7.5 KiB
7.5 KiB
date, type, tags
| date | type | tags | |||
|---|---|---|---|---|---|
| 2026-05-04 | project |
|
🗺️ НИИКН — Графические схемы (Mermaid)
Mermaid-диаграммы инфраструктуры НИИКН. Рендерятся в Obsidian / Gitea / Nextcloud Markdown. Источники: README, proxmox, mikrotik, npm, openwrt-bypass, vpn, NIIKN-Infrastructure.
1. Поток трафика: Internet → MikroTik → NPM → Backend
flowchart LR
Internet([🌐 Internet])
MTS[МТС B2B WAN<br/>85.235.181.190<br/>⚠️ заблокирован НСПД]
MT[MikroTik hAP ac³<br/>192.168.1.1<br/>RouterOS 7.20.6]
NPM[NPM<br/>LXC 102<br/>192.168.1.22:443]
Internet -->|*.niikn.com| MTS
MTS --> MT
MT -->|HTTPS hairpin| NPM
MT -.->|SMTP/IMAP/Matrix/<br/>NC Talk/RustDesk NAT| Direct[Direct NAT to backends]
subgraph Backends["Backends 192.168.1.0/24"]
NCnew[Nextcloud AIO new<br/>:11000 · VM 108 · .200]
NCold[Nextcloud old<br/>:8080 · VM 100 · .245<br/>миграция]
Mail[Mailcow<br/>:443 · VM 106 · .128]
Matrix[Matrix Synapse<br/>:8008 · VM 107 · .133]
PVE[Proxmox WebUI<br/>:8006 · .201]
RD[RustDesk Pro<br/>:21114 · VM 112 · .112]
Maxim[Maxim-Maul-Assistant<br/>:18789 · LXC 114 · .58]
end
NPM --> NCnew
NPM --> NCold
NPM --> Mail
NPM --> Matrix
NPM --> PVE
NPM --> RD
NPM --> Maxim
Direct -.-> Mail
Direct -.-> Matrix
Direct -.-> NCnew
Direct -.-> RD
2. Proxmox НИИКН — структура VM/LXC
flowchart TB
PVE[Proxmox VE<br/>192.168.1.201 · pve.niikn.com<br/>root/1qaz!QAZ]
subgraph VMs["🖥️ QEMU VM"]
VM100[VM 100 · Cloud-nc-AIO старый<br/>.245 · NC 30.0.10 · 102 users]
VM101[VM 101 · OpenWrt<br/>.50 · podkop+AWG bypass]
VM103[VM 103 · Win11<br/>Kripto-ARM ГОСТ · 100.70.145.223]
VM104[VM 104 · Win2025]
VM106[VM 106 · Mailcow<br/>.128 · mail.niikn.com]
VM107[VM 107 · Matrix<br/>.133 · matrix.niikn.com]
VM108[VM 108 · Nextcloud AIO new<br/>.200 · new.niikn.com · NC 32.0.6]
VM111[VM 111 · KasmOS]
VM112[VM 112 · RustDesk Pro<br/>.112 · rd.niikn.com]
end
subgraph LXCs["📦 LXC"]
L102[LXC 102 · NPM<br/>.22 · npm panel]
L105[LXC 105 · Zabbix<br/>monitoring]
L109[LXC 109 · Cups-Server<br/>print server]
L110[LXC 110 · SMB<br/>.79 · /share groupfolders]
L114[LXC 114 · Maxim-Maul-Assistant<br/>.58 · @assistent_maximka_bot]
end
PVE --> VMs
PVE --> LXCs
classDef vmStyle fill:#1e3a5f,stroke:#4a90e2,color:#fff
classDef lxcStyle fill:#2d5016,stroke:#7cb342,color:#fff
classDef pveStyle fill:#5d2e1f,stroke:#d97757,color:#fff
class VM100,VM101,VM103,VM104,VM106,VM107,VM108,VM111,VM112 vmStyle
class L102,L105,L109,L110,L114 lxcStyle
class PVE pveStyle
3. Карта доменов *.niikn.com → IP:Port
flowchart LR
subgraph Core["🏠 Core"]
D1[niikn.com]
D2[new.niikn.com]
D3[pve.niikn.com]
D4[mail.niikn.com]
end
subgraph Comms["💬 Communications"]
D5[matrix.niikn.com]
D6[lk.niikn.com<br/>LiveKit]
end
subgraph Remote["🖥️ Remote"]
D7[rd.niikn.com]
D8[vpn.niikn.com]
end
D1 --> O[192.168.1.245:8080<br/>Old NC · VM 100]
D2 --> N[192.168.1.200:11000<br/>New NC AIO · VM 108]
D3 --> P[192.168.1.201:8006<br/>Proxmox]
D4 --> M[192.168.1.128:443<br/>Mailcow · VM 106]
D5 --> MX[192.168.1.133:8008<br/>Synapse · VM 107]
