kenjim/appa-net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38f2aefecd92968f3ba3addc3bf791b30c9a76a8
appa-net/README.md
Kenji Morishige 38f2aefecd Add pfSense backup utility and documentation 
- Add backup-pfsense-config.sh script for automated config backups via SSH
- Auto-commits backups to git with timestamped filenames
- Includes validation, error handling, and troubleshooting guides
- Add scripts/README.md with detailed usage and crontab examples
- Add BACKUP-QUICKSTART.md for quick reference commands
- Update README.md to reference automated backup workflow
- Create backups/ directory structure

The script tests SSH connectivity successfully to pfSense.
2026-04-22 14:42:43 -05:00

191 lines
6.3 KiB
Markdown
Raw Blame History

# appa-net
Central repository for managing, orchestrating, and storing configuration for local network infrastructure and servers.
## Overview
This repository serves as the single source of truth for your home network's server and infrastructure configurations. By versioning your network infrastructure as code, you gain:
- **Version control** — track all configuration changes, revert if needed
- **Documentation** — configurations serve as living documentation
- **Reproducibility** — easily redeploy or migrate services
- **Auditability** — understand who changed what and when
## Repository Structure
Each folder represents a network-accessible device or server, named using the `.home.arpa` suffix (RFC 6762 — local network discovery):
```
appa-net/
├── pfsense.home.arpa/ # pfSense router/firewall (DHCP, DNS, NAT, etc.)
├── zet.home.arpa/ # General compute/services (Squid proxy, etc.)
└── README.md # This file
```
### Directory Naming Convention
- **Domain format**: Use `hostname.home.arpa` to follow RFC 6762 conventions for local-only names
- **Lowercase**: Keep hostnames lowercase for consistency
- **Self-contained**: Each folder contains all configs and documentation specific to that device
## Device Inventory
### pfsense.home.arpa
Your primary router/firewall running pfSense. Handles:
- DHCP and static IP assignment
- DNS resolution
- WAN/LAN routing
- NAT and port forwarding
- Firewall rules
**Configurations to track:**
- System configuration backups (XML exports)
- Firewall rules and aliases
- Static routes
- NAT rules and port forwards
- DHCP scopes and reservations
- DNS configuration
- VPN settings (if applicable)
### zet.home.arpa
General-purpose compute server. Currently running:
- **Squid** transparent proxy for HTTP traffic interception and caching
**Configurations to track:**
- Squid configuration and rules
- iptables/firewall rules for traffic redirection
- Service startup and monitoring scripts
- Application-specific settings
## Adding a New Device
To add a new server or device to this repository:
1. Create a new folder: `mkdir hostname.home.arpa`
2. Add relevant configuration files:
- Configuration files (YAML, JSON, or text formats for readability)
- README.md explaining the device's purpose and key configurations
- Any orchestration scripts (Ansible playbooks, Terraform configs, etc.)
3. Commit with a clear message: `Add hostname.home.arpa configuration`
Example structure for a new device:
```
myserver.home.arpa/
├── README.md # Purpose, role, and setup notes
├── config/
│ ├── app.conf
│ └── network.conf
├── scripts/
│ └── deploy.sh
└── orchestration/
└── playbook.yml # (if using Ansible)
```
## Management Approaches
### Orchestration Tools (Recommended for Future)
Consider these tools for managing configurations at scale:
- **Ansible** — agentless configuration management, great for heterogeneous infrastructure
- **Terraform** — infrastructure-as-code, useful for reproducible deployments
- **Docker/Compose** — containerize services for consistency across hosts
- **Custom scripts** — shell scripts for simple one-off configurations
### Backup Strategy
- Export pfSense configs regularly (Diagnostics → Backup/Restore)
- Archive configuration snapshots in this repo with timestamps
- Keep sensitive data (keys, credentials) in a secure vault outside this repo
### Best Practices
1. **Documentation First** — Each device folder should have a README explaining:
- Device purpose and role in the network
- IP address and hostname
- Key services running
- How to access and modify configurations
2. **Configuration as Code** — Store configs in text-based formats (YAML, JSON, conf) when possible
- Avoid binary formats; prefer exports you can diff
- Use comments to explain non-obvious settings
3. **Secrets Management** — Never commit passwords, API keys, or tokens:
- Store sensitive values in `.env` files or a secrets manager
- Use `{% raw %}{{ variables }}{% endraw %}` placeholders in configs
- Document where secrets come from (e.g., "stored in Bitwarden")
4. **Change Control** — Use git commits to document infrastructure changes:
```
git commit -m "pfsense: Add NAT rule for Squid traffic interception"
```
5. **Testing Changes** — When possible, test config changes in a staging environment first
## Feedback on Your Current Setup
**✅ Strengths:**
- Using `.home.arpa` naming is correct per RFC 6762
- Clear device-based organization scales well
- Git-based versioning from the start is a great practice
- Already documenting configuration workflows (PROXY-SETUP.md)
**💡 Suggestions:**
1. Add a README to `pfsense.home.arpa/` documenting:
- Current network topology and IP ranges
- Important firewall rules
- How to export/restore backups
2. Consider a `docs/` folder at the root for:
- Network topology diagrams (Mermaid, draw.io)
- IP addressing scheme and VLAN assignments
- Service dependencies and network flows
3. For pfSense backups:
- Export XML configs to `pfsense.home.arpa/backups/` with dates
- Document critical custom configurations as markdown files
4. As you add more devices, consider an inventory file (YAML/JSON) at the root:
```yaml
# inventory.yml
devices:
pfsense.home.arpa:
ip: 172.27.0.1
role: router/firewall
zet.home.arpa:
ip: 172.27.0.35
role: compute/proxy
```
5. Add GitHub Actions or a CI workflow to:
- Validate configuration syntax
- Generate documentation from configs
- Alert on uncommitted changes (for critical devices)
## Quick Start
1. Navigate to a device folder:
```bash
cd pfsense.home.arpa
```
2. Review current configuration:
```bash
cat README.md
```
3. Make changes and commit:
```bash
git add .
git commit -m "Description of change"
git push
```
## Contributing & Maintenance
- **Regular backups**: Schedule automated exports of device configs to this repo
- **Documentation updates**: Keep READMEs in sync with actual configurations
- **Change log**: Use commit messages to maintain a history of infrastructure decisions
- **Review**: Before major changes, review existing configs to understand dependencies
---
**Last Updated:** 2026-04-22
Reference in New Issue View Git Blame Copy Permalink