Difference between revisions of "IT Stuff"

From Meta Makers Wiki
Jump to: navigation, search
(POP2)
(POP2)
(6 intermediate revisions by the same user not shown)
Line 59: Line 59:
 
|ip = 10.3.19.9
 
|ip = 10.3.19.9
 
|weburl = https://10.3.19.9:8006
 
|weburl = https://10.3.19.9:8006
|secretid = ???
+
|secretid = 18
 
|note = {{Note| server is a Proliant DL380p, p/n: 670856-S01, s/n: 2M233901PB}}
 
|note = {{Note| server is a Proliant DL380p, p/n: 670856-S01, s/n: 2M233901PB}}
 
  {{Note|for iLO login credentials, use {{secret |id=14}} }}
 
  {{Note|for iLO login credentials, use {{secret |id=14}} }}
Line 67: Line 67:
 
  {{Note|HP p/n for ball bearing rail kit by itself: 720863-B21}}
 
  {{Note|HP p/n for ball bearing rail kit by itself: 720863-B21}}
 
  {{Note|HP p/n for ball bearing CMA by itself: 720865-B21}}
 
  {{Note|HP p/n for ball bearing CMA by itself: 720865-B21}}
 +
}}
 +
 +
{{VM
 +
|name = nextcloud.pop2.metamakers.org
 +
|description = Nexcloud server for storing files
 +
|ssh = sysadmin@nextcloud.pop2.metamakers.org
 +
|os = Ubuntu 18.04.2 64-bit
 +
|ip = 10.3.19.12
 +
|weburl = https://10.3.19.12
 +
|secretid= ??
 
}}
 
}}
  

Revision as of 17:37, 11 June 2019

This page is for keeping track of all the computer shit at Meta Makers

1 General Info

1.1 M2C PKI

Meta Makers has an offline Root CA currently stored on wiki.metamakers.org in the /root/M2Cpki.tar.gz tarball. Yes, that is a bad place to put it but its there for now.

There is also an intermediate CA on wiki.metamakers.or under /opt/easy-rsa/easyrsa3/M2CSubCA and it uses the easy-rsa scripts from openVPN to generate certs.


TODO: move offline root CA to somewhere safe

1.2 DNS info

metamakers.org is registered at hover.com

2 Server Info

2.1 POP1

wiki.metamakers.org ssh - <dynamic>
mediawiki, M2C certificate, phpmydadmin, and letsencrypt server
  • server is a virtualbox VM sitting on Shawn's linux server
  • Meta Makers intermediate CA infrastructure is stored under /opt/easy-rsa/easyrsa3/M2CSubCA and is managed by the easyrsa scripts from openvpn. For more information, see Certificates
  • ssh is enabled
  • letsencrypt certs are generated and stored on this server. They are stored under /opt/dehydrated/certs .
  • server is backed up via the free Veeam linux agent
  • membership scripts are stored under /usr/local/src/membership


mail.metamakers.org ssh - <dynamic>
mail server configured using iRedMail
  • server is a virtualbox VM sitting on Shawn's linux server
  • Server uses the iRedMail scripts to set up Sogo, Roundcube, postfix, dovecot, and mySQL
  • iRedMail config description is in /home/shawn/src/iRedMail-0.9.8/config
  • server is backed up via the free Veeam linux agent


2.2 POP2

vmhost1.pop2.metamakers.org ssh - 10.3.19.9, 10.3.19.10 (iLO)
KVM server for M2C VMs
  • O/S is Proxmox v5.?
  • See link for username/password
  • server is a Proliant DL380p, p/n: 670856-S01, s/n: 2M233901PB
  • this server was originally donated to Hackforge by Pat Andry. Technically, it belongs to Jeff Drake now after HF closed.
  • server uses SFF drives, full specs are online here
  • HP p/n for ball bearing rail kit w/ cable management arm (CMA): 663478-B21
  • HP p/n for ball bearing rail kit by itself: 720863-B21
  • HP p/n for ball bearing CMA by itself: 720865-B21


nextcloud.pop2.metamakers.org ssh - 10.3.19.12
Nexcloud server for storing files



2.3 Cloud (static IP servers)

maker1.metamakers.org ssh - 198.46.182.27
KVM VPS for metamakers.org primary DNS and mail proxy server
maker2.metamakers.org ssh - 198.46.182.28
KVM VPS for metamakers.org secondary DNS


3 Storage Info

3.1 POP2

nas1.pop2.metamakers.org - 10.3.19.11, 10.5.7.11 (SAN)
Netgear ReadyNAS 1500


4 Network Info

4.1 POP1

firewall.pop1.metamakers.org - 10.5.20.1 (LAN), 10.4.28.51 (OpenVPN)
internet firewall


4.2 POP2

firewall.pop2.metamakers.org - <dynamic> (WAN), 10.3.19.1 (LAN), 10.4.28.50 (OpenVPN)
internet firewall
  • See link for username/password
  • server is a 1U Intel-branded server. Prod. code: SR1695WBAC, s/n: AZGA1230031
  • does not have remote management capabilities(?)
  • Server is missing 2 disk trays, replacements can be found here
  • RFC2136 dynamic updates are configured to push the WAN IP to maker1.metamakers.org
switch1.pop2.metamakers.org - 10.3.19.2
Cisco ESW-540-24 Gigabit Switch
  • See link for username/password
  • HUGE NOTE: by default this switch ONLY ALLOWS ONE MAC PER PORT!!! This fucks with VMs so they have no access to the network. To disable this, you have to go to port security in the web console and change the port "limited dynamic lock" and specify more than 1 mac per port.
ap1.pop2.metamakers.org - 10.3.19.3
TP-Link Archer C9 AC1900 wireless access point


5 HOWTOs

5.1 How to renew Let's Encrypt certs

The letsencrypt certs are stored on wiki.metamakers.org and are generated using letsencrypt's nsupdate DNS protocol. All the ACME protocol interactions are handled by a package of shell scripts called 'dehydrated'. All the certs that dehydrated handles are located in the /opt/dehydrated/domains.txt file.

Letsencrypt certs only last for 3 months. In order to renew ALL the certs, do the following:

1.  ssh into wiki.metamakers.org using username/password
2.  run the following commands:
  cd /opt/dehydrated
  sudo ./dehydrated -c
3.  check the /opt/dehydrated/certs directory for any new certs/keys generated.

5.2 How to generate and email an M2C cert

To generate a new member or vpn certificates, do the following:

1. ssh into wiki.metamakers.org using username/password

to generate a member certificate with no password for newusername@metamakers.org:

2a. sudo newmembercert.sh newusername "User Name"

OR to generate a vpn certificate

2b. sudo newvpncert.sh <CN_for_VPN_cert>:

To email the cert, their metamakers email address, run following command:

3a. sudo emailcerts.sh newusername

OR to email the user their new cert to their personal email address, run:

3b. sudo emailcerts.sh newusername someperson@somwhere.com

You can list all the certs available by running

sudo emailcerts.sh -l