D6 --> LK[192.168.1.133:7881<br/>LiveKit · VM 107]
D7 --> R[192.168.1.112:21114<br/>RustDesk Pro · VM 112]
D8 --> V[78.17.4.225<br/>AmneziaWG panel<br/>Finland VPS]
4. Bypass-схема: FakeIP → OpenWrt → AmneziaWG → Finland
flowchart LR
Client[💻 Клиент НИИКН<br/>DHCP DNS = .50]
MT[MikroTik .1<br/>route 198.18.0.0/15<br/>→ .50]
OW[OpenWrt VM 101 · .50<br/>dnsmasq + sing-box<br/>FakeIP 198.18.0.0/15]
AWG[awg0 интерфейс<br/>10.8.1.16/32<br/>+ obfuscation Jc/S/H]
FIN[Finland VPS<br/>78.17.4.225:39202<br/>amnezia-awg2]
Web[🌐 Instagram / WA / TG<br/>Telegram / NotebookLM]
Client -->|DNS instagram.com| OW
OW -->|FakeIP 198.18.x.x| Client
Client -->|TCP 198.18.x.x| MT
MT -->|route| OW
OW -->|tproxy + fwmark| AWG
AWG -->|UDP 39202<br/>obfuscated| FIN
FIN -->|реальный IP| Web
Direct[Обычный трафик] -->|интернет| MT --> Internet([🌐])
classDef bypass fill:#3d2817,stroke:#d97757,color:#fff
classDef normal fill:#1e3a5f,stroke:#4a90e2,color:#fff
class OW,AWG,FIN bypass
class MT,Client normal
Списки в podkop: meta (WA/Instagram/FB), telegram, russia_inside, +user_domains (NotebookLM/Gemini для Оксаны Павловны).
5. NAT-проброс портов через MikroTik
flowchart LR
WAN[WAN 85.235.181.190]
subgraph Mail["📬 Mailcow .128"]
P1[25 · 465 · 587<br/>SMTP / Submission]
P2[993 · 995 · 4190<br/>IMAPS / POP3 / Sieve]
end
subgraph MX["💬 Matrix .133"]
P3[8448<br/>Federation]
P4[3478<br/>TURN]
P5[7881/tcp · 50100-50200/udp<br/>LiveKit]
end
subgraph NC["☁️ Nextcloud Talk .200"]
P6[3479<br/>Talk TURN]
P7[20000-20100<br/>TURN media]
P8[49152-49252<br/>RTC]
end
subgraph RD["🖥️ RustDesk .112"]
P9[21114-21119/tcp<br/>API · NAT · ID · Relay · WS]
P10[21116/udp<br/>ID hole-punch]
end
WAN --> Mail
WAN --> MX
WAN --> NC
WAN --> RD
6. Внешний доступ (NetBird overlay)
flowchart TB
NBC[NetBird Coordinator<br/>finland VPS 78.17.4.225]
subgraph LAN["🏠 НИИКН LAN 192.168.1.0/24"]
VM103N[VM 103 Win11 Kripto-ARM<br/>100.70.145.223]
VM100N[VM 100 Cloud old<br/>100.70.117.21]
end
subgraph Office["💼 Офис НИИКН"]
Domo[Hikvision Домофон<br/>.71 · через PLC + AirPort .9]
Oksana[💼 Оксана Павловна<br/>RustDesk доступ]
end
subgraph Remote["🌍 Remote"]
Mac[💻 Mac Олега<br/>100.70.92.x]
end
NBC -.- VM103N
NBC -.- VM100N
NBC -.- Mac
Mac -->|RustDesk| Oksana
Oksana -.->|Talk/Mail/КриптоАРМ| LAN
Domo -.->|Hikvision Web<br/>192.168.1.71| LAN
7. Sync со Spaceweb DNS (niikn.com)
flowchart LR
SW[Spaceweb DNS<br/>ns1-4.spaceweb.ru]
subgraph Records["DNS A → 85.235.181.190"]
R1[niikn.com]
R2[new.niikn.com]
R3[mail.niikn.com]
R4[matrix.niikn.com]
R5[rd.niikn.com]
R6[pve.niikn.com]
R7[lk.niikn.com]
end
subgraph Mail["MX / TXT"]
MX[MX → mail.niikn.com pri=10]
SPF[SPF v=spf1 mx a:mail.niikn.com ~all]
DKIM[DKIM 2048-bit RSA selector=dkim]
DMARC[DMARC p=none rua=admin@niikn.com]
end
SW --> Records
SW --> Mail
Как редактировать
- Любой блок
```mermaidрендерится в Obsidian (Live Preview / Reading mode), Gitea web и Nextcloud Text - Синтаксис: https://mermaid.js.org/syntax/flowchart.html
- Локальная проверка: https://mermaid.live