Office server infrastructureΒΆ

Network / UniFiΒΆ

We’re using all UniFi products for the network in our office. This is:

  • UniFi Switch

  • UniFi Security Gateway

  • UniFi Access Points

This means you can configure the whole network architecture via the UniFi controller. Vouchers for the guest WLAN can be generated in the UniFi Hotspot Manager.

Office proxmoxΒΆ

We’ve a Proxmox and it’s called proxmox1.

Type

Qty

Description

Case

1x

Shuttle Barebone XH50V

CPU

1x

Intel(R) Core(TM) i3-3225 CPU @ 3.30GHz

Memory

2x

8 GB

Storage

2x

256 GB SSD

Hint

To replace a disk, have a look at the Office barebone disk replace troubleshooting guide.

SynologyΒΆ

Because we don’t want to store everything on the Barebone’s SSDs, an additional Synology NAS is in place. The synology NAS is reachable via WebUI.

Hint

The NAS is via iSCSI protocol connected to the proxmox node proxmox1.

APC UPSΒΆ

Most of the rack equipment is connected to a APC UPS. The UPS is connected to proxmox1 and you can access the details of it by running:

apcaccess

The APC UPS currently contains 4 batteries of this type:

  • Panasonic LC-R127R2PG1

  • Acid-lead (AGM) 12V 7.2Ah

  • 6.3mm connectors (Faston F2)

  • 151 x 94 x 65mm

In case you need to replace the batteries, follow these steps:

  • Disconnect battery connector from the APC UPS and remove the battery cartridge

  • Replace batteries

  • Install battery cartridge and connect it again

  • SSH into proxmox1

  • Stop apcupsd and then run apctest

  • Select function 4 (aka View/Change battery date) in the CLI and update the battery date

  • Quit apctest and start apcupsd again

  • After 24 hours of charging, run the self-test of the new batteries

Mac MiniΒΆ

We’re using a Mac Mini to run a Gitlab CI/CD runner on it.

confirmCAΒΆ

We’ve our own certificate authority for client authentication. Here are the specs for the CA:

Server

access1.pvt.confirm.ch

CA path

/etc/ssl/confirmCA

Issue certificate

ca create

Revoke certificate

ca revoke

Send certificate

ca send

To create a new certificate, login via SSH to access.confirm.ch.

Hint

To install the client certificate, read the X.509 SSL client certificate chapter.