From 214941710d145b0ec9afb01b9d6a0fd31b6b8f4f Mon Sep 17 00:00:00 2001 From: Petar Cubela Date: Sat, 19 Apr 2025 00:11:51 +0200 Subject: [PATCH] 2025 - notes before eastern --- .DS_Store | Bin 6148 -> 6148 bytes .obsidian/workspace.json | 14 +- diary/2025-04-15.md | 10 +- diary/2025-04-16.md | 101 +++++++++++ diary/2025-04-17.md | 115 +++++++++++++ files/.DS_Store | Bin 6148 -> 6148 bytes files/ssr/.DS_Store | Bin 0 -> 6148 bytes projects/.DS_Store | Bin 0 -> 6148 bytes projects/ipv6/basics.md | 157 ++++++++++++++++++ projects/kwa/.DS_Store | Bin 0 -> 6148 bytes .../20250414-preparation.md | 16 +- .../phytron/nextcloud_gitlab_after_hack.md | 6 +- projects/ssr/.DS_Store | Bin 0 -> 6148 bytes 13 files changed, 400 insertions(+), 19 deletions(-) create mode 100644 diary/2025-04-16.md create mode 100644 diary/2025-04-17.md create mode 100644 files/ssr/.DS_Store create mode 100644 projects/.DS_Store create mode 100644 projects/ipv6/basics.md create mode 100644 projects/kwa/.DS_Store create mode 100644 projects/ssr/.DS_Store diff --git a/.DS_Store b/.DS_Store index d98a496e23c189d0631c48fbe371b89412b9ab91..499cc250d859652a1b9fd6f43d9c56f7ef6aea06 100644 GIT binary patch delta 56 zcmZoMXfc@J&&a} = \hat{H} \Large{|}\ - 09:45 - 10:00: Pause - 10:00 - 10:30: Zugang phytron nextcloud: design schon gemacht, updaten um zwei versionen - 10.30 - 11:00: cloud.sbx.de design gestalten -- 11:00 - 12:00: +- 11:00 - 11:15: private: tmux config mac, kube_on_nix repo, shell config mac +- 11:15 - 11:45: Projekt Freigabe Postafaecher fuer KWA hinzufuegen +- 11:45 - 12:00: SSR Teams nicht mehr anwendbar duer macOS 12 +- 12:00 - 13:00: Pause +- 13:00 - 13:30: Neosphere Netzwerkdiagram erstellen +- 13:30 - 14:00: Lerne was SLURM und Integration in Kubernetes +- 14:00 - 14:30: Matthias kontaktieren, Sein Mac Updaten, erstelle Liste aller Geraete welche Update brauchen. +- 14:30 - 15:00: Rauchen, ??? +- 15:00 - 16:00: tga cloud erreichen ## Monday diff --git a/diary/2025-04-16.md b/diary/2025-04-16.md new file mode 100644 index 0000000..5fb3959 --- /dev/null +++ b/diary/2025-04-16.md @@ -0,0 +1,101 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- qumulo - zeichne endlich +- phytron - nextcloud abschliessen + +## Timestamps + +- 08:15 - 08:30: Lesen, Kaffee kochen +- 08:30 - 09:00: ipv6 lernen +- 09:00 - 09:30: rauchen +- 09:30 - 09:45: FileMaker Update bei Matthias Wittmann +- 09:45 - 10:15: MicroShit Support schreiben +- 10:15 - 11:00: Pause, ipv6 lernen +- 11:00 - 12:30: ipv6 lernen +- 12:30 - 13:30: Pause +- 13:30 - 14:00: Toril schreiben. Recherche: kann man 2 apple id's mit selber nummer haben? +- 14:00 - 14:30: tga firewall - es geht obwohl es das sollte. Nehme an, dass es an der public IP liegt +- 14:30 - 17:30: NeoSphere Netzwerkstruktur um neuen Qumulo + +## Tuesday + +- 09:00 - 09:30: Ankunft, Ticketpflege +- 09:30 - 09:45: neosphere - ilo-ubt03 lizenz key suchen +- 09:45 - 10:00: Pause +- 10:00 - 10:30: Zugang phytron nextcloud: design schon gemacht, updaten um zwei versionen +- 10.30 - 11:00: cloud.sbx.de design gestalten +- 11:00 - 11:15: private: tmux config mac, kube_on_nix repo, shell config mac +- 11:15 - 11:45: Projekt Freigabe Postafaecher fuer KWA hinzufuegen +- 11:45 - 12:00: SSR