oleg/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

diagrams: добавлены mermaid-схемы для НИИКН и Знаменского

Browse Source
This commit is contained in:
dttb
2026-05-04 10:10:33 +03:00
parent d2969b4751
commit 93ade1c65b
421 changed files with 13837 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
projects/niikn/README.md
View File

@@ -2,16 +2,16 @@
## Инфраструктура
| Компонент | IP | Описание |
|-----------|-----|----------|
| Proxmox | 192.168.1.201 | root / 1qaz!QAZ |
| VM108 — Nextcloud AIO | 192.168.1.200 | new.niikn.com, cloud user |
| VM106 — Mailcow | 192.168.1.128 | mail.niikn.com, cloud / 1qaz!QAZ |
| VM100 — Старый Nextcloud | 192.168.1.245 (DHCP) | NC 30.0.10, источник миграции |
| LXC 110 — SMB | 192.168.1.79 | admin / 1qaz!QAZ |
| VM107 — Matrix | 192.168.1.133 | matrix.niikn.com, Synapse + Element |
| NPM | 192.168.1.22 | Nginx Proxy Manager |
| MikroTik | 192.168.1.1 | Основной роутер |
| Компонент | IP | Описание |
|--------------------------|----------------------|-------------------------------------|
| Proxmox | 192.168.1.201 | root / 1qaz!QAZ |
| VM108 — Nextcloud AIO | 192.168.1.200 | new.niikn.com, cloud user |
| VM106 — Mailcow | 192.168.1.128 | mail.niikn.com, cloud / 1qaz!QAZ |
| VM100 — Старый Nextcloud | 192.168.1.245 (DHCP) | NC 30.0.10, источник миграции |
| LXC 110 — SMB | 192.168.1.79 | admin / 1qaz!QAZ |
| VM107 — Matrix | 192.168.1.133 | matrix.niikn.com, Synapse + Element |
| NPM | 192.168.1.22 | Nginx Proxy Manager |
| MikroTik | 192.168.1.1 | Основной роутер |
## Сервисы
@@ -38,25 +38,28 @@
- **Конфиг:** `/opt/mailcow-dockerized/mailcow.conf` (DBPASS=8VcUSgpKEOoxNojIZBRJx0FzMxzm)
### MikroTik проброс портов → 192.168.1.128
| Порт | Протокол | Назначение |
|------|----------|------------|
| 25 | TCP | SMTP (приём почты) |
| 465 | TCP | SMTPS |
| 587 | TCP | Submission (отправка) |
| 993 | TCP | IMAPS |
| 995 | TCP | POP3S |
| 4190 | TCP | Sieve |
| Порт | Протокол | Назначение |
|------|----------|-----------------------|
| 25 | TCP | SMTP (приём почты) |
| 465 | TCP | SMTPS |
| 587 | TCP | Submission (отправка) |
| 993 | TCP | IMAPS |
| 995 | TCP | POP3S |
| 4190 | TCP | Sieve |
### DNS записи (niikn.com → Spaceweb)
| Тип | Имя | Значение |
|-----|-----|----------|
| A | mail | 85.235.181.190 |
| MX | @ | mail.niikn.com. (приоритет 10) |
| TXT | @ | v=spf1 mx a:mail.niikn.com ~all |
| TXT | _dmarc | v=DMARC1; p=none; rua=mailto:admin@niikn.com |
| TXT | dkim._domainkey | v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjAN... (2048-bit) |
| Тип | Имя | Значение |
|-----|-----------------|----------------------------------------------------|
| A | mail | 85.235.181.190 |
| MX | @ | mail.niikn.com. (приоритет 10) |
| TXT | @ | v=spf1 mx a:mail.niikn.com ~all |
| TXT | \_dmarc | v=DMARC1; p=none; rua=mailto:admin@niikn.com |
| TXT | dkim.\_domainkey | v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjAN... (2048-bit) |
