oleg/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

diagrams: добавлены mermaid-схемы для НИИКН и Знаменского

Browse Source
This commit is contained in:
dttb
2026-05-04 10:10:33 +03:00
parent d2969b4751
commit 93ade1c65b
421 changed files with 13837 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
projects/niikn/README.md
View File

@@ -2,16 +2,16 @@
## Инфраструктура
| Компонент | IP | Описание |
|-----------|-----|----------|
| Proxmox | 192.168.1.201 | root / 1qaz!QAZ |
| VM108 — Nextcloud AIO | 192.168.1.200 | new.niikn.com, cloud user |
| VM106 — Mailcow | 192.168.1.128 | mail.niikn.com, cloud / 1qaz!QAZ |
| VM100 — Старый Nextcloud | 192.168.1.245 (DHCP) | NC 30.0.10, источник миграции |
| LXC 110 — SMB | 192.168.1.79 | admin / 1qaz!QAZ |
| VM107 — Matrix | 192.168.1.133 | matrix.niikn.com, Synapse + Element |
| NPM | 192.168.1.22 | Nginx Proxy Manager |
| MikroTik | 192.168.1.1 | Основной роутер |
| Компонент | IP | Описание |
|--------------------------|----------------------|-------------------------------------|
| Proxmox | 192.168.1.201 | root / 1qaz!QAZ |
| VM108 — Nextcloud AIO | 192.168.1.200 | new.niikn.com, cloud user |
| VM106 — Mailcow | 192.168.1.128 | mail.niikn.com, cloud / 1qaz!QAZ |
| VM100 — Старый Nextcloud | 192.168.1.245 (DHCP) | NC 30.0.10, источник миграции |
| LXC 110 — SMB | 192.168.1.79 | admin / 1qaz!QAZ |
| VM107 — Matrix | 192.168.1.133 | matrix.niikn.com, Synapse + Element |
| NPM | 192.168.1.22 | Nginx Proxy Manager |
| MikroTik | 192.168.1.1 | Основной роутер |
## Сервисы
@@ -38,25 +38,28 @@
- **Конфиг:** `/opt/mailcow-dockerized/mailcow.conf` (DBPASS=8VcUSgpKEOoxNojIZBRJx0FzMxzm)
### MikroTik проброс портов → 192.168.1.128
| Порт | Протокол | Назначение |
|------|----------|------------|
| 25 | TCP | SMTP (приём почты) |
| 465 | TCP | SMTPS |
| 587 | TCP | Submission (отправка) |
| 993 | TCP | IMAPS |
| 995 | TCP | POP3S |
| 4190 | TCP | Sieve |
| Порт | Протокол | Назначение |
|------|----------|-----------------------|
| 25 | TCP | SMTP (приём почты) |
| 465 | TCP | SMTPS |
| 587 | TCP | Submission (отправка) |
| 993 | TCP | IMAPS |
| 995 | TCP | POP3S |
| 4190 | TCP | Sieve |
### DNS записи (niikn.com → Spaceweb)
| Тип | Имя | Значение |
|-----|-----|----------|
| A | mail | 85.235.181.190 |
| MX | @ | mail.niikn.com. (приоритет 10) |
| TXT | @ | v=spf1 mx a:mail.niikn.com ~all |
| TXT | _dmarc | v=DMARC1; p=none; rua=mailto:admin@niikn.com |
| TXT | dkim._domainkey | v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjAN... (2048-bit) |
| Тип | Имя | Значение |
|-----|-----------------|----------------------------------------------------|
| A | mail | 85.235.181.190 |
| MX | @ | mail.niikn.com. (приоритет 10) |
| TXT | @ | v=spf1 mx a:mail.niikn.com ~all |
| TXT | \_dmarc | v=DMARC1; p=none; rua=mailto:admin@niikn.com |
| TXT | dkim.\_domainkey | v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjAN... (2048-bit) |
