255 lines
7.5 KiB
Markdown
255 lines
7.5 KiB
Markdown
---
|
||
date: 2026-05-04
|
||
type: project
|
||
tags: [niikn, diagram, mermaid]
|
||
---
|
||
|
||
# 🗺️ НИИКН — Графические схемы (Mermaid)
|
||
|
||
> Mermaid-диаграммы инфраструктуры НИИКН. Рендерятся в Obsidian / Gitea / Nextcloud Markdown.
|
||
> Источники: \[\[README\]\], \[\[proxmox\]\], \[\[mikrotik\]\], \[\[npm\]\], \[\[openwrt-bypass\]\], \[\[vpn\]\], \[\[NIIKN-Infrastructure\]\].
|
||
|
||
---
|
||
|
||
## 1. Поток трафика: Internet → MikroTik → NPM → Backend
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
Internet([🌐 Internet])
|
||
MTS[МТС B2B WAN<br/>85.235.181.190<br/>⚠️ заблокирован НСПД]
|
||
MT[MikroTik hAP ac³<br/>192.168.1.1<br/>RouterOS 7.20.6]
|
||
NPM[NPM<br/>LXC 102<br/>192.168.1.22:443]
|
||
|
||
Internet -->|*.niikn.com| MTS
|
||
MTS --> MT
|
||
MT -->|HTTPS hairpin| NPM
|
||
MT -.->|SMTP/IMAP/Matrix/<br/>NC Talk/RustDesk NAT| Direct[Direct NAT to backends]
|
||
|
||
subgraph Backends["Backends 192.168.1.0/24"]
|
||
NCnew[Nextcloud AIO new<br/>:11000 · VM 108 · .200]
|
||
NCold[Nextcloud old<br/>:8080 · VM 100 · .245<br/>миграция]
|
||
Mail[Mailcow<br/>:443 · VM 106 · .128]
|
||
Matrix[Matrix Synapse<br/>:8008 · VM 107 · .133]
|
||
PVE[Proxmox WebUI<br/>:8006 · .201]
|
||
RD[RustDesk Pro<br/>:21114 · VM 112 · .112]
|
||
Maxim[Maxim-Maul-Assistant<br/>:18789 · LXC 114 · .58]
|
||
end
|
||
|
||
NPM --> NCnew
|
||
NPM --> NCold
|
||
NPM --> Mail
|
||
NPM --> Matrix
|
||
NPM --> PVE
|
||
NPM --> RD
|
||
NPM --> Maxim
|
||
Direct -.-> Mail
|
||
Direct -.-> Matrix
|
||
Direct -.-> NCnew
|
||
Direct -.-> RD
|
||
```
|
||
|
||
---
|
||
|
||
## 2. Proxmox НИИКН — структура VM/LXC
|
||
|
||
```mermaid
|
||
flowchart TB
|
||
PVE[Proxmox VE<br/>192.168.1.201 · pve.niikn.com<br/>root/1qaz!QAZ]
|
||
|
||
subgraph VMs["🖥️ QEMU VM"]
|
||
VM100[VM 100 · Cloud-nc-AIO старый<br/>.245 · NC 30.0.10 · 102 users]
|
||
VM101[VM 101 · OpenWrt<br/>.50 · podkop+AWG bypass]
|
||
VM103[VM 103 · Win11<br/>Kripto-ARM ГОСТ · 100.70.145.223]
|
||
VM104[VM 104 · Win2025]
|
||
VM106[VM 106 · Mailcow<br/>.128 · mail.niikn.com]
|
||
VM107[VM 107 · Matrix<br/>.133 · matrix.niikn.com]
|
||
VM108[VM 108 · Nextcloud AIO new<br/>.200 · new.niikn.com · NC 32.0.6]
|
||
VM111[VM 111 · KasmOS]
|
||
VM112[VM 112 · RustDesk Pro<br/>.112 · rd.niikn.com]
|
||
end
|
||
|
||
subgraph LXCs["📦 LXC"]
|
||
L102[LXC 102 · NPM<br/>.22 · npm panel]
|
||
L105[LXC 105 · Zabbix<br/>monitoring]
|
||
L109[LXC 109 · Cups-Server<br/>print server]
|
||
L110[LXC 110 · SMB<br/>.79 · /share groupfolders]
