Compare commits

..

33 commits
main ... main

Author SHA1 Message Date
NBK
2b722eb637 Update 'docs/how-to-guides/email filters.md' 2023-06-20 12:31:31 +00:00
NBK
aba2759415 Update 'docs/how-to-guides/Mac Filter.md' 2023-06-20 11:42:42 +00:00
NBK
59aec5dff5 Update 'docs/how-to-guides/Mac Filter.md' 2023-06-20 11:22:49 +00:00
NBK
885f6ff3ca Add 'docs/how-to-guides/Mac Filter.md' 2023-06-20 11:20:45 +00:00
NBK
6bff81a2e0 Update 'docs/how-to-guides/How-to-add-devices-to-a-network.md' 2023-06-20 11:20:09 +00:00
NBK
725d2a1e95 Update 'docs/how-to-guides/email filters.md' 2023-06-19 16:26:50 +00:00
NBK
f3532b7175 Add 'docs/how-to-guides/email filters.md' 2023-06-19 16:15:07 +00:00
NBK
b86302b01d Update 'docs/how-to-guides/How-to-add-devices-to-a-network.md' 2023-06-19 16:08:57 +00:00
NBK
c2d298bb6d Add 'docs/how-to-guides/How-to-add-devices-to-a-network.md' 2023-06-19 16:01:22 +00:00
NBK
6a63c2b81e Delete 'docs/how-to-guides/How to find the MAC address for different OS' 2023-06-19 15:44:08 +00:00
NBK
d39bcfddb5 Delete 'docs/how-to-guides/How to add a user’s device to a network' 2023-06-19 15:43:55 +00:00
NBK
b3abc45752 Add 'docs/how-to-guides/How to find the MAC address for different OS' 2023-06-19 15:35:53 +00:00
NBK
4fdbec2800 Add 'docs/how-to-guides/How to add a user’s device to a network' 2023-06-19 15:19:38 +00:00
NBK
40a8fb0234 Delete 'docs/how-to-guides' 2023-06-19 14:52:28 +00:00
NBK
9130b1c1b8 Add 'docs/how-to-guides' 2023-06-19 14:47:49 +00:00
NBK
92eec31f81 Update 'docs/services/docker/pihole.md' 2023-06-19 14:26:32 +00:00
NBK
f44c3c8fa5 Update 'docs/services/docker/pihole.md' 2023-06-19 14:24:22 +00:00
NBK
52c3fc3d56 Update 'docs/services/docker/droneci.md' 2023-06-19 14:15:39 +00:00
NBK
f477975d3a Update 'docs/services/docker/traefik.md' 2023-06-19 13:17:13 +00:00
NBK
99430d7494 Update 'docs/services/docker/traefik.md' 2023-06-19 13:08:22 +00:00
NBK
21a62aa558 Update 'docs/services/docker/pihole.md' 2023-06-19 13:06:06 +00:00
NBK
f0a81f19a8 Update 'docs/services/docker/graylog.md' 2023-06-19 12:58:00 +00:00
NBK
4ff0176bf6 Update 'docs/services/docker/gitea.md' 2023-06-19 12:46:21 +00:00
NBK
36473e994c docs/services/docker 2023-06-19 12:23:40 +00:00
NBK
a569339a1e Update 'docs/services/docker/droneci.md' 2023-06-19 12:16:28 +00:00
NBK
9482989028 Update 'docs/services/docker/traefik.md' 2023-06-19 12:07:39 +00:00
NBK
f73b2447bd Update 'docs/services/docker/droneci.md' 2023-06-19 11:58:08 +00:00
NBK
c7779d8013 Update 'docs/services/docker/gitea.md' 2023-06-19 11:57:32 +00:00
NBK
c1668ab671 Update 'docs/services/docker/graylog.md' 2023-06-19 11:57:05 +00:00
NBK
c8c68df16b Update 'docs/services/docker/pihole.md' 2023-06-19 11:56:41 +00:00
NBK
f4311dcd69 Update 'docs/services/docker/graylog.md' 2023-06-19 11:54:30 +00:00
NBK
9dc0925912 Update 'docs/services/docker/gitea.md' 2023-06-19 11:52:41 +00:00
NBK
ee2b0340b7 Update 'docs/services/docker/droneci.md' 2023-06-19 11:46:31 +00:00
102 changed files with 209 additions and 203 deletions

BIN
.DS_Store vendored

Binary file not shown.

BIN
docs/.DS_Store vendored

Binary file not shown.

