Office server infrastructure
=============================

Network / UniFi
---------------

We're using all `UniFi products <https://unifi-sdn.ubnt.com/>`_ for the network in our office. This is:

- UniFi Switch
- UniFi Security Gateway
- UniFi Access Points

This means you can configure the whole network architecture via the `UniFi controller <https://unifi.confirm.ch>`_. Vouchers for the guest WLAN can be generated in the `UniFi Hotspot Manager <https://unifi.confirm.ch/manage/hotspot/>`_.

Office proxmox
--------------

We've a :ref:`Proxmox` and it's called `proxmox1 <ssh://proxmox1.pvt.confirm.ch>`_.

+---------+-----+-----------------------------------------+
|   Type  | Qty |               Description               |
+=========+=====+=========================================+
| Case    | 1x  | Shuttle Barebone XH50V                  |
+---------+-----+-----------------------------------------+
| CPU     | 1x  | Intel(R) Core(TM) i3-3225 CPU @ 3.30GHz |
+---------+-----+-----------------------------------------+
| Memory  | 2x  | 8 GB                                    |
+---------+-----+-----------------------------------------+
| Storage | 2x  | 256 GB SSD                              |
+---------+-----+-----------------------------------------+

.. hint::

    To replace a disk, have a look at the :ref:`Office Barebone disk replace` troubleshooting guide.

Synology
--------

Because we don't want to store everything on the Barebone's SSDs, an additional Synology NAS is in place.
The synology NAS is reachable via `WebUI <https://nas1.pvt.confirm.ch/>`_.

.. hint::

    The NAS is via iSCSI protocol connected to the proxmox node `proxmox1 <ssh://proxmox1.pvt.confirm.ch>`_.

APC UPS
-------

Most of the rack equipment is connected to a APC UPS. 
The UPS is connected to `proxmox1 <ssh://proxmox1.pvt.confirm.ch>`_ and you can access the details of it by running:

.. code-block:: bash

    apcaccess

The APC UPS currently contains 4 batteries of this type:

- Panasonic LC-R127R2PG1
- Acid-lead (AGM) 12V 7.2Ah
- 6.3mm connectors (Faston F2)
- 151 x 94 x 65mm

In case you need to replace the batteries, follow these steps:

- Disconnect battery connector from the APC UPS and remove the battery cartridge
- Replace batteries
- Install battery cartridge and connect it again
- SSH into `proxmox1 <ssh://proxmox1.pvt.confirm.ch>`_
- Stop ``apcupsd`` and then run ``apctest``
- Select function `4` (aka `View/Change battery date`) in the CLI and update the battery date
- Quit ``apctest`` and start ``apcupsd`` again
- After 24 hours of charging, run the self-test of the new batteries

Mac Mini
--------

We're using a `Mac Mini <vnc://macmini1.pvt.confirm.ch>`_ to run a Gitlab CI/CD runner on it.

confirmCA
---------

We've our own certificate authority for client authentication.
Here are the specs for the CA:

+------------------------+----------------------------------------------------------+
|       **Server**       | `access1.pvt.confirm.ch <ssh://access1.pvt.confirm.ch>`_ |
+------------------------+----------------------------------------------------------+
| **CA path**            | ``/etc/ssl/confirmCA``                                   |
+------------------------+----------------------------------------------------------+
| **Issue certificate**  | ``ca create``                                            |
+------------------------+----------------------------------------------------------+
| **Revoke certificate** | ``ca revoke``                                            |
+------------------------+----------------------------------------------------------+
| **Send certificate**   | ``ca send``                                              |
+------------------------+----------------------------------------------------------+

To create a new certificate, login via SSH to `access.confirm.ch <ssh://access.confirm.ch>`_.

.. hint:: 

    To install the client certificate, read the :ref:`X.509 SSL client certificate` chapter.