Docs/Plans: Difference between revisions

From MTU LUG Wiki
Jump to navigation Jump to search
mNo edit summary
(add opnsense migration stuff)
Tags: Mobile edit Mobile web edit
 
(2 intermediate revisions by one other user not shown)
Line 9: Line 9:
## Lasagna/Ravioli on very top (OPNSense servers)
## Lasagna/Ravioli on very top (OPNSense servers)
# Redo Proxmox
# Redo Proxmox
## Change storage from local replication to either Ceph or iSCSI/NFS off Leskinen
## Change storage from local replication to either Ceph, or iSCSI/NFS via Leskinen
## Figure out firewalling local network from VMs for VPS idea (able to give people an ""unmanaged VM"", it should not be able to access any other VMs on the local network)
## Figure out firewalling local network from VMs for VPS idea (able to give people an ""unmanaged VM"", it should not be able to access any other VMs on the local network)
### New subnet? (10.10.2.0/24)
### New subnet? (10.10.2.0/24)
### Reverse-NAT via OPNSense (and mandatory DHCP) so we don't have to trust people to statically assign themselves the right public IP?
### Reverse-NAT via OPNSense (and mandatory DHCP) so we don't have to trust people to statically assign themselves the right public IP?
# Fix Mirrors LAN/WAN IP (currently only on WAN, via DHCP)
# Pterodactyl
# Pterodactyl
# Faceplates for servers
# Faceplates for servers
## Stickerbomb idea!
## Stickerbomb idea!
# Consider hosting authoritative DNS resolver for linuxusers.group on our infra
## Automated domains via dhcp hostnames in opnsense
# Finish OPNsense transition
## Move Wireguard off of pfSense install
### People will need to edit their configs to point at the new gateway
## Migrate config from pfSense
### DHCP scary
### We should make any firewall/NAT/etc adjustments during this process
## Have OPNsense take over as main gateway
## Blow up pfSense and replace it with OPNsense
## Set up gateway redundancy
### How will VPN work with this?
# LDAP (on Leskinen?)
## Tie into iDrac/Switches
## VM/Proxmox/OPNSense/Debian servers (Leskinen, Maho, Mirrors)
## Everything but Shell (and maybe Wiki) so alums can have access
# Document, document, document.
# Document, document, document.

Latest revision as of 17:47, 30 October 2025

  1. 10 Gb/s backbone for internal network
    1. Install all Dell Daughterboards
    2. Program FiberStore SFP Sleds
  2. Rearrange servers
    1. Mirrors/Leskinen on bottom of our space
    2. Maho right above
    3. Proxmox cluster
    4. Shell
    5. Lasagna/Ravioli on very top (OPNSense servers)
  3. Redo Proxmox
    1. Change storage from local replication to either Ceph, or iSCSI/NFS via Leskinen
    2. Figure out firewalling local network from VMs for VPS idea (able to give people an ""unmanaged VM"", it should not be able to access any other VMs on the local network)
      1. New subnet? (10.10.2.0/24)
      2. Reverse-NAT via OPNSense (and mandatory DHCP) so we don't have to trust people to statically assign themselves the right public IP?
  4. Fix Mirrors LAN/WAN IP (currently only on WAN, via DHCP)
  5. Pterodactyl
  6. Faceplates for servers
    1. Stickerbomb idea!
  7. Consider hosting authoritative DNS resolver for linuxusers.group on our infra
    1. Automated domains via dhcp hostnames in opnsense
  8. Finish OPNsense transition
    1. Move Wireguard off of pfSense install
      1. People will need to edit their configs to point at the new gateway
    2. Migrate config from pfSense
      1. DHCP scary
      2. We should make any firewall/NAT/etc adjustments during this process
    3. Have OPNsense take over as main gateway
    4. Blow up pfSense and replace it with OPNsense
    5. Set up gateway redundancy
      1. How will VPN work with this?
  9. LDAP (on Leskinen?)
    1. Tie into iDrac/Switches
    2. VM/Proxmox/OPNSense/Debian servers (Leskinen, Maho, Mirrors)
    3. Everything but Shell (and maybe Wiki) so alums can have access
  10. Document, document, document.
Retrieved from "https://lug.mtu.edu/w/index.php?title=Docs/Plans&oldid=7998"