svg "Confirmed Plan No. 19, as approved by Plenary session")
Electrical Documentation should always referr to rooms by the names in this
plan. If they do not, that is an error and should be fixed.
### Phase/Line position on outlets
Phase/Line position in our installation should be kept consistant, with Line
always beeing on the left hand side of any outlet, or on the top side, if
mounted sideways.
### TIA-568 Network Sockets
We do TIA-568 ***B*** for all network outlets on all network cables. Please do
not mix and match A and B inside the space. Please only use ***B***.
### Wire coloring scheme
For low voltage, meaning everything below 100V, we use the
[EGS wire coloring scheme](https://docs.escpe.net/en/master/egs/03-Electrical/doc.html#wire-coloring)
Please try to, wherever possible, adhere to this scheme. Things get confusing
real fast if you don't.
## Electrical Installation
### Wiring
Space wiring internally is 2.5mm² or higher for all outlet circuits, and 1.5mm²
for all lighting circuits. Lamp circuits are 1.5mm², as is emergency lighting
circuit. All wires are `YM-J`, which is the old austrian standard for
`AT-N05VV-U` after harmonisation.
Our supply line is 25mm² `Ye` and was provided by the space to the electricians
wiring up the building. Our Energy Meter is located in the cellar and is fused
at `13F1` inside there by three 50A NH00 fuses. We have been given either one
of the`TOP 24` or `TOP 23` unit designations inside the building. Yes
electricians do be confusing sometimes.
![13F1](pictures/13F1.jpg "Our Building side fuse")
![13Q1](pictures/13Q1.jpg "Our Building side limit switch")
#### Lamps
Most lamps are wired up to use all 3 phases, to evenly distribute power. We also
use this mechanism to enable each room to have 3 different lighting stages:
* Off: No phase is turned on
* ⅓: Only 1 of 3 phases is turned on
* ⅔: Only 2 of 3 phases are turned on
* Full: Both ⅓ and ⅔ are turned on
#### Plan
We did actually draw a plan of what is supposed to belong where:
##### Outlets
![Street-side](pictures/plan_1.jpg "Street-side outlet plan")
![Back-side](pictures/plan_2.jpg "Back-side outlet plan")
##### Cables
![Street-side](pictures/plan_3.jpg "Street-side outlet plan")
![Back-side](pictures/plan_4.jpg "Back-side outlet plan")
### Fusebox
Our fuse box is a 32TE wide by 7 rows high wall mounted unit originally
manufactured for [EAE Stöckl](https://eae.at/), which has been stripped down and
re-wired with our installation materials. Currently it looks like this:
![Swithbox closed](pictures/switchbox_closed.jpg "Closed up switchbox")
or if you want to see the internals:
![Swithbox open](pictures/switchbox_open.jpg "Opened up switchbox")
#### Logic components
There are currently 3 logic components installed for measurements and
HomeAssistant related switching operations:
* SM1: A [go-e Controller](https://go-e.com/en/products/go-e-controller) used
for measuring power consumption inside the space
* A 32 Port Optocoupler board: Used to give Homeassistant hardware states
* A 32 Output Relay Board: Used to let Homeassistant switch circuits on and off
The optocoupler and relay boards are supplied with power from the power supply
located near the top of the unit, which in turn received power from `1F8`.
SM1 is powered via `3F8`.
### Light and schuko switching
#### Light
We operate an industrial style light switching circuit. The schematic below
is an examplary view of this, but basically, we use a self-holding relay which
one can alter the state with using push buttons at door entries. Our
home-assistant can interact with this in the same way as the button would, using
a Waveshare 32-channel modbus relay board, which is used to "emulate" button
presses. The state is pushed to home-assistant via a modbus attached
optocoupler board.
![Light circuitry](pictures/schem_light.jpg "An examplary schematic of one of our lighting circuits")
![Waveshare RTU](pictures/switchbox_r7.jpg "Front view of the Waveshare Modbus RTU")
The 3 Meanwell powersupplies on the right hand side of the picture above are
used to power our WS2812/SK6812 light installations, colloquially known as
"Blinkenshit".
#### Schuko
Schuko states are switched and set in the same way lights are. Each room is
wired up using `YM-J 5x2.5mm²` wires, the black one being the switched one and
the brown one being the permanent one. Black outlets are connected to the
switched black wire, whilest the white permanent ones are wired up to the brown
wire. The fifth grey wire is also connected together using wagos, but only
terminates in the last outlet of each branch, should the need ever arise for a
second variant of switched outlet.
![Outlets closed](pictures/outlets_closed.jpg "A view of 2 black and 2 white outlets")
Branch ends are, as shown in the picture above, labeled using their circuit
number and the `/E` tag, as is common practice in fire protection systems.
### Fuse plans and terminal block plans
#### Fuse numbers
![FP1](pictures/its_fuse_1.svg "Fuse plan page 1")
![FP2](pictures/its_fuse_2.svg "Fuse plan page 2")
#### Terminal block numbers
At the top of our fusebox reside Terminal Blocks consisting mostly of Phoenix
Contact `PTI-2,5` and `PT-1,5/QUATTRO` Push-In Terminal Blocks. All wires,
except for Blinkenshit and an ethernet cable, terminate on these blocks to
avoid the need to wire the box up internally after it has been installed, and
to ease with maintenance works.
![TP1](pictures/its_term_1.svg "Terminal plan page 1")
![TP2](pictures/its_term_2.svg "Terminal plan page 2")
![TP3](pictures/its_term_3.svg "Terminal plan page 3")
![TP4](pictures/its_term_4.svg "Terminal plan page 4")

BIN
docs/space/electrical/pictures/13F1.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/13Q1.jpg (Stored with Git LFS)
View file

Binary file not shown.

2438
docs/space/electrical/pictures/its_fuse_1.svg
View file

File diff suppressed because it is too large Load diff
Side by side

Before

(image error) Size: 104 KiB

1269
docs/space/electrical/pictures/its_fuse_2.svg
View file

File diff suppressed because it is too large Load diff
Side by side

Before

(image error) Size: 55 KiB

1858
docs/space/electrical/pictures/its_term_1.svg
View file

File diff suppressed because it is too large Load diff
Side by side

Before

(image error) Size: 98 KiB

278
docs/space/electrical/pictures/its_term_2.svg
View file

@ -1,278 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
version="1.1"
id="svg1"
width="793.92755"
height="1122.2551"
viewBox="0 0 793.92755 1122.2551"
sodipodi:docname="its_new_klemm.pdf"
inkscape:export-filename="its_term_1.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96"
inkscape:version="0.0"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<defs
id="defs1">
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath231">
<path
d="M 0,0.028 H 595.417 V 841.69 H 0 Z"
transform="translate(-7.0866122e-7,-1.3582677e-5)"
clip-rule="evenodd"
id="path231" />
</clipPath>
</defs>
<sodipodi:namedview
id="namedview1"
pagecolor="#ffffff"
bordercolor="#000000"
borderopacity="0.25"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:export-bgcolor="#ffffffff"
inkscape:zoom="0.76669127"
inkscape:cx="2675.7837"
inkscape:cy="465.63723"
inkscape:window-width="1916"
inkscape:window-height="1033"
inkscape:window-x="0"
inkscape:window-y="22"
inkscape:window-maximized="1"
inkscape:current-layer="g495">
<inkscape:page
x="0"
y="0"
inkscape:label="2"
id="page230"
width="793.92755"
height="1122.2551"
margin="0"
bleed="0" />
</sodipodi:namedview>
<g
id="g230"
inkscape:groupmode="layer"
inkscape:label="2"
transform="translate(-813.92755)">
<path
id="path230"
d="m 28.346,792.85 h 538.498 v 20.863 H 28.346 Z"
style="fill:#c0c0c0;fill-opacity:1;fill-rule:evenodd;stroke:none"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)"
clip-path="url(#clipPath231)" />
<path
id="path232"
d="M 27.95,813.628 H 567.269"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path233"
d="M 27.95,792.793 H 567.269"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path234"
d="M 28.318,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path235"
d="M 88.413,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path236"
d="M 332.107,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path237"
d="M 395.49,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path238"
d="M 451.134,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path239"
d="M 515.962,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path240"
d="M 566.901,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path241"
d="M 566.901,813.997 V 792.425"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path242"
d="M 27.95,792.793 H 567.269"
style="fill:none;stroke:#000000;stroke-width:0.75003;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<text
id="text242"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,878.82223,57.789785)"><tspan
id="tspan242"
style="font-variant:normal;font-weight:700;font-size:14.003px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 -0.014003 -0.042009"
y="0">Nr.</tspan></text>
<text
id="text243"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,934.49423,57.789785)"><tspan
id="tspan243"
style="font-variant:normal;font-weight:700;font-size:14.003px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 -0.014003 0 0 0 0.014003 0 0.042009 0.042009 0.042009 0.042009"
y="0">Bezeichnung</tspan></text>
<text
id="text244"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,1264.8636,56.201785)"><tspan
id="tspan244"
style="font-variant:normal;font-weight:700;font-size:10.488px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0 -0.010488 -0.041951999 0 -0.041951999"
y="0">Sicherung</tspan></text>
<text
id="text245"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,1355.4209,56.201785)"><tspan
id="tspan245"
style="font-variant:normal;font-weight:700;font-size:10.488px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0 -0.041951999"
y="0">Schütz</tspan></text>
<text
id="text246"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,1504.5609,54.992451)"><tspan
id="tspan246"
style="font-variant:normal;font-weight:700;font-size:7.994px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0.015988 -0.047963999 0.031975999 0.015988"
y="0">Datum</tspan></text>
<g
id="g246">
<text
id="text247"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,1418.1609,49.096451)"><tspan
id="tspan247"
style="font-variant:normal;font-weight:700;font-size:7.994px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0.023982 -0.0079939999 0.015988 -0.023982 -0.023982 0.015988 0.015988 0.015988 -0.055957999"
y="0">Änderungen</tspan></text>
</g>
<g
id="g247">
<text
id="text248"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,1418.1609,60.964451)"><tspan
id="tspan248"
style="font-variant:normal;font-weight:700;font-size:7.994px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0.023982 -0.0079939999 0 -0.055957999 0.015988 -0.0079939999 -0.0079939999 -0.023982"
y="0">Durch Fa.</tspan></text>
</g>
<path
id="path248"
d="M 28.261,792.793 H 566.957"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path249"
d="M 28.261,778.167 H 566.957"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path250"
d="M 28.318,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path251"
d="M 88.413,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path252"
d="M 332.107,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path253"
d="M 395.49,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path254"
d="M 451.134,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path255"
d="M 515.962,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path256"
d="M 566.901,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path257"
d="M 566.901,792.85 V 778.11"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<path
id="path258"
d="M 28.261,778.167 H 566.957"
style="fill:none;stroke:#000000;stroke-width:0.09999;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
transform="matrix(1.3333333,0,0,-1.3333333,813.92756,1122.2551)" />
<text
id="text258"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,914.23556,79.295118)"><tspan
id="tspan258"
style="font-variant:normal;font-weight:normal;font-size:10.006px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0.030018"
y="0">43</tspan></text>
<text
id="text259"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,934.49423,79.295118)"><tspan
id="tspan259"
style="font-variant:normal;font-weight:normal;font-size:10.006px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0 0.020012001 -0.030018 0.030018 0.030018 0.020012001 -0.020012001 0.030018 0 0.030018 -0.030018"
y="0">FI-LS Reserve</tspan></text>
<text
id="text260"
xml:space="preserve"
transform="matrix(1.3333333,0,0,1.3333333,1259.4209,79.295118)"><tspan
id="tspan260"
style="font-variant:normal;font-weight:normal;font-size:10.006px;font-family:'Liberation Sans';writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
x="0"
dx="0 0.030018 0.020012001"
y="0">5Q3</tspan></text>
</g>
</svg>
Side by side

Before

(image error) Size: 13 KiB

1930
docs/space/electrical/pictures/its_term_3.svg
View file

File diff suppressed because it is too large Load diff
Side by side

Before

(image error) Size: 108 KiB

1015
docs/space/electrical/pictures/its_term_4.svg
View file

File diff suppressed because it is too large Load diff
Side by side

Before

(image error) Size: 52 KiB

BIN
docs/space/electrical/pictures/outlets_closed.jpg (Stored with Git LFS)
View file

Binary file not shown.

11119
docs/space/electrical/pictures/pendl_19.svg
View file

File diff suppressed because one or more lines are too long
Side by side

Before

(image error) Size: 538 KiB

BIN
docs/space/electrical/pictures/plan_1.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/plan_2.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/plan_3.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/plan_4.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/schem_light.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/smart_meter.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/switchbox_closed.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/switchbox_open.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/switchbox_r123.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/switchbox_r456.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
docs/space/electrical/pictures/switchbox_r7.jpg (Stored with Git LFS)
View file

Binary file not shown.

32
docs/space/laas.md
View file

@ -1,32 +0,0 @@
# LoFi as a Service
There is a public announcement speaker mounted to the cable tray in coucharea. It is connected to a
Raspberry Pi, `laas.asozial.it-syndikat.org`, running <https://git.it-syndikat.org/oha/laas>. Can be
controlled via a REST API, most easily through the entities already set up in Home Assistant.
## API Endpoints
The REST API implements the following endpoints:
Get the currently playing song
`GET /api/nowplaying`
Start Playback
`POST /api/start`
Stop the Playback
`POST /api/stop`
Play a local file/remote url
`POST /api/play<filename_or_url>`
Play a Sound effect. This does not interrupt the currently playing song.
`POST /api/fx<filename_or_url>`
Change Volume
`PUT /api/volume` with the volume you want to set in percent.
Get Volume
`GET /api/volume`
Skip Track
`POST /api/skip`

86
docs/space/mimaki.md
View file

@ -1,86 +0,0 @@
# About
This file contains the documentation of the it-sydikat mimaki vinyl plotter.
# Maintainers
- currently i think noone? Or maybe everyone, who knows.
# Technical
From the techincal standpoint, the Mimaki CG-61 Vinyl Cutter is used to cut
foil and print stickers. The following is pasted from the Mimaki meta
page at <https://meta.it-syndikat.org/t/mimaki-cg-61-vinyl-cutter/41>:
Paste:
* Technisches
Max. Schnittbreite: ca. 61 cm
Max. Schnittlänge: unbegrenzt
Input Format: HPGL
Usage via network
* Switch on the plotter
insert your material
define cut/pen settings
turn on "REMOTE" mode
Go to http://mimaki.asozial.it-syndikat.org/
Upload your hpgl file
Define your Scaling Factor (if hpgl is exported with 2048 dpi, your scaling factor is 1.2403 - with 2540 dpi it's 1.00)
Press "Send"
* Usage if connected directly via USB or parallel (deprecated)
Cutter mit USB2Parallel Adapter verbinden, check welchen Namen der Port bekommt (zB. /dev/usb/lp1)
Inkscape File als .hpgl speichern
hpgl output flatness: 0.2
X-Origin: 0 px (optional)
Y-Origin: 0 px (optional)
Resolution: 2048 dpi
Pen Number: 1
Plot invisible layers: optional
Note für Inkscape > V.9: Man kann beim HPGL Speichern mehr als 2048 dpi eingeben - somit spart man sich das nachträgliche Skalieren mit der Angabe von 2540 dpi Auflösung.
* HPGL Scaler (deprecated)
Alex hat uns einen HPGL Scaler geschrieben:
<https://github.com/W4RH4WK/HPGLtrans>
* Anwendung:
$ cat file.hpgl | ./HPGLtrans -S 1.25 > /dev/usb/lp0
Tools
Es gibt mehrere Tools für den Cutter, bitte Tooleinstellungen beachten:
* Schleppmesser
Druck zwischen 035 und 060 einstellen
Schwarze od. weiße Folie: zB. 045
Metallic Folie: zB. 030
Farbige Folie: zB. 040
Geschwindigkeit: zw. 10 und 100 (je detaillierter die cuts sind, desto längsamer)
* Kugelschreiber
in selbstgedruckten Adapter einspannen
Tool-Taste drücken bis man bei "PEN" ankommt
Druck: 100 bei schwerem Papier, 50-70 bei dünnem Papier
* Edding Adapter
Tool: PEN
Druck: 30-50
Geschwindigkeit: 10-20
# Software
The software has been replaced in early 2018. It used to be a go script, piping
out the HPGL file to the printer location, most often /dev/usb/lp0. It was
replaced due to some errors with a php script doing the same thing. Its
source code is located here: <https://github.com/IT-Syndikat/its-mimaki>
# Plotting
There is a usb to parallel converter attached to the left hand side of the
plotter. Once connected to a linux machine, it will spawn a character device
at `/dev/usb/lp0`. You can `cat` your hpgl file into there.
# Network
Currently not applicable

