diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json
index 18f4746..056441a 100644
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -1,19 +1,19 @@
{
"main": {
- "id": "c3823584f4358411",
+ "id": "71dfa2440edaadbd",
"type": "split",
"children": [
{
- "id": "960d55609bf2009e",
+ "id": "74039cad74999421",
"type": "tabs",
"children": [
{
- "id": "7fced607c3398dbf",
+ "id": "b33c492fc56076a9",
"type": "leaf",
"state": {
"type": "markdown",
"state": {
- "file": "todo.md",
+ "file": "projects/sbx/sbx-lab-network.md",
"mode": "source",
"source": true,
"backlinks": true,
@@ -28,16 +28,16 @@
}
},
"icon": "lucide-file",
- "title": "todo"
+ "title": "sbx-lab-network"
}
},
{
- "id": "08af676996feb317",
+ "id": "b865e0663684cf60",
"type": "leaf",
"state": {
"type": "markdown",
"state": {
- "file": "diary/2025-03-05.md",
+ "file": "diary/2025-03-18.md",
"mode": "source",
"source": true,
"backlinks": true,
@@ -52,16 +52,16 @@
}
},
"icon": "lucide-file",
- "title": "2025-03-05"
+ "title": "2025-03-18"
}
},
{
- "id": "d1e1009b0c06a970",
+ "id": "717fd6a524c18321",
"type": "leaf",
"state": {
"type": "markdown",
"state": {
- "file": "projects/phytron/nextcloud_gitlab_after_hack.md",
+ "file": "projects/kwa/firewall_migration/20250317_first-meeting.md",
"mode": "source",
"source": true,
"backlinks": true,
@@ -76,16 +76,16 @@
}
},
"icon": "lucide-file",
- "title": "nextcloud_gitlab_after_hack"
+ "title": "20250317_first-meeting"
}
},
{
- "id": "2bfd35757409ddca",
+ "id": "7015f217fb3c366b",
"type": "leaf",
"state": {
"type": "markdown",
"state": {
- "file": "projects/VZ/Win11-autoinstall-iso.md",
+ "file": "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md",
"mode": "source",
"source": true,
"backlinks": true,
@@ -100,24 +100,49 @@
}
},
"icon": "lucide-file",
- "title": "Win11-autoinstall-iso"
+ "title": "20250318-OPNsense_Migration"
+ }
+ },
+ {
+ "id": "c9a075b0cc368a00",
+ "type": "leaf",
+ "state": {
+ "type": "markdown",
+ "state": {
+ "file": "projects/sbx/orga/knowledgebase.md",
+ "mode": "source",
+ "source": true,
+ "backlinks": true,
+ "backlinkOpts": {
+ "collapseAll": false,
+ "extraContext": false,
+ "sortOrder": "alphabetical",
+ "showSearch": false,
+ "searchQuery": "",
+ "backlinkCollapsed": false,
+ "unlinkedCollapsed": true
+ }
+ },
+ "icon": "lucide-file",
+ "title": "knowledgebase"
}
}
- ]
+ ],
+ "currentTab": 4
}
],
"direction": "vertical"
},
"left": {
- "id": "af7dadba7bc5833e",
+ "id": "0a6bbda3a1029c3d",
"type": "split",
"children": [
{
- "id": "b07f9f65c8529a91",
+ "id": "bb1e9b34a5ae5435",
"type": "tabs",
"children": [
{
- "id": "fe0f502c739faef4",
+ "id": "7f34f69c4ed7fd46",
"type": "leaf",
"state": {
"type": "file-explorer",
@@ -130,7 +155,7 @@
}
},
{
- "id": "5013966ea75012dd",
+ "id": "0ac8a62144d6c1ac",
"type": "leaf",
"state": {
"type": "search",
@@ -147,7 +172,7 @@
}
},
{
- "id": "ce27e27dd2531d1e",
+ "id": "591d7a6711e72b8c",
"type": "leaf",
"state": {
"type": "bookmarks",
@@ -163,20 +188,20 @@
"width": 300
},
"right": {
- "id": "308c4e4ecfe58c49",
+ "id": "5b34d545737e7719",
"type": "split",
"children": [
{
- "id": "a98dbbc69f803a26",
+ "id": "360cb2ba99247ad2",
"type": "tabs",
"children": [
{
- "id": "6e427c63cddb7819",
+ "id": "222c294de12351fd",
"type": "leaf",
"state": {
"type": "backlink",
"state": {
- "file": "diary/2024-10-17.md",
+ "file": "diary/2025-03-05.md",
"collapseAll": false,
"extraContext": false,
"sortOrder": "alphabetical",
@@ -186,50 +211,40 @@
"unlinkedCollapsed": true
},
"icon": "links-coming-in",
- "title": "Backlinks for 2024-10-17"
+ "title": "Backlinks for 2025-03-05"
}
},
{
- "id": "2dfee402a2faf806",
+ "id": "fabbfc7dc23ddbf8",
"type": "leaf",
"state": {
"type": "outgoing-link",
"state": {
- "file": "diary/2024-10-17.md",
+ "file": "diary/2025-03-05.md",
"linksCollapsed": false,
"unlinkedCollapsed": true
},
"icon": "links-going-out",
- "title": "Outgoing links from 2024-10-17"
+ "title": "Outgoing links from 2025-03-05"
}
},
{
- "id": "f51ed00b8705deda",
+ "id": "a1ae58e4fdb1dfdb",
"type": "leaf",
"state": {
"type": "tag",
"state": {
"sortOrder": "frequency",
- "useHierarchy": true
+ "useHierarchy": true,
+ "showSearch": false,
+ "searchQuery": ""
},
"icon": "lucide-tags",
"title": "Tags"
}
},
{
- "id": "34147a5a77354aa5",
- "type": "leaf",
- "state": {
- "type": "outline",
- "state": {
- "file": "diary/2024-10-17.md"
- },
- "icon": "lucide-list",
- "title": "Outline of 2024-10-17"
- }
- },
- {
- "id": "415b0322f85322e0",
+ "id": "379a41ec49127d3f",
"type": "leaf",
"state": {
"type": "all-properties",
@@ -243,25 +258,30 @@
}
},
{
- "id": "9ce980421087cbed",
+ "id": "3ffafe95a73f93d8",
+ "type": "leaf",
+ "state": {
+ "type": "outline",
+ "state": {
+ "file": "diary/2025-03-05.md",
+ "followCursor": false,
+ "showSearch": false,
+ "searchQuery": ""
+ },
+ "icon": "lucide-list",
+ "title": "Outline of 2025-03-05"
+ }
+ },
+ {
+ "id": "789a903ffec44ae4",
"type": "leaf",
"state": {
"type": "file-properties",
"state": {
- "file": "diary/2025-03-04.md"
+ "file": "diary/2025-03-13.md"
},
"icon": "lucide-info",
- "title": "File properties for 2025-03-04"
- }
- },
- {
- "id": "23c12d0b0cd48e64",
- "type": "leaf",
- "state": {
- "type": "advanced-tables-toolbar",
- "state": {},
- "icon": "spreadsheet",
- "title": "Advanced Tables"
+ "title": "File properties for 2025-03-13"
}
}
],
@@ -274,64 +294,52 @@
},
"left-ribbon": {
"hiddenItems": {
- "table-editor-obsidian:Advanced Tables Toolbar": false,
"switcher:Open quick switcher": false,
"graph:Open graph view": false,
"canvas:Create new canvas": false,
"daily-notes:Open today's daily note": false,
"templates:Insert template": false,
"command-palette:Open command palette": false,
+ "table-editor-obsidian:Advanced Tables Toolbar": false,
"templater-obsidian:Templater": false
}
},
- "active": "7fced607c3398dbf",
+ "active": "c9a075b0cc368a00",
"lastOpenFiles": [
- "diary/2025-03-05.md",
- "projects/VZ/Win11-autoinstall-iso.md",
- "projects/phytron/nextcloud_gitlab_after_hack.md",
- "diary/2025-03-04.md",
- "projects/phytron",
- "projects/VZ/ninja-install-archive.md",
- "diary/2025-03-03.md",
- "projects/sbx/sbx-unattendedWinstall.md",
- "projects/VZ",
- "projects/sbx/knowledgebase.md",
- "projects/sbx/sbx-linux-server-status.md",
- "projects/sbx/sbx-myrules.md",
+ "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md",
+ "projects/kwa/firewall_migration/20250317_first-meeting.md",
+ "projects/sbx/orga/sbx-myrules.md",
+ "projects/sbx/orga",
+ "projects/kwa/mail_migration",
+ "projects/kwa/mail_migration/20241211-Max-Meeting-Kerio2M365.md",
+ "projects/sbx/RACI-Matrix",
+ "projects/sbx/orga/knowledgebase.md",
+ "diary/2025-03-18.md",
+ "diary/2025-03-14.md",
+ "diary/2025-03-12.md",
+ "diary/2025-03-11.md",
"projects/sbx/sbx-proxmox-test-server.md",
- "projects/beta/windows-auto-deployment.md",
- "projects/OPNsense/opnsense-proposal-draft.md",
- "diary/2025-02-27.md",
- "diary/2025-02-25.md",
- "todo.md",
- "projects/OPNsense/opnsense-checklists.md",
- "diary/2025-02-26.md",
- "projects/OPNsense/Initial-Notes/OPNsense-config.md",
- "projects/OPNsense/Initial-Notes/OPNsense-future.md",
- "projects/OPNsense/Initial-Notes/OPNsense-config_summary.md",
- "projects/OPNsense/Initial-Notes/OPNsense-approxminated-service-time.md",
- "projects/OPNsense/Initial-Notes/OPNsense-about.md",
- "projects/OPNsense/Initial-Notes/OPNsense.md",
- "projects/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md",
- "projects/OPNsense/opnsense-utm-features/opnsense-utm-checklist.md",
- "projects/bvv",
- "files/neosphere/firewall-appfilter.png",
- "files/neosphere/firewall-ips.png",
- "files/neosphere",
- "files/New folder",
- "files/kwa/kwa-pp-admin.png",
- "projects/neosphere",
- "archive/blocherer",
- "projects/discopharma",
- "ressources/windows",
