summaryrefslogtreecommitdiff
path: root/arfnet2.html
diff options
context:
space:
mode:
Diffstat (limited to 'arfnet2.html')
-rw-r--r--arfnet2.html90
1 files changed, 66 insertions, 24 deletions
diff --git a/arfnet2.html b/arfnet2.html
index e1d5757..f28d5c8 100644
--- a/arfnet2.html
+++ b/arfnet2.html
@@ -71,20 +71,47 @@ secure</li>
<li>Site to Site wireguard</li>
<li>Establish telephony</li>
</ul>
-<h3 id="stage-7-ca-pki-ldap-and-sso">*Stage 7: CA, PKI, LDAP and
-SSO</h3>
+<h3 id="stage-7-ca-pki-ldap-iam-and-sso">*Stage 7: CA, PKI, LDAP, IAM
+and SSO</h3>
+<p>Objectives</p>
<ul>
<li>Unify all logins</li>
<li>Single authentication and authorization LDAP store</li>
<li>SSO on as many services as possible</li>
<li>Private CA PKI server certs for private endpoint security</li>
-<li>User certificates for extra secure endpoints</li>
+<li>User certificates for extra secure clients mTLS</li>
</ul>
-<h3 id="stage-8-internal-dns">*Stage 8: Internal DNS</h3>
-<ul>
-<li>Drop OPNsense unbound, use BIND</li>
-<li>Use .local.arf20.com zone or something</li>
-<li>PiHole</li>
+<p>Steps</p>
+<ul class="task-list">
+<li><label><input type="checkbox" checked="" />Migrate .lan zone to
+.int.arf20.com at ARFNET BIND (misc)</label></li>
+<li><label><input type="checkbox" checked="" />Deploy
+piHole</label></li>
+<li><label><input type="checkbox" checked="" />Create Root CA with
+clca</label></li>
+<li><label><input type="checkbox" checked="" />Deploy OpenXPKI with
+it</label></li>
+<li><label><input type="checkbox" checked="" />Deploy OpenLDAP and set
+up schemas</label></li>
+<li><label><input type="checkbox" />OpenLDAP LDAPS with
+cert</label></li>
+<li><label><input type="checkbox" checked="" />Deploy Keycloak and give
+it a cert</label></li>
+<li><label><input type="checkbox" checked="" />Connect Keycloak to
+OpenLDAP</label></li>
+<li><label><input type="checkbox" />DNS on all internal
+services</label></li>
+<li><label><input type="checkbox" />Reverse proxy all internal
+services</label></li>
+<li><label><input type="checkbox" />Internal services
+dashboard</label></li>
+<li><label><input type="checkbox" />Give internal web service endpoints
+TLS certificates</label></li>
+<li><label><input type="checkbox" />Put SSO login on services where
+possible</label></li>
+<li><label><input type="checkbox" />Connect remaining services to
+LDAP</label></li>
+<li><label><input type="checkbox" />Kerberos and Keycloak</label></li>
</ul>
<h2 id="domain">Domain</h2>
<p>arf20.com</p>
@@ -1059,6 +1086,7 @@ http://ca.lan:80</td>
<li>vaultwarden :8000</li>
<li>OpenLDAP slapd :389</li>
<li>ldap-account-manager :8389</li>
+<li>Keycloak :8443</li>
</ul>
<table>
<thead>
@@ -1315,6 +1343,8 @@ CT</h3>
</ul></li>
<li>apache2 :80</li>
</ul>
+<h3 id="pihole-dmz.25-debian-13-ct">pihole DMZ.25 Debian 13 CT</h3>
+<p>Pihole</p>
<hr />
<h3 id="mail-arfnet-ionos-vps-5.250.186.185-2001ba0210d6001">mail
(ARFNET-IONOS VPS) 5.250.186.185 2001:ba0:210:d600::1</h3>
@@ -1487,55 +1517,65 @@ Number Assignation Table</h2>
<td></td>
</tr>
<tr class="even">
+<td>DMZ.17</td>
+<td>[reserved]</td>
+<td></td>
+</tr>
+<tr class="odd">
<td>DMZ.15</td>
<td>(t2)</td>
<td>T/2 SDE build box</td>
</tr>
-<tr class="odd">
+<tr class="even">
<td>DMZ.16</td>
<td>pubnix</td>
<td></td>
</tr>
-<tr class="even">
+<tr class="odd">
<td>DMZ.17</td>
<td>[reserved]</td>
<td>for future raspi</td>
</tr>
-<tr class="odd">
+<tr class="even">
<td>DMZ.18</td>
-<td>ata.lan</td>
+<td>ata</td>
<td>Linksys ATA</td>
</tr>
-<tr class="even">
+<tr class="odd">
<td>DMZ.19</td>
-<td>cucmelan</td>
+<td>cucm</td>
<td>Cisco CallManager</td>
</tr>
-<tr class="odd">
+<tr class="even">
<td>DMZ.20</td>
-<td>callbox.lan</td>
+<td>callbox</td>
<td>5G gNodeB</td>
</tr>
-<tr class="even">
+<tr class="odd">
<td>DMZ.21</td>
-<td>dn42.lan</td>
+<td>dn42</td>
<td>DN42 edge router</td>
</tr>
-<tr class="odd">
+<tr class="even">
<td>DMZ.22</td>
-<td>open5gs.lan</td>
+<td>open5gs</td>
<td>Open5GS 5G core</td>
</tr>
-<tr class="even">
+<tr class="odd">
<td>DMZ.23</td>
-<td>dn42-services.lan</td>
+<td>dn42-services</td>
<td>DN42 service machine</td>
</tr>
-<tr class="odd">
+<tr class="even">
<td>DMZ.24</td>
-<td>ca.lan</td>
+<td>ca</td>
<td>Certificate Authority</td>
</tr>
+<tr class="odd">
+<td>DMZ.25</td>
+<td>pihole</td>
+<td>pihole</td>
+</tr>
<tr class="even">
<td></td>
<td></td>
@@ -2135,6 +2175,8 @@ service, ticket and invoice management system</li>
list browser</li>
<li><a href="https://cgit.arf20.com/arfnet2-status">status</a>: status
monitor</li>
+<li><a href="https://cgit.arf20.com/arfnet2-search">search</a>: fast
+file indexer and search</li>
</ul>
</body>
</html>
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-02 21:51:47 +0000