Teams nicht mehr anwendbar duer macOS 12 +- 12:00 - 13:00: Pause +- 13:00 - 13:30: Neosphere Netzwerkdiagram erstellen +- 13:30 - 14:00: Lerne was SLURM und Integration in Kubernetes +- 14:00 - 14:30: Matthias kontaktieren, Sein Mac Updaten, erstelle Liste aller Geraete welche Update brauchen. +- 14:30 - 15:00: Rauchen, ??? +- 15:00 - 16:00: tga cloud erreichen + +## Monday + +- 08:30 - 09:00: mails beantworten +- 09:00 - 09:30: Pause +- 09:30 - 10:00: Ticketpflege +- 10:15 - 10:45: Ticketpflege +- 10:45 - 11:30: privaten vpn einrichten +- 11:30 - 11:45: SSR Mac/Mitarbeiterin Eintrichtungs Doku anpassen +- 11:45 - 12:00: ssh key exchange for pc.de +- 12:00 - 13:00: Pause +- 13:00 - 14:00: Discopharma Gespraech wegen pymysql and certificates +- 14:00 - 15:00: kwa zertifikate bestellen lassen und einpflegen +- 15:00 - 15:30: Mailstore authentifizerungs problem +- 15:30 - 16:00: Mit Marko OPNsense bei cqse besprechen und standard hardware raussuchen fuer den build +- 16:00 - 16:30: TestCluster aufbauen und anschalten +- 16:30 - 17:00: OPNsense auf XG installieren fuer KWA und entsprechend Notizen machen + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] kube cluster on pve.lab.softbox.net +- [ ] backup on external drive for pve.lab.softbox.net + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-04-17.md b/diary/2025-04-17.md new file mode 100644 index 0000000..84aa913 --- /dev/null +++ b/diary/2025-04-17.md @@ -0,0 +1,115 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- qumulo - zeichne endlich +- phytron - nextcloud abschliessen + +## Timestamps + +- 08:45 - 09:00: Ueber MicroShit Support mail aergern +- 09:00 - 09:45: aldi milch einkauf, quatchen +- 09:45 - 10:00: Sammeln, kaffee +- 10:00 - 10:30: DAV: Linux Netwerkeinstellungen - Ticket Nummer für die Rechnung bitte [BGS-13360](https://hilfe.dav360.de/browse/BGS-13360 "https://hilfe.dav360.de/browse/bgs-13360") nutzen +- 10:30 - 10:45: TeamViewer auf Mac Instalileren und konfigurieren +- 10:45 - 11:00: Rauchen +- 11:00 - 11:30: Telefonat mit Toril: apple id kann nicht angelegt werden, da Nummer schon vergeben, Notizen App fehlen Funktionen +- 11:30 - 12:00: FIrewall aufbauen fuer opnsense firewall migration bei kwa +- 12:00 - 13:30: Pause +- 13:30 - 15:00: neospehere netzwerkdiagram zeichnen +- 15:00 - 16:30: OPNsense Einrichtung bei KWA. Lizenz in IT-Glue Eintragen, Passwoerter in IT-Glue eintragen + +## Wednesday + +- 08:15 - 08:30: Lesen, Kaffee kochen +- 08:30 - 09:00: ipv6 lernen +- 09:00 - 09:30: rauchen +- 09:30 - 09:45: FileMaker Update bei Matthias Wittmann +- 09:45 - 10:15: MicroShit Support schreiben +- 10:15 - 11:00: Pause, ipv6 lernen +- 11:00 - 12:30: ipv6 lernen +- 12:30 - 13:30: Pause +- 13:30 - 14:00: Toril schreiben. Recherche: kann man 2 apple id's mit selber nummer haben? +- 14:00 - 14:30: tga firewall - es geht obwohl es das sollte. Nehme an, dass es an der public IP liegt +- 14:30 - 17:30: NeoSphere Netzwerkstruktur um neuen Qumulo + +## Tuesday + +- 09:00 - 09:30: Ankunft, Ticketpflege +- 09:30 - 09:45: neosphere - ilo-ubt03 lizenz key suchen +- 09:45 - 10:00: Pause +- 10:00 - 10:30: Zugang phytron nextcloud: design schon gemacht, updaten um zwei versionen +- 10.30 - 11:00: cloud.sbx.de design