- "ressources/macOS",
- "files/sbx/important.png",
- "files/sophos/vpn-portal-manual_02.png",
- "files/hannes_roessler/20241118_switch-mac-addresses.png",
- "files/apsa/pfsense_ppp-setup.png",
- "files/apsa/pfsense_wan_interface_conf.png",
- "files/sophos/vpn-portal-manual_06.png",
- "files/sophos/vpn-portal-manual_05.png",
- "Untitled.canvas"
+ "areas/OPNsense/opnsense-proposal-draft.md",
+ "projects/kwa/20250318-mailstore-lizenz.md",
+ "projects/discopharma/20250317-finishing-meeting.md",
+ "projects/discopharma/20250310-Next_Steps.md",
+ "diary/2025-03-17.md",
+ "projects/phytron/nextcloud_gitlab_after_hack.md",
+ "projects/sbx/sbx-lab-network.md",
+ "projects/discopharma/20250311-metabase-environment.md",
+ "projects/kwa/firewall_migration",
+ "diary/2025-03-16.md",
+ "areas/OPNsense/plugins/net-snmp.md",
+ "areas/OPNsense/Schulungen/20250305-initial_ideas.md",
+ "projects/discopharma/20250312-metabase-deployment.md",
+ "projects/discopharma/reverse-proxy.md",
+ "diary/2025-03-13.md",
+ "areas/OPNsense/plugins",
+ "tum-netxtcloud.md",
+ "projects/patryk-projekt/202503012-initial.md",
+ "projects/patryk-projekt",
+ "projects/neosphere/qumulus",
+ "areas/OPNsense/Cluster",
+ "areas/OPNsense/Schulungen"
]
}
\ No newline at end of file
diff --git a/areas/OPNsense/Cluster/20250307-cluster-test-on-sg310.md b/areas/OPNsense/Cluster/20250307-cluster-test-on-sg310.md
new file mode 100644
index 0000000..4078785
--- /dev/null
+++ b/areas/OPNsense/Cluster/20250307-cluster-test-on-sg310.md
@@ -0,0 +1,23 @@
+
+## Setup Interfaces
+
+### Master
+
+| Interface | Net |
+| --------- | -------------- |
+| LAN | 192.168.1.1/24 |
+| WAN | 10.11.12.2/24 |
+| pfSync | 10.0.0.1/31 |
+
+#### Virtual IP
+
+WAN IP address: 10.11.12.4/24
+LAN IP address: 192.168.1.3/24
+
+### Slave
+
+| Interface | Net |
+| --------- | -------------- |
+| LAN | 192.168.1.2/24 |
+| WAN | 10.11.12.3/24 |
+| pfSync | 10.0.0.2/31 |
diff --git a/projects/OPNsense/Initial-Notes/OPNsense-about.md b/areas/OPNsense/Initial-Notes/OPNsense-about.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense-about.md
rename to areas/OPNsense/Initial-Notes/OPNsense-about.md
diff --git a/projects/OPNsense/Initial-Notes/OPNsense-approxminated-service-time.md b/areas/OPNsense/Initial-Notes/OPNsense-approxminated-service-time.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense-approxminated-service-time.md
rename to areas/OPNsense/Initial-Notes/OPNsense-approxminated-service-time.md
diff --git a/projects/OPNsense/Initial-Notes/OPNsense-config.md b/areas/OPNsense/Initial-Notes/OPNsense-config.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense-config.md
rename to areas/OPNsense/Initial-Notes/OPNsense-config.md
diff --git a/projects/OPNsense/Initial-Notes/OPNsense-config_summary.md b/areas/OPNsense/Initial-Notes/OPNsense-config_summary.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense-config_summary.md
rename to areas/OPNsense/Initial-Notes/OPNsense-config_summary.md
diff --git a/projects/OPNsense/Initial-Notes/OPNsense-future.md b/areas/OPNsense/Initial-Notes/OPNsense-future.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense-future.md
rename to areas/OPNsense/Initial-Notes/OPNsense-future.md
diff --git a/projects/OPNsense/Initial-Notes/OPNsense.md b/areas/OPNsense/Initial-Notes/OPNsense.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense.md
rename to areas/OPNsense/Initial-Notes/OPNsense.md
diff --git a/projects/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md b/areas/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md
similarity index 100%
rename from projects/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md
rename to areas/OPNsense/Initial-Notes/OPNsense_IDS-and-IPS.md
diff --git a/areas/OPNsense/Schulungen/20250305-initial_ideas.md b/areas/OPNsense/Schulungen/20250305-initial_ideas.md
new file mode 100644
index 0000000..ede2186
--- /dev/null
+++ b/areas/OPNsense/Schulungen/20250305-initial_ideas.md
@@ -0,0 +1,39 @@
+
+## Intro
+
+Ziel: Gebe Kollegen und Kolleginnen einen Ueberblich ueber die wichtigsten Funktionender OPNsense, sodass sie effizient und selbststaendig damit arbeiten koennen.
+
+## Notes
+
+- Template/Anleitung fuer Firewall Regeln in IT-Glue
+
+## Erste Schulung
+
+### Ort
+
+Hybrid: Teams + Meetingraum
+
+### Zeit
+
+Vorraussichtlich der 14.03.2025 um 10:00.
+
+### Themen
+
+#### Allgemein/System
+
+- Lobby/Dashboard - Grundlagen, Customizierbar,
+- System/Firmware - Einspielen, Richitges Mirror und Caveat, Updates, Plugins und Packages
+- Gehe allgemein und grob die Einstellungen durch und Ihre Positionen
+-
+
+#### Firewall
+
+- Aliass - sehr wichtig und praktisch - sollte durch OPNcentral gepushed werden
+- NAT
+- Rules
+- Unterschiede zu Sophos - kein Masquerading erforderlich (macht opnsense automatisch?)
+
+#### Interfaces
+
+
+### VPN
diff --git a/projects/OPNsense/apsa-pfsense_vs_opnsense/setup-notes.md b/areas/OPNsense/apsa-pfsense_vs_opnsense/setup-notes.md
similarity index 100%
rename from projects/OPNsense/apsa-pfsense_vs_opnsense/setup-notes.md
rename to areas/OPNsense/apsa-pfsense_vs_opnsense/setup-notes.md
diff --git a/projects/OPNsense/opnsense-bussines-edition.md b/areas/OPNsense/opnsense-bussines-edition.md
similarity index 100%
rename from projects/OPNsense/opnsense-bussines-edition.md
rename to areas/OPNsense/opnsense-bussines-edition.md
diff --git a/projects/OPNsense/opnsense-central-management.md b/areas/OPNsense/opnsense-central-management.md
similarity index 100%
rename from projects/OPNsense/opnsense-central-management.md
rename to areas/OPNsense/opnsense-central-management.md
diff --git a/projects/OPNsense/opnsense-checklists.md b/areas/OPNsense/opnsense-checklists.md
similarity index 100%
rename from projects/OPNsense/opnsense-checklists.md
rename to areas/OPNsense/opnsense-checklists.md
diff --git a/projects/OPNsense/opnsense-frankeriger-current.md b/areas/OPNsense/opnsense-frankeriger-current.md
similarity index 100%
rename from projects/OPNsense/opnsense-frankeriger-current.md
rename to areas/OPNsense/opnsense-frankeriger-current.md
diff --git a/projects/OPNsense/opnsense-planing.md b/areas/OPNsense/opnsense-planing.md
similarity index 100%
rename from projects/OPNsense/opnsense-planing.md
rename to areas/OPNsense/opnsense-planing.md
diff --git a/projects/OPNsense/opnsense-proposal-draft.md b/areas/OPNsense/opnsense-proposal-draft.md
similarity index 100%
rename from projects/OPNsense/opnsense-proposal-draft.md
rename to areas/OPNsense/opnsense-proposal-draft.md
diff --git a/projects/OPNsense/opnsense-utm-features/opnsense-ids_ips-suricata.md b/areas/OPNsense/opnsense-utm-features/opnsense-ids_ips-suricata.md
similarity index 100%
rename from projects/OPNsense/opnsense-utm-features/opnsense-ids_ips-suricata.md
rename to areas/OPNsense/opnsense-utm-features/opnsense-ids_ips-suricata.md
diff --git a/projects/OPNsense/opnsense-utm-features/opnsense-lets_encrypt.md b/areas/OPNsense/opnsense-utm-features/opnsense-lets_encrypt.md
similarity index 100%
rename from projects/OPNsense/opnsense-utm-features/opnsense-lets_encrypt.md
rename to areas/OPNsense/opnsense-utm-features/opnsense-lets_encrypt.md
diff --git a/projects/OPNsense/opnsense-utm-features/opnsense-utm-checklist.md b/areas/OPNsense/opnsense-utm-features/opnsense-utm-checklist.md
similarity index 100%
rename from projects/OPNsense/opnsense-utm-features/opnsense-utm-checklist.md
rename to areas/OPNsense/opnsense-utm-features/opnsense-utm-checklist.md
diff --git a/areas/OPNsense/plugins/net-snmp.md b/areas/OPNsense/plugins/net-snmp.md
new file mode 100644
index 0000000..bd7b1b2
--- /dev/null
+++ b/areas/OPNsense/plugins/net-snmp.md
@@ -0,0 +1,57 @@
+
+## SNMP Konfiguration mit bsnmpd
+
+Die hier beschriebene Anleitung konfiguriert SNMP in der Version 2c.
