271 lines
9.3 KiB
Markdown
271 lines
9.3 KiB
Markdown
---
|
||
date: 2026-05-04
|
||
type: project
|
||
tags: [znamenskoye, diagram, mermaid]
|
||
---
|
||
|
||
# 🗺️ Знаменское — Графические схемы (Mermaid)
|
||
|
||
> Mermaid-диаграммы инфраструктуры 3 объектов Знаменского + VPS-хаба swtest.ru.
|
||
> Источники: [[../dttb/znamenskoye-network-topology|Home network]], [[../../claude-memory/znamenskoye-ohothozyistvo|Охотхозяйство]], [[../../claude-memory/znamenskoe-home|Home memory]], [[../../decisions/2026-04-21-znamenskoye-ohothozyistvo-wg-backup-channel|WG fix]].
|
||
> Управляющий: Сергей; шеф над ним.
|
||
|
||
---
|
||
|
||
## 1. Обзор: 3 объекта + VPS hub
|
||
|
||
```mermaid
|
||
flowchart TB
|
||
Internet([🌐 Internet])
|
||
|
||
subgraph VPS["☁️ VPS swtest.ru — 89.111.140.86"]
|
||
VPSwg[wg0 hub<br/>10.5.0.1/24 :51821]
|
||
VPSnb[Netbird 100.70.93.36]
|
||
DNAT[DNAT 8xxx → камеры]
|
||
end
|
||
|
||
subgraph Home["🏠 Знаменское Home (192.168.1.0/24)"]
|
||
UDM[UDM-Pro .1<br/>FW 5.0.12<br/>Netbird 100.70.100.155]
|
||
Cudy[Cudy TR3000<br/>10.3.0.1<br/>Netbird 100.70.54.204<br/>WG 10.5.0.4 → VPS]
|
||
HomeCam[12 камер XMeye + Hikvision NVR .123]
|
||
end
|
||
|
||
subgraph Ohot["🏕️ Охотхозяйство (192.168.8.0/24)"]
|
||
MTLte[MikroTik hAP ax lite LTE6<br/>192.168.8.1<br/>WAN: LTE CGNAT 7.90.8.47]
|
||
OPi[Orange Pi R1+ LTS<br/>192.168.8.254<br/>Netbird 100.70.106.227<br/>WG 10.5.0.3 → VPS]
|
||
OhotCam[6 камер + NVR HiWatch .247]
|
||
end
|
||
|
||
subgraph Z29["🏘️ Знаменское 29 (192.168.88.0/24)"]
|
||
MT29[MikroTik 192.168.88.1<br/>WG 10.5.0.2 → VPS]
|
||
Z29Cam[1 камера HiWatch .42]
|
||
end
|
||
|
||
Internet --> VPS
|
||
Cudy -.->|WG :51821| VPSwg
|
||
OPi -.->|WG :51821| VPSwg
|
||
MT29 -.->|WG :51821| VPSwg
|
||
UDM -.->|Netbird mesh| VPSnb
|
||
Cudy -.->|Netbird mesh| VPSnb
|
||
OPi -.->|Netbird mesh| VPSnb
|
||
|
||
UDM --> HomeCam
|
||
MTLte --> OhotCam
|
||
MT29 --> Z29Cam
|
||
Cudy --> UDM
|
||
|
||
classDef vps fill:#5d2e1f,stroke:#d97757,color:#fff
|
||
classDef home fill:#1e3a5f,stroke:#4a90e2,color:#fff
|
||
classDef ohot fill:#2d5016,stroke:#7cb342,color:#fff
|
||
classDef z29 fill:#3d2817,stroke:#d4a017,color:#fff
|
||
class VPSwg,VPSnb,DNAT vps
|
||
class UDM,Cudy,HomeCam home
|
||
class MTLte,OPi,OhotCam ohot
|
||
class MT29,Z29Cam z29
|
||
```
|
||
|
||
---
|
||
|
||
## 2. VPS swtest.ru (hub) — WG пиры + DNAT
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
subgraph VPS["VPS Ubuntu 24.04 · 89.111.140.86 · 10.5.0.1/24:51821"]
|
||
WG[wg0 ListenPort 51821]
|
||
DN[iptables DNAT<br/>порты 8xxx]
|
||
NB[Netbird 100.70.93.36]
|
||
DK[Docker camera-proxy]
|
||
end
|
||
|
||
subgraph Peers["WG пиры"]
|
||
P1[10.5.0.2 · Знаменское 29<br/>Allowed 192.168.88.0/24<br/>UP ✓]
|
||
P2[10.5.0.3 · Охотхозяйство<br/>Allowed 192.168.8.0/24<br/>UP ✓ после fix 2026-04-21]
|
||
P3[10.5.0.4 · Знаменское Home<br/>Allowed 192.168.1.0/24, 192.168.100.0/24<br/>UP ✓ · 4.37 TiB rx]
|
||
end
|
||
|
||
WG --- P1
|
||
WG --- P2
|
||
WG --- P3
|
||
|
||
DN -->|8080,8082,8554| Z29[→ Z29 камера .42]
|
||
DN -->|8180,8100,8555| OhotNVR[→ Охот NVR .247]
|
||
DN -->|8561-8566 · 8201-8206| OhotCam[→ Охот 6 камер]
|
||
DN -->|8280,8282,8284| HomeNVR[→ Home NVR .123]
|
||
|
||
SSH[💻 ssh vps-znam<br/>~/.ssh/vps_znam_key] -->|root| VPS
|
||
```
|
||
|
||
⚠️ **VPS диск 84% used** — нужна очистка. **TODO:** сохранить vps_znam_key в Bitwarden как `VPS znam (89.111.140.86)`.
