jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Major documentation restructure - consolidated docs
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
New Structure:
- 01-NETWORK-MAP.md - Network topology, IPs, Docker networks, services
- 02-SERVICES-CRITICAL.md - DNS, Auth, Routing (P0/P1 services)
- 03-SERVICES-OTHER.md - All non-critical services
- 04-HARDWARE-INVENTORY.md - Physical devices and specs
- 05-CHANGELOG.md - Major events only

New Folders:
- docs/archive/ - Legacy docs (read-only reference)
- docs/wip/ - Planned changes and ideas
  - UPGRADE-2026-HARDWARE.md - N5 Air + N100 migration plan
  - GITOPS-CONTAINERS.md - Phase 2 container GitOps

Changes:
- Moved all 22 legacy docs to archive/
- Consolidated container IPs, physical map, and services into single network map
- Extracted critical vs non-critical service classification
- Simplified changelog to major events only

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
XTRM-Unraid
2026-01-25 11:17:33 +02:00
parent ed17dea2d6
commit b250493d5a
31 changed files with 1585 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
docs/archive/05-PHASE5-RUSTDESK.md Normal file
View File

@@ -0,0 +1,194 @@
# Phase 5: Hardened RustDesk Self-Hosted Setup
## Status: ✅ FULLY COMPLETE
**Last Verified:** 2026-01-18
**Completion Date:** 2026-01-18
---
## Goal
Deploy a high-security, self-hosted RustDesk infrastructure with custom ID server, relay server, and end-to-end encryption using your own keypair.
---
## Current State
### Server Components
| Component | Container | Status | Ports |
|-----------|-----------|--------|-------|
| ID Server | rustdesk-hbbs | ✅ Running | TCP 21115-21116, UDP 21116, WS 21118-21119 |
| Relay Server | rustdesk-hbbr | ✅ Running | TCP 21117 |
### Configuration
| Parameter | Value |
|-----------|-------|
| Public Key | `+Xlxh96tqwh9tD58ctOmB05Qpfs0ByCoLQcF+yCw0J8=` |
| ID Server | rustdesk.xtrm-lab.org:21116 |
| Relay Server | rustdesk.xtrm-lab.org:21117 |
| DNS | rustdesk.xtrm-lab.org → 62.73.120.142 |
| Data Path | /mnt/user/appdata/rustdesk-server |
### Registered Clients
| ID | Platform | Status |
|----|----------|--------|
| 527588949 | macOS | ✅ Working |
| 20116399 | Nobara Linux | ✅ Working |
### MikroTik NAT Rules
| Rule | Protocol | WAN Port | Destination |
|------|----------|----------|-------------|
| RustDesk NAT Test | TCP | 21115 | 192.168.31.2:21115 |
| RustDesk ID Server | TCP | 21116 | 192.168.31.2:21116 |
| RustDesk ID Server | UDP | 21116 | 192.168.31.2:21116 |
| RustDesk Relay | TCP | 21117 | 192.168.31.2:21117 |
---
## Client Configuration
To connect RustDesk clients to your self-hosted server:
### Settings
```
ID Server: rustdesk.xtrm-lab.org
Relay Server: rustdesk.xtrm-lab.org
Key: +Xlxh96tqwh9tD58ctOmB05Qpfs0ByCoLQcF+yCw0J8=
```
### Connection String (for quick setup)
```
rustdesk.xtrm-lab.org,+Xlxh96tqwh9tD58ctOmB05Qpfs0ByCoLQcF+yCw0J8=
```
### macOS Permissions Required
- **Accessibility** - Required for keyboard/mouse control
- **Screen Recording** - Required for screen capture
---
## Verification Checklist
### Server-Side
- [x] Keypair generated: `/mnt/user/appdata/rustdesk-server/id_ed25519*`
- [x] hbbs container running
- [x] hbbr container running
- [x] MikroTik NAT rules configured (4 rules)
- [x] DNS resolves: rustdesk.xtrm-lab.org → 62.73.120.142
- [x] Port 21116 accessible from external
- [x] Port 21117 accessible from external
### Client-Side
- [x] Nobara client connects with public key
- [x] macOS client connects with public key
- [x] Remote session works (Nobara → macOS tested)
- [x] Video streaming working
- [x] Keyboard/mouse control working
---
## Architecture
```
Internet
┌────────────▼────────────┐
│ MikroTik (62.73.120.142)│
│ NAT Rules: │
│ TCP 21115-21117 │
│ UDP 21116 │
└────────────┬────────────┘
┌──────────────────┼──────────────────┐
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ hbbs (ID Server)│ │ hbbr (Relay) │ │ RustDesk Client │
│ TCP 21115-21116 │ │ TCP 21117 │ │ Your devices │
│ UDP 21116 │ │ │ │ │
│ WS 21118-21119 │ │ │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
```
---
## Container Details
### hbbs (ID/Rendezvous Server)
```
Image: rustdesk/rustdesk-server:latest
Command: hbbs -r rustdesk.xtrm-lab.org:21117 -k _
Volume: /mnt/user/appdata/rustdesk-server:/root
Ports: 21115, 21116 (TCP+UDP), 21118, 21119
```
### hbbr (Relay Server)
```
Image: rustdesk/rustdesk-server:latest
Command: hbbr -k _
Volume: /mnt/user/appdata/rustdesk-server:/root
Ports: 21117
```
**Note:** The `-k _` flag enforces encrypted connections using the keypair.
---
## Security Features
1. **End-to-End Encryption:** All connections encrypted with Ed25519 keypair
2. **Key Verification:** Clients must have correct public key to connect
3. **Self-Hosted:** No third-party servers involved
4. **Encrypted-Only Mode:** Unencrypted connections rejected
---
## Maintenance
### View Logs
```bash
docker logs rustdesk-hbbs --tail 50
docker logs rustdesk-hbbr --tail 50
```
### Restart Services
```bash
docker restart rustdesk-hbbs rustdesk-hbbr
```
### Key Rotation
```bash
# Generate new keypair
docker run --rm -v /mnt/user/appdata/rustdesk-server:/data rustdesk/rustdesk-server hbbs -g
# Restart containers
docker restart rustdesk-hbbs rustdesk-hbbr
# Update all clients with new public key
```
---
## Rollback Procedure
```bash
# Stop and remove containers
docker stop rustdesk-hbbs rustdesk-hbbr
docker rm rustdesk-hbbs rustdesk-hbbr
# Remove MikroTik NAT rules (via SSH)
/ip/firewall/nat remove [find comment~RustDesk]
```
---
## Related Documents
- [00-CURRENT-STATE.md](./00-CURRENT-STATE.md) - Infrastructure overview
- [04-PHASE4-REMOTE-GAMING.md](./04-PHASE4-REMOTE-GAMING.md) - Sunshine/Moonlight setup