gestalten +- 11:00 - 11:15: private: tmux config mac, kube_on_nix repo, shell config mac +- 11:15 - 11:45: Projekt Freigabe Postafaecher fuer KWA hinzufuegen +- 11:45 - 12:00: SSR Teams nicht mehr anwendbar duer macOS 12 +- 12:00 - 13:00: Pause +- 13:00 - 13:30: Neosphere Netzwerkdiagram erstellen +- 13:30 - 14:00: Lerne was SLURM und Integration in Kubernetes +- 14:00 - 14:30: Matthias kontaktieren, Sein Mac Updaten, erstelle Liste aller Geraete welche Update brauchen. +- 14:30 - 15:00: Rauchen, ??? +- 15:00 - 16:00: tga cloud erreichen + +## Monday + +- 08:30 - 09:00: mails beantworten +- 09:00 - 09:30: Pause +- 09:30 - 10:00: Ticketpflege +- 10:15 - 10:45: Ticketpflege +- 10:45 - 11:30: privaten vpn einrichten +- 11:30 - 11:45: SSR Mac/Mitarbeiterin Eintrichtungs Doku anpassen +- 11:45 - 12:00: ssh key exchange for pc.de +- 12:00 - 13:00: Pause +- 13:00 - 14:00: Discopharma Gespraech wegen pymysql and certificates +- 14:00 - 15:00: kwa zertifikate bestellen lassen und einpflegen +- 15:00 - 15:30: Mailstore authentifizerungs problem +- 15:30 - 16:00: Mit Marko OPNsense bei cqse besprechen und standard hardware raussuchen fuer den build +- 16:00 - 16:30: TestCluster aufbauen und anschalten +- 16:30 - 17:00: OPNsense auf XG installieren fuer KWA und entsprechend Notizen machen + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] kube cluster on pve.lab.softbox.net +- [ ] backup on external drive for pve.lab.softbox.net + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/files/.DS_Store b/files/.DS_Store index fc3e465589157ef2a36a1cf054ca78999bd33e15..686d8b0d0c5da74b1ef54bf67e3827409e21c7b0 100644 GIT binary patch delta 50 zcmZoMXfc@J&&akhU^gQp+h!gnBSsMhAYf)F2EwA0;^ds9{QMlo&5q1lSvIqC{N)D# DKXMI6 delta 32 ocmZoMXfc@J&&awlU^gQp>t-G%BgV~v%-dKdHVAKK=lIJH0H0n7xBvhE diff --git a/files/ssr/.DS_Store b/files/ssr/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..3dc5e103d7c054c881dea180d2eec3d4ea0f7d27 GIT binary patch literal 6148 zcmeHKyG{c!5S)b+k!T_+O8)|XaEg*I;0J&l5`u^zk~CCT@m+ixvybL<&_tq%W~KGm z>m6I3;`SDREsy;zumCWpJL1cSsrkP9#4ajgL^{uS!yX$vjaq;kOERb3P=GdaIykbO6ON6pCFNwgt)zeyI4cEgwz^v_`J}3?lgD|jZS;G(=X}%M qI1dVkD96Mo$6RI(2SSVhz$MaQ zSjQ{@Y)k-q;h2aF%##XCs@I6&Nk_g_T`wFHlWrb2nS3P^!_ z1!_oNv;V)qXXgKVlAff16!=#P_;S13ZtzOgTPH8aUfbY%IBUM)G^~Sy5bYQk?HCVi e$4^m|b&YH6_rftT=*R~hsGkAqB9j7tt-uvAdlyy! literal 0 HcmV?d00001 diff --git a/projects/ipv6/basics.md b/projects/ipv6/basics.md new file mode 100644 index 0000000..2c5741c --- /dev/null +++ b/projects/ipv6/basics.md @@ -0,0 +1,157 @@ +# IPv6 Cheat Sheet + +This cheat sheet goes together with videos that I have made: + +1. [IPv6 from Scratch - Introduction to IPv6](https://youtu.be/oItwDXraK1M) +2. [IPv6 Explained - SLAAC and DHCPv6 (IPv6 from Scratch Part 2)](https://youtu.be/jlG_nrCOmJc) +3. [IPv6 with OpenWrt](https://youtu.be/LJPXz8eA3b8) + +## Address Length and Format + +The IPv6 address is **128 bits** (i.e. 16 bytes) long and is written in **8 groups of 2 bytes** in hexadecimal numbers, separated by colons: + + fddd:f00d:cafe:0000:0000:0000:0000:0001 + +Leading zeros of each block can be omitted, the above address can be written like this: + + fddd:f00d:cafe:0:0:0:0:1 + +We can abbreviate whole blocks of zeros with `::` and write: + + fddd:f00d:cafe::1 + +However, this can only be done _once_ per address in order to void ambiguity: + + ff:0:0:0:1:0:0:1 (correct) + ff::1:0:0:1 (correct) + ff::1::1 (ambiguous, wrong) + +According to RFC 5952 `ff:0:0:0:1::1` is not correct either because the longest group of concurrent zeroes must be shortened. + +## Protocols + +| Number | Protocol | Purpose | +| ------ | --------- | ------------------------------------------------------------------------------------------------------- | +| 6 | TCP | Stateful - Confirms if packets have arrived. Important for use cases with validation. | +| 17 | UDP | Stateless - Does not confirm if packets have arrived. Good for streaming applications, VoIP calls, etc. | +| 58 | IPv6-ICMP | Information, Error reporting, diagnostics based use cases. | + +## Methods to Assign IPv6 Addresses + +**Static** - Fixed Address, +**SLAAC** - Stateless Address Auto-Configuration (Address generated by Host), +**DHCPv6** - Dynamic Host Configuration Protocol (Address assigned by a central DHCP server). + +## Scopes and Special Addresses + +When working in the world of IPv6, our addresses can vary depending on our scope (i.e. what part of a network): +**GLOBAL** - Everything (i.e. the whole internet), +**UNIQUE LOCAL** - Everything in our LAN (behind the internet gateway), +**LINK LOCAL** - Everything within the same collision domain that will not be routed (i.e. attached to the same switch). + +| Range | Purpose | +| --------- | -------------------------------- | +| ::1/128 | Loopback Address (localhost) | +| ::/128 | Unspecified Address | +| 2000::/3 | GLOBAL Unicast (Internet) | +| fc00::/7 | Unique-Local (LAN) | +| fe80::/10 | Link-Local Unicast (Same switch) | + +You should always use the smallest possible scope for communication. +A host can have **multiple** addresses in different scopes, even on the same interface. + +## Subnetting + + + +As in IPv4, IPv6 includes support for network segmentation via Subnetting. In the image below, the first 64 bits are designated as the `Network` portion, while the last 64 bits are for `Host` identification. Within the network portion, the first 48 bits are the `Routing Prefix` - aka the Network Address. The next and final 16 bits of the network notion is the `Subnet ID` or subnet address. + +**Network+Subnet = Prefix** + +The following address: + +`2003:1000:1000:1600:1234::1` formatted fully as `2003:1000:1000:1600:1234:0000:0000:0001`, consists of the following segments: + +- `2003:1000:1000:1600` - Prefix (Combined of Routing Prefix and Subnet ID) +- `2003:1000:1000` - Routing Prefix / Network Address +- `1600` - Subnet ID / Subnet + +If my ISP provider **delegated** a portion of the prefix to me (e.g. `2003:1000:1000:1600/56`), then I could use the subnets `1600` through to `16FF` for my own purposes (Which would give me 256 available subnets). + +## IPv6 Addresses in URIs/URLs + +Because IPv6 address notation uses colons to isolate hextets, it is necessary to encase the address in square brackets in URIs. For example `http://[2a00:1450:4001:82a::2004]`. If you wish to specify a port, you can do so as normal using a colon following the closing square bracket: `http://[2a00:1450:4001:82a::2004]:80`. + +## Multicast + +Communication from one node to another is called **Unicast**. Communication from one node to many is called **Multicast**. + +The following IPv6 multicast addresses may be used in in the link-local scope: + +| Range | Purpose | +| --------- | -------------------------------------- | +| ff02::1 | All Nodes within the network segment | +| ff02::2 | All Routers within the network segment | +| ff02::fb | mDNSv6 | +| ff02::1:2 | All DHCP Servers and Agents | +| ff02::101 | All NTP Servers | + +A full list is maintained by [IANA](https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml) + +You can actually ping these addresses, e.g. `ping ff02::1` + +## ICMP Message Types + +ICMP does not use ports in order to communicate, but rather **types**. Critical/important types have numbers ranging from 1-127, while informational types have the numbers 128 and above. Each **type** can have subtypes or rather **codes** that can be used for further specifications. + +Here are some frequently used IPv6 ICMP types: + +| Type | Code | Purpose | +| ---- | ---- | ------------------------------ | +| 0 | | Reserved | +| 1 | | Destination Unreachable | +| 1 | 0 | No Route to Destination | +| 1 | 2 | Beyond Scope of Source Address | +| 3 | | Time Exceeded | +| 3 | 0 | Hop Limit Exceeded in Transit | + +| Type | Code | Purpose | +| ---- | ---- | ------------------------- | +| 128 | 0 | Echo Request ("ping") | +| 129 | 0 | Echo Reply | +| 133 | 0 | Router Solicitation | +| 134 | 0 | Router Advertisement | +| 135 | 0 | Neighbo(u)r Solicitation | +| 136 | 0 | Neighbo(u)r Advertisement | + +A full list is maintained by [IANA](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) + +## DHCPv6 + +IPv6 addresses can be distributed using the IPv6 version of the **Dynamic Host Configuration Protocol (DHCPv6)**. If a host wishes to obtain an IPv6 address via DHCPv6, it sends out a **DHCP Solicitation** from UDP port 546 to port 547 on the DHCP multicast address `ff02::1:2`. The DHCP server then replies to the client (from UDP port 547 to UDP port 546) with **DHCP Advertisement**. This handshake can be completed by the client sending out a **DHCP Request** and the server responding with a **DHCP Reply** + +The DHCPv6 protocol is explained in more detail in this [Wikipedia Article](https://en.wikipedia.org/wiki/DHCPv6) + +## DHCPv6 vs. SLAAC + +Depending on how the router and the client are set up, the client can (and will) use both mechanisms (i.e. SLAAC and DHCP) to acquire IPv6 address allocations. The following table highlights the possible configuration combinations: + + + +## Using WireShark + +To gain a greater understanding of IPv6's functionality, you can use the packet sniffing tool WireShark to trace the message flow. Here are some WS filters for IPv6 ICMP, DHCPv6 and Router Solicitation and Advertisements: + +Show ping and ping reply: `icmpv6 and (icmpv6.type==128) or (icmpv6.type==129)`
+Router solicit and advertise: `icmpv6 and (icmpv6.type==133) or (icmpv6.type==134)`
+Show DHCPv6 traffic: `dhcpv6`
+Router Solicit/Advertise and DHCPv6: `dhcpv6 or (icmpv6 and (icmpv6.type==134) or (icmpv6.type==133))`