+**Installiere nicht das SNMP Plugin! (i.e.: os-net-smp)**
+Es wird nicht mit **bsnmp** funktionieren.
+
+
+## Schritte auf der OPNsense
+
+1. Oeffne eine OPNsense Konsole (zum Beispiel: ssh ueber vpn) und melde dich als `root`-user an. (Befehl: `su`)
+2. Aktiviere den `bsnmpd`-Dienst durch Erstellung der Datei `/etc/rc.conf.d/bsnmpd` mit dem folgenden Inhalt:
+`bsnmpd_enable="YES"`
+3. Auskommentiere die folgenden Zeilen in `/etc/snmpd.config`, um benoetigte SNMP Module zu aktivieren:
+```
+read := "your_snmp_community"
+begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
+begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
+```
+Trage fuer die Variable `read` den genutzten Community Namen ein.
+4. Starte den `bsnmpd`-Dienst mit dem folgenden Befehl:
+`/etc/rc.d/bsnmpd start`
+5. Setze eine Firewall Regel auf, welche es erlaubt von einem Quell Geraet die OPNsense ueber den SNMP Port (161) zu erreichen.
+6. Teste die Verbindung durch eine SNMP Abfrage an der OPNsense.
+
+## Dont use
+
+
+```
+*** This port installs snmpd, header files and libraries but does not
+ start snmpd by default.
+ If you want to auto-start snmpd and snmptrapd, add the following to
+ /etc/rc.conf:
+
+ snmpd_enable="YES"
+ snmpd_flags="-a"
+ snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
+ snmptrapd_enable="YES"
+ snmptrapd_flags="-a -p /var/run/snmptrapd.pid"
+
+**** You may also specify the following make variables:
+
+ NET_SNMP_SYS_CONTACT="zi@FreeBSD.org"
+ NET_SNMP_SYS_LOCATION="USA"
+ DEFAULT_SNMP_VERSION=3
+ NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
+ NET_SNMP_LOGFILE=/var/log/snmpd.log
+ NET_SNMP_PERSISTENTDIR=/var/net-snmp
+
+ to define default values (or to override the defaults). To avoid being
+ prompted during the configuration process, you should (minimally) define
+ the first two variables. (NET_SNMP_SYS_*)
+
+ You may also define the following to avoid all interactive configuration:
+
+ BATCH="yes"
+```
diff --git a/diary/2025-03-05.md b/diary/2025-03-05.md
index d724e0a..1b4396f 100644
--- a/diary/2025-03-05.md
+++ b/diary/2025-03-05.md
@@ -4,7 +4,16 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\
## Timestamps
-- 08:00 - 08:15: Neue OS einrichten, Teste gebrauchte tools auf Linux Client
+- 08:00 - 08:30: Neue OS einrichten, Teste gebrauchte tools auf Linux Client
+- 08:30 - 08:45: Mail an Phytron
+- 08:45 - 09:00: Plan fuer OPNsense Schulungen
+- 09:00 - 10:00: Phytron: Telefonat mit Herr Herrgesell
+- 10:00 - 10:30: Unterstuetzung Philipp zu DNS und VPN Thema bei der glt Netz der TUM
+- 10:30 - 11:00: Meeting mit Max zu M365 bei KWA
+- 11:00 - 12:30: Nextcloud LDAP
+- 12:30 - 13:30: Pause
+- 13:30 - 14:30: Gitlab LDAP
+- 16:30 - 17:30: Gitlab LDAP aktivieren und konfigurieren
## Tuesday
diff --git a/diary/2025-03-06.md b/diary/2025-03-06.md
new file mode 100644
index 0000000..1057d2d
--- /dev/null
+++ b/diary/2025-03-06.md
@@ -0,0 +1,101 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:15 - 09:00: Fuer Markus versuchen BeA.exe Installation zu automatisieren, [x] 0815-0830: Backup in Sophos Firewal bei Trudering einspielen
+- 09:00 - 09:15: Pause
+- 09:15 - 09:45: [x] Firewall pruefen, Bakcup wurde eingespielt, Admin Passwort von Web-UI stimmt nicht
+- 09:45 - 10:00: Markus unterstuetzen bei Installation
+- 10:00 - 10:30: Phytron - design und it-glue doku anpassen
+- 10:30 - 11:00: Recherche: oauth2 zu office365 via postfix
+- 11:00 - 11:30: opnsense - schulung planen und termin aufstellen - notizen dazu erstellen,
+- 11:30 - 13:00: Pause
+- 13:00 - 13:30: Privat (linkedin, roundmail, linuxfoundation acc)
+- 13:30 - 14:00: Firewall Uebergabe an Michael, stunden eintragen
+- 14:00 - 14:30: OPNsense Schulung planen und Termin rausschicken
+- 14:30 - 15:00: Research Vectorwork 2023 problem [1.](https://appletoolbox.com/app-is-damaged-cannot-be-opened-mac/),[2](https://iboysoft.com/tips/app-is-damaged-and-cannot-be-opened.html)
+- 15:00 - 15:30: TUM - Firewall advanced threate protection hat Caddy markiert. Ueberpruefe Server und lasse lynis drueber laufen
+- 15:30 - 16:00: Hetzner PVE Server full boot partition - try to remove old kernels manually... do not find enough info
+- 16:00 - 16:15: OPNsense Firewallregel erstellung besprechen in Anlehung an Problem bei der Radiochemie
+- 16:30 - 17:00:
+
+## Wednesday
+
+- 08:00 - 08:30: Neue OS einrichten, Teste gebrauchte tools auf Linux Client
+- 08:30 - 08:45: [x] Mail an Phytron
+- 08:45 - 09:00: Plan fuer OPNsense Schulungen
+- 09:00 - 10:00: Phytron: Telefonat mit Herr Herrgesell
+- 10:00 - 10:30: Unterstuetzung Philipp zu DNS und VPN Thema bei der glt Netz der TUM
+- 10:30 - 11:00: Meeting mit Max zu M365 bei KWA
+- 11:00 - 12:30: Nextcloud LDAP
+- 12:30 - 13:30: Pause
+- 13:30 - 14:30: Gitlab LDAP
+- 16:30 - 17:30: Sophos XGS fuer Trudering: Ersteinrichtung und Firmware aktuallisieren
+
+## Tuesday
+
+- 08:00 - 08:30: Linux Server updaten und rebooten, welche schon laenger als 90 Tage Laufzeit hatten, Ticketpflege
+- 08:30 - 09:00: Telfonat mit Dominik Thoma
+- 09:15 - 09:45: Telefonat mit Sebastian und Dominik: Punkte notieren und Max deshalb schreiben, Versuchen Herrn Fuechsle zu erreichen, Mail verfassen an Herrn Kurz wegen Phishing Mail
+- 09:45 - 10:15: [x] Juri Telefonat: Outlook einrichten
+- 10:15 - 10:30: Mit Patryk Muell entsorgen und Labor etwas aufraeumen
+- 10:30 - 11:00: Aldi
+- 11:00 - 11:45: Pause
+- 11:45 - 14:15: VZ iso installation weiter machen
+- 14:15 - 15:30: Phytron VM erstellen fuer Gitlab Instanz
+- 15:30 - 15:45: NeoSphere: Firewall anschauen weil eine Cluster Node down ist; versuche noden zu pingen (ueber vpn) und versuche noden ueber web zu erreichen, nicht moeglich
+- 15:45 - 16:00: Phytron weiter machen
+- 16:00 - 16:30: Kommunikation mit Martin
+- 16:30 - 17:00: Gitlab aufsetzen, installation, passwort aendern von root, it-glue anpassen. Fortsetzung:
+
+## todo
+
+- [ ] smtp relay - oauth2:
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+- [ ] discopharma kontakt
+- [ ] vz iso weitermachen
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] raci matrix - plan fuer monitoring und automation (pxe boot; win autoconfig; test server for ad; test firewalls; services; vlan std im buero mit Ordnung; pikvm fuer einfachere installation)
+- [ ] sbx - opsreportcad summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-07.md b/diary/2025-03-07.md
new file mode 100644
index 0000000..d962ba9
--- /dev/null
+++ b/diary/2025-03-07.md
@@ -0,0 +1,109 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:30 - 09:00: Ankunft;, pxe boot auf pve aufsetzen; sbx it-glue sortieren und archivieren; pve.lab.softbox.net einrichten, pxe aufsetzen und testen (fail)
+- 09:00 - 09:30: Debug pxe boot fail, probiere efi und legacy boot aus, efi geht nicht, legacy klappt, installiere testweise rocky linux
