---
date: 2026-05-04
type: project
tags: [niikn, diagram, mermaid]
---
# 🗺️ НИИКН — Графические схемы (Mermaid)
> Mermaid-диаграммы инфраструктуры НИИКН. Рендерятся в Obsidian / Gitea / Nextcloud Markdown.
> Источники: \[\[README\]\], \[\[proxmox\]\], \[\[mikrotik\]\], \[\[npm\]\], \[\[openwrt-bypass\]\], \[\[vpn\]\], \[\[NIIKN-Infrastructure\]\].
---
## 1. Поток трафика: Internet → MikroTik → NPM → Backend
```mermaid
flowchart LR
Internet([🌐 Internet])
MTS[МТС B2B WAN
85.235.181.190
⚠️ заблокирован НСПД]
MT[MikroTik hAP ac³
192.168.1.1
RouterOS 7.20.6]
NPM[NPM
LXC 102
192.168.1.22:443]
Internet -->|*.niikn.com| MTS
MTS --> MT
MT -->|HTTPS hairpin| NPM
MT -.->|SMTP/IMAP/Matrix/
NC Talk/RustDesk NAT| Direct[Direct NAT to backends]
subgraph Backends["Backends 192.168.1.0/24"]
NCnew[Nextcloud AIO new
:11000 · VM 108 · .200]
NCold[Nextcloud old
:8080 · VM 100 · .245
миграция]
Mail[Mailcow
:443 · VM 106 · .128]
Matrix[Matrix Synapse
:8008 · VM 107 · .133]
PVE[Proxmox WebUI
:8006 · .201]
RD[RustDesk Pro
:21114 · VM 112 · .112]
Maxim[Maxim-Maul-Assistant
:18789 · LXC 114 · .58]
end
NPM --> NCnew
NPM --> NCold
NPM --> Mail
NPM --> Matrix
NPM --> PVE
NPM --> RD
NPM --> Maxim
Direct -.-> Mail
Direct -.-> Matrix
Direct -.-> NCnew
Direct -.-> RD
```
---
## 2. Proxmox НИИКН — структура VM/LXC
```mermaid
flowchart TB
PVE[Proxmox VE
192.168.1.201 · pve.niikn.com
root/1qaz!QAZ]
subgraph VMs["🖥️ QEMU VM"]
VM100[VM 100 · Cloud-nc-AIO старый
.245 · NC 30.0.10 · 102 users]
VM101[VM 101 · OpenWrt
.50 · podkop+AWG bypass]
VM103[VM 103 · Win11
Kripto-ARM ГОСТ · 100.70.145.223]
VM104[VM 104 · Win2025]
VM106[VM 106 · Mailcow
.128 · mail.niikn.com]
VM107[VM 107 · Matrix
.133 · matrix.niikn.com]
VM108[VM 108 · Nextcloud AIO new
.200 · new.niikn.com · NC 32.0.6]
VM111[VM 111 · KasmOS]
VM112[VM 112 · RustDesk Pro
.112 · rd.niikn.com]
end
subgraph LXCs["📦 LXC"]
L102[LXC 102 · NPM
.22 · npm panel]
L105[LXC 105 · Zabbix
monitoring]
L109[LXC 109 · Cups-Server
print server]
L110[LXC 110 · SMB
.79 · /share groupfolders]
L114[LXC 114 · Maxim-Maul-Assistant
.58 · @assistent_maximka_bot]
end
PVE --> VMs
PVE --> LXCs
classDef vmStyle fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef lxcStyle fill:#2d5016,stroke:#7cb342,color:#fff
classDef pveStyle fill:#5d2e1f,stroke:#d97757,color:#fff
class VM100,VM101,VM103,VM104,VM106,VM107,VM108,VM111,VM112 vmStyle
class L102,L105,L109,L110,L114 lxcStyle
class PVE pveStyle
```
---
## 3. Карта доменов *.niikn.com → IP:Port
```mermaid
flowchart LR
subgraph Core["🏠 Core"]
D1[niikn.com]
D2[new.niikn.com]
D3[pve.niikn.com]
D4[mail.niikn.com]
end
subgraph Comms["💬 Communications"]
D5[matrix.niikn.com]
D6[lk.niikn.com
LiveKit]
end
subgraph Remote["🖥️ Remote"]
D7[rd.niikn.com]
D8[vpn.niikn.com]
end
D1 --> O[192.168.1.245:8080
Old NC · VM 100]
D2 --> N[192.168.1.200:11000
New NC AIO · VM 108]
D3 --> P[192.168.1.201:8006
Proxmox]
D4 --> M[192.168.1.128:443
Mailcow · VM 106]
D5 --> MX[192.168.1.133:8008