143
docs/space/router.md
View file

@ -1,143 +0,0 @@
# ITS NOC - Firewalling and routing application
The space is served by a pfsense (FreeBSD) router/firewall
appliance. The hardware is an interim Milselectronics VPN go owned by ITS.
Maintainers:
* tyrolyean: pfsense, apparently IPv6? whoever wants to feel responsible may
as well, catchall
# Technical
## Hardware Specs:
* CPU: Intel(R) Core(TM) i7-4770 CPU 4C8T@ 3.40GHz
* RAM: 16GiB DDR3
* NICs: 8 Ethernet Ports
## Access
Web Admin Access: <https://sozial.asozial.it-syndikat.org>
Alternative hostnames. All have public IPv6 addresses but IPv4 addressess
differ in scope:
* sozial.asozial.it-syndikat.org. (canonical, private LAN IPv4)
* public.srv.it-syndikat.org. (DynDNS, Magenta public WAN IPv4)
* sozial.it-syndikat.org. CNAME public.srv
The router may be accessed through ssh, the web interface or a RS232
interface with a root shell. ITS members with LDAP credentials in the
netadmins group can log-in. Local login is possible via `root`; password is
in vaultwarden.
## DHCP and Hostnames in DNS
Sozial runs isc-dhcp (EOL) for DHCPv4/v6 service. We configure it to send
DDNS updates registering the DHCP hostnames with luude, which also acts as
the local recursive resolver.
## Internet Access
Internet access is provided by IKB, the innsbruck communal
internet/water/energy/whatever provider via FttH.
## IP Address plan
- 10.17.0.0/16 ITS networks
- 10.17.4.0/24 SERVERS
- 10.17.5.0/24 Members OpenVPN
- 10.17.7.0/24 Wireguard to cloud servers
- 10.17.8.0/24 Georg
- 10.17.9.0/24 Members Wireguard
- 10.17.42.0/24 IOT
- 10.17.54.0/24 LAN zone
- 192.168.1.0/24 CUCO
- 2a0d:f302:e054::/48 ALWYZON Allocated prefix
- 2a0d:f302:e054:0000::/56 Space prefix
- 2a0d:f302:e054:0004::/64 Servers
- 2a0d:f302:e054:0009::/64 Members Wireguard
- 2a0d:f302:e054:0042::/64 IOT
- 2a0d:f302:e054:0050::/64 Members OpenVPN
- 2a0d:f302:e054:0054::/64 LAN
- 2a0d:f302:e054:0070::/64 Wireguard to cloud servers
- 2a0d:f302:e054:001b::/64 Matrix irc bridge identd net
- 2a0d:f302:e054:de00::/56 deneb (personal use)
- 2a0d:f302:e054:1a00::/56 lambda (personal use)
- fd69:f943:1746:52a1::/64 Management VLAN
## CUCO
The cuco net is currently IPv4 only and is meant to remain as such. It no longer
has a separate router and uses the box itself as gateway. The subnet is for
legacy reasons 192.168.1.0/24.
## OpenVPN endpoint
The router provides an openvpn endpoint to remotely access internal services.
The below is a working config for it (it requires your ldap credentials).
```
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote public.srv.it-syndikat.org 1194 udp
nobind
auth-user-pass
remote-cert-tls server
explicit-exit-notify
verify-x509-name public.srv.it-syndikat.org name
verb 4
<ca>
-----BEGIN CERTIFICATE-----
MIICoDCCAkagAwIBAgIIOXtE3LITbUUwCgYIKoZIzj0EAwQwaDEfMB0GA1UEAxMW
SVQtU3luZGlrYXQgT1BFTlZQTiBDQTELMAkGA1UEBhMCQVQxDjAMBgNVBAgTBVR5
cm9sMRIwEAYDVQQHEwlJbm5zYnJ1Y2sxFDASBgNVBAoTC0lULVN5bmRpa2F0MB4X
DTIyMDgyNTE2MzgyNVoXDTQyMDgyMDE2MzgyNVowaDEfMB0GA1UEAxMWSVQtU3lu
ZGlrYXQgT1BFTlZQTiBDQTELMAkGA1UEBhMCQVQxDjAMBgNVBAgTBVR5cm9sMRIw
EAYDVQQHEwlJbm5zYnJ1Y2sxFDASBgNVBAoTC0lULVN5bmRpa2F0MFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEV0dyBvsF0Ilgxi1IvfEt2wfCKkhnJe7/q67LqOIj
+oIhTSIH+d45wXcgdUxoccA6M64ghQjO5cXEyjBiQRGrA6OB2TCB1jAdBgNVHQ4E
FgQUK5K+s2TNfL83DntKAN4Kq7BtP0cwgZkGA1UdIwSBkTCBjoAUK5K+s2TNfL83
DntKAN4Kq7BtP0ehbKRqMGgxHzAdBgNVBAMTFklULVN5bmRpa2F0IE9QRU5WUE4g
Q0ExCzAJBgNVBAYTAkFUMQ4wDAYDVQQIEwVUeXJvbDESMBAGA1UEBxMJSW5uc2Jy
dWNrMRQwEgYDVQQKEwtJVC1TeW5kaWthdIIIOXtE3LITbUUwDAYDVR0TBAUwAwEB
/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwQDSAAwRQIhAIr38esfLQDALb4sUBYm
lkBAZlTspWBbcKz9EyJJcIR9AiBfWwNjjiPhJbXAkzAqLgNR8Is7tl2OIL+bvzVs
vaJSSQ==
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d89b85ca886b2da5ba3501bdf633e21e
58cb165c393781a75dc93dc74fb983cd
6c05a6293dce5cd93779662e28a47b99
e6f7444bb97344f4e8c8a7eeef11a500
db2d051024ccb6893f364c06652be774
1d9d1947f59546fa0d4b67d5dabd11c5
8456f6b00e733c22c19014e0228643b4
c64b7fe5a795392b58e3d7722d703547
d23c983cf028d279045fe6279af44385
37f4df856275d1be2e2e1721bf6f4518
9137e1a506f23c7f296cc74ed695ac26
ed6dd9ff9236cecd95ef7c162941f601
02890b982a1d8610945a357b83eeb323
57763041d38f98c319bbddedc9e95d1b
3f15407c9797b3fddcdecd2bfe46d5fa
a50ce157f5fe82f933651a9f19187213
-----END OpenVPN Static key V1-----
</tls-crypt>
```

59
docs/space/router/openvpn/space.ovpn
View file

@ -1,59 +0,0 @@
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote public.srv.it-syndikat.org 1194 udp
nobind
auth-user-pass
remote-cert-tls server
explicit-exit-notify
verify-x509-name public.srv.it-syndikat.org name
verb 4
<ca>
-----BEGIN CERTIFICATE-----
MIICoDCCAkagAwIBAgIIOXtE3LITbUUwCgYIKoZIzj0EAwQwaDEfMB0GA1UEAxMW
SVQtU3luZGlrYXQgT1BFTlZQTiBDQTELMAkGA1UEBhMCQVQxDjAMBgNVBAgTBVR5
cm9sMRIwEAYDVQQHEwlJbm5zYnJ1Y2sxFDASBgNVBAoTC0lULVN5bmRpa2F0MB4X
DTIyMDgyNTE2MzgyNVoXDTQyMDgyMDE2MzgyNVowaDEfMB0GA1UEAxMWSVQtU3lu
ZGlrYXQgT1BFTlZQTiBDQTELMAkGA1UEBhMCQVQxDjAMBgNVBAgTBVR5cm9sMRIw
EAYDVQQHEwlJbm5zYnJ1Y2sxFDASBgNVBAoTC0lULVN5bmRpa2F0MFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEV0dyBvsF0Ilgxi1IvfEt2wfCKkhnJe7/q67LqOIj
+oIhTSIH+d45wXcgdUxoccA6M64ghQjO5cXEyjBiQRGrA6OB2TCB1jAdBgNVHQ4E
FgQUK5K+s2TNfL83DntKAN4Kq7BtP0cwgZkGA1UdIwSBkTCBjoAUK5K+s2TNfL83
DntKAN4Kq7BtP0ehbKRqMGgxHzAdBgNVBAMTFklULVN5bmRpa2F0IE9QRU5WUE4g
Q0ExCzAJBgNVBAYTAkFUMQ4wDAYDVQQIEwVUeXJvbDESMBAGA1UEBxMJSW5uc2Jy
dWNrMRQwEgYDVQQKEwtJVC1TeW5kaWthdIIIOXtE3LITbUUwDAYDVR0TBAUwAwEB
/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwQDSAAwRQIhAIr38esfLQDALb4sUBYm
lkBAZlTspWBbcKz9EyJJcIR9AiBfWwNjjiPhJbXAkzAqLgNR8Is7tl2OIL+bvzVs
vaJSSQ==
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d89b85ca886b2da5ba3501bdf633e21e
58cb165c393781a75dc93dc74fb983cd
6c05a6293dce5cd93779662e28a47b99
e6f7444bb97344f4e8c8a7eeef11a500
db2d051024ccb6893f364c06652be774
1d9d1947f59546fa0d4b67d5dabd11c5
8456f6b00e733c22c19014e0228643b4
c64b7fe5a795392b58e3d7722d703547
d23c983cf028d279045fe6279af44385
37f4df856275d1be2e2e1721bf6f4518
9137e1a506f23c7f296cc74ed695ac26
ed6dd9ff9236cecd95ef7c162941f601
02890b982a1d8610945a357b83eeb323
57763041d38f98c319bbddedc9e95d1b
3f15407c9797b3fddcdecd2bfe46d5fa
a50ce157f5fe82f933651a9f19187213
-----END OpenVPN Static key V1-----
</tls-crypt>

14
docs/space/schmuddelkiste.md
View file

@ -1,14 +0,0 @@
# About
This file contains documentation of the one and only windows pc inside of our
network.
# Hardware
Hardware is a bit temporary. Documentation is a TODO.
# Software
The hostname is undefined, and the current setup was installed by @Lux. A
regular windows 10 install which, as is usual, grows it's software installation
as time flies by.

113
docs/space/srv-acraze/acraze.md
View file

@ -1,113 +0,0 @@
# About
Acraze is the proxmox hypervisor in the space. All virtual services inside the
space reside here.
# Maintainers
Current Maintainers:
- tyrolyean: Responsible. Don't want to, but need to
# Technical
The hypervisors web-interface may be reached at
<https://acraze.srv.it-syndikat.org:8006>. It takes ldap credentials.
## unlock
In case the server was rebootet, has received a power cut, or for any other
reason was rebooted, you need to unlock it. For this you need the
unlock password. As per policy, at least 4 people need to have the unlock key
inside their personal password managers. This currently includes @tyrolyean,
@lambda, @deneb and @drkhsh. The server is reachable during unlock at
`10.17.4.2` assigned via dhcp or `acraze-unlock.srv.it-syndikat.org` if dns
works. Unlock user is `root`.
To unlock, run `zfsunlock`.
## Specifications
The following is an excerpt of the hardware specifications:
<pre>
.://:` `://:. tyrolyean@acraze
`hMMMMMMd/ /dMMMMMMh` ----------------
`sMMMMMMMd: :mMMMMMMMs` OS: Proxmox VE 8.3.4 x86_64
`-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-` Host: Super Server 0123456789
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:` Kernel: 6.8.12-8-pve
`/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/` Uptime: 14 days, 5 hours, 17 mins
./ooooooo+- +NMMMMMMMMN+ -+ooooooo/. Packages: 1032 (dpkg)
.+ooooooo+-`oNMMMMNo`-+ooooooo+. Shell: fish 3.6.0
-+ooooooo/.`sMMs`./ooooooo+- Resolution: 1920x1080
:oooooooo/`..`/oooooooo: Terminal: /dev/pts/1
:oooooooo/`..`/oooooooo: CPU: Intel Xeon E5-2683 v4 (64) @ 3.000GHz
-+ooooooo/.`sMMs`./ooooooo+- GPU: NVIDIA Tesla P40
.+ooooooo+-`oNMMMMNo`-+ooooooo+. Memory: 258922MiB / 290059MiB
./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.
`/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`
`-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-`
`sMMMMMMMm: :dMMMMMMMs`
`hMMMMMMd/ /dMMMMMMh`
`://:` `://:`
</pre>
## File system
VMs are stored on a ZFS raid 1. It uses ZFS subvolumes to separate virtual
machines.
## Interfacing
To interface either access <https://acraze.srv.it-syndikat.org:8006/> or ssh to the same
host. For recovery purposes, the IP address is 10.17.4.2. The root password is noted in
Vaultwarden.
## VM Network
VMs should use the pre-configured bridge interface `vmbr0`, which will put them
in the SRV subnet on the router (currently 10.17.4.0/24). You will also get your
dns record set into the `.srv.it-syndikat.org` local dyn dns domain and get an
IPv6 address assigned, but **ONLY** via dhcpv6.
## Commands
If you don't want to use the graphical interface, you can use the several
command line programs.
### List virtual machines
`qm list`
### Get ther serial console of an old parabox vm
`qm terminal <VM-ID>`
### List guest volumes
`pvesm list <storage>`
Note: at the time of writing there is only one storage: `tank_id`
### Delete a guests volume
`pvesm free <volume_id>`
### Import a disk image as new vm disk
`qm importdisk <VM-ID> <image path> <storage>`
Note: if an import fails or is aborted, there will probably be a leftover zfs
subvolume with the size of the imported image. To remove it, see the command
above.
### Create local (PAM) user with PVE web access
Creating a system user isn't enough for access to the PVE webinterface. We
have to tell PVE about the user and assing them some roles. Here we use
PVEAdmin which should be root equivalent:
$ adduser my-user
...
$ pveum user add my-user@pam
$ pveum acl modify / --roles PVEAdmin --users my-user@pam

71
docs/space/srv-acraze/database.md
View file

@ -1,71 +0,0 @@
# About
This file contains the documenation for our local database server. This was
originally postgres only, which has changed now to postgres and mariadb making
the name a bit confusing.
## Location
The VM is running as `pgsql.srv.it-syndikat.org` on acraze.
## PostgreSQL
The PostgreSQL database uses client certificates for authentication. These are stored in
`/etc/postgresql/client_certs/`; the server is configured to use `/etc/postgresql/client_certs.pem`
(a concatenation of all the individual certificates) as a certificate authority, removing the
need for a "proper" PKI.
To set up a new postgresql client:
- Generate a new client key and certificate using `sudo generate_client_cert DBNAME KEY_OUTFILE`
- Copy the generated keyfile and certificate (from `/etc/postgresql/client_certs/`) as well as the
server certificate (from `/etc/postgresql/server.pem`) to the client
- Specify the following postgres arguments:
- `user=DBNAME`
- `database=DBNAME`
- `sslmode=verify-ca`
- `sslkey=[client keyfile.key]`
- `sslcert=[client cert.pem]`
- `sslrootcert=[server cert.pem]`
<details>
<summary><pre>generate_client_cert</pre> script</summary>
```
#!/usr/bin/env bash
set -euo pipefail
CERTS_DIRECTORY=/etc/postgresql/client_certs
COMBINED_CERTS_FILE=/etc/postgresql/client_certs.pem
[[ $# -eq 2 ]] || { echo "Usage: $0 DBNAME KEY_OUTFILE" >&2; exit 1; }
dbname=$1
keyfile=$2
openssl req \
-new \
-x509 \
-sha256 \
-days 358201 \
-extensions usr_cert \
-newkey rsa:4096 \
-noenc \
-out "$CERTS_DIRECTORY/$dbname.pem" \
-keyout "$keyfile" \
-subj "/CN=$dbname"
echo "Key has been generated as $keyfile."
echo "Adding certificate to certificate store..."
cat "$CERTS_DIRECTORY"/*.pem > "$COMBINED_CERTS_FILE"
systemctl reload postgresql.service
echo "Done."
```
</details>
## Maintainers
- @xiretza: VM maintenance and postgresql
- @tyrolyean: mariadb database

28
docs/space/srv-acraze/discourse.md
View file

@ -1,28 +0,0 @@
# Location
The VM is running as `pitchmadattack.srv.it-syndikat.org` on acraze.
# Maintainers
- @all: who ever has spare time available to press the update button
# Technical
The machine may be reached as `meta.it-syndikat.org` and is the main forum of
the IT-Syndikat at the time of writing. Maintenance has been move from dxld to
konfusius after the August 2022 parabox incident in November of 2022, and was
left to all members at some point after that.
## TO UPDATE
1. Rebase <https://git.it-syndikat.org/IT-Syndikat/discourse_docker> on latest upstream main
2. Push `itsyndikat` branch back to forgejo
3. On pitchmadattack:
```
sudo git -C /var/discourse/ pull
sudo /var/discourse/launcher rebuild app
```
You may need to update the patches in `/var/discourse/templates/web.ssl.its.yml`
if [`nginx.sample.conf`](https://github.com/discourse/discourse/blob/main/config/nginx.sample.conf)
has changed too much upstream.

120
docs/space/srv-acraze/dns.md
View file

@ -1,120 +0,0 @@
# About
`velcro.srv.it-syndikat.org` is the local DNS server. It handles both recursion
and is a authoritative domain server. Access to recursion is restricted using
ACLs.
# Maintainers
Current Maintainers:
- tyrolyean: DNS and stuff
# Technical
## Software
The box itself is an ArchLinux installation due to bind receiving a lot of new
features regarding DoT and DoH lately, which have not been backported to any
majour distributions as of right now. It acts as recursor for all traffic from
space subnets as layed out in the [IP-Address Plan](../router.md), and as
master and dnssec signer for all IT-Syndikat zones.
## Zones
The server is master for all zones the IT-Syndikat has, and transfers them to
our secondary and tertiary NS, namely `hannibass` and `srv`. `it-syndikat.org`,
`it-syndik.at` and `openbdsm.org` are all served from here. Serials for root
zones are currently in the RFC-recommended date based format, Third level
domains however, such as `asozial.it-syndikat.org` and `srv.it-syndikat.org` are
increment based, because they can exceed 99 updates a day, meaning they would
wander of into the future, making the date confusing instead of helpfull.
The `.cuco` TLD for the cunst subnet is also served on here.
### Configuration
Configuration file is `/etc/named.conf`. It's permissions are supposed to be
`600`, to protect the tsig-keys stored inside.
#### Update records
The master zone files are located in `/var/named/zones/`. If you want to edit a
zone file, first freeze them with `rndc freeze <domain>`, then edit the file,
and unfreeze with `rndc thaw`. Root zones may be static, meaning there is no
need to freeze them. rndc will inform you via the
`rndc: 'freeze' failed: not dynamic` message of this. In that case, you can get
bind to reload the zone file using the `rndc reload <domain>` command.
#### Add a key for nsupdate
You need this if you want to perform letsencrypt dns challenges, or want to
perform dyndns to an rr.
First, generate a key using `tsig-keygen -a hmac-sha512 <NAME>` with NAME
being, given our usage of this key further on, the non-FQDN name of the machine.
It does not need to match the record the key is used further on, we set this
relation further down by hand.
Copy the key into your application and into `/etc/named.conf`. Next locate the
`update-policy` section in your zone. If it doesn't have one, the zone is not
dynamic. If you add a `update-policy` section, beware that this will alter the
on-disk zone file and remove all hand formatting of the zone, which will
afterwards be sorted alphabetically as well.
You need to add a new rule to allow your nsupdate, which you need to craft by
hand using
[ISC's documentation](https://bind9.readthedocs.io/en/latest/reference.html#dynamic-update-policies)
or from one of the examples below:
```
grant <NAME>. name _acme-challenge.<RR>.srv.it-syndikat.org. TXT;
```
The rule above allows the key <NAME> to perform a letsencrypt dns-01 challenge
for `<RR>.srv.it-syndikat.org.` and `*.<RR>.srv.it-syndikat.org`.
```
grant <NAME>. wildcard *.srv.it-syndikat.org. A AAAA DHCID TXT;
```
This is what we use for our dhcp ddns setup. This DDNS key needs to be able to
add TXT/DHCID records as well, to store information about the record and if it
belongs to the DHCP server, or has been set manually. Kea uses the DHCID field
for this, whilest ISC-DHCP uses the TXT record. We allow both, as to not break
our future probable migration to kea.
### Zone transfers
Zones are transferred to the slaves over wireguard tunnels, which, as they are
all dnssec-signed, makes encrypted and further signed domain transfers less of
an issue. Therefore slave binds only look at the source IP wether an inbound
notify is valid.
### DNSSEC
DNSSEC is a mechanism inside the DNS to cryptographically verify responses
served. It does not encrypt DNS traffic, nor does it anonymize it. DNSSECs only
purpose is for the recursor to be able to trust the response it gathers. All our
zones are signed and the KSKs are delegated to us from the TLD NSes.
Bind automatically manages DNSSEC keys and key rollovers using it's builtin
`dnssec-policy`. Our current ed25519 based policy consists of a KSK which never
expires and delegates the authority to the ZSK, which handles zone signing and
is replaced every 60 days, which looks something like this:
```
dnssec-policy "its-policy" {
keys {
ksk lifetime unlimited algorithm ed25519;
zsk lifetime P60D algorithm ed25519;
};
};
```
A zone is automatically DNSSEC signed, once you set it's `key-directory` and
`dnssec-policy` fields. Whilest this option is cryptographically secure, some
recursors do not support ed25519 at this time. All recursors we and our members
operate do though, which is why we only sign using ed25519, and not any other
key variant.

30
docs/space/srv-acraze/gitea.md
View file

@ -1,30 +0,0 @@
# About
This file contains the documenation for our forgejo instance found at
<https://git.it-syndikat.org>.
## Location
The VM is running as `tea.srv.it-syndikat.org` on acraze. It used to run
[gitea](https://gitea.com/), but because they drifted a bit too far into the
crypto world, we migrated to the codeberg fork [Forgejo](https://forgejo.org/).
## Updates
Update forgejo by running `update-forgejo.sh`. Take a VM snapshot first!
## Fixups
Admin status for users is supposed to be obtained through LDAP, but it's not
currently working. Sometimes the admin flags are forgotten. To manually make a
user an admin:
```
$ sudo -u git psql \
"postgres://forgejo@pgsql.srv.it-syndikat.org/forgejo?sslmode=verify-ca" \
-c 'UPDATE "user" SET is_admin=true WHERE lower_name=\'USERNAME\';'
```
## Maintainers
- @robelix: VM maintenance and gitea software updates/maintenance

56
docs/space/srv-acraze/homeassistant.md
View file

@ -1,56 +0,0 @@
# Home Assistant
The [Home Assistant OS](https://www.home-assistant.io/installation/linux#install-home-assistant-operating-system)
install running on `zombiehyperdrive.asozial.it-syndikat.org` (web interface
available on <https://homeassistant.asozial.it-syndikat.org/>) allows
controlling several space functions using cyber.
## Power metering
- A [go-e Controller](https://go-e.com/en/products/go-e-controller) in the
[fusebox](../electrical/README.md#fusebox) measures the incoming supply and
the lighting circuits, 3 phases each. It is connected via MQTT (over
Ethernet).
- Several [Shelly PM Mini Gen3](https://us.shelly.com/products/shelly-pm-mini-gen3)
are hidden in the cable ducts to measure entire circuits. They are connected
via WiFi.
- Several [Eightree ET21](https://eightreesmart.com/products/eu-wlan-smart-steckdose-misst-stromverbrauchsmesser-et21)
running [Tasmota] are plugged in series with appliances (fridges, dishwasher,
washing machine, etc). They are connected via WiFi.
## Environmental sensors
- A single IKEA sensor attached to the wall between Siebdruckwerkstatt and
Lötwerkstatt measures the "core temperature/humidiy" (as exposed via
[SpaceAPI](#spaceapi)).
- An [ESP32-POE-ISO] running [ESPHome] in Coucharea measuring temperature,
humidity, pressure, CO2 and PM2.5+PM10
- An [ESP32-POE-ISO] running [ESPHome] in TAK measuring temperature, humidity,
and CO2
## Blinkenlights
There are several [ESP32-POE-ISO] running [WLED] scattered all over the place,
making WS2812 blink.
## isitopen
There is a small box at the top of the staircase (containing an [ESP32-POE-ISO]
running [ESPHome]) with two buttons. The first person to enter the space
presses the green button, the last person to leave presses the red button.
An automation exists to do stuff (lights, phone do-not-disturb, etc) when the
space opens/closes.
The [matrix bot](matrix.md#bot-schizohal) can also make the box beep.
## SpaceAPI
Home Assistant serves our [SpaceAPI](https://spaceapi.io/) endpoint under
<https://spaceapi.it-syndikat.org/api/>. It reports the state of
[isitopen](#isitopen) and a couple sensor values.
[Tasmota]: https://tasmota.github.io/
[ESPHome]: https://esphome.io/
[WLED]: https://kno.wled.ge/
[ESP32-POE-ISO]: https://www.olimex.com/Products/IoT/ESP32/ESP32-POE-ISO/open-source-hardware

239
docs/space/srv-acraze/ldap.md
View file

@ -1,239 +0,0 @@
# About
This file contains the documentation of the it-sydikat ldap server at
`ldap.it-syndikat.org`/`blacksunempire.srv.it-syndikat.org`, residing on acraze
# Maintainers
Current Maintainers:
- tyrolyean: Setup and maintenance.
# OS
The servers are running debian stable as operating system and are using openldap
from the debian repositories. Core ldap structure was created by dpkg during
installation.
# LDAP
## Nomenclature
| LDAP word | Meaning in the real world |
|--------------|---------------------------------------------------------------------------|
| dn | Distinctive Name - The object/user/group/etc's FQDN in the tree |
| cn | Common name - Usually the part of the DN that is last/object identifying |
| bind dn | DN of the account you are trying to bind to. Usually requires a password |
| dc | Domain component |
| ou | Organizational Unit |
| ldif | File defining a change in the ldap tree of some sort |
| adminDN | DN of the ldap tree administrator. **NEVER STORE ON ANY SERVICE!** |
### Note on pasted ldif files
If you are building a new ldap server based on the below ldif files, please be
aware that default ldap entries change over time as the overall structure
evolves and you may have to insert a value into a different dn than in the paste
below, or you may have to alter a add operation to be a replace. Openldap may
give some seemingly useless error messages if you have never operated one
before, but it is very consistent in it's stupidities, you'll get used to it.
## Tree structure
The base-dn configured is `dc=it-syndikat,dc=org`.
- Admin DN: cn=admin,dc=it-syndikat,dc=org
- User DN: ou=users,dc=it-syndikat,dc=org
- Group DN: ou=groups,dc=it-syndikat,dc=org
- Services DN: ou=services,dc=it-syndikat,dc=org
- Config: cn=config
### groups
Groups are stored in the posixGroup format, which means membership information
resides with the group, not the user. This style **must** be kept due to an ACL,
allowing a user to modify non-structural information of a user-entry at will.
Groups ending in -admin grant its members administrative privileges on the
corresponding services. There currently is no all users group to prevent
people from using it when they actually meant something else0.
This may change in the future if the need arises.
### User accounts
User accounts are required to fullfill the following objectClasses:
- top: Parent of every object. Not required explicitly, but added for
completeness sake.
- posixAccount: Specifies that accounts may login on unix machines.
- shadowAccount: Enables account to be used for PAM authentication.
- organizationalPerson: Enables account to be used as member of organizatzion.
- inetOrgPerson: Modernized organizationalPerson ([RFC2798](https://datatracker.ietf.org/doc/html/rfc2789))
uidNumbers are to be set incrementally and not re-used if someone is deleted
from the ldap services database. gidNumbers are to be set equal to the
uidNumber.
## Password storage
According to [RFC4519](https://datatracker.ietf.org/doc/html/rfc4519),
passwords must be stored clear-text (which is was MS-AD
does) to provide functionality like Digest-auths and Radius servers. We
store passwords as hashes, which is a direct violation of the RFC, but the most
sane setup for a ldap server in the 2020s.
Openldap provides a module which enables password storage using the argon2
hashing algorithm. The ldap-server is
configured to generate passwords with argon2i if a LDAPv3 password change is
issued. **Please do not manually set the userPassword field unless you know
what you are doing!**. We do not store NT-Passwords to avoid the security
penalty. The following changes set the password algorythm to
argon2:
```LDIF
dn: olcDatabase={1}frontend,cn=config
changetype: modify
replace: olcPasswordHash
olcPasswordHash: {ARGON2}
```
For this to work you need to have the argon2 module loaded. If you already
have a password policy in cn=config, delete it as it will override the
algorithm stored inside the frontend database. The policy needs to be stored
indise the frontend database or the server will refuse to start due to the
argon module loading after the cn=config database.
If you **MUST** change a password manually for whatever reason, generate an
argon2 hash using `read -s | argon2 (openssl rand -base64 30) -e`.
Users are allowed to change their own passwords to be more self-servicable. The
below ACL allows them to do so.
```LDIF
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=admin,dc=it-syndikat,dc=org" write by * none
add: olcAccess
olcAccess: to * by self write by dn.base="cn=admin,dc=itsyndikat,dc=org" write by * read
```
The following is an example user creation entry inserted via the command
`ldapadd -x -D "cn=admin,dc=it-syndikat,dc=org" -W -f 1000-tyrolyean.ldif`:
```LDIF
dn: uid=tyrolyean,ou=users,dc=it-syndikat,dc=org
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: tyrolyean
uid: tyrolyean
displayName: Daniel Plank
sn: Plank
givenName: Daniel
initials: DP
mail: tyrolyean@semi-professional.net
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/tyrolyean
loginShell: /bin/bash
gecos: tyrolyean
userPassword: {crypt}x
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
```
## Replication
This is in here for historic reasons. We currently do not have a replication
server. But in case we ever get one again, this is how one would have set it up.
Secondary and primary ldap server synchronize via pulling from the secondary
ldap server. It doesn't matter onto which server which action is performed,
everything will be 2-way synced and merged. Primary has a user
`cn=replicator,dc=it-syndikat,dc=org` which is:
```LDIF
dn: cn=replicator,dc=it-syndikat,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: replicator
description: Replication user
userPassword: {CRYPT}x
```
allowed to sync via ACL:
```LDIF
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to *
by dn.exact="cn=replicator,dc=it-syndikat,dc=org" read
by * break
-
add: olcLimits
olcLimits: dn.exact="cn=replicator,dc=it-syndikat,dc=org"
time.soft=unlimited time.hard=unlimited
size.soft=unlimited size.hard=unlimited
```
## SSL
Both secondary and primary LDAP servers get their TLS certificates from
letsencrypt.
A script in `/usr/local/bin/update_oldap.fish`
should be run as a post-hook to merge the certificate with letsencrypts root
certificate into a chain openldap accepts.
# Useful commands
## Change a user password
`ldappasswd -vW -D "cn=admin,dc=it-syndikat,dc=org" -S "uid=<username>,ou=users,dc=it-syndikat,dc=org"`
## Search its ldap tree
`ldapsearch -x -D "cn=admin,dc=it-syndikat,dc=org" -W -b "dc=it-syndikat,dc=org"`
## User self service documentation
### Password test
`ldapwhoami -vvv -H "ldaps://ldap.it-syndikat.org" -D "uid=<username>,ou=users,dc=it-syndikat,dc=org" -xW`
### Change password
`ldappasswd -vvH "ldaps://ldap.it-syndikat.org" -SWD "uid=<username>,ou=users,dc=it-syndikat,dc=org" "uid=<username>,ou=users,dc=it-syndikat,dc=org"`
### Query users
`ldapsearch -D "uid=<username>,ou=users,dc=it-syndikat,dc=org" -W -vvv -H "ldaps://ldap.it-syndikat.org" -b"dc=it-syndikat,dc=org"`
### Change email (or anything else)
create `change.ldif` file with contents:
```
dn: uid=<username>,ou=users,dc=it-syndikat,dc=org
changetype: modify
replace: mail
mail: <your>@<email>
```
change with: `ldapmodify -vvH "ldaps://ldap.it-syndikat.org" -WD "uid=<username>,ou=users,dc=it-syndikat,dc=org" -f change.ldif`
### Use ldapvi to edit entries
`ldapvi --host ldaps://ldap.it-syndikat.org -b "dc=it-syndikat,dc=org" -D "uid=<username>,ou=users,dc=it-syndikat,dc=org"`
# Privacy
User-data scraping is allowed for all IP-Based authenticated users
(exluding sensitive information like mail address) to allow PAM based
authentication (because pam does not want to bind using the user that is
authenticating...).