|
||
L114[LXC 114 · Maxim-Maul-Assistant<br/>.58 · @assistent_maximka_bot]
|
||
end
|
||
|
||
PVE --> VMs
|
||
PVE --> LXCs
|
||
|
||
classDef vmStyle fill:#1e3a5f,stroke:#4a90e2,color:#fff
|
||
classDef lxcStyle fill:#2d5016,stroke:#7cb342,color:#fff
|
||
classDef pveStyle fill:#5d2e1f,stroke:#d97757,color:#fff
|
||
class VM100,VM101,VM103,VM104,VM106,VM107,VM108,VM111,VM112 vmStyle
|
||
class L102,L105,L109,L110,L114 lxcStyle
|
||
class PVE pveStyle
|
||
```
|
||
|
||
---
|
||
|
||
## 3. Карта доменов *.niikn.com → IP:Port
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
subgraph Core["🏠 Core"]
|
||
D1[niikn.com]
|
||
D2[new.niikn.com]
|
||
D3[pve.niikn.com]
|
||
D4[mail.niikn.com]
|
||
end
|
||
|
||
subgraph Comms["💬 Communications"]
|
||
D5[matrix.niikn.com]
|
||
D6[lk.niikn.com<br/>LiveKit]
|
||
end
|
||
|
||
subgraph Remote["🖥️ Remote"]
|
||
D7[rd.niikn.com]
|
||
D8[vpn.niikn.com]
|
||
end
|
||
|
||
D1 --> O[192.168.1.245:8080<br/>Old NC · VM 100]
|
||
D2 --> N[192.168.1.200:11000<br/>New NC AIO · VM 108]
|
||
D3 --> P[192.168.1.201:8006<br/>Proxmox]
|
||
D4 --> M[192.168.1.128:443<br/>Mailcow · VM 106]
|
||
D5 --> MX[192.168.1.133:8008<br/>Synapse · VM 107]
|
||
D6 --> LK[192.168.1.133:7881<br/>LiveKit · VM 107]
|
||
D7 --> R[192.168.1.112:21114<br/>RustDesk Pro · VM 112]
|
||
D8 --> V[78.17.4.225<br/>AmneziaWG panel<br/>Finland VPS]
|
||
```
|
||
|
||
---
|
||
|
||
## 4. Bypass-схема: FakeIP → OpenWrt → AmneziaWG → Finland
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
Client[💻 Клиент НИИКН<br/>DHCP DNS = .50]
|
||
MT[MikroTik .1<br/>route 198.18.0.0/15<br/>→ .50]
|
||
OW[OpenWrt VM 101 · .50<br/>dnsmasq + sing-box<br/>FakeIP 198.18.0.0/15]
|
||
AWG[awg0 интерфейс<br/>10.8.1.16/32<br/>+ obfuscation Jc/S/H]
|
||
FIN[Finland VPS<br/>78.17.4.225:39202<br/>amnezia-awg2]
|
||
Web[🌐 Instagram / WA / TG<br/>Telegram / NotebookLM]
|
||
|
||
Client -->|DNS instagram.com| OW
|
||
OW -->|FakeIP 198.18.x.x| Client
|
||
Client -->|TCP 198.18.x.x| MT
|
||
MT -->|route| OW
|
||
OW -->|tproxy + fwmark| AWG
|
||
AWG -->|UDP 39202<br/>obfuscated| FIN
|
||
FIN -->|реальный IP| Web
|
||
|
||
Direct[Обычный трафик] -->|интернет| MT --> Internet([🌐])
|
||
|
||
classDef bypass fill:#3d2817,stroke:#d97757,color:#fff
|
||
classDef normal fill:#1e3a5f,stroke:#4a90e2,color:#fff
|
||
class OW,AWG,FIN bypass
|
||
class MT,Client normal
|
||
```
|
||
|
||
**Списки в podkop:** `meta` (WA/Instagram/FB), `telegram`, `russia_inside`, +user_domains (NotebookLM/Gemini для Оксаны Павловны).