|
||
|
||
---
|
||
|
||
## 3. Знаменское Home (UDM-Pro + Cudy + видеонаблюдение)
|
||
|
||
```mermaid
|
||
flowchart TB
|
||
ISP[ISP WAN]
|
||
UDM[UDM-Pro «Знаменское»<br/>192.168.1.1 · 10.3.0.175<br/>Netbird 100.70.100.155<br/>FW 5.0.12]
|
||
Cudy[Cudy TR3000 v1<br/>OpenWrt 24.10<br/>10.3.0.1 · WAN 192.168.100.2<br/>WG → VPS · AWG → finland<br/>podkop+sing-box bypass]
|
||
|
||
ISP --> Cudy --> UDM
|
||
|
||
subgraph Switches["UniFi свитчи"]
|
||
S1[USW-16-PoE .220<br/>45W · 8 портов]
|
||
S2[Switch Lite .66<br/>45W · 6 портов]
|
||
S3[Switch Lite .96<br/>45W · 3 порта]
|
||
S4[Switch Lite .213<br/>45W · 5 портов]
|
||
end
|
||
|
||
subgraph APs["UniFi AP (3×U6-LR)"]
|
||
AP1[Гараж .133]
|
||
AP2[Охрана пост .130]
|
||
AP3[Гостевой .244]
|
||
end
|
||
|
||
subgraph Mesh["TP-Link Deco P9 mesh"]
|
||
M1[.187 master]
|
||
M2[.196]
|
||
M3[.208]
|
||
end
|
||
|
||
subgraph Cams["📹 Видеонаблюдение"]
|
||
NVR1[Hikvision DS-N316D .123<br/>16ch · ONVIF]
|
||
DVR1[TBTec XMeye .23<br/>16ch DVR]
|
||
DVR2[TBTec mini .49 · .100<br/>4ch DVR]
|
||
XM[12 камер XMeye 53H20AF<br/>2MP · ONVIF :8899]
|
||
end
|
||
|
||
UDM --> Switches
|
||
UDM --> APs
|
||
UDM -->|port 5| Mesh
|
||
Switches --> Cams
|
||
|
||
subgraph Wifi["📶 Wi-Fi сети"]
|
||
W1[ASUS — основная asus2015]
|
||
W2[Ohrana post — Qwerty123]
|
||
W3[Cam — для камер]
|
||
end
|
||
APs --> Wifi
|
||
```
|
||
|
||
⚠️ **Известные проблемы:** /boot/firmware 96% · слабые Wi-Fi пароли · WAN:80 → UDM-Pro web открыт наружу · нет VLAN.
|
||
|
||
---
|
||
|
||
## 4. Охотхозяйство (LTE + Orange Pi gateway)
|
||
|
||
```mermaid
|
||
flowchart TB
|
||
LTE[LTE оператор<br/>CGNAT 7.90.8.47]
|
||
MT[MikroTik hAP ax lite LTE6<br/>RouterOS 7.22<br/>192.168.8.1<br/>SSID Hunter]
|
||
|
||
LTE -->|lte1| MT
|
||
|
||
subgraph Gateway["🔐 Резервный канал управления"]
|
||
OPi[Orange Pi R1+ LTS · .254<br/>OpenWrt 21.02<br/>Netbird 100.70.106.227<br/>wg0 10.5.0.3 → VPS:51821]
|
||
end
|
||
|
||
MT --> OPi
|
||
OPi -.->|Netbird mesh<br/>route 192.168.8.0/24| Admin[💻 Mac Олега]
|
||
OPi -.->|WG туннель<br/>fix 2026-04-21| VPS[VPS swtest 51821]
|
||
|
||
subgraph LAN["LAN 192.168.8.0/24"]
|
||
NVR[NVR HiWatch .247<br/>Web :80 · SDK :8000 · RTSP :554]
|
||
C1[Камера 1 · .2]
|
||
C2[Камера 2 · .3]
|
||
C3[Камера 3 · .102]
|
||
C4[Камера 4 · .110]
|
||
C5[Камера 5 · .113]
|
||
C6[Камера 6 · .120]
|
||
end
|
||
|
||
MT --> LAN
|
||
|
||
Hunter[📶 SSID Hunter<br/>WPA2/3 · pw: 12345678a<br/>~12 Wi-Fi гостей]
|
||
MT --> Hunter
|
||
```
|
||
|
||
⚠️ **MikroTik wg-vps DISABLED** — ломал интернет (default route hijacking distance=2). WG только на Orange Pi.