### TODO
- [ ] PTR запись: 85.235.181.190 → mail.niikn.com (запросить у Комстар/МТС) (2026-04-18)
- [ ] Настроить SMTP в Nextcloud (2026-04-18)
@@ -68,9 +71,10 @@ bash helper-scripts/mailcow-reset-admin.sh
```
## DNS записи matrix (niikn.com → Spaceweb)
| Тип | Имя | Значение |
|-----|-----|----------|
| A | matrix | 85.235.181.190 |
| Тип | Имя | Значение |
|-----|--------|----------------|
| A | matrix | 85.235.181.190 |
## Файлы
@@ -78,18 +82,19 @@ bash helper-scripts/mailcow-reset-admin.sh
- [changelog.md](changelog.md) — полный журнал изменений
<!-- kb-auto-index -->
## Навигация
- [[projects/niikn/NC-Talk-Setup]]
- [[projects/niikn/NIIKN-ChangeLog]]
- [[projects/niikn/NIIKN-Infrastructure]]
- [[projects/niikn/changelog]]
- [[projects/niikn/clawdbot-niikn]]
- [[projects/niikn/groupfolders-migration]]
- [[projects/niikn/mailcow]]
- [[projects/niikn/matrix]]
- [[projects/niikn/mikrotik]]
- [[projects/niikn/npm]]
- [[projects/niikn/openwrt-bypass]]
- [[projects/niikn/proxmox]]
- [[projects/niikn/vpn]]
- \[\[projects/niikn/NC-Talk-Setup\]\]
- \[\[projects/niikn/NIIKN-ChangeLog\]\]
- \[\[projects/niikn/NIIKN-Infrastructure\]\]
- \[\[projects/niikn/changelog\]\]
- \[\[projects/niikn/clawdbot-niikn\]\]
- \[\[projects/niikn/groupfolders-migration\]\]
- \[\[projects/niikn/mailcow\]\]
- \[\[projects/niikn/matrix\]\]
- \[\[projects/niikn/mikrotik\]\]
- \[\[projects/niikn/npm\]\]
- \[\[projects/niikn/openwrt-bypass\]\]
- \[\[projects/niikn/proxmox\]\]
- \[\[projects/niikn/vpn\]\]

255
projects/niikn/network-topology-diagram.md Normal file
View File

@@ -0,0 +1,255 @@
---
date: 2026-05-04
type: project
tags: [niikn, diagram, mermaid]
---
# 🗺️ НИИКН — Графические схемы (Mermaid)
> Mermaid-диаграммы инфраструктуры НИИКН. Рендерятся в Obsidian / Gitea / Nextcloud Markdown.
> Источники: \[\[README\]\], \[\[proxmox\]\], \[\[mikrotik\]\], \[\[npm\]\], \[\[openwrt-bypass\]\], \[\[vpn\]\], \[\[NIIKN-Infrastructure\]\].
---
## 1. Поток трафика: Internet → MikroTik → NPM → Backend
```mermaid
flowchart LR
Internet([🌐 Internet])
MTS[МТС B2B WAN<br/>85.235.181.190<br/>⚠️ заблокирован НСПД]
MT[MikroTik hAP ac³<br/>192.168.1.1<br/>RouterOS 7.20.6]
NPM[NPM<br/>LXC 102<br/>192.168.1.22:443]
Internet -->|*.niikn.com| MTS
MTS --> MT
MT -->|HTTPS hairpin| NPM
MT -.->|SMTP/IMAP/Matrix/<br/>NC Talk/RustDesk NAT| Direct[Direct NAT to backends]
subgraph Backends["Backends 192.168.1.0/24"]
NCnew[Nextcloud AIO new<br/>:11000 · VM 108 · .200]
NCold[Nextcloud old<br/>:8080 · VM 100 · .245<br/>миграция]
Mail[Mailcow<br/>:443 · VM 106 · .128]
Matrix[Matrix Synapse<br/>:8008 · VM 107 · .133]
PVE[Proxmox WebUI<br/>:8006 · .201]
RD[RustDesk Pro<br/>:21114 · VM 112 · .112]
Maxim[Maxim-Maul-Assistant<br/>:18789 · LXC 114 · .58]
end
NPM --> NCnew
NPM --> NCold
NPM --> Mail
NPM --> Matrix
NPM --> PVE
NPM --> RD
NPM --> Maxim
Direct -.-> Mail
Direct -.-> Matrix
Direct -.-> NCnew
Direct -.-> RD
```
---
