* Roadmap ** DONE Get tunnel & subnet from mur.at for testing [2/2] *** DONE Get approval from mur.at CLOSED: [2018-06-01 Fri 20:29] *** DONE Set up tunnel CLOSED: [2018-06-02 Sa 01:26] Assigned: equinox IPv4: 89.106.211.0/28 IPv6: 2a02:3e0:4001::/48 IPIP Tunnel Endpoint: 10.12.240.246 ** DONE Create new VLANs [3/3] *** DONE mgmt VLAN 32 (aka new managemnt VLAN) CLOSED: [2018-06-02 Sa 03:17] Assigned: equinox *** DONE Finish converting plan to diagram & push to ikiwiki CLOSED: [2018-07-08 So 00:07] Assigned: nicoo *** DONE Remaining VLANs CLOSED: [2018-07-08 So 00:07] Assigned: equinox (waiting for nicoo to upload the diagram) ** TODO Bring gnocchi online [0/2] *** TODO Move gnocchis to the rack in W1 Assigned: nicoo *** TODO Setup [3/9] **** DONE Adapt vm/setup to be able to bring up Gnocchi VMs CLOSED: [2018-06-17 Sun 12:32] vm/setup had implicit assumptions about network which might not have held when installing core network VMs on gnocchi It now only needs connectivity on the VM's primary interface, to the configured debian mirror. **** TODO Prepare preseed installs for gnocchis Assigned: nicoo Generate preseed in Ansible, concat to initramfs. **** TODO 1 if -> mgmt, 2 if -> lacp -> tagged VLANs **** DONE Basic services on hypervisor [3/3] Assigned: nicoo ***** DONE NTPd CLOSED: [2018-06-17 Sun 16:31] ***** DONE Haveged CLOSED: [2018-06-08 Sun 21:24] ***** DONE Provide time & entropy to guests CLOSED: [2018-06-08 Sun 21:24] **** TODO Get the vm-host role working there **** DONE Figure out best way to virtualize OpenWRT CLOSED: [2018-06-17 So 16:00] Assigned: equinox Openwrt x86_64 have everything built in to run inside KVM I propose to store to have 2 disks for the VMs. The first will contain the kernel as well as a sqashfs root filesystem. The second one will hold the overlay. This is basically a ext-root setup: https://openwrt.org/docs/guide-user/additional-software/extroot_configuration **** TODO Move gw to a gnocchi VM Clone the VM, run with the legacy VLANs **** TODO VMs for firewaling & basic net services (1/subnet) Sit directly on the service LAN (original /27) **** TODO VMs for critical services [0/4] ***** TODO DNS resolver unbound or getdns ***** TODO Authoritative NS for realraum.at bind (potentially) ***** TODO Authn/authz [0/2] ****** TODO whawty ****** TODO RADIUS ***** TODO netboot.xyz * Future stuffs ** Switch to a wireguard tunnel *** Upgrade r2ko to LEDE **** Forward-port murtun **** Actual upgrade *** Setup tunnel ** Hardware RNG & key storage *** Design miniPCIe PCB for Flying Stone 1 Only uses power & USB Assigned: equinox *** Forward key intarface to guests