Genesis [(WIP)]

In the beginning God created heaven and earth...

This Document covers what was done when the homelab was fist created. Essentially just notes on what was done and how things were set up Indetnd to use to log what ive learend int ehprocess and in teh case of a full restart someting i can use to infer back to. In the case of a failure of proxmox or a certain Instance running on proxmox (that doesn't require a full restart) use Noah's Ark.

Assumptions

• We expect the home networks subnet is already set to 10.2.2.0/16.

• Router R-NT-02 (MikroTik hEX refresh) is reseted since we use Terraform to initialise it.

• We assume the existence of an upstream DNS being 1.1.1.1 until the internal Lab DNS (Pi-hole/AdGuard) is deployed.

1. Router and Network:

Initialisation and Bootstrap Sequence

Before executing the Terraform state, the physical hardware must be wiped and bootstrapped to establish the Terraform API user and initial Layer 3 management connectivity.

Hardware Reset Sequence

Initiate a zero-configuration state via CLI or the physical hardware pin.

Method A: CLI Execution

/system reset-configuration no-defaults=yes skip-backup=yes

Method B: Hardware Interrupt

1. Disconnect power.
2. Depress and hold the hardware reset pin.
3. Apply power while maintaining pin depression.
4. Maintain depression until the ACT (blue) LED ceases flashing.
5. Release the pin.

Base System Initialisation

Access the router via MAC Telnet or serial console to establish the out-of-band (OOB) management interface and service account.

/ip service enable api
/user add name=terraform group=full password="<PASSWORD>"
/ip address add address=10.2.2.2/24 interface=ether1
/interface bridge port remove [find]
/ip address remove [find where interface=bridgeLocal or interface=bridge or interface=defconf]
/interface bridge remove [find name=bridge]
# ---

Deployment

The local state management and Terraform execution sequence are detailed below.

# 1. Purge existing state and lock files
rm -rf .terraform/ terraform.tfstate terraform.tfstate.backup .terraform.lock.hcl
echo "Clean slate! Local Terraform state and cache removed."

# 2. Initialise provider plugins
terraform init

# 3. Validate syntax and provider constraints
terraform validate

# 4. Generate execution plan against RouterOS API
terraform plan

# 5. Commit state to hardware
terraform apply

2. Layer 0 Hosts:

Proxmox Setup

1. Get the latest image of proxmox virtual environment from proxmox.com

2. Burn it into a USB or drop the iso into a usb with Ventoy.

3. Go through the installations process as usual once setup add the following to /etc/network/interfaces

auto lo
iface lo inet loopback

auto nic0
iface nic0 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports nic0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr0.<SUBNET>
iface vmbr0.<SUBNET> inet static
        address <IP>
        gateway <GATEWAY IP>

This makes the nic vlan aware.

Setup

• Add SSH key
• Harden SSH - ASK: Disallow root - ASK: Change port 22 to 2222
• Create ru4en user
• Create Ansible user
• Create Terraform user

TODO: add the setup for Ansible bit and run the runbooks.

TODO: add the teraform instalation bit or add that in ansable

Out Expectation

• After initialising 4 subnets are created landing-zone, prod-net, core-net, and test-net all on the R-NT-002 (MikroTik hEX refresh) router.

• All devices with no VLAN number is dropped into "Landing Zone" by default.

• We can follow (/network)[/network/] for allocation the correct IP / subnet / Gateway...

• RULE: we expect all traffic from core to the other subnets to be allowed.

• RULE:

• 22 ssh access for all hosts (unless specified).

• Proxmox hosts to be available via http on port 8006.