+ +### Unicast vs. Multicast vs. Broadcast vs. Anycast + +Within IPv6, there are a range of message options. All of these message types have a single host transmitting the message and all delivery is handled by the switch or router: + +- **Unicast** is a message sent from a host to one receiver (One to One), +- **Broadcast** is a message sent from a host to all other hosts on the same broadcast domain (One to All), +- **Multicast** is a message sent from a host to all subscribers of a Multicast group (One to Specific), +- **Anycast** is a message sent from a host to the fastest / nearest subscriber of a specific address (One to Specific - Fastest Receiver / Nearest Node will receive). diff --git a/projects/kwa/.DS_Store b/projects/kwa/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..bc49f1e37034816f965e3d3eb89520b7d3ad7fce GIT binary patch literal 6148 zcmeHKyGjH>5Ukb<4g|T-aDKr*7>@G``~W>Y5Mgz}N4}BY<)>NwNS4*;FgdEBr)GM( zW|#`Lw*lDp^KcDp0Icbb`0`vqnDIXt z8S#2}e;gjhaqvW$6p#W^Knh3!DR8s`RZ`a%N1vnvq<|DSH3j_p(CCi6a7v6%2Zv|@ zh%1J}IFDX}*gQb&g;OFUG)pQmsa7q9C7tnBdA)E-OggNZ538H4IuwiBd47v@SWna_ z1*E`Sf%9B$y#C+N|LFhcB(0=?6gVjbY_+@HZTY0Ct&7Kbt!?ysy61e;-8c^lhbYIy jD92oQIlhXd%xga9elMI7gU)!+iTW9EU1U<=zZLia0(KWF literal 0 HcmV?d00001 diff --git a/projects/kwa/firewall_migration/20250414-preparation.md b/projects/kwa/firewall_migration/20250414-preparation.md index 01cbdba..33cf8ee 100644 --- a/projects/kwa/firewall_migration/20250414-preparation.md +++ b/projects/kwa/firewall_migration/20250414-preparation.md @@ -12,11 +12,11 @@ ### Network -| Name | Interface | Network | Note | -| ---------- | --------- | -------------- | -------------- | -| WAN | WAN | 10.0.70.2/32 | FritzBox PPPoE | -| MGMT | LAN | 10.70.0.254/24 | | -| SERVER | LAN | | | -| CLIENT | LAN | | | -| WLAN | LAN | | | -| WLAN_GUEST | LAN | | | +| Name | Interface | Network | Note | +| ---------- | --------- | ----------------- | -------------- | +| WAN | WAN | 10.0.70.2/32 | FritzBox PPPoE | +| MGMT | LAN | 192.168.50.254/24 | | +| SERVER | LAN | 192.168.70.254/24 | | +| CLIENT | LAN | 192.168.20.254/24 | | +| WLAN | LAN | 192.168.30.254/24 | | +| WLAN_GUEST | LAN | 192.168.40.254/24 | | diff --git a/projects/phytron/nextcloud_gitlab_after_hack.md b/projects/phytron/nextcloud_gitlab_after_hack.md index 835aef3..00d624b 100644 --- a/projects/phytron/nextcloud_gitlab_after_hack.md +++ b/projects/phytron/nextcloud_gitlab_after_hack.md @@ -1,6 +1,6 @@ ## General -- [x] Change Admin Passwords to: General Domain Administrator Password +- [x] Change Admin Passwords [to](): General Domain Administrator Password - [ ] setup send-only mailbox ## Nextcloud @@ -18,8 +18,8 @@ Domain: https://cloud.phytron.de ### Design -- [ ] Integrate Phytron CI -- [ ] Primary Gray/ Secondary Red (Related to Homepage) +- [x] Integrate Phytron CI - 20250415 hat sich von selbst erledigt +- [x] Primary Gray/ Secondary Red (Related to Homepage) ### Folder diff --git a/projects/ssr/.DS_Store b/projects/ssr/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..e22ba5119db74b2c0d4f5ad6310870db437b1960 GIT binary patch literal 6148 zcmeHKJx{|>3_L@JN-ULNV0?c7iBx5Os>&~@*nt)SqEHDa15-BsHs=pes+5%hY{|Yn z#}_v@#5Dk!Zk7!&0x+a2;zL8<^uBt}_9CMw_KXG%PBFm==Dq6O3FRJPOxBpZF8>D4 zc!S0ZJmMW2+%8`htLyc8#b!7R(pfZ|;EJUS+~FRtq&--C>QZ+9g3P7@sX!`_3Zw%6 zO936DwBdnc##A5`NCmzX(C