Synapse · VM 107]
D6 --> LK[192.168.1.133:7881
LiveKit · VM 107]
D7 --> R[192.168.1.112:21114
RustDesk Pro · VM 112]
D8 --> V[78.17.4.225
AmneziaWG panel
Finland VPS]
```
---
## 4. Bypass-схема: FakeIP → OpenWrt → AmneziaWG → Finland
```mermaid
flowchart LR
Client[💻 Клиент НИИКН
DHCP DNS = .50]
MT[MikroTik .1
route 198.18.0.0/15
→ .50]
OW[OpenWrt VM 101 · .50
dnsmasq + sing-box
FakeIP 198.18.0.0/15]
AWG[awg0 интерфейс
10.8.1.16/32
+ obfuscation Jc/S/H]
FIN[Finland VPS
78.17.4.225:39202
amnezia-awg2]
Web[🌐 Instagram / WA / TG
Telegram / NotebookLM]
Client -->|DNS instagram.com| OW
OW -->|FakeIP 198.18.x.x| Client
Client -->|TCP 198.18.x.x| MT
MT -->|route| OW
OW -->|tproxy + fwmark| AWG
AWG -->|UDP 39202
obfuscated| FIN
FIN -->|реальный IP| Web
Direct[Обычный трафик] -->|интернет| MT --> Internet([🌐])
classDef bypass fill:#3d2817,stroke:#d97757,color:#fff
classDef normal fill:#1e3a5f,stroke:#4a90e2,color:#fff
class OW,AWG,FIN bypass
class MT,Client normal
```
**Списки в podkop:** `meta` (WA/Instagram/FB), `telegram`, `russia_inside`, +user_domains (NotebookLM/Gemini для Оксаны Павловны).
---
## 5. NAT-проброс портов через MikroTik
```mermaid
flowchart LR
WAN[WAN 85.235.181.190]
subgraph Mail["📬 Mailcow .128"]
P1[25 · 465 · 587
SMTP / Submission]
P2[993 · 995 · 4190
IMAPS / POP3 / Sieve]
end
subgraph MX["💬 Matrix .133"]
P3[8448
Federation]
P4[3478
TURN]
P5[7881/tcp · 50100-50200/udp
LiveKit]
end
subgraph NC["☁️ Nextcloud Talk .200"]
P6[3479
Talk TURN]
P7[20000-20100
TURN media]
P8[49152-49252
RTC]
end
subgraph RD["🖥️ RustDesk .112"]
P9[21114-21119/tcp
API · NAT · ID · Relay · WS]
P10[21116/udp
ID hole-punch]
end
WAN --> Mail
WAN --> MX
WAN --> NC
WAN --> RD
```
---
## 6. Внешний доступ (NetBird overlay)
```mermaid
flowchart TB
NBC[NetBird Coordinator
finland VPS 78.17.4.225]
subgraph LAN["🏠 НИИКН LAN 192.168.1.0/24"]
VM103N[VM 103 Win11 Kripto-ARM
100.70.145.223]
VM100N[VM 100 Cloud old
100.70.117.21]
end
subgraph Office["💼 Офис НИИКН"]
Domo[Hikvision Домофон
.71 · через PLC + AirPort .9]
Oksana[💼 Оксана Павловна
RustDesk доступ]
end
subgraph Remote["🌍 Remote"]
Mac[💻 Mac Олега
100.70.92.x]
end
NBC -.- VM103N
NBC -.- VM100N
NBC -.- Mac
Mac -->|RustDesk| Oksana
Oksana -.->|Talk/Mail/КриптоАРМ| LAN
Domo -.->|Hikvision Web
192.168.1.71| LAN
```
---
## 7. Sync со Spaceweb DNS (`niikn.com`)
```mermaid
flowchart LR
SW[Spaceweb DNS
ns1-4.spaceweb.ru]
subgraph Records["DNS A → 85.235.181.190"]
R1[niikn.com]
R2[new.niikn.com]
R3[mail.niikn.com]
R4[matrix.niikn.com]
R5[rd.niikn.com]
R6[pve.niikn.com]
R7[lk.niikn.com]
end
subgraph Mail["MX / TXT"]
MX[MX → mail.niikn.com pri=10]
SPF[SPF v=spf1 mx a:mail.niikn.com ~all]
DKIM[DKIM 2048-bit RSA selector=dkim]
DMARC[DMARC p=none rua=admin@niikn.com]
end
SW --> Records
SW --> Mail
```
---
## Как редактировать
- Любой блок ```` ```mermaid ```` рендерится в Obsidian (Live Preview / Reading mode), Gitea web и Nextcloud Text
- Синтаксис:
- Локальная проверка: