From ee2da8ceb66151dbe08a13d2bced1373c015264d Mon Sep 17 00:00:00 2001 From: Petar Cubela Date: Tue, 15 Apr 2025 11:06:06 +0200 Subject: [PATCH] 20250415 notes --- .DS_Store | Bin 6148 -> 6148 bytes .obsidian/workspace.json | 46 +++------- diary/2025-04-14.md | 10 ++- diary/2025-04-15.md | 79 ++++++++++++++++++ files/.DS_Store | Bin 6148 -> 6148 bytes files/sbx/.DS_Store | Bin 0 -> 6148 bytes .../20250414-preparation.md | 22 +++++ .../phytron/nextcloud_gitlab_after_hack.md | 1 + projects/sbx/sbx-lab-network.md | 21 ++--- 9 files changed, 131 insertions(+), 48 deletions(-) create mode 100644 diary/2025-04-15.md create mode 100644 files/sbx/.DS_Store create mode 100644 projects/kwa/firewall_migration/20250414-preparation.md diff --git a/.DS_Store b/.DS_Store index b89661284a1a566375ca1b1fbdd4512491db76f3..d98a496e23c189d0631c48fbe371b89412b9ab91 100644 GIT binary patch delta 14 VcmZoMXffDumX(ol^Ep;CApj?Y1iJtL delta 14 VcmZoMXffDumX(oV^Ep;CApj?S1iAnK diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 02c57fd..9a60633 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -37,7 +37,7 @@ "state": { "type": "markdown", "state": { - "file": "diary/2025-04-14.md", + "file": "diary/2025-04-15.md", "mode": "source", "source": true, "backlinks": true, @@ -52,7 +52,7 @@ } }, "icon": "lucide-file", - "title": "2025-04-14" + "title": "2025-04-15" } }, { @@ -85,7 +85,7 @@ "state": { "type": "markdown", "state": { - "file": "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", + "file": "projects/kwa/firewall_migration/20250414-preparation.md", "mode": "source", "source": true, "backlinks": true, @@ -100,7 +100,7 @@ } }, "icon": "lucide-file", - "title": "20250318-OPNsense_Migration" + "title": "20250414-preparation" } }, { @@ -126,30 +126,6 @@ "icon": "lucide-file", "title": "overview-qumulo_and_comp-nodes" } - }, - { - "id": "7490b3ea721d06cb", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "projects/win10_2_win11/20250411-Meeting-JM.md", - "mode": "source", - "source": true, - "backlinks": true, - "backlinkOpts": { - "collapseAll": false, - "extraContext": false, - "sortOrder": "alphabetical", - "showSearch": false, - "searchQuery": "", - "backlinkCollapsed": false, - "unlinkedCollapsed": true - } - }, - "icon": "lucide-file", - "title": "20250411-Meeting-JM" - } } ], "currentTab": 1 @@ -330,14 +306,16 @@ }, "active": "b865e0663684cf60", "lastOpenFiles": [ - "diary/2025-04-11.md", - "diary/2025-04-14.md", - "diary/2025-04-13.md", - "projects/sbx/sbx-lab-network.md", "projects/phytron/nextcloud_gitlab_after_hack.md", - "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", + "diary/2025-04-15.md", + "projects/sbx/sbx-lab-network.md", + "diary/2025-04-14.md", "projects/neosphere/qumulus/overview-qumulo_and_comp-nodes.md", + "projects/kwa/firewall_migration/20250414-preparation.md", + "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", "projects/win10_2_win11/20250411-Meeting-JM.md", + "diary/2025-04-11.md", + "diary/2025-04-13.md", "projects/kwa/mail_migration/timestamp-change.md", "projects/win10_2_win11", "diary/2025-04-10.md", @@ -357,8 +335,6 @@ "projects/ssr/202504-4architekten", "projects/discopharma/20250311-metabase-environment.md", "projects/discopharma/Meetings/20250310-Next_Steps.md", - "projects/discopharma/20250312-metabase-deployment.md", - "diary/2025-03-31.md", "projects/sbx/firewall-std", "projects/boschmann+feth", "files/discopharma/discopharma-infra.drawio.png", diff --git a/diary/2025-04-14.md b/diary/2025-04-14.md index b8ff6ba..9a7b0ed 100644 --- a/diary/2025-04-14.md +++ b/diary/2025-04-14.md @@ -8,8 +8,6 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - ssr: Macbook neuanschaffung raussuchen - qumulo - zeichne endlich -- wildcard zertifikat fuer kwa bestellen - ## Timestamps - 08:30 - 09:00: mails beantworten @@ -19,6 +17,13 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - 10:45 - 11:30: privaten vpn einrichten - 11:30 - 11:45: SSR Mac/Mitarbeiterin Eintrichtungs Doku anpassen - 11:45 - 12:00: ssh key exchange for pc.de +- 12:00 - 13:00: Pause +- 13:00 - 14:00: Discopharma Gespraech wegen pymysql and certificates +- 14:00 - 15:00: kwa zertifikate bestellen lassen und einpflegen +- 15:00 - 15:30: Mailstore authentifizerungs problem +- 15:30 - 16:00: Mit Marko OPNsense bei cqse besprechen und standard hardware raussuchen fuer den build +- 16:00 - 16:30: TestCluster aufbauen und anschalten +- 16:30 - 17:00: OPNsense auf XG installieren fuer KWA und entsprechend Notizen machen ## Friday @@ -51,7 +56,6 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung -- [ ] mailstore update ssr/kwa - [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs - [ ] kwa/ssr snmp karten fuer usv - [ ] update filewave admin und central diff --git a/diary/2025-04-15.md b/diary/2025-04-15.md new file mode 100644 index 0000000..a23f644 --- /dev/null +++ b/diary/2025-04-15.md @@ -0,0 +1,79 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- qumulo - zeichne endlich +- phytron - nextcloud abschliessen + +## Timestamps + +- 09:00 - 09:30: Ankunft, Ticketpflege +- 09:30 - 09:45: neosphere - ilo-ubt03 lizenz key suchen +- 09:45 - 10:00: Pause +- 10:00 - 10:30: Zugang phytron nextcloud: design schon gemacht, updaten um zwei versionen +- 10.30 - 11:00: cloud.sbx.de design gestalten +- 11:00 - 12:00: + +## Monday + +- 08:30 - 09:00: mails beantworten +- 09:00 - 09:30: Pause +- 09:30 - 10:00: Ticketpflege +- 10:15 - 10:45: Ticketpflege +- 10:45 - 11:30: privaten vpn einrichten +- 11:30 - 11:45: SSR Mac/Mitarbeiterin Eintrichtungs Doku anpassen +- 11:45 - 12:00: ssh key exchange for pc.de +- 12:00 - 13:00: Pause +- 13:00 - 14:00: Discopharma Gespraech wegen pymysql and certificates +- 14:00 - 15:00: kwa zertifikate bestellen lassen und einpflegen +- 15:00 - 15:30: Mailstore authentifizerungs problem +- 15:30 - 16:00: Mit Marko OPNsense bei cqse besprechen und standard hardware raussuchen fuer den build +- 16:00 - 16:30: TestCluster aufbauen und anschalten +- 16:30 - 17:00: OPNsense auf XG installieren fuer KWA und entsprechend Notizen machen + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] kube cluster on pve.lab.softbox.net +- [ ] backup on external drive for pve.lab.softbox.net + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/files/.DS_Store b/files/.DS_Store index cb7ef2a59f8a8302950f378174e688e050aed74a..fc3e465589157ef2a36a1cf054ca78999bd33e15 100644 GIT binary patch delta 46 zcmZoMXfc@J&&awlU^gQp>t-G%WkvyJhGK>!hKiKp+;ssI20 diff --git a/files/sbx/.DS_Store b/files/sbx/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..bac687bbd37a28ea997c9be8d44aef8646422ce9 GIT binary patch literal 6148 zcmeHKyJ`b55S&e19HeoXQa|7#e;|zW1^EHv7~C9OVFD?y%6H|{GW#fOF6o@c%))A< z)sBRwxV;5n+mGW5um&*D9r5ME(tO{2VGk8CBAsW9m~g^$Jim{N?B4^<9dO10pV(aT z57RXIrc4S*0VyB_q<|E-sRC7Aho_sKs>7s!6u1Wk{QJ=8j=gYBj86xLXaR^ThQm0I zUV_*>K9(h literal 0 HcmV?d00001 diff --git a/projects/kwa/firewall_migration/20250414-preparation.md b/projects/kwa/firewall_migration/20250414-preparation.md new file mode 100644 index 0000000..01cbdba --- /dev/null +++ b/projects/kwa/firewall_migration/20250414-preparation.md @@ -0,0 +1,22 @@ + +## Kerio Features + +### Network + +- WAN: 10.0.70.2 (FritzBox PPPoE) +- LAN: 192.168.70.1/24 +- VPN: 192.168.170.1/24 + + +## OPNsense + +### Network + +| Name | Interface | Network | Note | +| ---------- | --------- | -------------- | -------------- | +| WAN | WAN | 10.0.70.2/32 | FritzBox PPPoE | +| MGMT | LAN | 10.70.0.254/24 | | +| SERVER | LAN | | | +| CLIENT | LAN | | | +| WLAN | LAN | | | +| WLAN_GUEST | LAN | | | diff --git a/projects/phytron/nextcloud_gitlab_after_hack.md b/projects/phytron/nextcloud_gitlab_after_hack.md index 101ab1b..835aef3 100644 --- a/projects/phytron/nextcloud_gitlab_after_hack.md +++ b/projects/phytron/nextcloud_gitlab_after_hack.md @@ -1,6 +1,7 @@ ## General - [x] Change Admin Passwords to: General Domain Administrator Password +- [ ] setup send-only mailbox ## Nextcloud diff --git a/projects/sbx/sbx-lab-network.md b/projects/sbx/sbx-lab-network.md index ac72ccf..03dcde6 100644 --- a/projects/sbx/sbx-lab-network.md +++ b/projects/sbx/sbx-lab-network.md @@ -6,13 +6,14 @@ ### Static IPs -| hostname | mac | IP | comment | -| -------- | ----------------- | ------------ | --------------------- | -| gw | | 10.11.12.254 | sophos fw | -| dns1 | | 10.11.12.253 | bind master | -| dns2 | | 10.11.12.252 | bind slave | -| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz | -| node1 | | 10.11.12.2 | opnsense cluster test | -| node2 | | 10.11.12.3 | opnsense cluster test | -| vip-wan | | 10.11.12.4 | opnsense cluster test | -| metabase | | 10.11.12.99 | test for discopharma | +| hostname | mac | IP | comment | active | +| -------- | ----------------- | ------------ | --------------------- | ------ | +| gw | | 10.11.12.254 | sophos fw | true | +| dns1 | | 10.11.12.253 | bind master | true | +| dns2 | | 10.11.12.252 | bind slave | true | +| node1 | | 10.11.12.2 | opnsense cluster test | false | +| node2 | | 10.11.12.3 | opnsense cluster test | false | +| vip-wan | | 10.11.12.4 | opnsense cluster test | false | +| drawio | | 10.11.12.20 | opnsense cluster test | false | +| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz | true | +| metabase | | 10.11.12.99 | test for discopharma | false |