33
docs/space/srv-acraze/logging.md
View file

@ -1,33 +0,0 @@
# Centralized logging
`arlog.srv.it-syndikat.org` runs `systemd-journal-remote`.
## Client configuration
Assuming the client is named `clientsrv`:
1. On debian, install `systemd-journal-remote`.
2. In `/etc/systemd/journal-upload.conf`:
```
[Upload]
URL=https://arlog.srv.it-syndikat.org
ServerKeyFile=/run/credentials/systemd-journal-upload.service/privkey
ServerCertificateFile=/etc/systemd/journal-upload-cert.pem
TrustedCertificateFile=/etc/ssl/certs/ca-certificates.crt
```
3. `systemctl edit systemd-journal-upload.service`, add:
```
[Service]
LoadCredential=privkey:/etc/systemd/journal-upload-privkey.pem
```
4. On `arlog.srv.it-syndikat.org`:
1. Run `sudo /usr/local/bin/generate_client_cert clientsrv /tmp/journal-upload-privkey.pem`
2. Copy `/etc/systemd/journal-remote-client-certs/clientsrv.pem` to `/etc/systemd/journal-upload-cert.pem` on `clientsrv`
3. Copy `/tmp/journal-upload-privkey.pem` to `/etc/systemd/journal-upload-privkey.pem` on `clientsrv` (ensure chmod 600)
5. `systemctl enable --now systemd-journal-upload.service`
6. Optionally reduce local journal retention - in `/etc/systemd/journald.conf`:
```
[Journal]
MaxRetentionSec=2h
MaxFileSec=1h
```

54
docs/space/srv-acraze/mail.md
View file

@ -1,54 +0,0 @@
# About
blackmail.srv.it-syndikat.org is the IT-Syndikat mail enpoint. It handles
inbound/outbound mail delivery for ITS- Members/Services.
A webmail interface is available at <https://webmail.it-syndikat.org>.
# Maintainers
Current Maintainers:
- @minato @tyrolyean: Mail setup
- @tyrolyean: webmail
# Technical
The mail system received mail on ports 125 and 466 from the haproxy instance
on srv.hc.it-syndikat.org. Outbbound it only delivers mail to srv, which then
handles final delivery. This was done to avoid having different paths for
outbound and inbound mail, as well as to avoid needing to have good/sane/fine
IP-Reputation for the space local networks.
### Webmail
For web-access of your avccounts, a roundcube webmail service is available
at <https://webmail.it-syndikat.org/>, which is provisioned on
`droptek.srv.it-syndikat.org`. To update it, download a new tarball from
[their website](https://roundcube.net/download/) and extract it over
`/var/www/roundcube`. Don't forget to backup the config beforehand.
### Postfix
Inbound, postfix gets mail from the haproxy instance runnning on
`srv.srv.it-syndikat.org` (the ITS directed wireguard interface on
`srv.hc.it-syndikat.org`). Outbound, it relays mail via postfix on
`srv.srv.it-syndikat.org` which handles final delivery.
Mail is being relayed for either the servers net or after ldap auth.
Delivered mail is stored in `/var/vmail` and is owned by the given ldap user.
#### Aliases
General aliases from `/etc/aliases` (because debian) are resolved before virtual
aliases from `/etc/postfix/virtual`. Non user specific redirects (i.g. redirects
for an entire domain) need to be specified inside the virtual alias table
before performing `postmap /etc/postfix/virtual`. New general aliases can be
updated using the `newaliases` command. For examples, please take a look into
the respective files.
### Dovecot
We use dovecot to handle IMAP/POP3 mail access. POP3 was needed to allow our
discourse to receive e-mail. The `meta.it-syndikat.org` subdomain was
redirected to the `meta` user for ths purpose.

37
docs/space/srv-acraze/matrix.md
View file

@ -1,37 +0,0 @@
# About
This file contains the documenation for our synapse instance found at
`it-syndik.at`. This VM originally ran on the parabox before being migrated
to our local server.
There is an element-web instace available on `riot.it-syndik.at`.
The only matrix room currently administrated by us is [`#lobby:it-syndik.at`](https://matrix.to/#/#lobby:it-syndik.at).
## Synapse
The homeserver itself runs on `matrix.srv.it-syndikat.org`. Had an unfortunate database incident in the past, is
suffering from some unfortunate personality problems ever since (e.g. joined rooms not showing up in clients, even
though they seem to be in the DB just fine).
## IRC bridge
The [IRC bridge](https://github.com/matrix-org/matrix-appservice-irc) runs on `vandal.srv.it-syndikat.org`, using a
custom IPv6 range to connect to [`#it-syndikat` on libera.chat](ircs://libera.chat/it-syndikat).
## Bot (schizoHAL)
The [matrix bot](https://git.it-syndikat.org/IT-Syndikat/its-matrix-bot) runs on `vandal.srv.it-syndikat.org`. It
communicates with HomeAssistant:
- Periodically (and upon `!isitopen`) checks the public SpaceAPI endpoint for whether the space is open, announcing
changes in the matrix room
- On `!spaceping`, sends a webhook request to HomeAssistant to trigger beeps and blinks
It is built and deployed automatically from the `main` branch.
## Maintainers
- @dxld: maybe something
- @xiretza: maybe something else

17
docs/space/srv-acraze/thelounge.md
View file

@ -1,17 +0,0 @@
# About
We operate an ldap authenticated [thelounge](https://thelounge.chat/) irc
bouncer, which members may use to join the space chat. It may be reached at
<https://thelounge.it-syndikat.org>.
# Maintainers
Current Maintainers:
- tyrolyean
# Technical
The server running thelounge, `fiikra.srv.it-syndikat.org`, resides on acraze.
It has the lounge istalled from its arch repos, which should make updates fairly
easy.

28
docs/space/srv-acraze/vaultwarden.md
View file

@ -1,28 +0,0 @@
# About
The system is running as `nero.srv.it-syndikat.org`. The system may be reached
as <https://vaultwarden.it-syndikat.org> or
<https://vaultwarden.itsyndikat.org>.
# Maintainers
Current Maintainers:
- tyrolyean: vaultwarden
# Technical
The system is running vaultwarden from the official archlinux repositories.
TLS termination is handled by a nginx running on the system, which then hands
over traffic to vaultwarden itself.
## Software
The system is running vaultwarden, which is a bitwarden compatible server
written in rust. It enables multiple users to share passwords with one another
and with groups of people. If you want to register with the ITS internal
organisation, let yourself be invited by someone who is already inside the
group. This is **THE ONLY WAY TO GAIN ACCESS**. You cannot bypass this step in
any way due to the design of the bitwarden in general. It only stores encrypted
passwords and it is close to impossible to reconstruct passwords from the
database.

18
docs/space/srv-acraze/web-general.md
View file

@ -1,18 +0,0 @@
# About
`droptek.srv.it-syndikat.org` is a web server serving general websites using php
or statically generated sites. This webserver does not server the main
it-syndikat site, which is located on [`web.srv.it-syndikat.org`](web-its.md) for legacy
reasons.
# Maintainers
Current Maintainers:
- tyrolyean: tinnitus-syndikat websites
# Technical
## Software
The system is running an apache2 with php-fpm from the sury repos.

20
docs/space/srv-acraze/web-its.md
View file

@ -1,20 +0,0 @@
# About
`web.srv.it-syndikat.org` is a web server running the main <https://it-syndikat.org> website.
This vm was migrated from the decomissioned parabox hypervisor and also acts as
a database server for that site.
# Maintainers
Current Maintainers:
- robelix: Machine and serendipidy
# Technical
This vm was migrated from parabox, the setup is the parabox setup, meaning
no root password and only serial boot output.
## Software
The system is running an apache2 with php-fpm from the sury repos.

18
docs/space/srv-acraze/zabbix.md
View file

@ -1,18 +0,0 @@
# About
Ths system as `crossfaith.srv.it-syndikat.org` is currently hosting the ITS zabbix
server. The system comes with its own postgresql server (to avoid needing the
database it is meant to monitor) and uses an apache2.
# Maintainers
Current Maintainers:
- @tyrolyean: VM and zabbix
# Technical
Login can use ldap users as well as an internal user stored inside the
vaultwarden for backup purposes.
## Software

177
docs/space/switch.md
View file

@ -1,177 +0,0 @@
# 802.1 Etherner Switches
## Hardware list
New Juniper EX3300:
- jex1.asozial - SpaceMkII network-rack PoE switch
- jex2.asozial - SpaceMkII network-rack switch (sometimes off)
## Vendor docs
Juniper (JunOS) docs cover all or most of their products in one document but there are CLI differences across different product categories and software versions (pre/post ELS) so it can be difficult to find exactly the docs page or incantation you need for a particular product. Reading carefully or if all else fails Google is your friend here.
- 802.1 L2, VLAN, ARP, Multicast
<https://www.juniper.net/documentation/us/en/software/junos/multicast-l2>
- L3 Per-port IP addressing, VLAN tagging config, negotiation etc.:
<https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet-switches/index.html>
- Static IP routing:
<https://www.juniper.net/documentation/us/en/software/junos/static-routing/index.html>
- OS Snapshot, Recovery and Boot-from-USB
<https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/backing-up-install-using-snapshot.html>
## Management Access
- `jex1.asozial.it-syndikat.org` -- fe80::7e81
- `jex2.asozial.it-syndikat.org` -- fe80::7e82
SSH just works as you'd expect. Password is in Vault, same for both.
------
## Command quick reference
Show config
- `show configuration` (for hierarchical format)
- `show configuration | display set` (for line-based `set` commands)
- In `edit` mode it's just `show`.
Config Manipulation
- `delete` -- remove subtree. think: `rm -r`
- `replace` -- string/pattern substitution
- `deactivate`/`activate` -- "comment out" subtree
- `annotate` -- add comment
CLI
- Disable paging: ` show inter terse | no-more`
Interface convention
- `ge-0/0/0 unit 1` is equivalent to `ge-0/0/0.1` but only the latter is allowed sometimes
### Paste hierarchical config snippet
```
root@jun1> edit
Entering configuration mode
{master:0}[edit]
root@jun1# load merge terminal
[Type ^D at a new line to end input]
system {
host-name jex2;
}
load complete
```
### Logging in/out and diffing/saving/rollback config
[Juniper Day One: Exploring the CLI (pdf)](https://www.juniper.net/documentation/en_US/day-one-books/ExploreJunosCLI_2ndEd.pdf) and
[Juniper Day One: Beginner's guide to JunOS (pdf)](https://www.juniper.net/documentation/en_US/day-one-books/junos-beginners-guide.pdf)
$ ssh root@jex1.asozial.it-syndikat.org
--- JUNOS 15.1R7-S2 built 2018-09-15 07:29:34 UTC
root@jex1:RE:0% id # demonstrate we have a unix shell with root
uid=0(root) gid=0(wheel) groups=0(wheel), 5(operator), 10(field), 31(guest), 73(config)
root@jex1:RE:0% cli # run "cli" to get to the JunOS CLI, duh
{master:0}
root@jex1> conf # this is the junos shell in read-only mode,
# now switch to edit mode
{master:0} # "cd" to a path in the config hierarchy. Yes the
root@jex1# edit system # config is not flat like in Brocade land yey
{master:0}[edit system]
root@jex1# set host-name jex1
{master:0}[edit system]
root@jex1# show host-name # read back config item (think: "ls"), works
# without an arg too
host-name jex1;
{master:0}[edit system]
root@jex1# show | compare # diff against running config.
# Where have you been all my life.
[edit system]
- host-name amnesiac;
+ host-name jex1;
{master:0}[edit system] # Actually reload, apply and save. None of this
root@jex1# commit # apply immediately garbage here.
{master:0}[edit system]
root@jex1# commit
{master:0}[edit system]
root@jex1# rollback 0 # Alternatively forget uncommitted changes
{master:0}[edit system]
root@jex1# exit
{master:0}[edit]
root@jex1# exit
root@jex1> exit
root@jex1:RE:0% exit
logout
Yeah there sure are a lot of exits. FYI emacs/bash-style command line
editing works across the board here. So Ctrl-A/-E, Cltr-K and -Y
away. Resp: Begining/end of line and kill/yank (copy/paste).
There's also TAB completion everywhere. Use it.
### Confirmed Commit (auto rollback)
Sometimes a well meaning config change can kill remote access to the switch itself. To prevent that situation we should prefer to use `commit confirmed`. It will rollback changes after a while (10min by default) if the timer is not explicitly cancelled using `conmit check`.
### Switch VLANs
[Understanding Bridging and VLANs on EX Switches (multicast-l2 JunOS docs)](https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/bridging-and-vlans.html)
Example VLAN Declarations:
```
vlans {
default;
lan {
vlan-id 1;
l3-interface vlan.1; #< optional routing interface
interface ge-0/0/0.0; #< optional alternative to `vlan member lan`
```
Note the difference: `vlans` is where the name<>id mapping is, `vlan.*` is the name for L3 interfaces that are part of a VLAN.
Example L2 switched interface in VLAN:
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members lan;
With interface `port-mode access` (the default) only one VLAN is allowed in `vlan members` (which defaults to `default`) and frames must ingress/egress untagged. We can set `port-mode trunk` to allow multiple tagged VLANs or `port-mode tagged-access` to additionally allow one untagged VLAN which is set using `native-vlan-id <vlan>`. Here a defined name or int is allowed, name is recommended.
**WARNING**: `vlan members` and `native-vlan-id` *MUST NOT* overlap if you want to keep your sanity as `members` will override `native-vlan-id` resulting in only tagged egress on the port.
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode tagged-access;
vlan {
members [ mgmt ];
}
native-vlan-id lan;
### MAC Address Table
To find a host's port:
root@jex2> show ethernet-switching table brief | match 6c:4b:90:92:1b:b3
default 6c:4b:90:92:1b:b3 Learn 0 ge-0/0/46.0

