Services: Difference between revisions

From Hackerspace Amersfoort
Jump to navigation Jump to search
No edit summary
(16 intermediate revisions by the same user not shown)
Line 9: Line 9:
* Bitlair-2GHz (2.4GHz-only WPA2-enterprise)
* Bitlair-2GHz (2.4GHz-only WPA2-enterprise)
* Bitlair-5GHz (5GHz-only WPA2-enterprise)
* Bitlair-5GHz (5GHz-only WPA2-enterprise)
* Bitlair-things (2.4GHz/5GHz WPA2-PSK network for "Internet of Things"). The PSK is available in the space.
* spacenet (WPA2-enterprise federated authentication across hackerspaces)
* spacenet (WPA2-enterprise federated authentication across hackerspaces)
* eduroam (WPA2-enterprise federated authentication for educational organisations)


General WPA2-enterprise settings for Bitlair-networks and spacenet for Bitlair members:
General WPA2-enterprise settings for Bitlair-networks and spacenet for Bitlair members:
Line 16: Line 18:
* Phase 2: PAP or MSCHAPv2 or EAP-MSCHAPv2
* Phase 2: PAP or MSCHAPv2 or EAP-MSCHAPv2
* CHECK THE CERTIFICATE! Check both the CA and the subject.
* CHECK THE CERTIFICATE! Check both the CA and the subject.
** Certificate signed by CA: StartCom
** Certificate signed by CA: DST Root CA (Let's Encrypt!)
** Certificate subject: radius.bitlair.nl
** Certificate subject: radius.bitlair.nl


Line 34: Line 36:


=== Wired access ===
=== Wired access ===
At many places in the space we are offering GigE 802.3af PoE wired network access. Please find the nearest outlet. If your MAC-address is not known in our LDAP server you will be dropped in VLAN 10 (IPv4: 192.168.10.0/24 - DJO), otherwise you will be dropped in VLAN 89 (IPv4: 192.168.89.0/24 - Bitlair clients). VLAN 89 is the client VLAN where all of the other Bitlair clients reside.
At many places in the space we are offering GigE 802.3af PoE wired network access. Please find the nearest outlet or network cable.
 
<!--If your MAC-address is not known in our LDAP server you will be dropped in VLAN 10 (IPv4: 192.168.10.0/24 - DJO), otherwise you will be dropped in VLAN 89 (IPv4: 192.168.89.0/24 - Bitlair clients). VLAN 89 is the client VLAN where all of the other Bitlair clients reside.!-->


== shell.bitlair.nl ==
== shell.bitlair.nl ==
Line 50: Line 54:
* Grafana install is linked to LDAP. Use your LDAP credentials to login and create your own dashboards.
* Grafana install is linked to LDAP. Use your LDAP credentials to login and create your own dashboards.


== kvm.bitlair.nl ==
== kvm.bitlair.nl / kvm2.bitlair.nl ==
This machine is running all of the VM's.
These machines are running all of the VM's.


* for support on this machine ask AK47, Wilco or polyfloyd
* for support on this machine ask AK47, Wilco or polyfloyd


== music.bitlair.nl ==
== music.bitlair.nl ==
See [[Projects/Muzieksysteem]]. https://music.bitlair.nl. Only reachable from local network.
See [[Projects/Muzieksysteem]]. https://music.bitlair.nl. Only reachable from local network. Separate system (not a VM on kvm.bitlair.nl).


== service.bitlair.nl ==
== service.bitlair.nl ==
VM running backend for spacestate. Also see [[Projects/spacestate]].
VM running backend for spacestate. Also see [[Projects/Spacestate]].


== bank.bitlair.nl ==
== bank.bitlair.nl ==
VM running RevBank software.
VM running RevBank software.


== aaa.bitlair.nl ==
== aaa.bitlair.nl / idp.bitlair.nl ==
External and internal authentication machine running these services:
External and internal authentication machine running these services:
* RADIUS
 
* FreeRADIUS (for 802.1X/spacenet)
* OpenLDAP
* OpenLDAP
* IdP (simplesaml)


== pbx.bitlair.nl ==
== pbx.bitlair.nl ==
Line 73: Line 79:


== metrics.bitlair.nl ==
== metrics.bitlair.nl ==
VM running Graphite as backend for dashboard.bitlair.nl.
VM running Graphite/Carbon as backend for dashboard.bitlair.nl. Also running Collectd for collection of various metrics (SNMP/MQTT). https://metrics.bitlair.nl (IPv6 only)


== cyber.bitlair.nl ==
== cyber.bitlair.nl ==
Line 87: Line 93:


== 3dprinter.bitlair.nl ==
== 3dprinter.bitlair.nl ==
https://3dprinter.bitlair.nl - 3D printing frontend
https://3dprinter.bitlair.nl - 3D printing frontend. Running on 3D printing PC (not a VM).


== mqtt.bitlair.nl ==
== mqtt.bitlair.nl ==
VM running MQTT software for metrics of Bitlair.
VM running MQTT software for metrics of Bitlair. Also see [[Projects/MQTT]].


== lights.bitlair.nl ==
== lights.bitlair.nl ==
VM running ArtNet scripts for LED visualisation.
VM running ArtNet scripts for LED visualisation.