BIN
docs/assets/ hg8245h-01.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 155 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 31 KiB

BIN
docs/assets/7040-01.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 518 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 48 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 29 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 175 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 75 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 55 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 49 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 48 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 51 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 24 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 79 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 32 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 69 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 62 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/assets/hg8245h-00.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 537 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 53 KiB

BIN
docs/assets/hg8245h-02.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 161 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 73 KiB

BIN
docs/assets/hg8245h-03.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/assets/hg8245h-04.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 71 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 34 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 87 KiB

BIN
docs/assets/hp-prox-01.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 204 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 73 KiB

BIN
docs/assets/hp-prox-02.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 113 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 57 KiB

BIN
docs/assets/hp-prox-03.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 55 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 25 KiB

BIN
docs/assets/hp-prox-04.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 59 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
docs/assets/hp290-01.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 531 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 66 KiB

BIN
docs/assets/hp290-02.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 607 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 77 KiB

BIN
docs/assets/hp290-03.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 565 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 60 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 56 KiB

BIN
docs/assets/pihole_logo.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/assets/proxmox-01.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 77 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/assets/proxmox-02.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 216 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 127 KiB

BIN
docs/assets/proxmox-03.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 181 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 81 KiB

BIN
docs/assets/proxmox-04.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 180 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 74 KiB

BIN
docs/assets/proxmox-05.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 177 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 78 KiB

BIN
docs/assets/proxmox-06.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 189 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 79 KiB

BIN
docs/assets/proxmox-07.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 185 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 81 KiB

BIN
docs/assets/proxmox-08.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 176 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 64 KiB

BIN
docs/assets/rs816-01.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 107 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 46 KiB

BIN
docs/assets/rs816.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 577 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 63 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 258 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 134 KiB

View file

@ -1,7 +1,7 @@
# HP 290 G1 MT
The HP 290 G1 system was acquired by Kh3group in the past, earlier than 2020. The system has been repurposed and is currently serving as the Kh3 office firewall. A PCIe 4-port gigabit Ethernet adapter has been installed, providing a total of 5 network interfaces for the firewall.
![HP-290](../../assets/hp290-01.webp)
![HP-290](../../assets/hp290-01.png)
## Specifications
@ -13,19 +13,19 @@ The HP 290 G1 system was acquired by Kh3group in the past, earlier than 2020. Th
### Proxmox VE
Proxmox VE 7.2-1, a virtualization management solution, has been installed on the HP 290 G1. It provides an easy-to-use web interface for managing virtual machines and containers.
![Proxmox Dashboard](../../assets/hp-prox-01.webp)
![Proxmox Dashboard](../../assets/hp-prox-01.png)
The following virtual machines and containers are currently running on the Proxmox VE host:
#### pfSense Virtual Machine
A pfSense virtual machine acts as the firewall for the Kh3 office network. It has been configured using hardware passthrough to link the Ethernet adapter to the pfSense VM. This allows for better network performance and provides more control over the firewall configuration.
![Proxmox Dashboard](../../assets/hp-prox-03.webp)
![Proxmox Dashboard](../../assets/hp-prox-03.png)
#### Debian 11 LXC Container
A Debian 11 LXC container also runs on the Proxmox host with Docker installed. The container runs a Pi-hole container and a Cloudflare Tunnel container. Pi-hole serves as the local DNS and ad-blocker for the Kh3 office network. The Cloudflare Tunnel container provides secure access to the internal services running on the Kh3 office network.
![Proxmox Dashboard](../../assets/hp-prox-04.webp)
![Proxmox Dashboard](../../assets/hp-prox-04.png)
## Upgrade Path and Future Plans