249
docs/space/switch/fcx1.cfg
View file

@ -1,249 +0,0 @@
ver 08.0.30uT7f3
!
stack unit 1
module 1 fcx-48-port-management-module
module 2 fcx-cx4-2-port-16g-module
!
!
!
!
vlan 1 name LAN by port
tagged ethe 1/1/1 to 1/1/27 ethe 1/1/30 to 1/1/44 ethe 1/1/47 to 1/1/48 ethe 1/2/1 to 1/2/2
router-interface ve 1
!
vlan 5 name MODEM by port
tagged ethe 1/1/26 ethe 1/1/45 to 1/1/48
!
vlan 6 name MODEM-5G by port
tagged ethe 1/1/3 ethe 1/1/26 ethe 1/1/44
!
vlan 7 name JADE by port
tagged ethe 1/1/26 ethe 1/1/28
!
vlan 12 name CUCO by port
tagged ethe 1/1/28 to 1/1/29 ethe 1/1/45
!
vlan 69 name MGMT by port
tagged ethe 1/1/28 ethe 1/1/43
!
vlan 4095 name DEFAULT-VLAN by port
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
default-vlan-id 4095
hostname fcx1
ip dhcp-client disable
ip route 0.0.0.0/0 10.17.54.1
!
logging buffered 1000
logging console
no telnet server
username root password 8 $1$/R5..zP1$q2BjxUK7ffmOaMfO57u/c.
username readonly privilege 5 password 8 $1$JH0../s/$5KoQYqkfHm6HLzfWYxxuL.
snmp-server community 2 $U2kyXj1k ro
snmp-server contact dxld
snmp-server location rack
!
!
clock summer-time
clock timezone gmt GMT+01
!
!
ntp
disable serve
server 2001:4860:4806::
server 2001:4860:4806:8::
server 2001:4860:4806:4::
server 2001:4860:4806:c::
!
!
no web-management http
!
!
!
!
!
!
!
interface management 1
ip address 192.168.1.55 255.255.255.0
ipv6 enable
!
interface ethernet 1/1/1
dual-mode 1
!
interface ethernet 1/1/2
dual-mode 1
!
interface ethernet 1/1/3
dual-mode 1
!
interface ethernet 1/1/4
dual-mode 1
!
interface ethernet 1/1/5
dual-mode 1
!
interface ethernet 1/1/6
dual-mode 1
!
interface ethernet 1/1/7
dual-mode 1
!
interface ethernet 1/1/8
dual-mode 1
!
interface ethernet 1/1/9
dual-mode 1
!
interface ethernet 1/1/10
dual-mode 1
!
interface ethernet 1/1/11
dual-mode 1
!
interface ethernet 1/1/12
dual-mode 1
!
interface ethernet 1/1/13
dual-mode 1
!
interface ethernet 1/1/14
dual-mode 1
!
interface ethernet 1/1/15
dual-mode 1
!
interface ethernet 1/1/16
dual-mode 1
!
interface ethernet 1/1/17
dual-mode 1
!
interface ethernet 1/1/18
dual-mode 1
!
interface ethernet 1/1/19
dual-mode 1
!
interface ethernet 1/1/20
dual-mode 1
!
interface ethernet 1/1/21
dual-mode 1
!
interface ethernet 1/1/22
dual-mode 1
!
interface ethernet 1/1/23
dual-mode 1
!
interface ethernet 1/1/24
dual-mode 1
!
interface ethernet 1/1/25
port-name WLAN?
dual-mode 1
!
interface ethernet 1/1/26
port-name Acraze.vmbr1
dual-mode 1
!
interface ethernet 1/1/27
dual-mode 1
!
interface ethernet 1/1/28
port-name Sozial.igb3
!
interface ethernet 1/1/29
port-name bringmethehorizon
dual-mode 12
!
interface ethernet 1/1/30
dual-mode 1
!
interface ethernet 1/1/31
dual-mode 1
!
interface ethernet 1/1/32
dual-mode 1
!
interface ethernet 1/1/33
dual-mode 1
!
interface ethernet 1/1/34
dual-mode 1
!
interface ethernet 1/1/35
dual-mode 1
!
interface ethernet 1/1/36
dual-mode 1
!
interface ethernet 1/1/37
dual-mode 1
!
interface ethernet 1/1/38
dual-mode 1
!
interface ethernet 1/1/39
dual-mode 1
!
interface ethernet 1/1/40
dual-mode 1
!
interface ethernet 1/1/41
dual-mode 1
!
interface ethernet 1/1/42
dual-mode 1
!
interface ethernet 1/1/43
port-name Jun2 Switch
!
interface ethernet 1/1/44
port-name fcx2 trunk
dual-mode 1
!
interface ethernet 1/1/45
port-name Cuco upstream
dual-mode 12
!
interface ethernet 1/1/46
port-name Modem Magenta
dual-mode 5
!
interface ethernet 1/1/47
port-name LZ-SW0
dual-mode 1
!
interface ethernet 1/1/48
port-name Sozial.igb1 LAN
dual-mode 1
!
interface ethernet 1/2/1
dual-mode 1
!
interface ethernet 1/2/2
dual-mode 1
!
interface ve 1
ip address 10.17.54.21 255.255.255.0
ipv6 address fe80::fc81 link-local
ipv6 address 2a0c:9a40:8070::fc81/64
ipv6 enable
ipv6 nd suppress-ra
!
!
!
!
!
!
!
!
!
end

151
docs/space/switch/fcx2.cfg
View file

@ -1,151 +0,0 @@
ver 08.0.30uT7f3
!
stack unit 1
module 1 fcx-24-poe-port-management-module
module 2 fcx-cx4-2-port-16g-module
no legacy-inline-power
!
!
!
!
vlan 1 name LAN by port
tagged ethe 1/1/1 to 1/1/24 ethe 1/2/1 to 1/2/2
router-interface ve 1
!
vlan 6 name MODEM-5G by port
tagged ethe 1/1/23 to 1/1/24
!
vlan 4095 name DEFAULT-VLAN by port
!
!
!
!
!
aaa authentication web-server default local
aaa authentication login default local
default-vlan-id 4095
hostname fcx2
ip dhcp-client disable
ip route 0.0.0.0/0 10.17.54.1
!
logging buffered 1000
no telnet server
username root password 8 $1$lo5..bJ/$LiAxkJ3WFxSJciiXnfEdl0
username readonly password 8 $1$fN2..Qj1$ECwPKYep4c3bjP1BoQPex0
!
!
clock summer-time
clock timezone gmt GMT+01
!
!
ntp
disable serve
server 216.239.35.0
server 216.239.35.4
!
!
no web-management http
!
!
!
!
!
!
!
interface management 1
ip address 192.168.1.55 255.255.255.0
ipv6 enable
!
interface ethernet 1/1/1
dual-mode 1
!
interface ethernet 1/1/2
dual-mode 1
!
interface ethernet 1/1/3
dual-mode 1
!
interface ethernet 1/1/4
dual-mode 1
!
interface ethernet 1/1/5
dual-mode 1
!
interface ethernet 1/1/6
dual-mode 1
!
interface ethernet 1/1/7
dual-mode 1
!
interface ethernet 1/1/8
dual-mode 1
!
interface ethernet 1/1/9
dual-mode 1
!
interface ethernet 1/1/10
dual-mode 1
!
interface ethernet 1/1/11
dual-mode 1
!
interface ethernet 1/1/12
dual-mode 1
!
interface ethernet 1/1/13
dual-mode 1
!
interface ethernet 1/1/14
dual-mode 1
!
interface ethernet 1/1/15
dual-mode 1
!
interface ethernet 1/1/16
dual-mode 1
!
interface ethernet 1/1/17
dual-mode 1
!
interface ethernet 1/1/18
dual-mode 1
!
interface ethernet 1/1/19
dual-mode 1
!
interface ethernet 1/1/20
dual-mode 1
!
interface ethernet 1/1/21
dual-mode 1
!
interface ethernet 1/1/22
dual-mode 1
!
interface ethernet 1/1/23
dual-mode 6
!
interface ethernet 1/1/24
dual-mode 1
!
interface ethernet 1/2/1
dual-mode 1
!
interface ethernet 1/2/2
dual-mode 1
!
interface ve 1
ip address 10.17.54.22 255.255.255.0
ipv6 address fe80::fc82 link-local
ipv6 address 2a0c:9a40:8070::fc82/64
ipv6 enable
!
!
!
!
!
!
!
!
!
end

24
docs/space/switch/import.sh
View file

@ -1,24 +0,0 @@
#!/bin/sh
OPTS="-oKexAlgorithms=+diffie-hellman-group1-sha1 -oPreferredAuthentications=password -oHostKeyAlgorithms=+ssh-rsa"
export SSHPASS=5eGbtrLXtpnl2MZttR5mh1YpaqzjVy6U
copy_config_brocade () {
sshpass -e scp -O $OPTS readonly@"$1".asozial.it-syndikat.org:startConfig.cfg "$1".cfg
}
copy_config_junos () {
sshpass -e ssh readonly@"$1".asozial.it-syndikat.org 'show configuration' > "$1".cfg.tmp
rv=$?
[ $rv -eq 0 ] || { echo "$1 failed"; rm "$1".cfg.tmp; return $rv; }
mv "$1".cfg.tmp "$1".cfg
}
RV=0
#copy_config_brocade fcx1 || RV=$?
#copy_config_brocade fcx2 || RV=$?
copy_config_junos jex1 || RV=$?
copy_config_junos jex2 || RV=$?
exit $RV

811
docs/space/switch/jex1.cfg
View file

@ -1,811 +0,0 @@
## Last commit: 2025-03-17 14:38:32 UTC by root
version 15.1R7-S2;
system {
host-name jex1;
ports {
console {
log-out-on-disconnect;
type xterm;
}
}
root-authentication {
encrypted-password "$5$TvgB.3Dl$EdD1YFzMrvMAsIiFBYD8/SrRqx0CZVPpNGOh3vd2a3."; ## SECRET-DATA
ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvioDgEqpDNPtN5IADORCob2W4PrPwZ9XkeM0ydKkni dxld@House;"; ## SECRET-DATA
}
login {
class read-only-local {
permissions [ secret view view-configuration ];
}
user readonly {
uid 2003;
class read-only-local;
authentication {
encrypted-password "$5$DtGWoubh$FHAKIUyEfAubId4.tai1g0dLcaBywdyg0HTSFzcE8H."; ## SECRET-DATA
}
}
}
services {
ssh {
root-login allow;
protocol-version v2;
client-alive-count-max 5;
client-alive-interval 20;
hostkey-algorithm {
ssh-ecdsa;
ssh-ed25519;
}
}
web-management {
http {
interface all;
}
https {
port 443;
system-generated-certificate;
interface [ vlan.100 all ];
}
}
dhcp {
traceoptions {
file dhcp_logfile;
level all;
flag all;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
ntp {
server 2a0d:f302:e054:54::1;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
description "access point";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ cuco iot evil ];
}
native-vlan-id default;
}
}
}
ge-0/0/1 {
description siebdruck;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/2 {
description siebdruck;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/3 {
description "clubmate dispenser";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/4 {
description "3d printer";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/5 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/6 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/7 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/8 {
description "its coucharea | ampel";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/9 {
description beamer;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/10 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/11 {
description "5G Modem | its courarea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members modem-5g;
}
}
}
}
ge-0/0/12 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/13 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/14 {
description "audio rack";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/15 {
description treppenkopf;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/16 {
description "access point";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ cuco iot evil ];
}
native-vlan-id default;
}
}
}
ge-0/0/17 {
description siebdruck;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/18 {
description "dreck(s)werkstatt";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/19 {
description "dreck(s)werkstatt";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/20 {
description "dreck(s)werkstatt";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/21 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/22 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/23 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/24 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/25 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/26 {
description bunkertelefon;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/27 {
description "snack dispenser";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/28 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/29 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/30 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/31 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/32 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/33 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/34 {
description "schaltschrank go-e";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/35 {
description "iot (couchzone sensors)";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/36 {
description "schaltschrank ble+modbus";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/37 {
description "iot (dreckswerkstatt)";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/38 {
description "iot (tak)";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/39 {
description "iot (couchzone LED decke)";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/40 {
description "iot (siebdruckwerkstatt LED)";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/41 {
description iot;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/42 {
description "iot (treppenkopf)";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/43 {
description "iot (kitchen)";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/44 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/45 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/46 {
description "uplink fw";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ cuco iot mgmt ];
}
native-vlan-id default;
}
}
}
ge-0/0/47 {
description "cuco sidekink";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members 192;
}
}
}
}
xe-0/1/0 {
description "trunk to other switch (10g)";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
except monitoring;
}
}
}
}
xe-0/1/1 {
description "acraze trunk";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
native-vlan-id srv;
}
}
}
xe-0/1/2 {
description "schmuddelkiste transfer";
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members 666;
}
}
}
}
xe-0/1/3 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
me0 {
unit 0 {
family inet6 {
address fe80::7e81/64;
address fd69:205f:6c8b:7e81::1/64;
}
}
}
vlan {
unit 100 {
family inet6 {
address fe80::7e81/64;
address 2a0d:f302:e054:54::7e81/64;
}
}
}
}
snmp {
description "jex1 poe switch";
contact "wir@it-syndikat.org";
view all {
oid .1 include;
}
community WeP2mfjDrSWW62 {
view all;
authorization read-write;
}
}
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop 2a0d:f302:e054:54::1;
}
}
}
protocols {
igmp-snooping {
vlan all;
}
mld-snooping {
vlan all;
}
rstp;
lldp {
inactive: traceoptions {
file lldplog;
flag all;
}
interface all;
}
}
ethernet-switching-options {
inactive: analyzer ht802-debug {
loss-priority high;
input {
ingress {
interface ge-0/0/26.0;
}
egress {
interface ge-0/0/26.0;
}
}
output {
vlan {
monitoring;
}
}
}
voip;
}
vlans {
cuco {
description "Cunst und co oder so";
vlan-id 192;
}
default {
vlan-id 100;
l3-interface vlan.100;
}
evil {
vlan-id 66;
}
iot {
description "INTERNET of SHIT and SMOKE";
vlan-id 420;
}
mgmt {
description "IPv6 RA management VLAN";
vlan-id 69;
}
modem {
description "Magenta modem";
vlan-id 5;
}
modem-5g {
description "ZTE 5G Modem";
vlan-id 6;
}
monitoring {
description "port mirroring target";
vlan-id 999;
}
srv {
description "server shiit";
vlan-id 4;
}
transfer {
vlan-id 666;
}
}
poe {
interface all;
}

