diff --git a/.DS_Store b/.DS_Store index b896612..d98a496 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 02c57fd..9a60633 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -37,7 +37,7 @@ "state": { "type": "markdown", "state": { - "file": "diary/2025-04-14.md", + "file": "diary/2025-04-15.md", "mode": "source", "source": true, "backlinks": true, @@ -52,7 +52,7 @@ } }, "icon": "lucide-file", - "title": "2025-04-14" + "title": "2025-04-15" } }, { @@ -85,7 +85,7 @@ "state": { "type": "markdown", "state": { - "file": "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", + "file": "projects/kwa/firewall_migration/20250414-preparation.md", "mode": "source", "source": true, "backlinks": true, @@ -100,7 +100,7 @@ } }, "icon": "lucide-file", - "title": "20250318-OPNsense_Migration" + "title": "20250414-preparation" } }, { @@ -126,30 +126,6 @@ "icon": "lucide-file", "title": "overview-qumulo_and_comp-nodes" } - }, - { - "id": "7490b3ea721d06cb", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "projects/win10_2_win11/20250411-Meeting-JM.md", - "mode": "source", - "source": true, - "backlinks": true, - "backlinkOpts": { - "collapseAll": false, - "extraContext": false, - "sortOrder": "alphabetical", - "showSearch": false, - "searchQuery": "", - "backlinkCollapsed": false, - "unlinkedCollapsed": true - } - }, - "icon": "lucide-file", - "title": "20250411-Meeting-JM" - } } ], "currentTab": 1 @@ -330,14 +306,16 @@ }, "active": "b865e0663684cf60", "lastOpenFiles": [ - "diary/2025-04-11.md", - "diary/2025-04-14.md", - "diary/2025-04-13.md", - "projects/sbx/sbx-lab-network.md", "projects/phytron/nextcloud_gitlab_after_hack.md", - "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", + "diary/2025-04-15.md", + "projects/sbx/sbx-lab-network.md", + "diary/2025-04-14.md", "projects/neosphere/qumulus/overview-qumulo_and_comp-nodes.md", + "projects/kwa/firewall_migration/20250414-preparation.md", + "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", "projects/win10_2_win11/20250411-Meeting-JM.md", + "diary/2025-04-11.md", + "diary/2025-04-13.md", "projects/kwa/mail_migration/timestamp-change.md", "projects/win10_2_win11", "diary/2025-04-10.md", @@ -357,8 +335,6 @@ "projects/ssr/202504-4architekten", "projects/discopharma/20250311-metabase-environment.md", "projects/discopharma/Meetings/20250310-Next_Steps.md", - "projects/discopharma/20250312-metabase-deployment.md", - "diary/2025-03-31.md", "projects/sbx/firewall-std", "projects/boschmann+feth", "files/discopharma/discopharma-infra.drawio.png", diff --git a/diary/2025-04-14.md b/diary/2025-04-14.md index b8ff6ba..9a7b0ed 100644 --- a/diary/2025-04-14.md +++ b/diary/2025-04-14.md @@ -8,8 +8,6 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - ssr: Macbook neuanschaffung raussuchen - qumulo - zeichne endlich -- wildcard zertifikat fuer kwa bestellen - ## Timestamps - 08:30 - 09:00: mails beantworten @@ -19,6 +17,13 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - 10:45 - 11:30: privaten vpn einrichten - 11:30 - 11:45: SSR Mac/Mitarbeiterin Eintrichtungs Doku anpassen - 11:45 - 12:00: ssh key exchange for pc.de +- 12:00 - 13:00: Pause +- 13:00 - 14:00: Discopharma Gespraech wegen pymysql and certificates +- 14:00 - 15:00: kwa zertifikate bestellen lassen und einpflegen +- 15:00 - 15:30: Mailstore authentifizerungs problem +- 15:30 - 16:00: Mit Marko OPNsense bei cqse besprechen und standard hardware raussuchen fuer den build +- 16:00 - 16:30: TestCluster aufbauen und anschalten +- 16:30 - 17:00: OPNsense auf XG installieren fuer KWA und entsprechend Notizen machen ## Friday @@ -51,7 +56,6 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung -- [ ] mailstore update ssr/kwa - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs - [ ] kwa/ssr snmp karten fuer usv - [ ] update filewave admin und central diff --git a/diary/2025-04-15.md b/diary/2025-04-15.md new file mode 100644 index 0000000..a23f644 --- /dev/null +++ b/diary/2025-04-15.md @@ -0,0 +1,79 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- qumulo - zeichne endlich +- phytron - nextcloud abschliessen + +## Timestamps + +- 09:00 - 09:30: Ankunft, Ticketpflege +- 09:30 - 09:45: neosphere - ilo-ubt03 lizenz key suchen +- 09:45 - 10:00: Pause +- 10:00 - 10:30: Zugang phytron nextcloud: design schon gemacht, updaten um zwei versionen +- 10.30 - 11:00: cloud.sbx.de design gestalten +- 11:00 - 12:00: + +## Monday + +- 08:30 - 09:00: mails beantworten +- 09:00 - 09:30: Pause +- 09:30 - 10:00: Ticketpflege +- 10:15 - 10:45: Ticketpflege +- 10:45 - 11:30: privaten vpn einrichten +- 11:30 - 11:45: SSR Mac/Mitarbeiterin Eintrichtungs Doku anpassen +- 11:45 - 12:00: ssh key exchange for pc.de +- 12:00 - 13:00: Pause +- 13:00 - 14:00: Discopharma Gespraech wegen pymysql and certificates +- 14:00 - 15:00: kwa zertifikate bestellen lassen und einpflegen +- 15:00 - 15:30: Mailstore authentifizerungs problem +- 15:30 - 16:00: Mit Marko OPNsense bei cqse besprechen und standard hardware raussuchen fuer den build +- 16:00 - 16:30: TestCluster aufbauen und anschalten +- 16:30 - 17:00: OPNsense auf XG installieren fuer KWA und entsprechend Notizen machen + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] kube cluster on pve.lab.softbox.net +- [ ] backup on external drive for pve.lab.softbox.net + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/files/.DS_Store b/files/.DS_Store index cb7ef2a..fc3e465 100644 Binary files a/files/.DS_Store and b/files/.DS_Store differ diff --git a/files/sbx/.DS_Store b/files/sbx/.DS_Store new file mode 100644 index 0000000..bac687b Binary files /dev/null and b/files/sbx/.DS_Store differ diff --git a/projects/kwa/firewall_migration/20250414-preparation.md b/projects/kwa/firewall_migration/20250414-preparation.md new file mode 100644 index 0000000..01cbdba --- /dev/null +++ b/projects/kwa/firewall_migration/20250414-preparation.md @@ -0,0 +1,22 @@ + +## Kerio Features + +### Network + +- WAN: 10.0.70.2 (FritzBox PPPoE) +- LAN: 192.168.70.1/24 +- VPN: 192.168.170.1/24 + + +## OPNsense + +### Network + +| Name | Interface | Network | Note | +| ---------- | --------- | -------------- | -------------- | +| WAN | WAN | 10.0.70.2/32 | FritzBox PPPoE | +| MGMT | LAN | 10.70.0.254/24 | | +| SERVER | LAN | | | +| CLIENT | LAN | | | +| WLAN | LAN | | | +| WLAN_GUEST | LAN | | | diff --git a/projects/phytron/nextcloud_gitlab_after_hack.md b/projects/phytron/nextcloud_gitlab_after_hack.md index 101ab1b..835aef3 100644 --- a/projects/phytron/nextcloud_gitlab_after_hack.md +++ b/projects/phytron/nextcloud_gitlab_after_hack.md @@ -1,6 +1,7 @@ ## General - [x] Change Admin Passwords to: General Domain Administrator Password +- [ ] setup send-only mailbox ## Nextcloud diff --git a/projects/sbx/sbx-lab-network.md b/projects/sbx/sbx-lab-network.md index ac72ccf..03dcde6 100644 --- a/projects/sbx/sbx-lab-network.md +++ b/projects/sbx/sbx-lab-network.md @@ -6,13 +6,14 @@ ### Static IPs -| hostname | mac | IP | comment | -| -------- | ----------------- | ------------ | --------------------- | -| gw | | 10.11.12.254 | sophos fw | -| dns1 | | 10.11.12.253 | bind master | -| dns2 | | 10.11.12.252 | bind slave | -| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz | -| node1 | | 10.11.12.2 | opnsense cluster test | -| node2 | | 10.11.12.3 | opnsense cluster test | -| vip-wan | | 10.11.12.4 | opnsense cluster test | -| metabase | | 10.11.12.99 | test for discopharma | +| hostname | mac | IP | comment | active | +| -------- | ----------------- | ------------ | --------------------- | ------ | +| gw | | 10.11.12.254 | sophos fw | true | +| dns1 | | 10.11.12.253 | bind master | true | +| dns2 | | 10.11.12.252 | bind slave | true | +| node1 | | 10.11.12.2 | opnsense cluster test | false | +| node2 | | 10.11.12.3 | opnsense cluster test | false | +| vip-wan | | 10.11.12.4 | opnsense cluster test | false | +| drawio | | 10.11.12.20 | opnsense cluster test | false | +| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz | true | +| metabase | | 10.11.12.99 | test for discopharma | false |