== yolo.bitlair.nl ==
== newyolo.synnack.net ==
VM running several public services:
VM hosted by [[User:Wilco]] (SYNNACK) running several public services:


* https://pad.bitlair.nl
* https://pad.bitlair.nl
* https://paste.bitlair.nl
* https://paste.bitlair.nl
* https://member.bitlair.nl (to be phased out)
* https://member.bitlair.nl (to be phased out)
== vps.bitlair.nl ==
External VPS running several services:
* Email
* Mailing lists: https://list.bitlair.nl
== leds.bitlair.nl ==
OrangePi used for controlling LED strips (not deployed at Bitlair3)
== doorpi.bitlair.nl ==
OrangePi used for interfacing with Arduino's of Doorsystem.  (not deployed at Bitlair3)
== bank-pi.bitlair.nl ==
RaspberryPi running SSH-client to bank.bitlair.nl - frontend for RevBank.
== lasercutter.bitlair.nl (IPv4 only) ==
LAOS board controller lasercutter.
== lasercam.bitlair.nl ==
RaspberryPi running webcam for lasercutter.
== dagobert.bitlair.nl ==
RaspberryPi running safety/accounting for lasercutter.
== 2D printer ==
Color 2D laserprinter, HP 3600. Reachable via IPv4: 100.64.0.5..

Revision as of 19:47, 6 February 2018

Network services

Getting local network access

Inside and outside of the space we are offering wireless and wired network access. IPv4 address-assignment is done via RFC1918 and NAT, for IPv6 we are using a HE.net-tunnel to give you a publicly routable IPv6 address.

Wireless access

The following SSID's are available inside and outside of the space:

  • Bitlair-2GHz (2.4GHz-only WPA2-enterprise)
  • Bitlair-5GHz (5GHz-only WPA2-enterprise)
  • Bitlair-things (2.4GHz/5GHz WPA2-PSK network for "Internet of Things"). The PSK is available in the space.
  • spacenet (WPA2-enterprise federated authentication across hackerspaces)
  • eduroam (WPA2-enterprise federated authentication for educational organisations)

General WPA2-enterprise settings for Bitlair-networks and spacenet for Bitlair members:

  • Phase 1: EAP-TTLS or PEAP
  • Phase 2: PAP or MSCHAPv2 or EAP-MSCHAPv2
  • CHECK THE CERTIFICATE! Check both the CA and the subject.
    • Certificate signed by CA: DST Root CA (Let's Encrypt!)
    • Certificate subject: radius.bitlair.nl

As a Bitlair-member:

  • Bitlair networks: Use your LDAP credentials to login.
  • spacenet: use your LDAP credentials with the "@bitlair.nl"-realm to login. Also use this profile to get network access at other spaces.

As a guest:

  • Bitlair networks:
    • Username: guest
    • Password: eurosnoeren
  • spacenet: if you have a spacenet account from another hackerspace you can use these credentials to login. You should have received the correct phase 1/2 settings from your hackerspace.

For more information about connecting check these howto's: https://spacefed.net/wiki/index.php/Category:Howto/Spacenet

Wired access

At many places in the space we are offering GigE 802.3af PoE wired network access. Please find the nearest outlet or network cable.


shell.bitlair.nl

For Bitlair members & friends we are offering a shell server which is hosted inside Bitlair. It is reachable over IPv4 and/or IPv6.

  • Methods: SSH
  • Hostname: shell.bitlair.nl
  • Username: <your nickname>
  • Password: <your personal password>

dashboard.bitlair.nl

Grafana frontend for statistics of Bitlair. Running on Portal VM.

  • For dashboard see https://dashboard.bitlair.nl/
  • Grafana install is linked to LDAP. Use your LDAP credentials to login and create your own dashboards.

kvm.bitlair.nl / kvm2.bitlair.nl

These machines are running all of the VM's.

  • for support on this machine ask AK47, Wilco or polyfloyd

music.bitlair.nl

See Projects/Muzieksysteem. https://music.bitlair.nl. Only reachable from local network. Separate system (not a VM on kvm.bitlair.nl).

service.bitlair.nl

VM running backend for spacestate. Also see Projects/Spacestate.

bank.bitlair.nl

VM running RevBank software.

aaa.bitlair.nl / idp.bitlair.nl

External and internal authentication machine running these services:

  • FreeRADIUS (for 802.1X/spacenet)
  • OpenLDAP
  • IdP (simplesaml)

pbx.bitlair.nl

VM running Asterisk for external phone number and connecting Cisco 79xx phones in the space.

metrics.bitlair.nl

VM running Graphite/Carbon as backend for dashboard.bitlair.nl. Also running Collectd for collection of various metrics (SNMP/MQTT). https://metrics.bitlair.nl (IPv6 only)

cyber.bitlair.nl

This VM hosts the public wiki (bitlair.nl).

git.bitlair.nl

Hosting https://git.bitlair.nl. This VM is used for private Git repo's. Your can login here with your LDAP credentials.

portal.bitlair.nl

https://portal.bitlair.nl/

Bitlair member/friend portal, see Projects/Portal.

3dprinter.bitlair.nl

https://3dprinter.bitlair.nl - 3D printing frontend. Running on 3D printing PC (not a VM).

mqtt.bitlair.nl

VM running MQTT software for metrics of Bitlair. Also see Projects/MQTT.

lights.bitlair.nl

VM running ArtNet scripts for LED visualisation.

newyolo.synnack.net

VM hosted by User:Wilco (SYNNACK) running several public services:

vps.bitlair.nl

External VPS running several services:

leds.bitlair.nl

OrangePi used for controlling LED strips (not deployed at Bitlair3)

doorpi.bitlair.nl

OrangePi used for interfacing with Arduino's of Doorsystem. (not deployed at Bitlair3)

bank-pi.bitlair.nl

RaspberryPi running SSH-client to bank.bitlair.nl - frontend for RevBank.

lasercutter.bitlair.nl (IPv4 only)

LAOS board controller lasercutter.

lasercam.bitlair.nl

RaspberryPi running webcam for lasercutter.

dagobert.bitlair.nl

RaspberryPi running safety/accounting for lasercutter.

2D printer

Color 2D laserprinter, HP 3600. Reachable via IPv4: 100.64.0.5..