691
docs/space/switch/jex2.cfg
View file

@ -1,691 +0,0 @@
## Last commit: 2025-02-25 17:24:13 UTC by root
version 15.1R7-S2;
system {
host-name jex2;
ports {
console {
log-out-on-disconnect;
type xterm;
}
}
root-authentication {
encrypted-password "$1$UwGTV9Iu$cbIHVAeSqCEwezIQGPyX2/"; ## SECRET-DATA
ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvioDgEqpDNPtN5IADORCob2W4PrPwZ9XkeM0ydKkni dxld@House"; ## SECRET-DATA
}
login {
class read-only-local {
permissions [ secret view view-configuration ];
}
user readonly {
uid 2002;
class read-only-local;
authentication {
encrypted-password "$5$DtGWoubh$FHAKIUyEfAubId4.tai1g0dLcaBywdyg0HTSFzcE8H."; ## SECRET-DATA
}
}
}
services {
ssh {
root-login allow;
protocol-version v2;
client-alive-count-max 5;
client-alive-interval 20;
hostkey-algorithm {
ssh-ecdsa;
ssh-ed25519;
}
}
web-management {
http {
interface all;
}
https {
port 443;
system-generated-certificate;
interface all;
}
}
}
ntp {
server 2a0d:f302:e054:54::1;
}
}
chassis {
alarm {
management-ethernet {
link-down ignore;
}
}
}
interfaces {
ge-0/0/0 {
description "access point";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ cuco iot ];
}
native-vlan-id default;
}
}
}
ge-0/0/1 {
description isitopen;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/2 {
description siebdruck;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/3 {
description "clubmate dispenser";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/4 {
description "soldering zone | printer";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/5 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/6 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/7 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/8 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/9 {
description beamer;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members iot;
}
}
}
}
ge-0/0/10 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/11 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/12 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/13 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/14 {
description "audio rack";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/15 {
description siebdruck;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/16 {
description "access point";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ cuco iot ];
}
native-vlan-id default;
}
}
}
ge-0/0/17 {
description siebdruck;
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/18 {
description "dreck(s)werkstatt";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/19 {
description "dreck(s)werkstatt";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/20 {
description "dreck(s)werkstatt";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/21 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/22 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/23 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/24 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/25 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/26 {
description "tak office";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members cuco;
}
}
}
}
ge-0/0/27 {
description "snack dispenser";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/28 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/29 {
description "soldering zone";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/30 {
description "its coucharea";
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/31 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/32 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/33 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/34 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/35 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/36 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/37 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/38 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/39 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/40 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/41 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/42 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/43 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/44 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/45 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/46 {
unit 0 {
family ethernet-switching {
port-mode tagged-access;
vlan {
members mgmt;
}
native-vlan-id default;
}
}
}
ge-0/0/47 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/1/0 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/0 {
description "trunk to other switch (10g)";
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/1 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/2 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
xe-0/1/3 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
me0 {
unit 0 {
family inet6 {
address fe80::7e82/64;
address fd69:205f:6c8b:7e82::1/64;
}
}
}
vlan {
unit 0 {
family inet;
}
unit 100 {
family inet6 {
address fe80::7e82/64;
address 2a0d:f302:e054:54::7e82/64;
}
}
}
vme {
unit 0 {
family inet;
}
}
}
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop 2a0d:f302:e054:54::1;
}
}
}
protocols {
igmp-snooping {
vlan all;
}
mld-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
voip;
storm-control {
inactive: interface all;
}
}
vlans {
cuco {
description "cunst und co vlan oder so";
vlan-id 192;
}
default {
vlan-id 100;
l3-interface vlan.100;
}
iot {
description "INTERNET of SHIT and SMOKE";
vlan-id 420;
}
mgmt {
description "IPv6 RA management VLAN";
vlan-id 69;
}
}

50
docs/space/voip.md
View file

@ -1,50 +0,0 @@
# Voice over IP
Consists of the following components:
- Asterisk server at asterix.srv.it-syndikat.org
- HT802 analog phone interface connected to Bunkertelefon
- Homeassistant VoIP integration
- SIP trunk to [EPVPN](https://eventphone.de/doku/epvpn)
- SIP trunk to PSTN via [sipcall](https://sipcall.at)
## Asterisk
Runs on `asterix.srv.it-syndikat.org`.
Central PBX, talks to all other endpoints. Configuration happens mostly in `/etc/asterisk/pjsip.conf` and `/etc/asterisk/extensions.conf`.
CLI can be accessed using `sudo -u asterisk asterisk -r`. Useful commands:
- reloading: `reload` to reload everything, `pjsip reload`/`dialplan reload` for partial reloads
- delete stuck SIP registration: `database show registrar/contact`, then e.g. `database deltree registrar/contact 6002;@332c500bfb09158a3a3a9ef53913cd6a`
- logging: `pjsip set logger on` to show SIP packets
- dialplan help: `core show applications`/`core show functions`
### EPVPN
Asterisk is registered in EPVPN on extension 1754. Outbound calls to EPVPN are possible with prefix 9, inbound calls go to Bunkertelefon.
### sipcall
We have a prepaid sipcall phone number, `+43 720 519629`. Outbound calls to numbers starting with 0
are routed though here to PSTN. Inbound calls go to Bunkertelefon.
## HT802
Analog Telephone Adapter for Bunkertelefon, registered on extension 6001.
Web interface on <http://ht802.asozial.it-syndikat.org>, credentials in Vaultwarden. Has a machine-friendly-ish SSH interface too.
Config export in `voip/ht802/` directory.
Picking up and not dialling for 5 seconds automatically connects to Homeassistant.
## Homeassistant
Native VoIP integration, registered on extension 6006.
## Call deterrence
Because the Bunkertelefon is quite loud, whenever isitopen is closed, callers will first be greeted
by a GLaDOS recording telling them to go away. Pressing 1 will make the phone ring anyway.

81
mkdocs.yml
View file

@ -1,81 +0,0 @@
site_name: ITS Docs
site_url: https://docs.it-syndikat.org
repo_url: https://git.it-syndikat.org/IT-Syndikat/its-network
edit_uri: "src/branch/main/docs/"
nav:
- '~': README.md
- 'space':
- 'overview': space/README.md
- 'virtual':
- 'Hypervisor': space/srv-acraze/acraze.md
- 'Database': space/srv-acraze/database.md
- 'Discourse': space/srv-acraze/discourse.md
- 'DNS': space/srv-acraze/dns.md
- 'Forgejo': space/srv-acraze/gitea.md
- 'Home Assistant': space/srv-acraze/homeassistant.md
- 'LDAP': space/srv-acraze/ldap.md
- 'Logging': space/srv-acraze/logging.md
- 'E-Mail': space/srv-acraze/mail.md
- 'Matrix': space/srv-acraze/matrix.md
- 'IRC Bouncer': space/srv-acraze/thelounge.md
- 'Vaultwarden': space/srv-acraze/vaultwarden.md
- 'New Web': space/srv-acraze/web-general.md
- 'Old Web': space/srv-acraze/web-its.md
- 'Zabbix': space/srv-acraze/zabbix.md
- 'hardware':
- 'Electrical': space/electrical/README.md
- 'VOIP': space/voip.md
- 'Router': space/router.md
- '2D-Printers': space/2d-printer.md
- '3D-Printers': space/3d-printer.md
- 'WiFi': space/access_points.md
- 'Mimaki': space/mimaki.md
- 'Switch': space/switch.md
- 'LaaS': space/laas.md
- 'Schmuddelkiste': space/schmuddelkiste.md
- 'cloud':
- 'srv': cloud/srv.md
- 'Hannibass': cloud/hannibass.md
theme:
name: material
logo: 'img/its.svg'
favicon: 'img/its.ico'
features:
- navigation.footer
- content.action.view
palette:
# Palette toggle for automatic mode
- media: "(prefers-color-scheme)"
primary: 'indigo'
accent: pink
toggle:
icon: material/brightness-auto
name: Switch to light mode
# Palette toggle for light mode
- media: "(prefers-color-scheme: light)"
scheme: default # (1)!
primary: 'indigo'
accent: pink
toggle:
icon: material/brightness-7
name: Switch to dark mode
# Palette toggle for dark mode
- media: "(prefers-color-scheme: dark)"
scheme: slate
primary: 'indigo'
accent: pink
toggle:
icon: material/brightness-4
name: Switch to system preference
plugins:
- search
markdown_extensions:
- attr_list
- pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
- pymdownx.superfences
copyright: Copyleft 🄯 IT-Syndikat - Executive Branch; 2024-2025
extra:
generator: false

301
presentation/.gitignore vendored
View file

@ -1,301 +0,0 @@
## Core latex/pdflatex auxiliary files:
*.aux
*.lof
*.log
*.lot
*.fls
*.out
*.toc
*.fmt
*.fot
*.cb
*.cb2
.*.lb
## Intermediate documents:
*.dvi
*.xdv
*-converted-to.*
# these rules might exclude image files for figures etc.
# *.ps
# *.eps
# *.pdf
## Generated if empty string is given at "Please type another file name for output:"
.pdf
## Bibliography auxiliary files (bibtex/biblatex/biber):
*.bbl
*.bcf
*.blg
*-blx.aux
*-blx.bib
*.run.xml
## Build tool auxiliary files:
*.fdb_latexmk
*.synctex
*.synctex(busy)
*.synctex.gz
*.synctex.gz(busy)
*.pdfsync
## Build tool directories for auxiliary files
# latexrun
latex.out/
## Auxiliary and intermediate files from other packages:
# algorithms
*.alg
*.loa
# achemso
acs-*.bib
# amsthm
*.thm
# beamer
*.nav
*.pre
*.snm
*.vrb
# changes
*.soc
# comment
*.cut
# cprotect
*.cpt
# elsarticle (documentclass of Elsevier journals)
*.spl
# endnotes
*.ent
# fixme
*.lox
# feynmf/feynmp
*.mf
*.mp
*.t[1-9]
*.t[1-9][0-9]
*.tfm
#(r)(e)ledmac/(r)(e)ledpar
*.end
*.?end
*.[1-9]
*.[1-9][0-9]
*.[1-9][0-9][0-9]
*.[1-9]R
*.[1-9][0-9]R
*.[1-9][0-9][0-9]R
*.eledsec[1-9]
*.eledsec[1-9]R
*.eledsec[1-9][0-9]
*.eledsec[1-9][0-9]R
*.eledsec[1-9][0-9][0-9]
*.eledsec[1-9][0-9][0-9]R
# glossaries
*.acn
*.acr
*.glg
*.glo
*.gls
*.glsdefs
*.lzo
*.lzs
*.slg
*.slo
*.sls
# uncomment this for glossaries-extra (will ignore makeindex's style files!)
# *.ist
# gnuplot
*.gnuplot
*.table
# gnuplottex
*-gnuplottex-*
# gregoriotex
*.gaux
*.glog
*.gtex
# htlatex
*.4ct
*.4tc
*.idv
*.lg
*.trc
*.xref
# hyperref
*.brf
# knitr
*-concordance.tex
# TODO Uncomment the next line if you use knitr and want to ignore its generated tikz files
# *.tikz
*-tikzDictionary
# listings
*.lol
# luatexja-ruby
*.ltjruby
# makeidx
*.idx
*.ilg
*.ind
# minitoc
*.maf
*.mlf
*.mlt
*.mtc[0-9]*
*.slf[0-9]*
*.slt[0-9]*
*.stc[0-9]*
# minted
_minted*
*.pyg
# morewrites
*.mw
# newpax
*.newpax
# nomencl
*.nlg
*.nlo
*.nls
# pax
*.pax
# pdfpcnotes
*.pdfpc
# sagetex
*.sagetex.sage
*.sagetex.py
*.sagetex.scmd
# scrwfile
*.wrt
# svg
svg-inkscape/
# sympy
*.sout
*.sympy
sympy-plots-for-*.tex/
# pdfcomment
*.upa
*.upb
# pythontex
*.pytxcode
pythontex-files-*/
# tcolorbox
*.listing
# thmtools
*.loe
# TikZ & PGF
*.dpth
*.md5
*.auxlock
# titletoc
*.ptc
# todonotes
*.tdo
# vhistory
*.hst
*.ver
# easy-todo
*.lod
# xcolor
*.xcp
# xmpincl
*.xmpi
# xindy
*.xdy
# xypic precompiled matrices and outlines
*.xyc
*.xyd
# endfloat
*.ttt
*.fff
# Latexian
TSWLatexianTemp*
## Editors:
# WinEdt
*.bak
*.sav
# Texpad
.texpadtmp
# LyX
*.lyx~
# Kile
*.backup
# gummi
.*.swp
# KBibTeX
*~[0-9]*
# TeXnicCenter
*.tps
# auto folder when using emacs and auctex
./auto/*
*.el
# expex forward references with \gathertags
*-tags.tex
# standalone packages
*.sta
# Makeindex log files
*.lpz
# xwatermark package
*.xwm
# REVTeX puts footnotes in the bibliography by default, unless the nofootinbib
# option is specified. Footnotes are the stored in a file with suffix Notes.bib.
# Uncomment the next line to have this generated file ignored.
#*Notes.bib

11
presentation/Makefile
View file

@ -1,11 +0,0 @@
.PHONY: all
all: pres.pdf
.PHONY: pres.pdf
pres.pdf: pres.tex
latexmk -xelatex --interaction=nonstopmode --shell-escape --use-make pres.tex
.PHONY: clean
clean:
latexmk -c

BIN
presentation/images/IPU451.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
presentation/images/IPU654.jpg (Stored with Git LFS)
View file

Binary file not shown.

BIN
presentation/images/its.pdf
View file

Binary file not shown.

80
presentation/images/its.svg
View file

@ -1,80 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Generator: Adobe Illustrator 15.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg:svg
version="1.1"
id="Ebene_1"
x="0px"
y="0px"
width="283.00204"
height="192.60927"
viewBox="0 0 283.00205 192.60928"
enable-background="new 0 0 327.228 277.8"
xml:space="preserve"
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
sodipodi:docname="its.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"><script
id="__gaOptOutExtension" /><svg:metadata
id="metadata45"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></svg:metadata><svg:defs
id="defs43" /><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1916"
inkscape:window-height="1041"
id="namedview41"
showgrid="false"
inkscape:zoom="1.6932973"
inkscape:cx="66.733702"
inkscape:cy="33.071569"
inkscape:window-x="1920"
inkscape:window-y="18"
inkscape:window-maximized="1"
inkscape:current-layer="Ebene_1"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0"
inkscape:showpageshadow="0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1" /><svg:g
id="g5"
style="fill:#008000"
transform="matrix(1.211673,0,0,1.211673,-58.357605,-48.01254)"><svg:circle
sodipodi:ry="18.76"
sodipodi:rx="18.76"
sodipodi:cy="58.384998"
sodipodi:cx="70.221001"
id="circle7"
r="18.76"
cy="58.384998"
cx="70.221001"
style="fill:#008000"
d="m 88.981001,58.384998 c 0,10.360862 -8.399138,18.760001 -18.76,18.760001 -10.360862,0 -18.760001,-8.399139 -18.760001,-18.760001 0,-10.360862 8.399139,-18.76 18.760001,-18.76 10.360862,0 18.76,8.399138 18.76,18.76 z" /><svg:g
id="g9"
style="fill:#008000"><svg:path
inkscape:connector-curvature="0"
id="path11"
d="m 262.107,86.738 c -3.213,0 -6.232,0.814 -8.875,2.241 -0.67,0.362 -1.623,-0.303 -1.623,-1.102 0,-4.884 -3.959,-8.843 -8.842,-8.843 -4.885,0 -8.844,3.959 -8.844,8.843 0,4.882 3.959,8.841 8.844,8.841 1.088,0 2.217,1.077 1.875,1.947 -0.834,2.116 -1.297,4.417 -1.297,6.829 0,10.36 8.4,18.759 18.762,18.759 10.359,0 18.758,-8.398 18.758,-18.759 0,-10.357 -8.398,-18.756 -18.758,-18.756 z"
style="fill:#008000" /><svg:path
inkscape:connector-curvature="0"
id="path13"
d="m 281.6,166.018 c -0.426,-13.476 -8.039,-26.154 -21.037,-30.815 -6.316,-2.266 -12.584,-2.097 -19.143,-1.548 -2.504,0.207 -5.115,0.693 -7.545,-0.168 -3.383,-1.199 -5.777,-4.411 -5.953,-7.996 -0.127,-2.584 1.693,-5.291 2.309,-7.762 0.76,-3.033 0.848,-6.188 0.344,-9.268 -0.879,-5.357 -3.512,-10.425 -7.691,-13.939 C 217.603,90.081 210.993,88.96 204.345,88.95 189.107,88.929 173.866,88.908 158.63,88.888 138.362,88.86 118.099,88.831 97.833,88.804 90.925,88.794 84.015,88.784 77.104,88.775 72.858,88.769 68.733,88.523 64.655,89.65 51.843,93.193 44.8,107.625 49.76,119.909 c 1.41,3.497 3.818,6.201 6.164,8.867 2.588,2.939 4.389,6.54 5.176,10.377 0.807,3.958 0.543,8.126 -0.777,11.946 -0.633,1.834 -1.508,3.583 -2.59,5.195 -0.314,0.469 -3.422,4.006 -3.377,4.082 -10.48,10.483 -6.988,28.797 5.797,35.582 12.314,6.535 28.111,0.018 32.213,-13.344 1.848,-6.009 1.201,-13.42 -2.039,-18.833 -1.775,-2.968 -4.666,-4.768 -6.547,-7.612 -2.336,-3.533 -3.637,-7.697 -3.734,-11.931 -0.348,-15.086 14.549,-26.507 29.035,-22.224 15.182,4.486 21.156,23.603 11.15,35.934 -1.215,1.498 -2.682,2.75 -3.855,4.284 -1.271,1.659 -2.312,3.495 -3.078,5.44 -1.586,4.026 -1.977,8.496 -1.129,12.74 1.693,8.469 7.9,15.123 16.26,17.384 15.057,4.076 30.102,-8.317 28.67,-23.922 -0.383,-4.166 -1.941,-8.187 -4.461,-11.523 -2.379,-3.148 -5.146,-5.7 -6.75,-9.476 -2.992,-7.047 -2.146,-15.347 2.191,-21.644 4.018,-5.829 10.674,-9.511 17.752,-9.784 5.588,-0.216 12.305,1.91 16.301,5.852 2.236,2.206 3.898,4.965 4.977,7.906 0.975,2.665 1.064,5.205 1.393,7.972 0.705,6.001 5.246,8.878 10.697,10.235 2.617,0.65 5.291,1.038 7.914,1.656 2.998,0.706 6.211,1.38 8.324,3.799 4.691,5.369 0.896,16.088 -7.031,14.802 -2.611,-0.423 -4.932,-1.22 -7.586,-0.677 -3.43,0.701 -6.479,2.824 -8.342,5.783 -4.154,6.598 -1.408,16.133 6.053,18.896 3.768,1.395 8.891,1.33 12.236,-1.135 2.721,-2.005 3.162,-6.658 6.869,-7.48 4.391,-1.783 7.611,0.51 10.893,3.162 1.859,1.504 4.049,2.544 6.309,3.296 3.5,1.167 7.193,1.71 10.857,2.037 3.994,0.354 7.908,0.403 11.818,-0.595 6.818,-1.745 12.807,-6.023 17.115,-11.533 4.268,-5.45 7.194,-12.396 6.972,-19.405 -0.553,-17.409 0.466,14.73 0,0 z"
style="fill:#008000" /><svg:path
style="fill:#008000;stroke:#000000;stroke-miterlimit:10"
inkscape:connector-curvature="0"
id="path15"
d="M 209.236,167.063"
stroke-miterlimit="10" /></svg:g></svg:g></svg:svg>
Side by side

