2 ** DONE Get tunnel & subnet from mur.at for testing [2/2]
3 *** DONE Get approval from mur.at
4 CLOSED: [2018-06-01 Fri 20:29]
6 CLOSED: [2018-06-02 Sa 01:26]
9 IPv6: 2a02:3e0:4001::/48
10 IPIP Tunnel Endpoint: 10.12.240.246
11 ** DONE Create new VLANs [3/3]
12 *** DONE mgmt VLAN 32 (aka new managemnt VLAN)
13 CLOSED: [2018-06-02 Sa 03:17]
15 *** DONE Finish converting plan to diagram & push to ikiwiki
16 CLOSED: [2018-07-08 So 00:07]
18 *** DONE Remaining VLANs
19 CLOSED: [2018-07-08 So 00:07]
20 Assigned: equinox (waiting for nicoo to upload the diagram)
21 ** TODO Bring gnocchi online [0/2]
22 *** TODO Move gnocchis to the rack in W1
25 **** DONE Adapt vm/setup to be able to bring up Gnocchi VMs
26 CLOSED: [2018-06-17 Sun 12:32]
28 vm/setup had implicit assumptions about network which might not have
29 held when installing core network VMs on gnocchi
31 It now only needs connectivity on the VM's primary interface,
32 to the configured debian mirror.
34 **** TODO Prepare preseed installs for gnocchis
37 Generate preseed in Ansible, concat to initramfs.
39 **** TODO 1 if -> mgmt, 2 if -> lacp -> tagged VLANs
40 **** DONE Basic services on hypervisor [3/3]
43 CLOSED: [2018-06-17 Sun 16:31]
45 CLOSED: [2018-06-08 Sun 21:24]
46 ***** DONE Provide time & entropy to guests
47 CLOSED: [2018-06-08 Sun 21:24]
49 **** TODO Get the vm-host role working there
50 **** DONE Figure out best way to virtualize OpenWRT
51 CLOSED: [2018-06-17 So 16:00]
54 Openwrt x86_64 have everything built in to run inside KVM
55 I propose to store to have 2 disks for the VMs. The first will contain
56 the kernel as well as a sqashfs root filesystem. The second one will hold
57 the overlay. This is basically a ext-root setup:
59 https://openwrt.org/docs/guide-user/additional-software/extroot_configuration
61 **** TODO Move gw to a gnocchi VM
62 Clone the VM, run with the legacy VLANs
63 **** TODO VMs for firewaling & basic net services (1/subnet)
64 Sit directly on the service LAN (original /27)
65 **** TODO VMs for critical services [0/4]
66 ***** TODO DNS resolver
68 ***** TODO Authoritative NS for realraum.at
70 ***** TODO Authn/authz [0/2]
73 ***** TODO netboot.xyz
75 ** Switch to a wireguard tunnel
76 *** Upgrade r2ko to LEDE
77 **** Forward-port murtun
80 ** Hardware RNG & key storage
81 *** Design miniPCIe PCB for Flying Stone 1
84 *** Forward key intarface to guests