View file

@ -1,7 +1,7 @@
# Dell Optiplex 7040 SFF
The Dell Optiplex was acquired in September 2022 to expand KH3's server infrastructure and host additional services. Proxmox VE 7.2-1 is installed on the system, which in turn supports three Windows Server 2016 virtual machines. One VM serves as an active directory domain controller, another runs SQL Server 2016, and the third runs SharePoint Server 2019. Additionally, a Debian LXC container runs on the Proxmox host, with Docker installed to support a variety of additional services containers.
| ![Optiplex 7040](../../assets/7040-01.webp) |
| ![Optiplex 7040](../../assets/7040-01.png) |
| :-: |
@ -15,15 +15,15 @@ The Dell Optiplex was acquired in September 2022 to expand KH3's server infrastr
## Proxmox VE
Proxmox VE 7.2-1, a virtualization management solution, has been installed on the Dell Optiplex 7040. It provides an easy-to-use web interface for managing virtual machines and containers.
| ![Proxmox Dashboard](../../assets/dell-prox-01.webp) |
| ![Proxmox Dashboard](../../assets/dell-prox-01.png) |
| :--: |
| Promox Web Management Dashboard - Dell Optiplex 7040 |
| ![local](../../assets/dell-prox-06.webp) | ![local](../../assets/dell-prox-07.webp) |
| ![local](../../assets/dell-prox-06.png) | ![local](../../assets/dell-prox-07.png) |
| :--: | :--: |
| Storage - DIR01 | Storage - local |
| ![network-syn](../../assets/dell-prox-08.webp) | ![network-syn](../../assets/dell-prox-09.webp)|
| ![network-syn](../../assets/dell-prox-08.png) | ![network-syn](../../assets/dell-prox-09.png)|
| Storage - local-lvm | Storage - network-backup-syn |
@ -32,7 +32,7 @@ The following virtual machines and containers are currently running on the Proxm
### Windows Server 2016 - AD Domain Controller (dc01)
This server is responsible for authenticating users, computers, and other resources primarily to the Document Management System (DMS). It provides a centralized database of user accounts (kh3 users), passwords, and security information that enables users to log in to a domain and access resources across the network, namely the DMS.
| ![Proxmox Dashboard](../../assets/dell-prox-03.webp) |
| ![Proxmox Dashboard](../../assets/dell-prox-03.png) |
| :--: |
| Proxmox Content Panel for Windows Server Guest dc01 |
@ -40,7 +40,7 @@ This server is responsible for authenticating users, computers, and other resour
### Windows Server 2016 - SQL Server 2016 (db01)
SQL Server is a relational database management system (RDBMS) developed by Microsoft. This server is used primarily to store and retrieve data as requested by SharePoint Server 2019 (Document Management System). All data housed in the DMS in stored here
| ![Proxmox Dashboard](../../assets/dell-prox-04.webp) |
| ![Proxmox Dashboard](../../assets/dell-prox-04.png) |
| :--: |
| Proxmox Content Panel for Windows Server Guest db01 |
@ -48,7 +48,7 @@ SQL Server is a relational database management system (RDBMS) developed by Micro
### Windows Server 2016 - SharePoint Server 2019
SharePoint Server 2019 is a collaboration and document management platform developed by Microsoft. It provides a set of tools and services that enable teams to create, share, and manage documents, websites, and other digital content. SharePoint provides the platform for KH3's Document Management System
| ![Proxmox Dashboard](../../assets/dell-prox-05.webp) |
| ![Proxmox Dashboard](../../assets/dell-prox-05.png) |
| :--: |
| Proxmox Content Panel for Windows Server Guest sp01 |
@ -56,6 +56,6 @@ SharePoint Server 2019 is a collaboration and document management platform devel
### Debian 11 LXC Container
A Debian 11 LXC container also runs on the Proxmox host with Docker installed. The container runs a Pi-hole container and a Cloudflare Tunnel container. Pi-hole serves as the local DNS and ad-blocker for the Kh3 office network. The Cloudflare Tunnel container provides secure access to the internal services running on the Kh3 office network.
| ![Proxmox Dashboard](../../assets/dell-prox-02.webp) |
| ![Proxmox Dashboard](../../assets/dell-prox-02.png) |
| :--: |
| Proxmox Content Panel for Debian 11 LXC Container proxy |

View file

@ -1,7 +1,7 @@
# Synology RS816
The Synology RackStation RS816 is a 4-bay rackmount Network Attached Storage device, that was acquired by the KH3 before 2020. Currently it used to store and synchronize design files and backup data from employees that have left the KH3.
![rs816](../../assets/rs816.webp)
![rs816](../../assets/rs816.png)
## Device Information
The Synology NAS runs on DSM 7.0-41890, which is the operating system for Synology's NAS devices.
@ -16,7 +16,7 @@ Below is a summary of additional information about the device
| RAM | 1GB |
| Capacity | 3.6TB |
![rs816-info](../../assets/rs816-01.webp)
![rs816-info](../../assets/rs816-01.png)
## Configuration