Before

(image error) Size: 5.3 KiB

77
presentation/images/logo2013.svg
View file

@ -1,77 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Generator: Adobe Illustrator 15.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="Ebene_1"
x="0px"
y="0px"
width="283.00204"
height="192.60927"
viewBox="0 0 283.00205 192.60928"
enable-background="new 0 0 327.228 277.8"
xml:space="preserve"
inkscape:version="0.48.5 r10040"
sodipodi:docname="logo2013.svg"><metadata
id="metadata45"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs43" /><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1600"
inkscape:window-height="834"
id="namedview41"
showgrid="false"
inkscape:zoom="0.84953207"
inkscape:cx="-6.8159251"
inkscape:cy="91.59616"
inkscape:window-x="0"
inkscape:window-y="27"
inkscape:window-maximized="1"
inkscape:current-layer="Ebene_1"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0" /><g
id="g5"
style="fill:#ffffff"
transform="matrix(1.211673,0,0,1.211673,-58.357605,-48.01254)"><circle
sodipodi:ry="18.76"
sodipodi:rx="18.76"
sodipodi:cy="58.384998"
sodipodi:cx="70.221001"
id="circle7"
r="18.76"
cy="58.384998"
cx="70.221001"
style="fill:#ffffff"
d="m 88.981001,58.384998 c 0,10.360862 -8.399138,18.760001 -18.76,18.760001 -10.360862,0 -18.760001,-8.399139 -18.760001,-18.760001 0,-10.360862 8.399139,-18.76 18.760001,-18.76 10.360862,0 18.76,8.399138 18.76,18.76 z" /><g
id="g9"
style="fill:#ffffff"><path
inkscape:connector-curvature="0"
id="path11"
d="m 262.107,86.738 c -3.213,0 -6.232,0.814 -8.875,2.241 -0.67,0.362 -1.623,-0.303 -1.623,-1.102 0,-4.884 -3.959,-8.843 -8.842,-8.843 -4.885,0 -8.844,3.959 -8.844,8.843 0,4.882 3.959,8.841 8.844,8.841 1.088,0 2.217,1.077 1.875,1.947 -0.834,2.116 -1.297,4.417 -1.297,6.829 0,10.36 8.4,18.759 18.762,18.759 10.359,0 18.758,-8.398 18.758,-18.759 0,-10.357 -8.398,-18.756 -18.758,-18.756 z"
style="fill:#ffffff" /><path
inkscape:connector-curvature="0"
id="path13"
d="m 281.6,166.018 c -0.426,-13.476 -8.039,-26.154 -21.037,-30.815 -6.316,-2.266 -12.584,-2.097 -19.143,-1.548 -2.504,0.207 -5.115,0.693 -7.545,-0.168 -3.383,-1.199 -5.777,-4.411 -5.953,-7.996 -0.127,-2.584 1.693,-5.291 2.309,-7.762 0.76,-3.033 0.848,-6.188 0.344,-9.268 -0.879,-5.357 -3.512,-10.425 -7.691,-13.939 C 217.603,90.081 210.993,88.96 204.345,88.95 189.107,88.929 173.866,88.908 158.63,88.888 138.362,88.86 118.099,88.831 97.833,88.804 90.925,88.794 84.015,88.784 77.104,88.775 72.858,88.769 68.733,88.523 64.655,89.65 51.843,93.193 44.8,107.625 49.76,119.909 c 1.41,3.497 3.818,6.201 6.164,8.867 2.588,2.939 4.389,6.54 5.176,10.377 0.807,3.958 0.543,8.126 -0.777,11.946 -0.633,1.834 -1.508,3.583 -2.59,5.195 -0.314,0.469 -3.422,4.006 -3.377,4.082 -10.48,10.483 -6.988,28.797 5.797,35.582 12.314,6.535 28.111,0.018 32.213,-13.344 1.848,-6.009 1.201,-13.42 -2.039,-18.833 -1.775,-2.968 -4.666,-4.768 -6.547,-7.612 -2.336,-3.533 -3.637,-7.697 -3.734,-11.931 -0.348,-15.086 14.549,-26.507 29.035,-22.224 15.182,4.486 21.156,23.603 11.15,35.934 -1.215,1.498 -2.682,2.75 -3.855,4.284 -1.271,1.659 -2.312,3.495 -3.078,5.44 -1.586,4.026 -1.977,8.496 -1.129,12.74 1.693,8.469 7.9,15.123 16.26,17.384 15.057,4.076 30.102,-8.317 28.67,-23.922 -0.383,-4.166 -1.941,-8.187 -4.461,-11.523 -2.379,-3.148 -5.146,-5.7 -6.75,-9.476 -2.992,-7.047 -2.146,-15.347 2.191,-21.644 4.018,-5.829 10.674,-9.511 17.752,-9.784 5.588,-0.216 12.305,1.91 16.301,5.852 2.236,2.206 3.898,4.965 4.977,7.906 0.975,2.665 1.064,5.205 1.393,7.972 0.705,6.001 5.246,8.878 10.697,10.235 2.617,0.65 5.291,1.038 7.914,1.656 2.998,0.706 6.211,1.38 8.324,3.799 4.691,5.369 0.896,16.088 -7.031,14.802 -2.611,-0.423 -4.932,-1.22 -7.586,-0.677 -3.43,0.701 -6.479,2.824 -8.342,5.783 -4.154,6.598 -1.408,16.133 6.053,18.896 3.768,1.395 8.891,1.33 12.236,-1.135 2.721,-2.005 3.162,-6.658 6.869,-7.48 4.391,-1.783 7.611,0.51 10.893,3.162 1.859,1.504 4.049,2.544 6.309,3.296 3.5,1.167 7.193,1.71 10.857,2.037 3.994,0.354 7.908,0.403 11.818,-0.595 6.818,-1.745 12.807,-6.023 17.115,-11.533 4.268,-5.45 7.194,-12.396 6.972,-19.405 -0.553,-17.409 0.466,14.73 0,0 z"
style="fill:#ffffff" /><path
style="fill:#ffffff;stroke:#000000;stroke-miterlimit:10"
inkscape:connector-curvature="0"
id="path15"
d="M 209.236,167.063"
stroke-miterlimit="10" /></g></g></svg>
Side by side

Before

(image error) Size: 5.1 KiB

41
presentation/main.tex
View file

@ -1,41 +0,0 @@
\documentclass[aspectratio=169]{beamer}
\usepackage[english]{babel}
\usepackage{svg}
\title{IT-Syndikat Infrastructure}
\subtitle{Workshop}
\author[Daniel P.]{Daniel Plank}
\institute[ITS]{
IT-Syndikat%
\\%
Verein zur Förderung des freien Zugangs zu technischer Fort- und
Weiterbildung jeglicher Art%
}
\date{2022-12-20}
\logo{\includesvg[width= 0.2\textwidth]{images/logo2013.svg}}
\begin{document}
\frame{\titlepage}
\begin{frame}{Summary}
\tableofcontents
\end{frame}
\section*{Acknowledgments} %You can remove this if you do not want to use it
\begin{frame}{Acknowledgments}
The author is extremely thankful to Prof. Antônio F. R. T. Piza for the short, yet wonderful, conversations about this seminar.
\end{frame}
\section*{References} %You can remove this if you do not want to use it
\nocite{Djairo} \nocite{PhilPanof} \nocite{Fleming} \nocite{Shankar}
\begin{frame}{References}
\printbibliography
\end{frame}
\section{}
\begin{frame}{}
\centering
\Huge\bfseries
\textcolor{orange}{The End}
\end{frame}
\end{document}

BIN
presentation/pres.pdf
View file

Binary file not shown.

530
presentation/pres.tex
View file

@ -1,530 +0,0 @@
\documentclass[
11pt, % Set the default font size, options include: 8pt, 9pt, 10pt, 11pt, 12pt, 14pt, 17pt, 20pt
%
aspectratio=169, % Uncomment to set the aspect ratio to a 16:9 ratio which matches the aspect ratio of 1080p and 4K screens and projectors
]{beamer}
\usepackage{booktabs} % Allows the use of \toprule, \midrule and \bottomrule for better rules in tables
\usepackage{listings}
\usepackage{fontspec}
\usepackage{verbatim}
%\usepackage{appendixnumberbeamer} %If you want a separate slide counter for your appendix
%%% Customize Theme %%%%%%%%%%%%%%%%%%%%%%
\usetheme{Madrid} % You can use other themes too, but this changes many things. I've found Madrid to be the best for this color scheme
%fg = font color
%bg = background color
% ! WARNING ! : Many colors are linked to multiple attributes, so changing one color can have unexpected changes!
% If you want to tweak the shading of orange and red, tweak the below 2 lines:t
\definecolor{myRed}{RGB}{62, 112, 20}
\definecolor{myOrange}{RGB}{227, 125, 0}
% Bottom right hand color
\setbeamercolor*{structure}{bg=myRed!20,fg=myRed!90}
\setbeamercolor*{palette primary}{use=structure,fg=white,bg=structure.fg} %?
\setbeamercolor*{palette secondary}{use=structure,fg=myRed,bg=white}
%bottom left of footer & bar between title & top bubbles
\setbeamercolor*{palette tertiary}{use=structure,fg=white,bg=myRed}
\setbeamercolor{frametitle}{bg=myRed!85,fg=white} %title of each slide
\setbeamercolor*{titlelike}{parent=palette primary} %?
%\setbeamercolor{titlelike}{parent=palette primary,fg=structure.fg!50!myRed}
%for miniframe (very top) AND center footer
\setbeamercolor{section in head/foot}{fg=myOrange, bg=white}
%%% Specific Colors %%%
\setbeamercolor{item projected}{bg=myOrange}
\setbeamertemplate{enumerate items}{bg=myOrange}
\setbeamercolor{itemize item}{fg=myOrange}
\setbeamercolor{itemize subitem}{fg=myOrange}
\setbeamercolor{button}{bg=myOrange}
%%% Edits ONLY the TOC slide %%%
\setbeamercolor{section in toc}{fg=black}
\setbeamercolor{subsection in toc}{fg=black}
%%% Block Colors %%%
% Standard block %
\setbeamercolor{block title}{bg=myOrange, fg=white}
\setbeamercolor{block body}{bg=myOrange!20}
% Alerted block % If you want to customize it's color
%\setbeamercolor{block title alerted}{bg=cyan, fg=white}
%\setbeamercolor{block body alerted}{bg=cyan!10}
% Example block % If you want to customize it's color
%\setbeamercolor{block title example}{bg=cyan, fg=white}
%\setbeamercolor{block body example}{bg=cyan!10}
%---------------------------------------------------------
% SELECT FONT THEME & FONTS
%---------------------------------------------------------
\usefonttheme{default} % Typeset using the default sans serif font
\usepackage{palatino} % Use the Palatino font for serif text
\useinnertheme{circles}
\usepackage{svg}
%---------------------------------------------------------
% SELECT OUTER THEME
%---------------------------------------------------------
% Outer themes change the overall layout of slides, such as: header and footer lines, sidebars and slide titles. Uncomment each theme in turn to see what changes it makes to your presentation.
%\useoutertheme{default}
%
\useoutertheme{miniframes}
%\useoutertheme{infolines}
%\useoutertheme{smoothbars}
%\useoutertheme{sidebar}
%\useoutertheme{split}
%\useoutertheme{shadow}
%\useoutertheme{tree}
%\useoutertheme{smoothtree}
\setmonofont[Scale=MatchLowercase]{Hack}
\fontspec{Libertinus Sans}
%---------------------------------------------------------
% PRESENTATION INFORMATION
%---------------------------------------------------------
\title[ITS-Infra WS]{ITS-Infrastructure Workshop}
\subtitle{From router to email and back}
\author[Waschtl <tyrolyean@semi-professional.org>]{Author: waschtl}
\institute[]{IT-Syndikat \\ \smallskip \textit{wir@it-syndikat.org}}
\date[\today]
\logo{\includesvg[width=1.0cm]{./images/its.svg}}
%---------------------------------------------------------
%---------------------------------------------------------
%---------------------------------------------------------
\begin{document}
%---------------------------------------------------------
% TITLE SLIDE
%---------------------------------------------------------
\section{}
\begin{frame}
\titlepage
\end{frame}
%---------------------------------------------------------
% TABLE OF CONTENTS SLIDE
%---------------------------------------------------------
% The table of contents outputs the sections and subsections that appear in your presentation, specified with the standard \section and \subsection commands. You may either display all sections and subsections on one slide with \tableofcontents, or display each section at a time on subsequent slides with \tableofcontents[pausesections]. The latter is useful if you want to step through each section and mention what you will discuss.
\begin{frame}
\frametitle{Table of Contents} % Slide title, remove this command for no title
\tableofcontents % Output the table of contents (all sections on one slide)
%\tableofcontents[pausesections] % Output the table of contents (break sections up across separate slides)
\end{frame}
\section{General}
\subsection{Documentation}
\begin{frame}
\frametitle{Infrastructure Documentation}
Git repository at \url{https://git.it-syndikat.org/it-syndikat/its-network.git}\\
\begin{tiny}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\verbatiminput{text/doc_tree.txt}
\end{column}
\begin{column}{0.5\textwidth}
\verbatiminput{text/res_tree.txt}
\end{column}
\end{columns}
\end{tiny}
\end{frame}
\subsection{IP}
\begin{frame}
\frametitle{IP}
\begin{itemize}
\item{IPv4}
\begin{itemize}
\item{Space} infrastructure resides inside the \texttt{10.17.0.0/16} subnet
\item{Cuco} Resides in \texttt{192.168.1.0/24} subnet
\end{itemize}
\item{IPv6}
\begin{itemize}
\item{Space} subnet \texttt{2a0c:9a40:8070::/44} uplink via @dxld's infrastructure.
\begin{itemize}
\item{Servers} obtain address via DHCPv6, which auto-registers hostname in \texttt{srv.it-syndikat.org} Zone
\item{LAN} obtains address via DHCPv6 \textbf{AND} SLAAC, only DHCPv6 address registered in \texttt{asozial.it-syndikat.org}
\end{itemize}
\item{Cuco} doesn't have or want IPv6
\end{itemize}
\end{itemize}
\end{frame}
\subsection{Router/FW}
\begin{frame}
\frametitle{Router/FW}
\begin{itemize}
\item PFSense reachable at \texttt{sozial.asozial.it-syndikat.org}
\item SSO via ldap; all members of netadmins group
\item recovery credentials in vaultwarden
\item stateful firewalling and port forwarding
\item DDNS public record at \texttt{public.srv.it-syndikat.org}
\item Openvpn server for remote access with ldap credentials
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Router/FW Hardware}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\item NRG Systems IPU654
\item Intel Pentium N5405U 2C/4T
\item 4GB DDR4 SO-DIMM
\item 128G Intel SATA SSD
\item 6x Intel i211-AT Gigabit NIC
\item 10W IDLE
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{figure}[H]
\includegraphics[height=.5\textheight]{images/IPU654}
\end{figure}
\end{column}
\end{columns}
\end{frame}
\subsection{Subnets}
\begin{frame}
\frametitle{Subnets}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\item{LAN} - ITS network
\begin{itemize}
\item \texttt{10.17.54.0/24}
\item \texttt{2a0c:9a40:8070::/64}
\end{itemize}
\item{CUCO}
\begin{itemize}
\item \texttt{192.168.1.0/24}
\end{itemize}
\item{PLAYGROUND} - Sandbox net
\begin{itemize}
\item \texttt{10.17.3.0/24}
\end{itemize}
\item{SERVERS}
\begin{itemize}
\item \texttt{10.17.4.0/24}
\item \texttt{2a0c:9a40:8070:40::/64}
\end{itemize}
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item{VPNSRV} - VPN access from outside
\begin{itemize}
\item \texttt{10.17.5.0/24}
\item \texttt{2a0c:9a40:8070:50::/64}
\end{itemize}
\item{SRVHCVPN} - Tunnel to \texttt{srv.hc.it-syndikat.org}
\begin{itemize}
\item \texttt{10.17.7.0/24}
\item \texttt{2a0c:9a40:8070:70::/64}
\end{itemize}
\item{JADE}
\begin{itemize}
\item \texttt{10.17.7.0/24}
\item \texttt{2a0c:9a40:8070:70::/64}
\end{itemize}
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\section{LDAP}
\subsection{LDAP general}
\begin{frame}
\frametitle{LDAP}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\item \textbf{L}ightweight \textbf{D}irectory \textbf{A}ccess \textbf{P}rotocol
\item Subset of ITU X.500 standards (mostly X.511)
\item Uses X standard naming scheme (key=value pairs separated by commas)
\item hierarchical structure
\item Case insensitive
\item different software can access same user information
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item used to store and retrieve directory information i.e.
\begin{itemize}
\item usernames/passwords
\item login shell
\item ssh-keys
\item home directory location
\item group memberships
\item service configuration (DNS,dhcp,etc.)
\end{itemize}
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\frametitle{X.500 standard abbreviations}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\item OU…Organizational Unit
\item DN…Distinctive Name
\item CN…Common Name
\item UID…username
\item SN…Sure Name
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item O…Organization
\item DC…Domain component
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\frametitle{objectClasses}
Object classes define what information may be present in an object in which format
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\item posixAccount…Account with passwd information
\item shadowAccount…Account with password
\item inetOrgPerson…RFC 2798 standard user account
\item organizationalPerson…Person in organisation
\item ldapPublicKey…Non-standard: ssh key in ldap
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item posixGroup…Posix style group
\item organizationalUnit…Defines contents of OU object
\item organizationalRole…Role within organisation (More or less subset of organizationalPerson)
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\frametitle{Examplary LDAP entry}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\tiny\verbatiminput{text/tyrolyean.ldif}
\end{column}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item \texttt{dn} denotes position in ldap tree
\item \texttt{uid} and \texttt{cn} are used synonimously for users
\item \texttt{uidNumber} \textbf{MUST} be unique
\item \texttt{gecos} field stems from UNIX
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\frametitle{Standard (open)ldap utils}
\begin{itemize}
\item \texttt{ldapsearch} query ldap server
\item \texttt{ldapremove} remove object/field from server
\item \texttt{ldapadd} add object/field from server
\item \texttt{ldapadd} add/remove/modify object/field from server
\item \texttt{ldappasswd} change password field (LDAPv3 extension)
\item \texttt{ldapwhoami} whoami in ldap
\end{itemize}
\end{frame}
\subsection{ITS-Setup}
\begin{frame}
\frametitle{LDAP Server setup}
\begin{columns}[t]
\begin{column}{0.35\textwidth}
\begin{itemize}
\begin{tiny}
\item \texttt{blacksunempire.srv.it-syndikat.org}
\item \texttt{ldap.it-syndikat.org}
\item Debian
\item \url{ldaps://ldap.it-syndikat.org}
\item \texttt{SLAPD} from debian repositories
\item Base DN: \texttt{dc=it-syndikat,dc=org}
\item \texttt{ou=groups} and \texttt{ou=users} OUs
\end{tiny}
\end{itemize}
\end{column}
\begin{column}{0.65\textwidth}
\tiny\verbatiminput{text/bse_neofetch.txt}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\frametitle{LDAP Server setup (cont.)}
\begin{columns}[t]
\begin{column}{\textwidth}
\begin{itemize}
\item SLAPD gets cert from certbot
\item access restriced by host and network firewall
\item Accepts starttls (TCP 389) and normal tls (TCP 636)
\item Stores passwords as argon2i
\item Posix-Style group memberships
\item ''SSO''-Provider
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\section{Services}
\subsection{Virtualisation}
\begin{frame}
\frametitle{Main Hypervisor}
\begin{columns}[t]
\begin{column}{0.35\textwidth}
\begin{itemize}
\begin{tiny}
\item \texttt{acraze.srv.it-syndikat.org}
\item Proxmox VE
\item \url{https://acraze.srv.it-syndikat.org:8006}
\item LDAP SSO; Permissions have to be assigned manually!
\end{tiny}
\end{itemize}
\end{column}
\begin{column}{0.65\textwidth}
\tiny\verbatiminput{text/acraze_neofetch.txt}
\end{column}
\end{columns}
\end{frame}
\subsection{Edge proxy}
\begin{frame}
\frametitle{Hetzner Edge Proxy}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\begin{small}
\item \texttt{srv.hc.it-syndikat.org}
\item Hetzner CX11 Instance
\item Haproxy server
\item Postfix smtp relay
\item DNS authoritative server \texttt{ns0.srv.it-syndikat.org. }
\end{small}
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\tiny\verbatiminput{text/srv_neofetch.txt}
\end{column}
\end{columns}
\end{frame}
\subsection{DNS}
\begin{frame}
\frametitle{DNS services}
\begin{columns}[t]
\begin{column}{0.5\textwidth}
\begin{itemize}
\begin{small}
\item \texttt{srv.hc.it-syndikat.org}
\item DNS authoritative server \texttt{ns0.it-syndikat.org.}
\item Master for \texttt{it-syndikat.org.} and \texttt{it-syndik.at.}
\item Slave for \texttt{srv.it-syndikat.org.} and \texttt{asozial.it-syndikat.org.}
\end{small}
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{itemize}
\begin{small}
\item \texttt{luude.srv.it-syndikat.org}
\item DNS authoritative server \texttt{ns01.srv.it-syndikat.org.}
\item Master for \texttt{srv.it-syndikat.org.} and \texttt{asozial.it-syndikat.org.}
\end{small}
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\subsection{E-Mail}
\begin{frame}
\frametitle{E-Mail services}
\begin{itemize}
\item \texttt{blackmail.srv.it-syndikat.org}
\item Debian standard postfix and dovecot
\item Access as \texttt{mail.it-syndikat.org}
\item Proxied through \texttt{srv.hc.it-syndikat.org}
\item SMTP, IMAP and POP3
\end{itemize}
\end{frame}
\subsection{Database}
\begin{frame}
\frametitle{Postgresql Database}
\begin{itemize}
\item \texttt{pgsql.srv.it-syndikat.org}
\item Debian standard postgresql
\item Authorization via TLS certificates
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Mariadb Database}
\begin{itemize}
\item \texttt{pgsql.srv.it-syndikat.org}
\item Debian standard mariadb
\item Authorization via user/password
\item Certificate from certbot
\end{itemize}
\end{frame}
%---------------------------------------------------------
% CLOSING SLIDE
%---------------------------------------------------------
% To remove miniframe from top
\appendix
\begin{frame}[noframenumbering] %So the end and appendix slides don't contribute to the page count
\frametitle{OPNSense vs PFSense}
OPNSense
\begin{itemize}
\item Nicer user interface
\item Allows rules to match inbound and outbound on interface
\item mixed up ldap and active directory
\item broken dualstack address mapping
\item weird wirguard interface issues
\end{itemize}
\end{frame}
\begin{frame}[noframenumbering] %So the end and appendix slides don't contribute to the page count
\frametitle{OPNSense vs PFSense}
PFSense
\begin{itemize}
\item Working ldap group memberships
\item Working wireguard support
\item Working dualstack rule matching
\item Did I mention stuff working?
\end{itemize}
\end{frame}
\end{document}

20
presentation/text/acraze_neofetch.txt
View file

@ -1,20 +0,0 @@
.://:` `://:. root@acraze
`hMMMMMMd/ /dMMMMMMh` -----------
`sMMMMMMMd: :mMMMMMMMs` OS: Proxmox VE 7.3-3 x86_64
`-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-` Host: X9DRW 0123456789
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:` Kernel: 5.15.64-1-pve
`/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/` Uptime: 24 days, 21 hours, 4 mins
./ooooooo+- +NMMMMMMMMN+ -+ooooooo/. Packages: 709 (dpkg)
.+ooooooo+-`oNMMMMNo`-+ooooooo+. Shell: bash 5.1.4
-+ooooooo/.`sMMs`./ooooooo+- Resolution: 1024x768
:oooooooo/`..`/oooooooo: Terminal: /dev/pts/0
:oooooooo/`..`/oooooooo: CPU: Intel Xeon E5-2630 v2 (24) @ 3.100GHz
-+ooooooo/.`sMMs`./ooooooo+- GPU: 11:00.0 Matrox Electronics Systems Ltd. G200eR2
.+ooooooo+-`oNMMMMNo`-+ooooooo+. Memory: 79935MiB / 84530MiB
./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.
`/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`
`-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-`
`sMMMMMMMm: :dMMMMMMMs`
`hMMMMMMd/ /dMMMMMMh`
`://:` `://:`

17
presentation/text/bse_neofetch.txt
View file

@ -1,17 +0,0 @@
_,met$$$$$gg. tyrolyean@blacksunempire
,g$$$$$$$$$$$$$$$P. ------------------------
,g$$P" """Y$$.". OS: Debian GNU/Linux 11 (bullseye) x86_64
,$$P' `$$$. Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-7.1)
',$$P ,ggs. `$$b: Kernel: 5.10.0-19-amd64
`d$$' ,$P"' . $$$ Uptime: 1 hour, 38 mins
$$P d$' , $$P Packages: 496 (dpkg)
$$: $$. - ,d$$' Shell: fish 3.1.2
$$; Y$b._ _,d$P' Resolution: 1280x800
Y$$. `.`"Y$$$$P"' Terminal: /dev/pts/0
`$$b "-.__ CPU: Common KVM (2) @ 2.599GHz
`Y$$ GPU: 00:01.0 Vendor 1234 Device 1111
`Y$$. Memory: 174MiB / 1948MiB
`$$b.
`Y$$b.
`"Y$b._
`"""

25
presentation/text/doc_tree.txt
View file

@ -1,25 +0,0 @@
├── access_points.md
├── acraze
│   ├── acraze.md
│   ├── database.md
│   ├── dns.md
│   ├── gitea.md
│   ├── mail.md
│   ├── matrix.md
│   ├── vaultwarden.md
│   ├── web-general.md
│   ├── web-its.md
│   └── zabbix.md
├── disaster_recovery.md
├── hetzner
│   ├── discourse.md
│   └── srv.md
└── space_general
├── 2d-printer.md
├── 3d-printer.md
├── mimaki.md
├── router.md
├── schmuddelkiste.md
└── switch.md
4 directories, 23 files

19
presentation/text/res_tree.txt
View file

@ -1,19 +0,0 @@
├── router
│   └── backup
│   ├── config-grobian.asozial-20210405155033.xml
│   ├── config-sozial.asozial.it-syndikat.org-20220826181210.xml
│   ├── config-sozial.asozial.it-syndikat.org-20220924162704.xml
│   ├── config-sozial.asozial.it-syndikat.org-20221101160323.xml
│   └── config-sozial.asozial.it-syndikat.org-20221210100200.xml
└── switch
├── config_backups
│   ├── 2018-10-02.cfg
│   └── 2018-11-10.cfg
├── GS748Tv3 Firmware Version 3.1.4.zip
└── manuals
├── GS748T_HIG_20Sep07.pdf
├── GS748T_IG_20Sep07.pdf
├── GS748T_UM_30Oct07.pdf
└── Internet access on multiple VLANs.pdf
5 directories, 12 files

17
presentation/text/srv_neofetch.txt
View file

@ -1,17 +0,0 @@
_,met$$$$$gg. tyrolyean@srv.hc.it-syndikat.org
,g$$$$$$$$$$$$$$$P. --------------------------------
,g$$P" """Y$$.". OS: Debian GNU/Linux 11 (bullseye) x86_64
,$$P' `$$$. Host: vServer 20171111
',$$P ,ggs. `$$b: Kernel: 5.10.0-19-amd64
`d$$' ,$P"' . $$$ Uptime: 11 days, 19 hours, 20 mins
$$P d$' , $$P Packages: 548 (dpkg)
$$: $$. - ,d$$' Shell: fish 3.1.2
$$; Y$b._ _,d$P' Resolution: 1024x768
Y$$. `.`"Y$$$$P"' Terminal: /dev/pts/0
`$$b "-.__ CPU: Intel Xeon (Skylake, IBRS) (1) @ 2.099GHz
`Y$$ Memory: 179MiB / 1935MiB
`Y$$.
`$$b.
`Y$$b.
`"Y$b._
`"""

22
presentation/text/tyrolyean.ldif
View file

@ -1,22 +0,0 @@
dn: uid=tyrolyean,ou=users,dc=it-syndikat,dc=org
cn: tyrolyean
uid: tyrolyean
displayName: Daniel Plank
sn: Plank
givenName: Daniel
initials: DP
mail: tyrolyean@semi-professional.net
homeDirectory: /home/tyrolyean
gecos: tyrolyean
shadowLastChange: 19256
loginShell: /usr/bin/fish
gidNumber: 2000
uidNumber: 2000
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ldapPublicKey
sshPublicKey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ2svXcOkb90K+hdAdIeXuw444p
7W0rs9ANW5gXvR+4 ITS WASCHTL ACCESS KEY