+- 09:30 - 11:00: Pruefe Ninja Link fuer die VZ, neu erzeugter link identisch, gehe mit micahel iso installation durch, test ninja installation klappt, teste aenderung des computernamens und sync durch ninja, bespreche vorgehen mit hannah, fange rezept liste an zu schreiben,
+- 11:00 - 12:00: Pause
+- 12:30 - 13:00: VZ usb sticks bestellen (20x), besprechung mit michael, teste ninja installation
+- 12:30 - 13:00: OPNsense Cluster mit CARP, docs.opnsense.org lesen,
+
+## Thursday
+
+- 08:15 - 09:00: Fuer Markus versuchen BeA.exe Installation zu automatisieren, [x] 0815-0830: Backup in Sophos Firewal bei Trudering einspielen
+- 09:00 - 09:15: Pause
+- 09:15 - 09:45: [x] Firewall pruefen, Bakcup wurde eingespielt, Admin Passwort von Web-UI stimmt nicht
+- 09:45 - 10:00: Markus unterstuetzen bei Installation
+- 10:00 - 10:30: Phytron - design und it-glue doku anpassen
+- 10:30 - 11:00: Recherche: oauth2 zu office365 via postfix
+- 11:00 - 11:30: opnsense - schulung planen und termin aufstellen - notizen dazu erstellen,
+- 11:30 - 13:00: Pause
+- 13:00 - 13:30: Privat (linkedin, roundmail, linuxfoundation acc)
+- 13:30 - 14:00: Firewall Uebergabe an Michael, stunden eintragen
+- 14:00 - 14:30: OPNsense Schulung planen und Termin rausschicken
+- 14:30 - 15:00: Research Vectorwork 2023 problem [1.](https://appletoolbox.com/app-is-damaged-cannot-be-opened-mac/),[2](https://iboysoft.com/tips/app-is-damaged-and-cannot-be-opened.html)
+- 15:00 - 15:30: TUM - Firewall advanced threate protection hat Caddy markiert. Ueberpruefe Server und lasse lynis drueber laufen
+- 15:30 - 16:00: Hetzner PVE Server full boot partition - try to remove old kernels manually... do not find enough info
+- 16:00 - 16:15: OPNsense Firewallregel erstellung besprechen in Anlehung an Problem bei der Radiochemie
+- 16:30 - 17:00:
+
+## Wednesday
+
+- 08:00 - 08:30: Neue OS einrichten, Teste gebrauchte tools auf Linux Client
+- 08:30 - 08:45: [x] Mail an Phytron
+- 08:45 - 09:00: Plan fuer OPNsense Schulungen
+- 09:00 - 10:00: Phytron: Telefonat mit Herr Herrgesell
+- 10:00 - 10:30: Unterstuetzung Philipp zu DNS und VPN Thema bei der glt Netz der TUM
+- 10:30 - 11:00: Meeting mit Max zu M365 bei KWA
+- 11:00 - 12:30: Nextcloud LDAP
+- 12:30 - 13:30: Pause
+- 13:30 - 14:30: Gitlab LDAP
+- 16:30 - 17:30: Sophos XGS fuer Trudering: Ersteinrichtung und Firmware aktuallisieren
+
+## Tuesday
+
+- 08:00 - 08:30: Linux Server updaten und rebooten, welche schon laenger als 90 Tage Laufzeit hatten, Ticketpflege
+- 08:30 - 09:00: Telfonat mit Dominik Thoma
+- 09:15 - 09:45: Telefonat mit Sebastian und Dominik: Punkte notieren und Max deshalb schreiben, Versuchen Herrn Fuechsle zu erreichen, Mail verfassen an Herrn Kurz wegen Phishing Mail
+- 09:45 - 10:15: [x] Juri Telefonat: Outlook einrichten
+- 10:15 - 10:30: Mit Patryk Muell entsorgen und Labor etwas aufraeumen
+- 10:30 - 11:00: Aldi
+- 11:00 - 11:45: Pause
+- 11:45 - 14:15: VZ iso installation weiter machen
+- 14:15 - 15:30: Phytron VM erstellen fuer Gitlab Instanz
+- 15:30 - 15:45: NeoSphere: Firewall anschauen weil eine Cluster Node down ist; versuche noden zu pingen (ueber vpn) und versuche noden ueber web zu erreichen, nicht moeglich
+- 15:45 - 16:00: Phytron weiter machen
+- 16:00 - 16:30: Kommunikation mit Martin
+- 16:30 - 17:00: Gitlab aufsetzen, installation, passwort aendern von root, it-glue anpassen. Fortsetzung:
+
+## todo
+
+- [ ] smtp relay - oauth2:
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+- [ ] vz iso weitermachen
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] raci matrix - plan fuer monitoring und automation (pxe boot; win autoconfig; test server for ad; test firewalls; services; vlan std im buero mit Ordnung; pikvm fuer einfachere installation)
+- [ ] sbx - opsreportcad summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-10.md b/diary/2025-03-10.md
new file mode 100644
index 0000000..cd3320d
--- /dev/null
+++ b/diary/2025-03-10.md
@@ -0,0 +1,66 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:45 - 09:30: Ticketpflege
+- 09:30 - 10:00: Recherche Hardware fuer OPNsense Cluster
+- 10:00 - 10:30: Studium: Security Zones und Spamhaus DROP fuer OPNsense
+- 10:30 - 11:00: Telefonat mit Marko: Ninja Installtion auf Mac Book
+- 11:00 - 12:00: Discopharma: Metabase compose file schrieben, setze teste vm auf, installiere docker und security features, instalilere postgres und metabase via docker compose, metabase erstkonfiguration
+- 12:00 - 13:00: Pause
+- 13:30 - 14:15: Bind dns in lab aufsetzen
+- 14:15: - 14:45: Metabase https via nginx/traefik/or something different??
+- 14:45 - 16:45: Anleitung verfassen fuer NeoSphere: Qumulus und Ice Installation
+- 16:45 - 17:00: Zeiten eintragen
+
+## todo
+
+- [ ] teste discopharma docker installation von metabase
+- [ ] smtp relay - oauth2:
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+- [ ] vz iso weitermachen
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] raci matrix - plan fuer monitoring und automation (pxe boot; win autoconfig; test server for ad; test firewalls; services; vlan std im buero mit Ordnung; pikvm fuer einfachere installation)
+- [ ] sbx - opsreportcad summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-11.md b/diary/2025-03-11.md
new file mode 100644
index 0000000..9cea0cb
--- /dev/null
+++ b/diary/2025-03-11.md
@@ -0,0 +1,81 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:30 - 09:15: Emails pruefen, discopharma, anleitung lesen fuer metabase, separate datenbank besser in production
+- 09:15 - 09:30: Pause
+- 09:30 - 09:45: Mail an KWA zu Firewall Thema, Pruefe KWA wildcard cert: Expiration 20.04
+- 09:45 - 10:00: Beobachte mit Michael dir Installation bei der VZ von Martin
+- 10:00 - 10:30: Gespraech mit Thilo zu Anleitung zu Setup von Neosphre, Recherche zu wildcard Zertifikat bei KWA
+- 10:30 - 11:00: VZ beobachten mit Michael
+- 11:00 - 12:00: Meeting mit DiscoPharma
+- 12:00 - 12:30: Gespraech mit Oli zu KWA/SSR (Firewall, Telefonie, Lizenzen, MacBook Einrichtung)
+- 12:30 - 13:30: Pause
+- 13:30 - 17:00: DiscoPharam Netzwerkstruktur - write manual, import vm image to proxmox, disk.raw mounten und auslesen, db suchen und einbinden, leer, import disk in proxmox, no passwd
+
+## Monday
+
+- 08:45 - 09:30: Ticketpflege
+- 09:30 - 10:00: Recherche Hardware fuer OPNsense Cluster
+- 10:00 - 10:30: Studium: Security Zones und Spamhaus DROP fuer OPNsense
+- 10:30 - 11:00: Telefonat mit Marko: Ninja Installtion auf Mac Book
+- 11:00 - 12:00: Discopharma: Metabase compose file schrieben, setze teste vm auf, installiere docker und security features, instalilere postgres und metabase via docker compose, metabase erstkonfiguration
+- 12:00 - 13:00: Pause
+- 13:30 - 14:15: Bind dns in lab aufsetzen
+- 14:15: - 14:45: Metabase https via nginx/traefik/or something different??