View file

@ -1,4 +1,4 @@
# KH3 Hardware Infrastructure
# Device List
_List of current hardware on network that includes network equipment, computers and configuration details._
@ -7,9 +7,9 @@ _List of current hardware on network that includes network equipment, computers
### Computers and Servers
| Device Name | CPU | RAM | OS | Hostname |
| ------------------------------------- | -------------------------- | --------- | ------------------------ | -------- |
| [HP 290 G1 MT ](computers/290-g1.md) | i3-7100 | 8GB DDR4 | Debian 11(Proxmox 7.2-1) | pve01 |
| [Dell OptiPlex 7040](computers/optiplex-7040.md)| i7-6700 | 32GB DDR4 | Debian 11(Proxmox 7.2-1) | pve02 |
| [Synology NAS RS816](computers/rs816.md) | MARVELL Armada 385 88F6820 | 1GB DDR3 | Synology DSM7 | kh3-fsrv |
| [HP 290 G1 MT ](hp-290-g1.md) | i3-7100 | 8GB DDR4 | Debian 11(Proxmox 7.2-1) | pve01 |
| [Dell OptiPlex 7040](optiplex-7040.md)| i7-6700 | 32GB DDR4 | Debian 11(Proxmox 7.2-1) | pve02 |
| [Synology NAS RS816](synology-nas.md) | MARVELL Armada 385 88F6820 | 1GB DDR3 | Synology DSM7 | kh3-fsrv |
## Network Devices
@ -19,10 +19,12 @@ _List of current hardware on network that includes network equipment, computers
| ---------------------------------------- | ------------------ | -------------- | -------- |
| [Cisco SF300-24P](switch.md) | 24-Port 10/100 PoE | Managed Switch | Change |
### Routers
### Router Details
| Device Name | Firewall | DHCP | Mode |
| ------------------- | -------- | ---- | --------- |
| [Synology-RT2600ac](network/rt2600ac.md) | No | No | AP |
| [Huawei-HG8245H](network/hg8245h.md) | No | Yes | ADSL |
| [Huawei-HG8245W5-8T](network/hg8245w5.md) | No | No | ADSL |
| Synology-RT2600ac | No | No | AP |
| Huawei-HG8245H | No | Yes | ADSL |
| Huawei-HG8245W5-8T | No | No | ADSL |
## Images

View file

@ -2,22 +2,15 @@
The Huawei EchoLife HG8245H is a routing-type Optical Network Terminal (ONT) in the Huawei all-optical access solution. It uses the GPON technology to implement ultra-broadband access for users.
The device was supplied by Kh3's primary Internet Service Provider, Vodafone and provides highspeed fiber broadband to the KH3 office. This device served as KH3's primary wireless, however it did not funtion optimally as a wireless router and resulted in poor internet browsing experience for kh3 users.
| ![hg8245h](../../assets/hg8245h-00.webp) |
| :--: |
| Huawei EchoLife HG8245H router |
<img width="100%" src="../../assets/hg8245h-00.png" style="margin:0 auto" />
Currently the device no longer acts as a wireless router but its is still responsible for bringing
in internet from vodafone, the wirless Access Point functionality is handeled by a different device (Synology RT2600AC).
| ![hg8245h](../../assets/hg8245h_device_info.webp) |
| :--: |
| HG8245H Login |
in internet from vodafone, the wirless Access Point functionality is handeled by a different device (Synology RT2600AC).
![hg8245h](../../assets/hg8245h-01.png)
## Device Information
Below is a screenshot for the managment web interface page of the device, showing all device related information
| ![hg8245h](../../assets/hg8245h_device_info.webp) |
| :--: |
| Huawei Device Information Page |
![]()
## LAN Host Configuration