|
||
|
||
---
|
||
|
||
## 5. Знаменское 29 (минимальный объект)
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
Internet([🌐])
|
||
MT29[MikroTik 192.168.88.1<br/>admin/admin01<br/>WG 10.5.0.2 → VPS:51821]
|
||
Cam[HiWatch камера<br/>192.168.88.42<br/>admin/1qaz!QAZ<br/>Web :80 · SDK :8000 · RTSP :554]
|
||
|
||
Internet --> MT29 --> Cam
|
||
MT29 -.->|WG туннель<br/>UP ✓| VPS[VPS hub]
|
||
|
||
VPS -.->|DNAT<br/>:8080 web<br/>:8082 SDK<br/>:8554 RTSP| Cam
|
||
```
|
||
|
||
---
|
||
|
||
## 6. Каналы удалённого доступа
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
Admin[💻 Олег / Сергей]
|
||
|
||
subgraph CH1["Канал 1: Netbird (основной)"]
|
||
NB[Netbird mesh<br/>relay netbird.io:443]
|
||
end
|
||
|
||
subgraph CH2["Канал 2: WG через VPS (резерв + видеопотоки)"]
|
||
WG[VPS 89.111.140.86<br/>порты 8xxx DNAT]
|
||
end
|
||
|
||
Admin --> NB
|
||
Admin -->|RTSP/Web| WG
|
||
|
||
NB -.->|100.70.100.155| Home[🏠 Home UDM-Pro]
|
||
NB -.->|100.70.106.227| OhotGW[🏕️ Охот Orange Pi]
|
||
NB -.->|100.70.54.204| Cudy[🏠 Home Cudy]
|
||
|
||
WG -.->|10.5.0.4| HomeLAN[Home LAN .1.0/24]
|
||
WG -.->|10.5.0.3| OhotLAN[Охот LAN .8.0/24]
|
||
WG -.->|10.5.0.2| Z29LAN[З-29 LAN .88.0/24]
|
||
|
||
classDef nb fill:#1e3a5f,stroke:#4a90e2,color:#fff
|
||
classDef wg fill:#5d2e1f,stroke:#d97757,color:#fff
|
||
class NB,Home,OhotGW,Cudy nb
|
||
class WG,HomeLAN,OhotLAN,Z29LAN wg
|
||
```
|
||
|
||
---
|
||
|
||
## 7. DNAT-карта портов на VPS 89.111.140.86
|
||
|
||
| Объект | WG | Сервис | Внешний порт | → Backend |
|
||
|--------|-----|--------|--------------|-----------|
|
||
| Охот | 10.5.0.3 | NVR Web | **8180** | .247:80 |
|
||
| Охот | 10.5.0.3 | NVR SDK | **8100** | .247:8000 |
|
||
| Охот | 10.5.0.3 | NVR RTSP | **8555** | .247:554 |
|
||
| Охот | 10.5.0.3 | Cam 1 RTSP/SDK | **8561 / 8201** | .2:554 / .2:8000 |
|
||
| Охот | 10.5.0.3 | Cam 2 RTSP/SDK | **8562 / 8202** | .3:554 / .3:8000 |
|
||
| Охот | 10.5.0.3 | Cam 3 RTSP/SDK | **8563 / 8203** | .102:554 / .102:8000 |
|
||
| Охот | 10.5.0.3 | Cam 4 RTSP/SDK | **8564 / 8204** | .110:554 / .110:8000 |
|
||
| Охот | 10.5.0.3 | Cam 5 RTSP/SDK | **8565 / 8205** | .113:554 / .113:8000 |
|
||
| Охот | 10.5.0.3 | Cam 6 RTSP/SDK | **8566 / 8206** | .120:554 / .120:8000 |
|
||
| З-29 | 10.5.0.2 | Cam Web/SDK/RTSP | **8080 / 8082 / 8554** | .42:80 / :8000 / :554 |
|
||
| Home | 10.5.0.4 | NVR Web/SDK/RTSP | **8280 / 8282 / 8284** | .123:80 / :8000 / :554 |
|
||
|
||
---
|
||
|
||
## Учётные данные (краткая выжимка)
|
||
|
||
| Объект | Узел | Логин / Пароль | Доступ |
|
||
|--------|------|----------------|--------|
|
||
| Home | UDM-Pro | admin / 1qaz!QAZ | Netbird 100.70.100.155 |
|
||
| Home | Cudy | root / 1qaz!QAZ | Netbird 100.70.54.204 |
|
||
| Home | NVR Hikvision | admin / 1qaz!QAZ | 192.168.1.123 |
|
||
| Охот | MikroTik | admin / 1qaz!QAZ | REST/SSH 192.168.8.1 |
|
||
| Охот | Orange Pi | root / 1qaz!QAZ | SSH (Dropbear, expect) |
|
||
| З-29 | MikroTik | admin / admin01 | 192.168.88.1 |
|
||
| З-29 | Камера | admin / 1qaz!QAZ | 192.168.88.42 |
|
||
| VPS | swtest.ru | root + ключ | `ssh vps-znam` (~/.ssh/vps_znam_key) |
|