## 2. Proxmox НИИКН — структура VM/LXC
```mermaid
flowchart TB
PVE[Proxmox VE<br/>192.168.1.201 · pve.niikn.com<br/>root/1qaz!QAZ]
subgraph VMs["🖥️ QEMU VM"]
VM100[VM 100 · Cloud-nc-AIO старый<br/>.245 · NC 30.0.10 · 102 users]
VM101[VM 101 · OpenWrt<br/>.50 · podkop+AWG bypass]
VM103[VM 103 · Win11<br/>Kripto-ARM ГОСТ · 100.70.145.223]
VM104[VM 104 · Win2025]
VM106[VM 106 · Mailcow<br/>.128 · mail.niikn.com]
VM107[VM 107 · Matrix<br/>.133 · matrix.niikn.com]
VM108[VM 108 · Nextcloud AIO new<br/>.200 · new.niikn.com · NC 32.0.6]
VM111[VM 111 · KasmOS]
VM112[VM 112 · RustDesk Pro<br/>.112 · rd.niikn.com]
end
subgraph LXCs["📦 LXC"]
L102[LXC 102 · NPM<br/>.22 · npm panel]
L105[LXC 105 · Zabbix<br/>monitoring]
L109[LXC 109 · Cups-Server<br/>print server]
L110[LXC 110 · SMB<br/>.79 · /share groupfolders]
L114[LXC 114 · Maxim-Maul-Assistant<br/>.58 · @assistent_maximka_bot]
end
PVE --> VMs
PVE --> LXCs
classDef vmStyle fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef lxcStyle fill:#2d5016,stroke:#7cb342,color:#fff
classDef pveStyle fill:#5d2e1f,stroke:#d97757,color:#fff
class VM100,VM101,VM103,VM104,VM106,VM107,VM108,VM111,VM112 vmStyle
class L102,L105,L109,L110,L114 lxcStyle
class PVE pveStyle
```
---
## 3. Карта доменов *.niikn.com → IP:Port
```mermaid
flowchart LR
subgraph Core["🏠 Core"]
D1[niikn.com]
D2[new.niikn.com]
D3[pve.niikn.com]
D4[mail.niikn.com]
end
subgraph Comms["💬 Communications"]
D5[matrix.niikn.com]
D6[lk.niikn.com<br/>LiveKit]
end
subgraph Remote["🖥️ Remote"]
D7[rd.niikn.com]
D8[vpn.niikn.com]
end
D1 --> O[192.168.1.245:8080<br/>Old NC · VM 100]
D2 --> N[192.168.1.200:11000<br/>New NC AIO · VM 108]
D3 --> P[192.168.1.201:8006<br/>Proxmox]
D4 --> M[192.168.1.128:443<br/>Mailcow · VM 106]
D5 --> MX[192.168.1.133:8008<br/>Synapse · VM 107]
D6 --> LK[192.168.1.133:7881<br/>LiveKit · VM 107]
D7 --> R[192.168.1.112:21114<br/>RustDesk Pro · VM 112]
D8 --> V[78.17.4.225<br/>AmneziaWG panel<br/>Finland VPS]
```
---
## 4. Bypass-схема: FakeIP → OpenWrt → AmneziaWG → Finland
```mermaid
flowchart LR
Client[💻 Клиент НИИКН<br/>DHCP DNS = .50]
MT[MikroTik .1<br/>route 198.18.0.0/15<br/>→ .50]
OW[OpenWrt VM 101 · .50<br/>dnsmasq + sing-box<br/>FakeIP 198.18.0.0/15]
AWG[awg0 интерфейс<br/>10.8.1.16/32<br/>+ obfuscation Jc/S/H]
FIN[Finland VPS<br/>78.17.4.225:39202<br/>amnezia-awg2]
Web[🌐 Instagram / WA / TG<br/>Telegram / NotebookLM]
Client -->|DNS instagram.com| OW
OW -->|FakeIP 198.18.x.x| Client
Client -->|TCP 198.18.x.x| MT
MT -->|route| OW
OW -->|tproxy + fwmark| AWG
AWG -->|UDP 39202<br/>obfuscated| FIN
FIN -->|реальный IP| Web
Direct[Обычный трафик] -->|интернет| MT --> Internet([🌐])
classDef bypass fill:#3d2817,stroke:#d97757,color:#fff
classDef normal fill:#1e3a5f,stroke:#4a90e2,color:#fff
class OW,AWG,FIN bypass
class MT,Client normal
```
**Списки в podkop:** `meta` (WA/Instagram/FB), `telegram`, `russia_inside`, +user_domains (NotebookLM/Gemini для Оксаны Павловны).
---
## 5. NAT-проброс портов через MikroTik
```mermaid
flowchart LR
WAN[WAN 85.235.181.190]
subgraph Mail["📬 Mailcow .128"]
P1[25 · 465 · 587<br/>SMTP / Submission]
P2[993 · 995 · 4190<br/>IMAPS / POP3 / Sieve]
end
subgraph MX["💬 Matrix .133"]
P3[8448<br/>Federation]
P4[3478<br/>TURN]
P5[7881/tcp · 50100-50200/udp<br/>LiveKit]
end
subgraph NC["☁️ Nextcloud Talk .200"]
P6[3479<br/>Talk TURN]
P7[20000-20100<br/>TURN media]
P8[49152-49252<br/>RTC]
end
subgraph RD["🖥️ RustDesk .112"]
P9[21114-21119/tcp<br/>API · NAT · ID · Relay · WS]
P10[21116/udp<br/>ID hole-punch]
end
WAN --> Mail
WAN --> MX
WAN --> NC
WAN --> RD
```
---
## 6. Внешний доступ (NetBird overlay)
```mermaid
flowchart TB
NBC[NetBird Coordinator<br/>finland VPS 78.17.4.225]
subgraph LAN["🏠 НИИКН LAN 192.168.1.0/24"]
VM103N[VM 103 Win11 Kripto-ARM<br/>100.70.145.223]
VM100N[VM 100 Cloud old<br/>100.70.117.21]
end
subgraph Office["💼 Офис НИИКН"]
Domo[Hikvision Домофон<br/>.71 · через PLC + AirPort .9]
Oksana[💼 Оксана Павловна<br/>RustDesk доступ]
end
subgraph Remote["🌍 Remote"]
Mac[💻 Mac Олега<br/>100.70.92.x]
end
NBC -.- VM103N
NBC -.- VM100N
NBC -.- Mac
Mac -->|RustDesk| Oksana
Oksana -.->|Talk/Mail/КриптоАРМ| LAN
Domo -.->|Hikvision Web<br/>192.168.1.71| LAN
```
---
## 7. Sync со Spaceweb DNS (`niikn.com`)
```mermaid
flowchart LR
SW[Spaceweb DNS<br/>ns1-4.spaceweb.ru]
subgraph Records["DNS A → 85.235.181.190"]
R1[niikn.com]
R2[new.niikn.com]
R3[mail.niikn.com]
R4[matrix.niikn.com]
R5[rd.niikn.com]
R6[pve.niikn.com]
R7[lk.niikn.com]
end
subgraph Mail["MX / TXT"]
MX[MX → mail.niikn.com pri=10]
SPF[SPF v=spf1 mx a:mail.niikn.com ~all]
DKIM[DKIM 2048-bit RSA selector=dkim]
DMARC[DMARC p=none rua=admin@niikn.com]
end
SW --> Records
SW --> Mail
```
---
## Как редактировать
- Любой блок ```` ```mermaid ```` рендерится в Obsidian (Live Preview / Reading mode), Gitea web и Nextcloud Text
- Синтаксис: <https://mermaid.js.org/syntax/flowchart.html>
- Локальная проверка: <https://mermaid.live>

270
projects/znamenskoye/network-topology-diagram.md Normal file
View File

@@ -0,0 +1,270 @@
---
date: 2026-05-04
type: project
tags: [znamenskoye, diagram, mermaid]
---
# 🗺️ Знаменское — Графические схемы (Mermaid)
> Mermaid-диаграммы инфраструктуры 3 объектов Знаменского + VPS-хаба swtest.ru.