|
||
|
||
---
|
||
|
||
## 5. NAT-проброс портов через MikroTik
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
WAN[WAN 85.235.181.190]
|
||
|
||
subgraph Mail["📬 Mailcow .128"]
|
||
P1[25 · 465 · 587<br/>SMTP / Submission]
|
||
P2[993 · 995 · 4190<br/>IMAPS / POP3 / Sieve]
|
||
end
|
||
|
||
subgraph MX["💬 Matrix .133"]
|
||
P3[8448<br/>Federation]
|
||
P4[3478<br/>TURN]
|
||
P5[7881/tcp · 50100-50200/udp<br/>LiveKit]
|
||
end
|
||
|
||
subgraph NC["☁️ Nextcloud Talk .200"]
|
||
P6[3479<br/>Talk TURN]
|
||
P7[20000-20100<br/>TURN media]
|
||
P8[49152-49252<br/>RTC]
|
||
end
|
||
|
||
subgraph RD["🖥️ RustDesk .112"]
|
||
P9[21114-21119/tcp<br/>API · NAT · ID · Relay · WS]
|
||
P10[21116/udp<br/>ID hole-punch]
|
||
end
|
||
|
||
WAN --> Mail
|
||
WAN --> MX
|
||
WAN --> NC
|
||
WAN --> RD
|
||
```
|
||
|
||
---
|
||
|
||
## 6. Внешний доступ (NetBird overlay)
|
||
|
||
```mermaid
|
||
flowchart TB
|
||
NBC[NetBird Coordinator<br/>finland VPS 78.17.4.225]
|
||
|
||
subgraph LAN["🏠 НИИКН LAN 192.168.1.0/24"]
|
||
VM103N[VM 103 Win11 Kripto-ARM<br/>100.70.145.223]
|
||
VM100N[VM 100 Cloud old<br/>100.70.117.21]
|
||
end
|
||
|
||
subgraph Office["💼 Офис НИИКН"]
|
||
Domo[Hikvision Домофон<br/>.71 · через PLC + AirPort .9]
|
||
Oksana[💼 Оксана Павловна<br/>RustDesk доступ]
|
||
end
|
||
|
||
subgraph Remote["🌍 Remote"]
|
||
Mac[💻 Mac Олега<br/>100.70.92.x]
|
||
end
|
||
|
||
NBC -.- VM103N
|
||
NBC -.- VM100N
|
||
NBC -.- Mac
|
||
Mac -->|RustDesk| Oksana
|
||
Oksana -.->|Talk/Mail/КриптоАРМ| LAN
|
||
Domo -.->|Hikvision Web<br/>192.168.1.71| LAN
|
||
```
|
||
|
||
---
|
||
|
||
## 7. Sync со Spaceweb DNS (`niikn.com`)
|
||
|
||
```mermaid
|
||
flowchart LR
|
||
SW[Spaceweb DNS<br/>ns1-4.spaceweb.ru]
|
||
|
||
subgraph Records["DNS A → 85.235.181.190"]
|
||
R1[niikn.com]
|
||
R2[new.niikn.com]
|
||
R3[mail.niikn.com]
|
||
R4[matrix.niikn.com]
|
||
R5[rd.niikn.com]
|
||
R6[pve.niikn.com]
|
||
R7[lk.niikn.com]
|
||
end
|
||
|
||
subgraph Mail["MX / TXT"]
|
||
MX[MX → mail.niikn.com pri=10]
|
||
SPF[SPF v=spf1 mx a:mail.niikn.com ~all]
|
||
DKIM[DKIM 2048-bit RSA selector=dkim]
|
||
DMARC[DMARC p=none rua=admin@niikn.com]
|
||
end
|
||
|
||
SW --> Records
|
||
SW --> Mail
|
||
```
|
||
|
||
---
|
||
|
||
## Как редактировать
|
||
|
||
- Любой блок ```` ```mermaid ```` рендерится в Obsidian (Live Preview / Reading mode), Gitea web и Nextcloud Text
|
||
- Синтаксис: <https://mermaid.js.org/syntax/flowchart.html>
|
||
- Локальная проверка: <https://mermaid.live> |