2 ** DONE Get tunnel & subnet from mur.at for testing [2/2]
3 *** DONE Get approval from mur.at
4 CLOSED: [2018-06-01 Fri 20:29]
6 CLOSED: [2018-06-02 Sa 01:26]
9 IPv6: 2a02:3e0:4001::/48
10 IPIP Tunnel Endpoint: 10.12.240.246
11 ** TODO Create new VLANs [1/3]
12 *** DONE mgmt VLAN 32 (aka new managemnt VLAN)
13 CLOSED: [2018-06-02 Sa 03:17]
15 *** TODO Finish converting plan to diagram & push to ikiwiki
17 *** TODO Remaining VLANs
18 Assigned: equinox (waiting for nicoo to upload the diagram)
19 ** TODO Bring gnocchi online [0/2]
20 *** TODO Move gnocchis to the rack in W1
23 **** DONE Adapt vm/setup to be able to bring up Gnocci VMs
24 CLOSED: [2018-06-17 Sun 12:32]
26 vm/setup had implicit assumptions about network which might not have
27 held when installing core network VMs on gnocci
29 It now only needs connectivity on the VM's primary interface,
30 to the configured debian mirror.
32 **** TODO Prepare preseed installs for gnocchis
35 Generate preseed in Ansible, concat to initramfs.
37 **** TODO 1 if -> mgmt, 2 if -> lacp -> tagged VLANs
38 **** DONE Basic services on hypervisor [3/3]
41 CLOSED: [2018-06-17 Sun 16:31]
43 CLOSED: [2018-06-08 Sun 21:24]
44 ***** DONE Provide time & entropy to guests
45 CLOSED: [2018-06-08 Sun 21:24]
47 **** TODO Get the vm-host role working there
48 **** DONE Figure out best way to virtualize OpenWRT
49 CLOSED: [2018-06-17 So 16:00]
52 Openwrt x86_64 have everything built in to run inside KVM
53 I propose to store to have 2 disks for the VMs. The first will contain
54 the kernel as well as a sqashfs root filesystem. The second one will hold
55 the overlay. This is basically a ext-root setup:
57 https://openwrt.org/docs/guide-user/additional-software/extroot_configuration
59 **** TODO Move gw to a gnocchi VM
60 Clone the VM, run with the legacy VLANs
61 **** TODO VMs for firewaling & basic net services (1/subnet)
62 Sit directly on the service LAN (original /27)
63 **** TODO VMs for critical services [0/4]
64 ***** TODO DNS resolver
66 ***** TODO Authoritative NS for realraum.at
68 ***** TODO Authn/authz [0/2]
71 ***** TODO netboot.xyz
73 ** Switch to a wireguard tunnel
74 *** Upgrade r2ko to LEDE
75 **** Forward-port murtun
78 ** Hardware RNG & key storage
79 *** Design miniPCIe PCB for Flying Stone 1
82 *** Forward key intarface to guests