> Источники: [[../dttb/znamenskoye-network-topology|Home network]], [[../../claude-memory/znamenskoye-ohothozyistvo|Охотхозяйство]], [[../../claude-memory/znamenskoe-home|Home memory]], [[../../decisions/2026-04-21-znamenskoye-ohothozyistvo-wg-backup-channel|WG fix]].
> Управляющий: Сергей; шеф над ним.
---
## 1. Обзор: 3 объекта + VPS hub
```mermaid
flowchart TB
Internet([🌐 Internet])
subgraph VPS["☁️ VPS swtest.ru — 89.111.140.86"]
VPSwg[wg0 hub<br/>10.5.0.1/24 :51821]
VPSnb[Netbird 100.70.93.36]
DNAT[DNAT 8xxx → камеры]
end
subgraph Home["🏠 Знаменское Home (192.168.1.0/24)"]
UDM[UDM-Pro .1<br/>FW 5.0.12<br/>Netbird 100.70.100.155]
Cudy[Cudy TR3000<br/>10.3.0.1<br/>Netbird 100.70.54.204<br/>WG 10.5.0.4 → VPS]
HomeCam[12 камер XMeye + Hikvision NVR .123]
end
subgraph Ohot["🏕️ Охотхозяйство (192.168.8.0/24)"]
MTLte[MikroTik hAP ax lite LTE6<br/>192.168.8.1<br/>WAN: LTE CGNAT 7.90.8.47]
OPi[Orange Pi R1+ LTS<br/>192.168.8.254<br/>Netbird 100.70.106.227<br/>WG 10.5.0.3 → VPS]
OhotCam[6 камер + NVR HiWatch .247]
end
subgraph Z29["🏘️ Знаменское 29 (192.168.88.0/24)"]
MT29[MikroTik 192.168.88.1<br/>WG 10.5.0.2 → VPS]
Z29Cam[1 камера HiWatch .42]
end
Internet --> VPS
Cudy -.->|WG :51821| VPSwg
OPi -.->|WG :51821| VPSwg
MT29 -.->|WG :51821| VPSwg
UDM -.->|Netbird mesh| VPSnb
Cudy -.->|Netbird mesh| VPSnb
OPi -.->|Netbird mesh| VPSnb
UDM --> HomeCam
MTLte --> OhotCam
MT29 --> Z29Cam
Cudy --> UDM
classDef vps fill:#5d2e1f,stroke:#d97757,color:#fff
classDef home fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef ohot fill:#2d5016,stroke:#7cb342,color:#fff
classDef z29 fill:#3d2817,stroke:#d4a017,color:#fff
class VPSwg,VPSnb,DNAT vps
class UDM,Cudy,HomeCam home
class MTLte,OPi,OhotCam ohot
class MT29,Z29Cam z29
```
---
## 2. VPS swtest.ru (hub) — WG пиры + DNAT
```mermaid
flowchart LR
subgraph VPS["VPS Ubuntu 24.04 · 89.111.140.86 · 10.5.0.1/24:51821"]
WG[wg0 ListenPort 51821]
DN[iptables DNAT<br/>порты 8xxx]
NB[Netbird 100.70.93.36]
DK[Docker camera-proxy]
end
subgraph Peers["WG пиры"]
P1[10.5.0.2 · Знаменское 29<br/>Allowed 192.168.88.0/24<br/>UP ✓]
P2[10.5.0.3 · Охотхозяйство<br/>Allowed 192.168.8.0/24<br/>UP ✓ после fix 2026-04-21]
P3[10.5.0.4 · Знаменское Home<br/>Allowed 192.168.1.0/24, 192.168.100.0/24<br/>UP ✓ · 4.37 TiB rx]
end
WG --- P1
WG --- P2
WG --- P3
DN -->|8080,8082,8554| Z29[→ Z29 камера .42]
DN -->|8180,8100,8555| OhotNVR[→ Охот NVR .247]
DN -->|8561-8566 · 8201-8206| OhotCam[→ Охот 6 камер]
DN -->|8280,8282,8284| HomeNVR[→ Home NVR .123]
SSH[💻 ssh vps-znam<br/>~/.ssh/vps_znam_key] -->|root| VPS
```
⚠️ **VPS диск 84% used** — нужна очистка. **TODO:** сохранить vps_znam_key в Bitwarden как `VPS znam (89.111.140.86)`.