View file

@ -1,49 +1,2 @@
# Network Overview
KH3 Groups network infrastructure is composed of a variety of devices designed to provide reliable and high-speed internet connectivity, manage traffic efficiently, and ensure secure networking. The network devices include both routing and switching equipment sourced from trusted vendors, adapted to meet KH3s specific needs for internet access and internal network management.
The key devices in the network infrastructure are:
1. **Huawei EchoLife HG8245H** - A routing-type Optical Network Terminal (ONT) provided by Vodafone as part of KH3's primary fiber broadband service. Despite its role in delivering high-speed fiber broadband, its performance as a wireless router was suboptimal, leading to a poor internet browsing experience for KH3 users.
2. **Huawei EchoLife H8245W5-8T** - Another ONT device using GPON technology, supplied by MTN as part of their fiber broadband service in 2021. It provides 4 GE ports, 2 POTS ports, 1 USB port, and both 2.4GHz and 5GHz WiFi, serving as a key component of KH3s network setup.
3. **Synology RT2600ac** - A high-performance WiFi router powered by a dual-core 1.7GHz processor. It supports both 2.4GHz and 5GHz radios and offers WAN aggregation, failover capabilities, and Layer 7 traffic control, all managed through Synologys user-friendly DSM interface.
4. **Cisco Small Business Ethernet Switch** - A 24-port Fast Ethernet switch that provides advanced security features and network management capabilities. Part of Ciscos Small Business line, this switch is designed to handle the demands of data, voice, security, and wireless technologies, making it an essential part of KH3s internal networking.
Together, these devices form the backbone of KH3s network, enabling high-speed internet access, seamless connectivity, and robust network management.
![network](../../assets/kh3-office-net.drawio.svg)
## Huawei EchoLife HG8245H
The Huawei EchoLife HG8245H is a routing-type Optical Network Terminal (ONT) in the Huawei all-optical access solution. It uses the GPON technology to implement ultra-broadband access for users.
The device was supplied by Kh3's primary Internet Service Provider, Vodafone and provides highspeed fiber broadband to the KH3 office. This device served as KH3's primary wireless, however it did not funtion optimally as a wireless router and resulted in poor internet browsing experience for kh3 users.
| ![hg8245h](../../assets/hg8245h-00.webp) |
| :--: |
| Huawei EchoLife HG8245H router |
Currently the device no longer acts as a wireless router but its is still responsible for bringing
in internet from vodafone, the wirless Access Point functionality is handeled by a different device (Synology RT2600AC).
| ![hg8245h](../../assets/hg8245h_device_info.webp) |
| :--: |
| HG8245H Login |
### Device Information
Below is a screenshot for the managment web interface page of the device, showing all device related information
| ![hg8245h](../../assets/hg8245h_device_info.webp) |
| :--: |
| Huawei Device Information Page |
## Huawei EchoLife HG8245W5-8T
The Hauwei EchoLife H8245W5-8T is a routing-type Optical Network Terminal (ONT). It uses the GPON technology to implement ultra-broadband access for users.
It provides 4 GE ports, 2 POTS ports, 1 USB port and 2.4G & 5G WiFi ports.
KH3 subscribed to MTN's fiber broadband service in early 2021 and the device was supplied a part of the service bundle by MTN.
## Synology RT2600ac
The Synology RT2600ac is a wifi router that brings together a comprehensive selection of wireless protocols and features with a management interface based on Synologys DSM operating system. Powered by a dual-core 1.7Ghz processor, the RT2600ac incorporates 2.4GHz and 5GHz radios and offers WAN aggregation, WAN failover, and hardware-assisted Layer 7 traffic control.
## Cisco SF300-24P
Part of the Cisco Small Business line of network solutions, is a fixed-configuration managed Ethernet switch. It has 24 ports of Fast Ethernet connectivityIt supports advanced security management capabilities and network features for data, voice, security, and wireless technologies. It is simple to deploy and configure.
![network](../../assets/kh3-office-net.drawio.svg)

View file

@ -1,60 +0,0 @@
# Servers Overview
KH3 Group's server infrastructure is built using a combination of repurposed desktop systems and dedicated network storage devices to meet the organizations evolving needs. These systems, though originally designed for different purposes, have been strategically adapted to provide essential services, ensuring both flexibility and cost-efficiency in IT operations.
The servers support a variety of critical functions, from network security to hosting enterprise applications and managing data storage. Leveraging virtualization technologies, they maximize resource utilization, allowing for the deployment of multiple virtual machines and services on a single physical system.
KH3s infrastructure is centered around three main components:
1. **HP 290 G1** - Repurposed as the office firewall, with an enhanced network interface configuration to manage and secure internal and external traffic.
2. **Dell Optiplex 7040** - Serving as a core virtualized host, running Proxmox to deliver essential services like Active Directory, SQL Server, and SharePoint, while also supporting containerized applications.
3. **Synology RackStation RS816** - Acting as the primary storage device, this NAS handles both file synchronization and data backup, ensuring the security of critical organizational data.
Each of these systems plays a vital role in KH3 Groups operations, providing the necessary infrastructure for secure, reliable, and scalable IT services.
## HP 290 G1 MT
The HP 290 G1 system was acquired by Kh3group in the past, earlier than 2020. The system has been repurposed and is currently serving as the Kh3 office firewall. A PCIe 4-port gigabit Ethernet adapter has been installed, providing a total of 5 network interfaces for the firewall.
![HP-290](../../assets/hp290-01.webp)
### Specifications
| CPU | RAM | Storage | OS | Hostname |
| -------------- | --- | --------- | --------------------------- | -------- |
| Intel i3-7100 | 8GB | 500GB HDD | Debian 11 (Promox VE 7.2-1) | pve02 |
## Dell Optiplex 7040 SFF
The Dell Optiplex was acquired in September 2022 to expand KH3's server infrastructure and host additional services. Proxmox VE 7.2-1 is installed on the system, which in turn supports three Windows Server 2016 virtual machines. One VM serves as an active directory domain controller, another runs SQL Server 2016, and the third runs SharePoint Server 2019. Additionally, a Debian LXC container runs on the Proxmox host, with Docker installed to support a variety of additional services containers.
| ![Optiplex 7040](../../assets/7040-01.webp) |
| :-: |
### Specifications
| CPU | RAM | Storage | OS | Hostname |
| -------------- | ---- | ---------------------------- | --------------------------- | -------- |
| Intel i7-6700 | 32GB | 1TB M.2 SATA SSD / 500GB SSD | Debian 11 (Promox VE 7.2-1) | pve02 |
## Synology RS816
The Synology RackStation RS816 is a 4-bay rackmount Network Attached Storage device, that was acquired by the KH3 before 2020. Currently it used to store and synchronize design files and backup data from employees that have left the KH3.
![rs816](../../assets/rs816.webp)
### Device Information
The Synology NAS runs on DSM 7.0-41890, which is the operating system for Synology's NAS devices.
Below is a summary of additional information about the device
| Specification | Value |
| ------------------ | --------------------------- |
| Server Name | kh3-fileserver |
| OS | DSM 7.0-41890 |
| Model | RS816 |
| CPU | MARVELL Armada 385 88F6820 |
| RAM | 1GB |
| Capacity | 3.6TB |
![rs816-info](../../assets/rs816-01.webp)