+- 14:45 - 16:45: Anleitung verfassen fuer NeoSphere: Qumulus und Ice Installation
+- 16:45 - 17:00: Zeiten eintragen
+
+## todo
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] teste discopharma docker installation von metabase
+- [ ] smtp relay - oauth2:
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+- [ ] vz iso weitermachen
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] raci matrix - plan fuer monitoring und automation (pxe boot; win autoconfig; test server for ad; test firewalls; services; vlan std im buero mit Ordnung; pikvm fuer einfachere installation)
+- [ ] sbx - opsreportcad summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-12.md b/diary/2025-03-12.md
new file mode 100644
index 0000000..c4cf14b
--- /dev/null
+++ b/diary/2025-03-12.md
@@ -0,0 +1,88 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:30 - 09:00: Disco check
+- 09:00 - 09:15: Telefonat mit Nina. T20250312.0008
+- 09:15 - 11:00: Discopharma. Versuche postgres database zu exportieren und in neue datenbank zu importieren
+- 11:00 - 12:00: Meeting mit Discopharam und Fortsetzung
+- 12:00 - 13:00: Pause
+- 13:00 - 13:30: Delete existing database entries on my own instance. Import the dump of the old ps database
+- 13:30 - 16:30: Setup new metabase isntance: pkgs to install, docker, setup docker; import old application database; test accessability of metabase; harden vm; setup unattended upgrades, allow in firewall communication between all VMs via private ips
+
+## Wednesday
+
+- 08:30 - 09:15: Emails pruefen, discopharma, anleitung lesen fuer metabase, separate datenbank besser in production
+- 09:15 - 09:30: Pause
+- 09:30 - 09:45: Mail an KWA zu Firewall Thema, Pruefe KWA wildcard cert: Expiration 20.04
+- 09:45 - 10:00: Beobachte mit Michael dir Installation bei der VZ von Martin
+- 10:00 - 10:30: Gespraech mit Thilo zu Anleitung zu Setup von Neosphre, Recherche zu wildcard Zertifikat bei KWA
+- 10:30 - 11:00: VZ beobachten mit Michael
+- 11:00 - 12:00: Meeting mit DiscoPharma
+- 12:00 - 12:30: Gespraech mit Oli zu KWA/SSR (Firewall, Telefonie, Lizenzen, MacBook Einrichtung)
+- 12:30 - 13:30: Pause
+- 13:30 - 17:00: DiscoPharam Netzwerkstruktur - write manual, import vm image to proxmox, disk.raw mounten und auslesen, db suchen und einbinden, leer, import disk in proxmox, no passwd
+
+## Monday
+
+- 10:30 - 11:00: Telefonat mit Marko: Ninja Installtion auf Mac Book
+- 11:00 - 12:00: Discopharma: Metabase compose file schrieben, setze teste vm auf, installiere docker und security features, instalilere postgres und metabase via docker compose, metabase erstkonfiguration
+
+- 13:30 - 14:15: Bind dns in lab aufsetzen
+- 14:15: - 14:45: Metabase https via nginx/traefik/or something different??
+- 14:45 - 16:45: Anleitung verfassen fuer NeoSphere: Qumulus und Ice Installation
+- 16:45 - 17:00: Zeiten eintragen
+
+## todo
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] teste discopharma docker installation von metabase
+- [ ] smtp relay - oauth2:
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+- [ ] vz iso weitermachen
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] raci matrix - plan fuer monitoring und automation (pxe boot; win autoconfig; test server for ad; test firewalls; services; vlan std im buero mit Ordnung; pikvm fuer einfachere installation)
+- [ ] sbx - opsreportcad summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-13.md b/diary/2025-03-13.md
new file mode 100644
index 0000000..e976544
--- /dev/null
+++ b/diary/2025-03-13.md
@@ -0,0 +1,98 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+
+
+## Timestamps
+
+- 07:45 - 08:15: Ankunft, Privates: HomeLab DNS Infrastructure
+- 08:15 - 08:45: Ticketpflege, Traeumen
+- 09:00 - 09:45: Meeting mit KWA (max, nina, dominik, sebastian) zu M365 Migration
+- 09:45 - 10:00: Aftermeeting Meeting mit Max
+- 10:00 - 10:30: Meeting mit Thilo, Ticketpflege
+- 10:30 - 11:00: Meeting mit Patryk
+- 11:00 - 11:45: [x] Status Update mit DiscoPharma, Certs issue, Configure Firewall in Gcloud
+- 11:45 - 12:00: Kommunikation mit Holger zu neoSphere
+- 12:00 - 12:30: Racuhen, versuche bjoern zu erreichen
+- 12:30 - 12:45: Bond zwischen 2 25Gbit Interfaces am ubt02 konfigurieren und testen - netplan config setzen
+- 12:45 - 13:15: TUM mit philipp: smtp auf port 25 mit nextcloud geht nicht: config.php anpassen, sodass self signed allowed
+- 13:15 - 13:45: Puase
+- 13:45 - 14:15: Gespraech mit Sebastian: Radiochemie: IMC server kann firewall nicht monitoren: snmp service an fw geht nicht und ssh authentication failed
+- 14:15 - 16:00: VZ autoinstall
+- 16:00 - 16:30: Sebastian snmp und ssh communication between imc and opnsense
+
+## Wednesday
+
+- 09:00 - 09:15: Telefonat mit Nina. T20250312.0008
+
+- 13:00 - 13:30: Delete existing database entries on my own instance. Import the dump of the old ps database
+- 13:30 - 16:30: Setup new metabase isntance: pkgs to install, docker, setup docker; import old application database; test accessability of metabase; harden vm; setup unattended upgrades, allow in firewall communication between all VMs via private ips
+
+## Tuesday
+
+- 08:30 - 09:15: Emails pruefen, discopharma, anleitung lesen fuer metabase, separate datenbank besser in production
+
+- 09:30 - 09:45: Mail an KWA zu Firewall Thema, Pruefe KWA wildcard cert: Expiration 20.04
+- 09:45 - 10:00: Beobachte mit Michael dir Installation bei der VZ von Martin
+- 10:00 - 10:30: Gespraech mit Thilo zu Anleitung zu Setup von Neosphre, Recherche zu wildcard Zertifikat bei KWA
+- 10:30 - 11:00: VZ beobachten mit Michael
+
+- 12:00 - 12:30: Gespraech mit Oli zu KWA/SSR (Firewall, Telefonie, Lizenzen, MacBook Einrichtung)
+
+## Monday
+
+- 10:30 - 11:00: Telefonat mit Marko: Ninja Installtion auf Mac Book
+
+- 13:30 - 14:15: Bind dns in lab aufsetzen
+
+## todo
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] smtp relay - oauth2:
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+- [ ] vz iso weitermachen
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] raci matrix - plan fuer monitoring und automation (pxe boot; win autoconfig; test server for ad; test firewalls; services; vlan std im buero mit Ordnung; pikvm fuer einfachere installation)
+- [ ] sbx - opsreportcad summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-14.md b/diary/2025-03-14.md
new file mode 100644
index 0000000..edc184e
--- /dev/null
+++ b/diary/2025-03-14.md
@@ -0,0 +1,88 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:30 - 08:45: Alle Projekte aufschreiben
+- 08:45 - 09:00: Pruefe NAS von KWA wegen fehlgeschlagenem Backup
+- 09:00 - 09:30: Ticketpflege, Gespraech mit Sebastian zu OPNsense und IMC
+- 09:30 - 09:45: Sebastian unterstuetzen: OPNsense SNMP in IMC Server einbinden
+- 09:45 - 10:30: OPNsense: Schriebe Anleitung fuer SNMP Server bei OPNsense. Fuege Anleitung in Ordner in TI-Glue hinzu
+- 10:30 - 10:35: Gespraech mit Dominik Thoma
+- 10:45 - 10:50: Bjoern Schwalb anrufen
+- 10:50 - 11:00: Gespraech mit Oli zu KWA Firewall Migration
+- 11:00 - 11:15: Stelle Failover Bond ein bei ubt02: Machine ID zweimal aendern, neustarten
+- 11:15 - 11:30: Termin planen fuer Firewall Migration und rausschicken
+- 11:30 - 11:45: Bond bei ubt02 aktivieren und pruefen, dass MAC adresse nicht gleich ist zu ubt03. bond scheint zu funktionieren. Reboot und nachdem pruefen
+- 11:45 - 12:30: KWA Mail; Zaehle Anzahl der Kontakte, welche nicht direkt im Kontakte Ordner hinterlegt waren, schreibe skript um alle kontakte aus den projektordnern zu kopieren, exportiere
+- 12:30 - 13:30: Pause
+- 13:30 - 14:00: Meeting with disopharma: Discussion fw rules and network tags
+- 14:00 - 15:00: Clean https configs in disco reverse proxy, restart web server, http://metabase.discopharma.de now reachable, test new certificates: not working
+- 15:00 - 17:00: draw.io. network diagram for qumulo
+
+## Tuesday
+
+- 09:30 - 09:45: Mail an KWA zu Firewall Thema, Pruefe KWA wildcard cert: Expiration 20.04
+
+- 10:15 - 10:30: Recherche zu wildcard Zertifikat bei KWA
+
+- 12:00 - 12:30: Gespraech mit Oli zu KWA/SSR (Firewall, Telefonie, Lizenzen, MacBook Einrichtung)