### TODO
- [ ] PTR запись: 85.235.181.190 → mail.niikn.com (запросить у Комстар/МТС) (2026-04-18)
- [ ] Настроить SMTP в Nextcloud (2026-04-18)
@@ -68,9 +71,10 @@ bash helper-scripts/mailcow-reset-admin.sh
```
## DNS записи matrix (niikn.com → Spaceweb)
| Тип | Имя | Значение |
|-----|-----|----------|
| A | matrix | 85.235.181.190 |
| Тип | Имя | Значение |
|-----|--------|----------------|
| A | matrix | 85.235.181.190 |
## Файлы
@@ -78,18 +82,19 @@ bash helper-scripts/mailcow-reset-admin.sh
- [changelog.md](changelog.md) — полный журнал изменений
<!-- kb-auto-index -->
## Навигация
- [[projects/niikn/NC-Talk-Setup]]
- [[projects/niikn/NIIKN-ChangeLog]]
- [[projects/niikn/NIIKN-Infrastructure]]
- [[projects/niikn/changelog]]
- [[projects/niikn/clawdbot-niikn]]
- [[projects/niikn/groupfolders-migration]]
- [[projects/niikn/mailcow]]
- [[projects/niikn/matrix]]
- [[projects/niikn/mikrotik]]
- [[projects/niikn/npm]]
- [[projects/niikn/openwrt-bypass]]
- [[projects/niikn/proxmox]]
- [[projects/niikn/vpn]]
- \[\[projects/niikn/NC-Talk-Setup\]\]
- \[\[projects/niikn/NIIKN-ChangeLog\]\]
- \[\[projects/niikn/NIIKN-Infrastructure\]\]
- \[\[projects/niikn/changelog\]\]
- \[\[projects/niikn/clawdbot-niikn\]\]
- \[\[projects/niikn/groupfolders-migration\]\]
- \[\[projects/niikn/mailcow\]\]
- \[\[projects/niikn/matrix\]\]
- \[\[projects/niikn/mikrotik\]\]
- \[\[projects/niikn/npm\]\]
- \[\[projects/niikn/openwrt-bypass\]\]
- \[\[projects/niikn/proxmox\]\]
- \[\[projects/niikn/vpn\]\]

255
projects/niikn/network-topology-diagram.md Normal file
View File

@@ -0,0 +1,255 @@
---
date: 2026-05-04
type: project
tags: [niikn, diagram, mermaid]
---
# 🗺️ НИИКН — Графические схемы (Mermaid)
> Mermaid-диаграммы инфраструктуры НИИКН. Рендерятся в Obsidian / Gitea / Nextcloud Markdown.
> Источники: \[\[README\]\], \[\[proxmox\]\], \[\[mikrotik\]\], \[\[npm\]\], \[\[openwrt-bypass\]\], \[\[vpn\]\], \[\[NIIKN-Infrastructure\]\].
---
## 1. Поток трафика: Internet → MikroTik → NPM → Backend
```mermaid
flowchart LR
Internet([🌐 Internet])
MTS[МТС B2B WAN<br/>85.235.181.190<br/>⚠️ заблокирован НСПД]
MT[MikroTik hAP ac³<br/>192.168.1.1<br/>RouterOS 7.20.6]
NPM[NPM<br/>LXC 102<br/>192.168.1.22:443]
Internet -->|*.niikn.com| MTS
MTS --> MT
MT -->|HTTPS hairpin| NPM
MT -.->|SMTP/IMAP/Matrix/<br/>NC Talk/RustDesk NAT| Direct[Direct NAT to backends]
subgraph Backends["Backends 192.168.1.0/24"]
NCnew[Nextcloud AIO new<br/>:11000 · VM 108 · .200]
NCold[Nextcloud old<br/>:8080 · VM 100 · .245<br/>миграция]
Mail[Mailcow<br/>:443 · VM 106 · .128]
Matrix[Matrix Synapse<br/>:8008 · VM 107 · .133]
PVE[Proxmox WebUI<br/>:8006 · .201]
RD[RustDesk Pro<br/>:21114 · VM 112 · .112]
Maxim[Maxim-Maul-Assistant<br/>:18789 · LXC 114 · .58]
end
NPM --> NCnew
NPM --> NCold
NPM --> Mail
NPM --> Matrix
NPM --> PVE
NPM --> RD
NPM --> Maxim
Direct -.-> Mail
Direct -.-> Matrix
Direct -.-> NCnew
Direct -.-> RD
```
---