View file

@ -0,0 +1,44 @@
# How to add a users device to a network
In order to add a device to the network you would need to use the devices MAC address
The process for find the MAC addresss differs between the various operating systems.
## How to find the Mac address for the various Operating systems
### Finding your Mac address - IOS
1. Open the Settings app
2. Select General
3. Select About
4. Scroll down and note Wi-Fi Address
5. The Wi-Fi address is your Mac address 
### Finding your Mac address - Android
1. Open the Settings App
2. Select Wi-Fi
3. Select the Menu icon and choose Advanced
4. Note the MAC address
### Finding your Mac address - Mac
1. Open System Preferences from the Apple menu
2. Select Network
3. Select Airport from the sidebar, then Advanced
4. Select the Airport tab, note the Airport ID
5. The Airport ID is your Mac address 
### Finding your Mac address - Windows
1. Hold down the Windows key and 'R' simultaneously
2. Enter cmd.exe
3. Enter ipconfig/all
4. Scroll up to find the Wireless LAN adapter section
5. Note the Physical Address
6. The Physical Address is your Mac address
### How to connect using the Mac address
1. Obtain the MAC Address: Locate the MAC address of the device you want to add to the network. You can usually find it in the device's network settings or on a label/sticker on the device itself.
2. Access the Router's Web Interface: Open a web browser on a device that is already connected to the Synology router's network. Enter the router's IP address (e.g., 192.168.1.1) in the address bar and press Enter to access the router's web Interface
3. Login to the Router: Enter your administrator username and password to log in to the router's web interface. If you haven't changed the default credentials, check the router or its user manual for the default login information.
4. Navigate to MAC Filter Settings: Once logged in, locate the "MAC Filter" or "Wireless MAC Filter" option. It is typically found under the "Wireless" or "Network" settings section, but the exact location may vary depending on your router model and firmware version.
5. Add Device to MAC Filter: In the MAC filter settings, look for an option to add a new MAC address or device. Enter the MAC address of the device you want to add to the network. Specify the appropriate filtering mode (e.g., allow or deny) for the device's MAC address.
6. Save the Settings: Once you have added the device's MAC address to the MAC filter list and specified the filtering mode, click on the "Save" or "Apply" button to save the MAC filter settings.
7. Connect the Device: Connect the device you want to add to the network to the Synology router. Use an Ethernet cable or connect to the router's wireless network, depending on the device's capabilities.
8. Verify Network Connectivity: Once connected, check if the device has successfully obtained an IP address from the router and can access the internet or other devices on the network. Ensure that the device is functioning properly on the network.
9. Test the Connection: Test the network connection on the added device to ensure it can access the internet and other network resources as intended. Verify that the device can communicate with other devices on the network.