+
+## Monday
+
+- 10:30 - 11:00: Telefonat mit Marko: Ninja Installtion auf Mac Book
+
+## todo
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### KWA
+
+- KWA: Dominik teams Berechtigungen noch nicht freigegeben
+- KWA: Veraendere Bild Groesse von anhaengen (bild format)
+- KWA: Bei teilen direkt mit Outlook teilen
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] sbx - opsreportcard summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-16.md b/diary/2025-03-16.md
new file mode 100644
index 0000000..c24837f
--- /dev/null
+++ b/diary/2025-03-16.md
@@ -0,0 +1,59 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+## todo
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### KWA
+
+- KWA: Dominik teams Berechtigungen noch nicht freigegeben
+- KWA: Veraendere Bild Groesse von anhaengen (bild format)
+- KWA: Bei teilen direkt mit Outlook teilen
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] sbx - opsreportcard summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-17.md b/diary/2025-03-17.md
new file mode 100644
index 0000000..7b3bd95
--- /dev/null
+++ b/diary/2025-03-17.md
@@ -0,0 +1,73 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:30 - 08:45: Linux Server manuell updaten wo ninja failed
+- 08:45 - 09:00: Bereinige boot partition von hetzner pve: manuelles loschen von alten kernel
+- 09:00 - 09:15: Tagesaufgaben planen
+- 09:15 - 09:30: Rauchen
+-
+- 09:30 - 10:30: [x] Vorlagen Tabelle OPNsense Migration auffuellen: 32 Stunden Arbeit Notizen machen zu dem Projekt
+- 10:45 - 11:00 DiscoPharma Meeting Vorbereitung
+- 11:00 - 11:15: Meeting mit DiscoPharma
+- 11:15 - 11:30: Rauchen
+- 11:30 - 12:30: Pause
+- 12:30 - 13:30: [x] Recherche: "OPnsense in industry": [zenarmor-opnsense_vs_fortinet](https://www.zenarmor.com/docs/network-security-tutorials/opnsense-vs-fortinet), [opnsense forum discussion](https://forum.opnsense.org/index.php?topic=43572.0),
+- 13:30 - 14:00: [x] Meeting mit Oli zu KWA Firewall Migration Erst Meeting
+- 14:15 - 15:15: Meeting mit Patryk zu seiner Projektarbeit und ConnectSecure
+- 15:15 - 15:30: Pause
+- 15:30 - 16:00: [x] Vergleiche Sophos und OPNsense verfasssen (Preise, Features, Vor und Nachteile )
+- 16:00 - 16:30: Discopharma Postgres Backup
+- 16:30 - 17:00: [x] Ticketpflege
+
+## todo
+
+- [ ] opnsense schulung planen
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] sbx - opsreportcard summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/diary/2025-03-18.md b/diary/2025-03-18.md
new file mode 100644
index 0000000..8e5d4e6
--- /dev/null
+++ b/diary/2025-03-18.md
@@ -0,0 +1,83 @@
+$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$
+
+
+
+## Timestamps
+
+- 08:30 - 08:45: Ticketpflege
+- 08:45 - 09:00: Meeting mit KWA vorbereiten. XGS136 specs recherchieren
+- 09:00 - 10:15: Meeting mit KWA: Sophos vs. OPNsense
+- 10:15 - 10:30: Pause
+- 10:30 - 10:45: Mailstore Lizenz bei KWA nachschauen und Angebot anfragen. Infos fuer Angebot fuer Firewall Migration einholen
+- 11:00 - 11:15: Juri anrufen
+- 11:15 - 12:15: Kalkulation erstellen fuer KWA
+- 12:30 - 12:45: KWA IT-Glue sortieteren
+- 12:45 - 13:45: Pause
+- 13:45 - 14:15: SSR IT-Glue sortieren und neue Ordner anlegen
+
+## Monday
+
+- 08:30 - 08:45: [x] Linux Server manuell updaten wo ninja failed
+- 08:45 - 09:00: [x] Bereinige boot partition von hetzner pve: manuelles loschen von alten kernel
+- 09:00 - 09:15: [x] Tagesaufgaben planen
+
+- 09:30 - 10:30: [x] Vorlagen Tabelle OPNsense Migration auffuellen: 32 Stunden Arbeit Notizen machen zu dem Projekt
+- 10:45 - 11:00: [x] DiscoPharma Meeting Vorbereitung
+- 11:00 - 11:15: [x] Meeting mit DiscoPharma
+- 12:30 - 13:30: [x] Recherche: "OPnsense in industry": [zenarmor-opnsense_vs_fortinet](https://www.zenarmor.com/docs/network-security-tutorials/opnsense-vs-fortinet), [opnsense forum discussion](https://forum.opnsense.org/index.php?topic=43572.0),
+- 13:30 - 14:00: [x] Meeting mit Oli zu KWA Firewall Migration Erst Meeting
+- 14:15 - 15:15: Meeting mit Patryk zu seiner Projektarbeit und ConnectSecure
+- 15:15 - 15:30: Pause
+- 15:30 - 16:00: [x] Vergleiche Sophos und OPNsense verfasssen (Preise, Features, Vor und Nachteile )
+- 16:00 - 16:30: [x] Discopharma Postgres Backup
+- 16:30 - 17:00: [x] Ticketpflege
+
+## todo
+
+- [ ] opnsense schulung planen
+
+- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen
+- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster
+- [ ] herr fuechsle wegen homepage (kwa/ssr)
+
+- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen
+
+- [ ] radiochemie - irgendwie http challenge automatisieren
+- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung
+
+### Today
+
+### General
+
+- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade
+
+- [ ] mailstore update ssr/kwa
+- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs
+- [ ] kwa/ssr snmp karten fuer usv
+- [ ] update filewave admin und central
+
+### SBX
+
+- [ ] check if possible to monitor vsphere passwd expiration
+- [ ] create obsidian templates (Meetings, People, )
+- [ ] sbx - opsreportcard summary for action plan
+- [ ] sbx - disney workshop - planung
+
+- [ ] fuege bharchitekten zu connectsecure hinzu
+- [ ] erstelle connectsecure report fuer grasslfing
+- [ ] cybercns bei heilmaier
+
+- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups
+
+#### OPNsense
+
+1. check franke rieger firewall setup
+2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...)
+3. test management via opncentral
+4. write manual for on-boarding
+ - setup wan manually
+ - couple to opncentral
+ - send generic config via opncentral
+ - use manual for missing specific configs
+ - check workings of everything
+
diff --git a/projects/VZ/Rezept-Installation.md b/projects/VZ/Rezept-Installation.md
new file mode 100644
index 0000000..39f3720
--- /dev/null
+++ b/projects/VZ/Rezept-Installation.md
@@ -0,0 +1,31 @@
+## Source
+
+- [unattended Winstall - Github](https://github.com/memstechtips/UnattendedWinstall)
+- [answer files](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs?view=windows-11)
+- [unattended-generator](https://schneegans.de/windows/unattend-generator/)
+
+## 20250303 - Todo
+
+- [ ] Zertifikat (VZBY_SecurityAppliance_SSL_CA.cer) einfuegen
+- [ ] Vantage Tool Installieren im Userkontext
+- [ ] Energiesparmodus bei Netzbetrieb auf 'nie' setzen
+- [ ] Freigabe [\\vzby-srv-fp01\install$](file://vzby-srv-fp01/install$) (nur als Domain-Admin) mappen wäre praktisch…
+- [ ] SW - M365, MS Teams, PDF24, Sophos Connect, Sophos Endpoint Agent, Firefox, Acrobat Reader, Teamviewer QS aus Public Desktop, Netlogon Script als Verknuepfung auf Plublic Desktop
+- [ ] SW in Userkontext - SBX-Generator
+- [ ] Taskleiste:
+ - [ ] ausblenden von: Copilot, Store, Outlook New
+ - [x] Suchefeld auf "nur Suchsymbol setzen"
+ - [ ] Aktive Anwendungen auf "aus"
+ - [x] Taskleiste auf "links" verschieben
+ - [ ] Sophos Connect (wenn installiert), auf "dauerhaft" im SysTray platzieren
+
+
+## Rezept
+
+The steps we want to implement:
+
+1. Win 11 OS autoinstall - the idea is to use Microsoft's own "Answer files" and install NinjaOne Agent autmatically
+2. Change Computername
+3. AD coupling - it probably possible to also use the Answer files for this
+4. SW Installation - Use NinjaOne
+5. OS and SW Configuration and Personalization - Use NinjaOne
\ No newline at end of file
diff --git a/projects/VZ/Win11-autoinstall-iso.md b/projects/VZ/Win11-autoinstall-iso.md
index e9b5136..b8348a2 100644
--- a/projects/VZ/Win11-autoinstall-iso.md
+++ b/projects/VZ/Win11-autoinstall-iso.md
@@ -22,6 +22,7 @@
## VZ requirements
- Kein Secure Boot benoetigt
+- USB sticks anzahl
### User
diff --git a/projects/discopharma/20250310-Next_Steps.md b/projects/discopharma/20250310-Next_Steps.md
new file mode 100644
index 0000000..7086754
--- /dev/null
+++ b/projects/discopharma/20250310-Next_Steps.md
@@ -0,0 +1,149 @@
+## Goal
+
+Setup a metabase instance via docker with https support and a professional Deployment Pipeline
+
+## Questions
+
+- Separate Reverse Proxy or local Web Server enough??