---
## 3. Знаменское Home (UDM-Pro + Cudy + видеонаблюдение)
```mermaid
flowchart TB
ISP[ISP WAN]
UDM[UDM-Pro «Знаменское»<br/>192.168.1.1 · 10.3.0.175<br/>Netbird 100.70.100.155<br/>FW 5.0.12]
Cudy[Cudy TR3000 v1<br/>OpenWrt 24.10<br/>10.3.0.1 · WAN 192.168.100.2<br/>WG → VPS · AWG → finland<br/>podkop+sing-box bypass]
ISP --> Cudy --> UDM
subgraph Switches["UniFi свитчи"]
S1[USW-16-PoE .220<br/>45W · 8 портов]
S2[Switch Lite .66<br/>45W · 6 портов]
S3[Switch Lite .96<br/>45W · 3 порта]
S4[Switch Lite .213<br/>45W · 5 портов]
end
subgraph APs["UniFi AP (3×U6-LR)"]
AP1[Гараж .133]
AP2[Охрана пост .130]
AP3[Гостевой .244]
end
subgraph Mesh["TP-Link Deco P9 mesh"]
M1[.187 master]
M2[.196]
M3[.208]
end
subgraph Cams["📹 Видеонаблюдение"]
NVR1[Hikvision DS-N316D .123<br/>16ch · ONVIF]
DVR1[TBTec XMeye .23<br/>16ch DVR]
DVR2[TBTec mini .49 · .100<br/>4ch DVR]
XM[12 камер XMeye 53H20AF<br/>2MP · ONVIF :8899]
end
UDM --> Switches
UDM --> APs
UDM -->|port 5| Mesh
Switches --> Cams
subgraph Wifi["📶 Wi-Fi сети"]
W1[ASUS — основная asus2015]
W2[Ohrana post — Qwerty123]
W3[Cam — для камер]
end
APs --> Wifi
```
⚠️ **Известные проблемы:** /boot/firmware 96% · слабые Wi-Fi пароли · WAN:80 → UDM-Pro web открыт наружу · нет VLAN.
---
## 4. Охотхозяйство (LTE + Orange Pi gateway)
```mermaid
flowchart TB
LTE[LTE оператор<br/>CGNAT 7.90.8.47]
MT[MikroTik hAP ax lite LTE6<br/>RouterOS 7.22<br/>192.168.8.1<br/>SSID Hunter]
LTE -->|lte1| MT
subgraph Gateway["🔐 Резервный канал управления"]
OPi[Orange Pi R1+ LTS · .254<br/>OpenWrt 21.02<br/>Netbird 100.70.106.227<br/>wg0 10.5.0.3 → VPS:51821]
end
MT --> OPi
OPi -.->|Netbird mesh<br/>route 192.168.8.0/24| Admin[💻 Mac Олега]
OPi -.->|WG туннель<br/>fix 2026-04-21| VPS[VPS swtest 51821]
subgraph LAN["LAN 192.168.8.0/24"]
NVR[NVR HiWatch .247<br/>Web :80 · SDK :8000 · RTSP :554]
C1[Камера 1 · .2]
C2[Камера 2 · .3]
C3[Камера 3 · .102]
C4[Камера 4 · .110]
C5[Камера 5 · .113]
C6[Камера 6 · .120]
end
MT --> LAN
Hunter[📶 SSID Hunter<br/>WPA2/3 · pw: 12345678a<br/>~12 Wi-Fi гостей]
MT --> Hunter
```
⚠️ **MikroTik wg-vps DISABLED** — ломал интернет (default route hijacking distance=2). WG только на Orange Pi.