View file

@ -0,0 +1,20 @@
### Create MAC filter rules
1. Go to Wi-Fi Connect > Wi-Fi Settings > MAC Filter.
2. Click the Create button.
3. Enter the MAC filter name and select an access policy:
* Deny: Restricts the specified MAC address from accessing the wireless network.
* Allow: Restricts all access to the wireless network except for the specified MAC address.
4. To add devices to your MAC filter, select a connected device or manually specify a device name and MAC address.
5. Determine whether to Automatically apply this filter to all Wi-Fi names.
6. Confirm your settings and click Apply.
### Edit the system block list
1. Go to Wi-Fi Connect > Wi-Fi Settings > MAC Filter.
2. Click on System Block List.
3. Edit the device list:
* Add a device to the list: Select a connected device or manually specify a device name and MAC address.
* Remove a device from the list: Click the x under the Delete column.
4. Click OK to save the settings.

View file

@ -0,0 +1,36 @@
# Create rules to filter your emails
On your computer, you can manage your incoming mail using Gmails filters to send email to a label, or archive, delete, star, or automatically forward your mail.
## Create a filter
1. Open Gmail.
2. In the search box at the top, click Show search options
3. Enter your search criteria. If you want to check that your search worked correctly, see what emails show up by clicking Search. 
4. At the bottom of the search window, click Create filter.
5. Choose what youd like the filter to do.
6. Click Create filter.
Note: When you create a filter to forward messages, only new messages will be affected.  Additionally, when someone replies to a message you've filtered, the reply will only be filtered if it meets the same search criteria. 
## Use a particular message to create a filter
1. Open Gmail.
2. Check the checkbox next to the email you want. 
3. Click More 
4. Click Filter messages like these.
5. Enter your filter criteria.
6. Click Create filter.
## Edit or delete filters
1. Open Gmail.
2. At the top right, click Settings
3.  See all settings.
4. Click Filters and Blocked Addresses.
5. Find the filter you'd like to change.
6. Click Edit or Delete to remove the filter. If youre editing the filter, click Continue when youre done editing.
7. Click Update filter or OK
## Export or import filters
If you have a backup of your filters, you can import the filters in Gmail. You can also export your filters.
1. Open Gmail.
2. At the top right, click Settings
3. See all settings.
4. Click Filters and Blocked Addresses.
5. Check the box next to the filter.

View file

@ -1,34 +1,16 @@
# IT Infrastructure Documentation
### Purpose of Documentation
# Introduction
The purpose of this documentation is to ensure that all aspects of KH3 Group's IT infrastructure are thoroughly documented to support business continuity and streamline operations.
The purpose of this documentation is to ensure that all the IT infrastructure is properly documented for reference and business continuation.
In June 2020, it was discovered that many systems required password resets due to a lack of documentation. This gap led to disruptions and inefficiencies. To prevent similar issues in the future, this documentation initiative will create a comprehensive record of system configurations, credentials, and other critical IT details.
In June of 2020, it was discovered that many systems required password resets because most of them were not documented. This lack of documentation caused inconvenience and disruptions. To avoid such issues in the future, this documentation effort aims to provide a comprehensive record of the IT infrastructure, including system configurations and credentials.
### Background
An IT roadmap was developed in early 2020, which serves as a guiding framework for KH3's technological direction. This documentation will align with the roadmap to ensure consistency and enable efficient management of the IT infrastructure.
In early 2020, an IT roadmap was established to guide KH3 Group's technological strategy and growth. This documentation will align with the roadmap, ensuring a consistent and structured approach to managing the IT environment.
By documenting the infrastructure, we can establish a reliable source of information for troubleshooting, maintenance, and future planning. It will also facilitate the onboarding process for new team members and help ensure the smooth continuity of business operations.
### Benefits
This documentation will cover various aspects of the IT infrastructure, including network architecture, hardware configurations, software applications, security protocols, and any other relevant information. It will serve as a valuable resource for the IT team, providing a centralized repository of information that can be easily accessed and updated as needed.
By maintaining detailed and accurate documentation, we aim to:
- **Support Troubleshooting and Maintenance**: Provide a reliable source of information for diagnosing issues and maintaining systems.
- **Simplify Onboarding**: Facilitate knowledge transfer to new team members, reducing learning curves.
- **Ensure Business Continuity**: Enable smooth operations and rapid recovery in the event of personnel changes or system disruptions.
### Scope
This documentation will cover the following areas:
- **Network Architecture**: Layout and structure of network components.
- **Hardware Configurations**: Specifications and details of physical devices.
- **Software Applications**: Inventory and configurations of software tools.
- **Security Protocols**: Password management, access controls, and compliance guidelines.
- **Other Relevant Information**: Any additional resources necessary for managing the IT infrastructure.
### Conclusion
Investing in comprehensive IT documentation will enhance the efficiency and reliability of our infrastructure, reducing risks and ensuring a resilient, well-organized environment. Lets work together to build a robust documentation repository that will serve as a valuable resource for KH3 Group.
By investing time and effort into comprehensive documentation, we can improve the overall efficiency and reliability of our IT systems. It will contribute to a more organized and resilient infrastructure, reducing the risk of disruptions and enhancing the ability to respond effectively to any technical challenges that may arise.
Let's work together to create a robust and up-to-date documentation repository that will serve as a valuable asset for the organization.

