foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

docs: update networking configuration notes for Plover

Browse Source
This commit is contained in:
Gabriel Arazas 2023-02-08 18:03:35 +08:00
parent 93355b3c67
commit 76b17d5beb
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/plover/README.adoc
View File

@ -76,14 +76,20 @@ Still, test the logins as indicated from the seed file.
Networking for a first-timer can be confusing (at least for me). Networking for a first-timer can be confusing (at least for me).
So here's the documentation for what is the practices that are following here. So here's the documentation for what is the practices that are following here.
- Internal services is mainly at `172.24.0.0/16`. - Networks are mainly divided into client and server blocks.
- Public services is at an increment to the internal services IP address (i.e., `172.25.0.0/16`).
- Wireguard interfaces are mainly at `10.2xx.0.0/16`.
There are some general guidelines to keep in mind when assigning the IPs statically. - Server networks are made up of interfaces attached to machines that provide services.
They mainly live in `172.16.0.0/13` and `10.0.0.0/9`.
- Servers are intended at `172.1.x.x` to `172.101.x.x`. - Client networks are made up of interfaces attached to machines that are mainly used as clients.
- VPNs are at `10.2xx.x.x`. They mainly live in `172.24.0.0/13` and `10.128.0.0/9`.
Furthermore, most of them should be freely assigned an IP address.
Thus, use of DHCP is pretty much ideal.
- Wireguard interfaces are mainly at `10.2xx.0.0/16` and is included as part of the client network.
Same if you are considering implement other VPN servers.
- For private network `192.168.0.0/16`, it is basically a free-for-all.
For more details, you can see the interfaces and their networking-related configuration in link:./modules/hardware/networks.nix[`./modules/hardware/networks.nix`]. For more details, you can see the interfaces and their networking-related configuration in link:./modules/hardware/networks.nix[`./modules/hardware/networks.nix`].
@ -136,6 +142,7 @@ You can set up a firewall from Hetzner Cloud web UI but you can also deploy one
---- ----
hcloud firewall create --name tcp-fw hcloud firewall create --name tcp-fw
hcloud firewall create --name udp-fw hcloud firewall create --name udp-fw
hcloud firewall create --name dns-fw
hcloud firewall add-rule tcp-fw --direction in --protocol tcp --port 22 --description "Secure shells" hcloud firewall add-rule tcp-fw --direction in --protocol tcp --port 22 --description "Secure shells"
hcloud firewall add-rule tcp-fw --direction in --protocol tcp --port 80 --description "HTTP server" hcloud firewall add-rule tcp-fw --direction in --protocol tcp --port 80 --description "HTTP server"
@ -146,6 +153,9 @@ hcloud firewall add-rule tcp-fw --direction in --protocol tcp --port 636 --descr
hcloud firewall add-rule udp-fw --direction in --protocol udp --port 51820 --description "Wireguard" hcloud firewall add-rule udp-fw --direction in --protocol udp --port 51820 --description "Wireguard"
hcloud firewall add-rule tcp-fw --direction in --protocol udp --port 389 --description "LDAP server" hcloud firewall add-rule tcp-fw --direction in --protocol udp --port 389 --description "LDAP server"
hcloud firewall add-rule tcp-fw --direction in --protocol udp --port 636 --description "LDAPS server" hcloud firewall add-rule tcp-fw --direction in --protocol udp --port 636 --description "LDAPS server"
hcloud firewall add-rule dns-fw [--source-ips "SLAVE_DNS_IP"]... --direction in --protocol udp --port 53 --description "Hidden primary DNS server"
hcloud firewall add-rule dns-fw [--source-ips "SLAVE_DNS_IP"]... --direction in --protocol tcp --port 53 --description "Hidden primary DNS server"
---- ----
Next up, the networking setup which is composed of a public IP used for accessing some services and a private network used to communicate inside of the network. Next up, the networking setup which is composed of a public IP used for accessing some services and a private network used to communicate inside of the network.