## 2. Proxmox НИИКН — структура VM/LXC
```mermaid
flowchart TB
PVE[Proxmox VE<br/>192.168.1.201 · pve.niikn.com<br/>root/1qaz!QAZ]
subgraph VMs["🖥️ QEMU VM"]
VM100[VM 100 · Cloud-nc-AIO старый<br/>.245 · NC 30.0.10 · 102 users]
VM101[VM 101 · OpenWrt<br/>.50 · podkop+AWG bypass]
VM103[VM 103 · Win11<br/>Kripto-ARM ГОСТ · 100.70.145.223]
VM104[VM 104 · Win2025]
VM106[VM 106 · Mailcow<br/>.128 · mail.niikn.com]
VM107[VM 107 · Matrix<br/>.133 · matrix.niikn.com]
VM108[VM 108 · Nextcloud AIO new<br/>.200 · new.niikn.com · NC 32.0.6]
VM111[VM 111 · KasmOS]
VM112[VM 112 · RustDesk Pro<br/>.112 · rd.niikn.com]
end
subgraph LXCs["📦 LXC"]
L102[LXC 102 · NPM<br/>.22 · npm panel]
L105[LXC 105 · Zabbix<br/>monitoring]
L109[LXC 109 · Cups-Server<br/>print server]
L110[LXC 110 · SMB<br/>.79 · /share groupfolders]
L114[LXC 114 · Maxim-Maul-Assistant<br/>.58 · @assistent_maximka_bot]
end
PVE --> VMs
PVE --> LXCs
classDef vmStyle fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef lxcStyle fill:#2d5016,stroke:#7cb342,color:#fff
classDef pveStyle fill:#5d2e1f,stroke:#d97757,color:#fff
class VM100,VM101,VM103,VM104,VM106,VM107,VM108,VM111,VM112 vmStyle
class L102,L105,L109,L110,L114 lxcStyle
class PVE pveStyle
```
---
## 3. Карта доменов *.niikn.com → IP:Port
```mermaid
flowchart LR
subgraph Core["🏠 Core"]
D1[niikn.com]
D2[new.niikn.com]
D3[pve.niikn.com]
D4[mail.niikn.com]
end
subgraph Comms["💬 Communications"]
D5[matrix.niikn.com]
D6[lk.niikn.com<br/>LiveKit]
end
subgraph Remote["🖥️ Remote"]
D7[rd.niikn.com]
D8[vpn.niikn.com]
end
D1 --> O[192.168.1.245:8080<br/>Old NC · VM 100]
D2 --> N[192.168.1.200:11000<br/>New NC AIO · VM 108]
D3 --> P[192.168.1.201:8006<br/>Proxmox]
D4 --> M[192.168.1.128:443<br/>Mailcow · VM 106]
D5 --> MX[192.168.1.133:8008<br/>Synapse · VM 107]
D6 --> LK[192.168.1.133:7881<br/>LiveKit · VM 107]
D7 --> R[192.168.1.112:21114<br/>RustDesk Pro · VM 112]
D8 --> V[78.17.4.225<br/>AmneziaWG panel<br/>Finland VPS]
```
---
## 4. Bypass-схема: FakeIP → OpenWrt → AmneziaWG → Finland
```mermaid
flowchart LR
Client[💻 Клиент НИИКН<br/>DHCP DNS = .50]
MT[MikroTik .1<br/>route 198.18.0.0/15<br/>→ .50]
OW[OpenWrt VM 101 · .50<br/>dnsmasq + sing-box<br/>FakeIP 198.18.0.0/15]
AWG[awg0 интерфейс<br/>10.8.1.16/32<br/>+ obfuscation Jc/S/H]
FIN[Finland VPS<br/>78.17.4.225:39202<br/>amnezia-awg2]
Web[🌐 Instagram / WA / TG<br/>Telegram / NotebookLM]
Client -->|DNS instagram.com| OW
OW -->|FakeIP 198.18.x.x| Client
Client -->|TCP 198.18.x.x| MT
MT -->|route| OW
OW -->|tproxy + fwmark| AWG
AWG -->|UDP 39202<br/>obfuscated| FIN
FIN -->|реальный IP| Web
Direct[Обычный трафик] -->|интернет| MT --> Internet([🌐])
classDef bypass fill:#3d2817,stroke:#d97757,color:#fff
classDef normal fill:#1e3a5f,stroke:#4a90e2,color:#fff
class OW,AWG,FIN bypass
class MT,Client normal
```
**Списки в podkop:** `meta` (WA/Instagram/FB), `telegram`, `russia_inside`, +user_domains (NotebookLM/Gemini для Оксаны Павловны).