+- Exisiterende SSL Zertifikate nutzen?
+- Kriege ich irgendwie Zugang?
+
+### 20250311
+
+- How many users?
+- What is the old db software? Maybe we can reuse it? Are there backups of the old database ?
+- DNS Verwaltung
+- is the metabase version a requirement?
+
+## Meeting-20250311
+
+Teilnehmer: Lukas Maas, Milos Nikolic, Petar Cubela
+
+### Answers
+
+- DB: MySQL. Backup dump exist.
+- Version needs to be 0.49.18
+- 20 people
+- Existing certs
+- Use Reverse Proxy
+- I will get access to the machines
+
+### My Time/ Steps
+
+1. Databse Instance MySQL (0.5h -1h)
+2. Metabase (.50 h)
+3. VM R2verse Proxy (.50 h)
+4. Find and Test the recreation of the data/dashboard database (metabase.db/) (1-2h)
+5. write overwivew network setup (ip address, open ports in firewall, metabase.discopharma.de -> public ip ) (1h)
+6. Recreate in discopharma setup: (2-3h)
+ 1. dns setup properly
+ 2. network setup properly
+ 3. creation of the VMs (oeither discopharma or me)
+ 4. Installation process (db exist, docker deployment of metabase, reverse proxy)
+ 5. Test
+
+## List of requirements regarding Metabase deployment (discopharma)
+
+1. Find or create backup of Metabase Dashboard data within Docker image on the old machine (marketplace image that was compromised, or a previous image of it)
+2. Solution architecture that obeys to best practices of security, so that
+ - DISCO employees can connect to a DISCO-internal metabase application using a web browser and the URL “metabase.discopharma.de”
+ - The application is not exposed to the public
+ - All connections to the application are encrypted (https)
+3. Solution architecture that includes a
+ - Productive instance (highest priority)
+ - Development/sandbox instance (lower priority)
+ - A process to deploy upgrades of the application (lower priority)
+4. Metabase version 0.49.18
+
+## Requirements
+
+- properly configured and firewalled google cloud; VMs should only be able to communicate via private IPs!
+- VM in google cloud for the metabase instance; Public IP address, port 80 and 443 forwarded; 1 cores, 2GB RAM (depends on user number)
+- VM in google cloud for the metabase database instance; Private IP address; 1 cores, 1GB RAM (depends on user number); PostgreSQL
+- Use existing SSL certs(??) with web server/reverse proxy like nginx/traefik/etc
+
+## Software
+
+- Debian 12
+- Docker
+- Metabase
+- PostgreSQL
+- Traefik/Nginx (depends)
+
+## Notes
+
+### 20250311
+-
+
+- Run separate database (PostgreSQL) and application server instances
+
+#### Metabase application server size
+
+- Metabase needs at least 1 core and 1GB of RAM
+- For every 20 concurrent people it needs 1CPU and 2GB of RAM
+
+#### Metabase application database server size
+
+- Database needs at least 1 core and 2GB of RAM
+- For every 40 concurrent people it needs 1CPU and 1GB of RAM
+
+
+## docker-compose.yml example
+
+```yml
+services:
+ metabase:
+ image: metabase/metabase:latest
+ container_name: metabase
+ hostname: metabase
+ restart: unless-stopped
+ volumes:
+ - /dev/urandom:/dev/random:ro
+ - "./metabase-db:/metabase.db"
+ - ./plugins:/plugins
+ ports:
+ - 3000:3000
+ environment:
+ JAVA_TIMEZONE: Europe/Berlin
+
+ MB_DB_FILE=/metabase.db
+ MB_DB_TYPE: postgres
+ MB_DB_DBNAME: metabase
+ MB_DB_PORT: 5432
+ MB_DB_USER_FILE: /run/secrets/db_user
+ MB_DB_PASS_FILE: /run/secrets/db_password
+ MB_DB_HOST: postgres
+ networks:
+ - metanet1
+ secrets:
+ - db_password
+ - db_user
+ healthcheck:
+ test: curl --fail -I http://localhost:3000/api/health || exit 1
+ interval: 15s
+ timeout: 5s
+ retries: 5
+ postgres:
+ image: postgres:latest
+ container_name: postgres
+ hostname: postgres
+ restart: unless-stopped
+ environment:
+ POSTGRES_USER_FILE: /run/secrets/db_user
+ POSTGRES_DB: metabase
+ POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+ networks:
+ - metanet1
+ secrets:
+ - db_password
+ - db_user
+networks:
+ metanet1:
+ driver: bridge
+secrets:
+ db_password:
+ file: db_password.txt
+ db_user:
+ file: db_user.txt
+
+```
\ No newline at end of file
diff --git a/projects/discopharma/20250311-metabase-environment.md b/projects/discopharma/20250311-metabase-environment.md
new file mode 100644
index 0000000..a4368be
--- /dev/null
+++ b/projects/discopharma/20250311-metabase-environment.md
@@ -0,0 +1,65 @@
+
+## VM Ressources and Setup
+
+The listed IP Addresses are only example values here and can be chosen on your judgement. Important is that the machines can communicate with each other.
+
+### MySQL Database
+
+- Name: MySQL Database
+- OS: Debian 12
+- hostname: db.discopharma.de (unimportant)
+- IP Address: 10.156.0.5/24
+- CPU: 1 core
+- RAM: 2 GB (2048 MB)
+- Storage: depends (30 GB)
+- DNS entry: none
+- Note: for every 40 concurrent users: needs 1CPU and 1GB of RAM more
+
+### Metabase Server
+
+- Name: Metabase Server
+- OS: Debian 12
+- hostname: mb.discopharma.de (unimportant)
+- IP Address: 10.156.0.6/24
+- CPU: 1 core
+- RAM: 1 GB (1024 MB)
+- Storage: depends (30 GB)
+- DNS entry: none
+- Note: for every 20 concurrent users: needs 1CPU and 2GB of RAM more
+
+### Reverse Proxy
+
+- Name: Reverse Proxy
+- OS: Debian 12
+- hostname: rproxy.discopharma.de (unimportant)
+- IP Address: 10.156.0.7/24 + \ address (only activated in the end)
+- CPU: 1 core
+- RAM: 1 GB (1024 MB)
+- Storage: depends (16 GB)
+- DNS entry: metabase.discopharma.de -> \
+- Note: for every concurrent users: needs 1CPU and 2GB of RAM more
+
+
+## SSL/TSL certificates
+
+- we need the discopharma wildcard certificate placed on the Reverse Proxy
+- usually two files enough called `privkey.pem` and `fullchain.pem`
+- you can put all the cert files on the reverse proxy and we will then use only the needed ones or convert them in the process if necessary
+
+## Firewall Setup
+
+I list all necessary communications and respective ports needed:
+
+(Abbreviations:
+- Databse: db = 10.156.0.5
+- Metabse: mb = 10.156.0.6
+- ReverseProxy: rp = 10.156.0.7)
+
+| Source | SourcePort | Destination | DestPort | Description |
+| ------------- | ----------------- | --------------- | ----------------- | ------------------------------------------------------------------------------------------- |
+| mb | 3306/tcp | db | 3306/tcp | 3306 is the standard mysql port. Communication of mb to db |
+| rp | 3000/tcp,3000/udp | mb | 3000/tcp,3000/udp | 3000 is the metabase web port (arbitrary). Reverse Proxy sends request via this port to mb. |
+| OPEN INTERNET | any | PUBLIC IP of rp | 443/tcp | 443 is the https port to communicate to rp over internet |
+
+You could also limit the access to the public ip such that only your company ip can reach it. The 443 port should be opened as the last thing when everything is done.
+When the VMs are in the same private network, they should be able to openly communicate with each other; the first two entries in the table should be already open.
diff --git a/projects/discopharma/20250312-metabase-deployment.md b/projects/discopharma/20250312-metabase-deployment.md
new file mode 100644
index 0000000..bca0652
--- /dev/null
+++ b/projects/discopharma/20250312-metabase-deployment.md
@@ -0,0 +1,19 @@
+
+## Metabase Instance
+
+### Requirements
+
+- [x] unattended-updates
+- [x] docker
+
+### Database
+
+- name: metabase
+- user: metabase
+- pass: /E^bOu|" die Versions Nummer ist:
+ > `tar zxvf ice-.tar.gz`
+4. Wechsle in das `src`-Verzeichnis:
+ > `cd ice-/src/`
+5. Kompiliere das Treiber modul (als root user!)