View file

@ -0,0 +1,4 @@
# DroneCI
DroneCI is an automation tool that simplifies the testing and deployment of software changes, improving collaboration and code quality. It automates build and test processes, integrates with version control systems, and provides visibility for team members. By reducing manual tasks and enhancing collaboration, DroneCI accelerates the software development cycle and ensures reliable code deployments.
DroneCI and Gitea work together to automate the creation of KH3's IT documentation website. DroneCI connects to the Gitea IT repository and automatically builds the mkDocs website whenever there are changes to the code or documentation. This ensures that the website is always up-to-date without requiring manual intervention. It simplifies the process, saves time, and helps keep KH3's IT documentation easily accessible for the team.

View file

@ -0,0 +1,5 @@
# Gitea
Gitea is a self-hosted, lightweight Git service that provides a user-friendly interface for managing source code repositories. It allows teams to collaborate on software development projects by providing features like version control, issue tracking, and code reviews. Gitea simplifies the process of setting up a Git server, making it accessible to individuals and small teams who want to keep their codebase secure and under their control.
Gitea is a platform used to store and manage all of KH3's IT documentation and configuration files. It provides a secure and collaborative space where the team can work together to update and organize these important resources. Gitea allows multiple team members to make edits, track changes, and communicate efficiently. It integrates with other tools and services, making it easier to connect the documentation with other IT processes. Overall, Gitea simplifies the management of KH3's IT documentation and promotes effective collaboration within the team.

View file

@ -0,0 +1,6 @@
# Graylog
Graylog is a special tool that helps people who manage computer systems to keep an eye on how everything is working and fix any problems that come up. It does this by collecting and studying log information from different programs and machines. By putting all the log data in one place, Graylog makes it easy to search for specific information and figure out what might be causing issues. Graylog works with different types of logs and makes it simple to understand what's happening in the computer system. It's like having a detective that helps keep everything running smoothly.
In KH3's infrastructure, there are many different services running, such as websites, databases, and applications. These services generate log data, which contains valuable information about how they are functioning. Graylog acts as a central hub where all these logs are collected and stored.

View file

@ -0,0 +1,5 @@
# Pi-hole
Pi-hole is a special tool that blocks ads on your devices when you're using the internet. It runs on a small computer and stops ads from showing up on your screen. This makes your internet faster and keeps your privacy safe by preventing advertisers from tracking you. Setting up Pi-hole is easy, and it gives you control over what you see online. It's like having your own personal ad blocker that makes your browsing experience better.
Pi-hole is an important tool used in KH3 to manage internet traffic. It acts as the main control point for all devices on your network, blocking unwanted ads and restricting access to malicious websites. Pi-hole also simplifies access to local services by assigning easy-to-remember names instead of complicated IP addresses. It ensures a safer and more efficient internet experience for KH3, enhancing security and productivity.

View file

@ -0,0 +1,7 @@
# Traefik
Traefik is a smart tool that helps make sure your apps work well. It sits between your devices and the servers hosting your apps, like a traffic controller. It takes the requests from your devices and sends them to the right server, making sure everything runs smoothly.
Traefik also balances the work across many servers, so not one server gets too busy. This helps your apps run faster and stay reliable, even when lots of people are using them.
It is configured with cloudfare to request and let's you encrypt wildcard certificate [*.office.kh3group.com](*.office.kh3group.com) used by most of the locally hosted services In KH3s IT infrastructure. Furthermore it is set up automatically to renew the wildcard certificate on 3-month schedule, this ensures it is always up to date. Also it acts as a reverse proxy, working with pinhole that acts as a local DNS to ensure that locally hosted services are reachable by their host name e.g: you can access KH3s IT documentation on any device on the KH3 local network by visiting [docs.office.kh3group.com](docs.office.kh3group.com)

Some files were not shown because too many files have changed in this diff Show more