---
## 5. NAT-проброс портов через MikroTik
```mermaid
flowchart LR
WAN[WAN 85.235.181.190]
subgraph Mail["📬 Mailcow .128"]
P1[25 · 465 · 587<br/>SMTP / Submission]
P2[993 · 995 · 4190<br/>IMAPS / POP3 / Sieve]
end
subgraph MX["💬 Matrix .133"]
P3[8448<br/>Federation]
P4[3478<br/>TURN]
P5[7881/tcp · 50100-50200/udp<br/>LiveKit]
end
subgraph NC["☁️ Nextcloud Talk .200"]
P6[3479<br/>Talk TURN]
P7[20000-20100<br/>TURN media]
P8[49152-49252<br/>RTC]
end
subgraph RD["🖥️ RustDesk .112"]
P9[21114-21119/tcp<br/>API · NAT · ID · Relay · WS]
P10[21116/udp<br/>ID hole-punch]
end
WAN --> Mail
WAN --> MX
WAN --> NC
WAN --> RD
```
---
## 6. Внешний доступ (NetBird overlay)
```mermaid
flowchart TB
NBC[NetBird Coordinator<br/>finland VPS 78.17.4.225]
subgraph LAN["🏠 НИИКН LAN 192.168.1.0/24"]
VM103N[VM 103 Win11 Kripto-ARM<br/>100.70.145.223]
VM100N[VM 100 Cloud old<br/>100.70.117.21]
end
subgraph Office["💼 Офис НИИКН"]
Domo[Hikvision Домофон<br/>.71 · через PLC + AirPort .9]
Oksana[💼 Оксана Павловна<br/>RustDesk доступ]
end
subgraph Remote["🌍 Remote"]
Mac[💻 Mac Олега<br/>100.70.92.x]
end
NBC -.- VM103N
NBC -.- VM100N
NBC -.- Mac
Mac -->|RustDesk| Oksana
Oksana -.->|Talk/Mail/КриптоАРМ| LAN
Domo -.->|Hikvision Web<br/>192.168.1.71| LAN
```
---
## 7. Sync со Spaceweb DNS (`niikn.com`)
```mermaid
flowchart LR
SW[Spaceweb DNS<br/>ns1-4.spaceweb.ru]
subgraph Records["DNS A → 85.235.181.190"]
R1[niikn.com]
R2[new.niikn.com]
R3[mail.niikn.com]
R4[matrix.niikn.com]
R5[rd.niikn.com]
R6[pve.niikn.com]
R7[lk.niikn.com]
end
subgraph Mail["MX / TXT"]
MX[MX → mail.niikn.com pri=10]
SPF[SPF v=spf1 mx a:mail.niikn.com ~all]
DKIM[DKIM 2048-bit RSA selector=dkim]
DMARC[DMARC p=none rua=admin@niikn.com]
end
SW --> Records
SW --> Mail
```
---
## Как редактировать
- Любой блок ```` ```mermaid ```` рендерится в Obsidian (Live Preview / Reading mode), Gitea web и Nextcloud Text
- Синтаксис: <https://mermaid.js.org/syntax/flowchart.html>
- Локальная проверка: <https://mermaid.live>