---
## 5. Знаменское 29 (минимальный объект)
```mermaid
flowchart LR
Internet([🌐])
MT29[MikroTik 192.168.88.1<br/>admin/admin01<br/>WG 10.5.0.2 → VPS:51821]
Cam[HiWatch камера<br/>192.168.88.42<br/>admin/1qaz!QAZ<br/>Web :80 · SDK :8000 · RTSP :554]
Internet --> MT29 --> Cam
MT29 -.->|WG туннель<br/>UP ✓| VPS[VPS hub]
VPS -.->|DNAT<br/>:8080 web<br/>:8082 SDK<br/>:8554 RTSP| Cam
```
---
## 6. Каналы удалённого доступа
```mermaid
flowchart LR
Admin[💻 Олег / Сергей]
subgraph CH1["Канал 1: Netbird (основной)"]
NB[Netbird mesh<br/>relay netbird.io:443]
end
subgraph CH2["Канал 2: WG через VPS (резерв + видеопотоки)"]
WG[VPS 89.111.140.86<br/>порты 8xxx DNAT]
end
Admin --> NB
Admin -->|RTSP/Web| WG
NB -.->|100.70.100.155| Home[🏠 Home UDM-Pro]
NB -.->|100.70.106.227| OhotGW[🏕️ Охот Orange Pi]
NB -.->|100.70.54.204| Cudy[🏠 Home Cudy]
WG -.->|10.5.0.4| HomeLAN[Home LAN .1.0/24]
WG -.->|10.5.0.3| OhotLAN[Охот LAN .8.0/24]
WG -.->|10.5.0.2| Z29LAN[З-29 LAN .88.0/24]
classDef nb fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef wg fill:#5d2e1f,stroke:#d97757,color:#fff
class NB,Home,OhotGW,Cudy nb
class WG,HomeLAN,OhotLAN,Z29LAN wg
```
---
## 7. DNAT-карта портов на VPS 89.111.140.86
| Объект | WG | Сервис | Внешний порт | → Backend |
|--------|-----|--------|--------------|-----------|
| Охот | 10.5.0.3 | NVR Web | **8180** | .247:80 |
| Охот | 10.5.0.3 | NVR SDK | **8100** | .247:8000 |
| Охот | 10.5.0.3 | NVR RTSP | **8555** | .247:554 |
| Охот | 10.5.0.3 | Cam 1 RTSP/SDK | **8561 / 8201** | .2:554 / .2:8000 |
| Охот | 10.5.0.3 | Cam 2 RTSP/SDK | **8562 / 8202** | .3:554 / .3:8000 |
| Охот | 10.5.0.3 | Cam 3 RTSP/SDK | **8563 / 8203** | .102:554 / .102:8000 |
| Охот | 10.5.0.3 | Cam 4 RTSP/SDK | **8564 / 8204** | .110:554 / .110:8000 |
| Охот | 10.5.0.3 | Cam 5 RTSP/SDK | **8565 / 8205** | .113:554 / .113:8000 |
| Охот | 10.5.0.3 | Cam 6 RTSP/SDK | **8566 / 8206** | .120:554 / .120:8000 |
| З-29 | 10.5.0.2 | Cam Web/SDK/RTSP | **8080 / 8082 / 8554** | .42:80 / :8000 / :554 |
| Home | 10.5.0.4 | NVR Web/SDK/RTSP | **8280 / 8282 / 8284** | .123:80 / :8000 / :554 |
---
## Учётные данные (краткая выжимка)
| Объект | Узел | Логин / Пароль | Доступ |
|--------|------|----------------|--------|
| Home | UDM-Pro | admin / 1qaz!QAZ | Netbird 100.70.100.155 |
| Home | Cudy | root / 1qaz!QAZ | Netbird 100.70.54.204 |
| Home | NVR Hikvision | admin / 1qaz!QAZ | 192.168.1.123 |
| Охот | MikroTik | admin / 1qaz!QAZ | REST/SSH 192.168.8.1 |
| Охот | Orange Pi | root / 1qaz!QAZ | SSH (Dropbear, expect) |
| З-29 | MikroTik | admin / admin01 | 192.168.88.1 |
| З-29 | Камера | admin / 1qaz!QAZ | 192.168.88.42 |
| VPS | swtest.ru | root + ключ | `ssh vps-znam` (~/.ssh/vps_znam_key) |