+ > `make install`
+ > Das Binary wird installiert als: `/lib/modules//updates/drivers/net/ethernet/intel/ice/ice.ko`
+6. Reboote das System und schalte Secure Boot wieder aus (das Linux Kernel ist gelocked, mit Secure Boot und daher koennte das Modul nicht angeschaltet werden)
+7. Nach erfolgreichem Neustart kann die Version des Treibers gecheckt und aktiviert werden mit den Befehlen: (deaktivieren des Moduls mit: `rmmod ice`)
+ > `modinfo ice`
+ > `modprobe ice`
+8. Um Nachrichten zu Netzwerlinks in der Konsole zu sehen, muss `dmesg` angepasst werden: `dmesg -n 8`. Nach dem aktivieren des Treibers sollten die Kernel Logs mit dem folgenden Befehl geprueft werden: `dmesg | grep '\`.
+9. Bei erfolgreicher Installation sollte der Befehl `lshw -c network` die Interfaces der netzwerkkarte anzeigen.
+
+## Notizen
+
+### Nuetzliche Befehle
+
+- Zeige Netzwerk Specs der Hardware an: `lshw -c network`
+
+- Zeige Bonding Konfiguration an: `cat /proc/net/bonding/` ;hier: `cat /proc/net/bonding/bond0`
+
+- Kernel Logs zu ice Treibern pruefen: `dmesg | grep '\`
\ No newline at end of file
diff --git a/projects/neosphere/qumulus/manual_lacp-bonding.md b/projects/neosphere/qumulus/manual_lacp-bonding.md
new file mode 100644
index 0000000..26c0d31
--- /dev/null
+++ b/projects/neosphere/qumulus/manual_lacp-bonding.md
@@ -0,0 +1,34 @@
+
+
+## Beispiel Config ubt01
+
+Netplan Konfigurationsdatei: `/etc/netplan/00-bonding.yaml`
+
+```yaml
+network:
+ version: 2
+ renderer: networkd
+ ethernets:
+ ens2f0:
+ dhcp4: no
+ ens2f1:
+ dhcp4: no
+ bonds:
+ bond0:
+ interfaces:
+ - ens2f0
+ - ens2f1
+ addresses:
+ - 192.168.60.200/24
+ - 192.168.60.210/24
+ routes:
+ - to: default
+ via: 192.168.60.254
+ nameservers:
+ addresses:
+ - 192.168.60.254
+ parameters:
+ mode: active-backup
+ mii-monitor-interval: 100
+ gratuitious-arp: 5
+```
\ No newline at end of file
diff --git a/projects/neosphere/qumulus/manual_qumulus.md b/projects/neosphere/qumulus/manual_qumulus.md
new file mode 100644
index 0000000..f181c2a
--- /dev/null
+++ b/projects/neosphere/qumulus/manual_qumulus.md
@@ -0,0 +1,22 @@
+
+## Qumulus MGMT
+
+Zur Adminstration des Qumulus Cluster besuchen Sie das Qumulus Dashboard (ueber VPN oder sonst im Netzwerk befindlich):
+
+
+Das Qumulus Dashboard kann ueber jede IP Adresse der Cluster Node erreicht werden; entsprechend haben die Noden IP Adressen von .11 bis .15.
+
+Das Qumulus Cluster arbeitet im Grunde wie ein klassische NAS:
+- Es bietet elaborierte Analysedaten zur Funktionsweise ders Clusters
+- Sharing im Dashboard konfigurierbar:
+ - smb shares
+ - nfs exports
+ - s3 buckets
+ - ftp
+- Authentizierung und Authorizierung:
+ - Locale User und Gruppen
+ - AD
+ - LDAP
+ - Role Management
+- Snapshots moeglich
+- Replizierung zu S3
\ No newline at end of file
diff --git a/projects/neosphere/qumulus/overview-qumulus_and_comp-nodes.md b/projects/neosphere/qumulus/overview-qumulus_and_comp-nodes.md
new file mode 100644
index 0000000..e69de29
diff --git a/projects/patryk-projekt/202503012-initial.md b/projects/patryk-projekt/202503012-initial.md
new file mode 100644
index 0000000..ac8b9cd
--- /dev/null
+++ b/projects/patryk-projekt/202503012-initial.md
@@ -0,0 +1,15 @@
+
+## Data
+
+- Datum: Anmeldung, Abgabe
+- Projekt Beschreibung
+ - Titel
+ - Infrastuktur
+ - Komponenten
+- Quellen
+
+## Quellen
+
+-
+-
+
diff --git a/projects/phytron/nextcloud_gitlab_after_hack.md b/projects/phytron/nextcloud_gitlab_after_hack.md
index a5ded2d..6892f04 100644
--- a/projects/phytron/nextcloud_gitlab_after_hack.md
+++ b/projects/phytron/nextcloud_gitlab_after_hack.md
@@ -1,10 +1,45 @@
+## General
+
+- [x] Change Admin Passwords to: General Domain Administrator Password
## Nextcloud
IP address: 192.168.66.66
+Domain: https://cloud.phytron.de
+
+### Resources
+
+-
+
+### User MGMT
+
+- [x] Gruppe: Nextcloud_extern (fuer externe nutzer)
+
+### Design
+
+- Integrate Phytron CI
+- Ask Holger
+- Primary Gray/ Secondary Red (Related to Homepage)
+
+### Folder
+
+**Expiration time: 6 months** (user choses a time which is maximally 6 months..)
+
+- [x] Ablaufdatum erzwungen bei public shares
+- [x] delete default files and folders which are generated for each new user
+- [x] Check if its possible that files/folders are deleted automatically after some time and that the user is notified about it
+- [x] two kinds of share folders: one folder 'intern' without expiration dates and one folder 'extern' with a strict expiration date
+- [ ] possibility to edit 'Microsoft Words' files
## Gitlab
IP address: 192.168.66.67
+Domain: http://git.phytron.local
+
+### Design
+
+- Check CI
+
+
diff --git a/projects/project-list.md b/projects/project-list.md
index 813832d..79a8667 100644
--- a/projects/project-list.md
+++ b/projects/project-list.md
@@ -1,4 +1,4 @@
## List
-- [sbx-knowledgebase](/projects/sbx/knowledgebase)
\ No newline at end of file
+- [sbx-knowledgebase](knowledgebase.md)
\ No newline at end of file
diff --git a/projects/sbx/raci_matrix-automation.md b/projects/sbx/RACI-Matrix/raci_matrix-automation.md
similarity index 100%
rename from projects/sbx/raci_matrix-automation.md
rename to projects/sbx/RACI-Matrix/raci_matrix-automation.md
diff --git a/projects/sbx/raci_matrix-monitoring.md b/projects/sbx/RACI-Matrix/raci_matrix-monitoring.md
similarity index 100%
rename from projects/sbx/raci_matrix-monitoring.md
rename to projects/sbx/RACI-Matrix/raci_matrix-monitoring.md
diff --git a/projects/sbx/disney-workshop.md b/projects/sbx/orga/disney-workshop.md
similarity index 100%
rename from projects/sbx/disney-workshop.md
rename to projects/sbx/orga/disney-workshop.md
diff --git a/projects/sbx/knowledgebase.md b/projects/sbx/orga/knowledgebase.md
similarity index 100%
rename from projects/sbx/knowledgebase.md
rename to projects/sbx/orga/knowledgebase.md
diff --git a/projects/sbx/sbx-myrules.md b/projects/sbx/orga/sbx-myrules.md
similarity index 100%
rename from projects/sbx/sbx-myrules.md
rename to projects/sbx/orga/sbx-myrules.md
diff --git a/projects/sbx/sbx-lab-network.md b/projects/sbx/sbx-lab-network.md
new file mode 100644
index 0000000..ac72ccf
--- /dev/null
+++ b/projects/sbx/sbx-lab-network.md
@@ -0,0 +1,18 @@
+
+## network
+
+- Gateway/Firewall Static IP: 10.11.12.254/24
+- DHCP: 10.11.12.100 - 10.11.12.200
+
+### Static IPs
+
+| hostname | mac | IP | comment |
+| -------- | ----------------- | ------------ | --------------------- |
+| gw | | 10.11.12.254 | sophos fw |
+| dns1 | | 10.11.12.253 | bind master |
+| dns2 | | 10.11.12.252 | bind slave |
+| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz |
+| node1 | | 10.11.12.2 | opnsense cluster test |
+| node2 | | 10.11.12.3 | opnsense cluster test |
+| vip-wan | | 10.11.12.4 | opnsense cluster test |
+| metabase | | 10.11.12.99 | test for discopharma |
diff --git a/projects/sbx/sbx-proxmox-test-server.md b/projects/sbx/sbx-proxmox-test-server.md
deleted file mode 100644
index 8adcf2e..0000000
--- a/projects/sbx/sbx-proxmox-test-server.md
+++ /dev/null
@@ -1,4 +0,0 @@
-
-mac-address:
-- 00:19:99:b9:9a:a2 of interface enp8s0f0
-- 00:19:99:b9:??:?? of interface enp8s0f1
diff --git a/tum-netxtcloud.md b/tum-netxtcloud.md
new file mode 100644
index 0000000..d617ff5
--- /dev/null
+++ b/tum-netxtcloud.md
@@ -0,0 +1,11 @@
+```ini
+ 'mail_smtpstreamoptions' =>
+ array (
+ 'ssl' =>
+ array (
+ 'allow_self_signed' => true,
+ 'verify_peer' => false,
+ 'verify_peer_name' => false,
+ ),
+ ),
+```
\ No newline at end of file