msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity
Files
813229d505bd2565b8747fc2437e41bfb5bae99b0a7feb3196bb960ce6416c80
CISS.debian.live.builder/docs/graphviz/ciss.debian.live.builder.dot
Marc S. Weidner 78687ffa78
All checks were successful
Render Graphviz Diagrams. / Render Graphviz Diagrams. (push) Successful in 22s
Details
V8.03.384.2025.06.03 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-06-03 01:48:58 +02:00

156 lines
6.0 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// SPDX-Version: 3.0
// SPDX-CreationInfo: 2025-06-03; WEIDNER, Marc S.; <msw@coresecret.dev>
// SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
// SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
// SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
// SPDX-FileType: SOURCE
// SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
// SPDX-Comment: This file is part of the CISS.debian.installer.secure framework.
// SPDX-PackageName: CISS.debian.live.builder
// SPDX-Security-Contact: security@coresecret.eu
digraph CISS_debian_live_builder {
// -----------------------------
// General settings
// -----------------------------
graph [
fontsize=10,
splines=ortho,
rankdir=LR,
nodesep=0.6,
ranksep=0.8
];
node [fontname="Helvetica"];
// -----------------------------
// KNOTS: Internet clouds (NOT in a cluster)
// -----------------------------
InternetLeft [shape=oval, style=filled, fillcolor=lightblue, label="Internet"];
InternetTLS [shape=oval, style=filled, fillcolor=lightblue, label="TLS/HTTPS"];
// -----------------------------
// KNOTS: Jump Host (integrated into cluster_overall)
// -----------------------------
Jump_Host [shape=diamond, style=filled, fillcolor=green, label="Jump Host"];
// -----------------------------
// KNOTS: Hidden master (in cluster_hm)
// -----------------------------
Hidden_Master [shape=cylinder, style=filled, fillcolor=lavender, label="Hidden-Master"];
// -----------------------------
// KNOTS: Nameserver (in cluster_ns)
// -----------------------------
ns00 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns00.eddns.eu"];
ns01 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns01.eddns.eu"];
ns02 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns02.eddns.de"];
ns03 [shape=cylinder, style=filled, fillcolor=lightyellow, label="ns03.eddns.de"];
ns_anchor [shape=point, style=invis, width=0]; // unsichtbarer Anker für DNSSEC-Pfeile
// -----------------------------
// KNOTS: B-Server (in cluster_B_small & cluster_B_big)
// -----------------------------
git [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="git.coresecret.dev"];
run [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="run.coresecret.dev"];
lab [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="lab.coresecret.dev"];
b_small_anchor [shape=point, style=invis, width=0]; // Anker für kleines B-Cluster
b_big_anchor [shape=point, style=invis, width=0]; // Anker für großes B-Cluster
// -----------------------------
// KNOTS: "cloud.e2ee.li" (in cluster_cloud)
// -----------------------------
cloud [shape=cylinder, style=filled, fillcolor="#FFCCCC", label="cloud.e2ee.li"];
cloud_anchor [shape=point, style=invis, width=0]; // Anker für cloud-Cluster
// -----------------------------
// CLUSTER: Entire system (except Internet clouds)
// -----------------------------
subgraph cluster_overall {
label="SSH-Pub-Key, 2FA, No-Root-Login, aes256-gcm@openssh.com, (No ChaCha) only";
style=solid;
color=red;
// ---- Integrate jump host into outer rectangle ----
Jump_Host;
// ---- Cluster: name server group ----
subgraph cluster_ns {
label="";
style=dashed;
color=red;
ns00;
ns01;
ns02;
ns03;
ns_anchor;
}
// ---- Cluster: Hidden-Master ----
subgraph cluster_hm {
label="";
style=dashed;
color=red;
Hidden_Master;
}
// ---- Cluster: TLS/HTTPS group (contains B-Cluster and cloud) ----
subgraph cluster_tls_group {
label="TLSv1.2 || TLSv1.3 ECDHE-RSA-AES256-GCM-SHA384 ECDH 448 AESGCM 256 & ECDHE-RSA-CHACHA20-POLY1305 ECDH 448 ChaCha20 256";
style=dashed;
color=red;
// ---- Cluster: Outer rectangle around all B nodes (lab + small rectangle) ----
subgraph cluster_B_big {
label="";
style=dashed;
color=red;
lab;
b_big_anchor;
// ---- Cluster: B a) and c) (small rectangle around git and run) ----
subgraph cluster_B_small {
label="";
style=dashed;
color=red;
git;
run;
b_small_anchor;
}
}
// ---- Cluster: "cloud.e2ee.li" ----
subgraph cluster_cloud {
label="HA: LVM on RAID6 on dm-crypt incl. dm-integrity";
style=dashed;
color=red;
cloud;
cloud_anchor;
}
}
}
// -----------------------------
// EDGES
// -----------------------------
// Left: Internet → Jump Host
InternetLeft -> Jump_Host [color=green];
// Jump Host → Hidden-Master
Jump_Host -> Hidden_Master [color=green];
// Hidden-Master → Name servers (each green with the label “HMAC SHA512”)
Hidden_Master -> ns00 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns01 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns02 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns03 [color=green, label="HMAC SHA512"];
// Red arrows “DNSSEC” from name server cluster (ns_anchor) → B cluster (b_big_anchor)
ns_anchor -> b_big_anchor [color=red, label="DNSSEC"];
// Red arrow “DNSSEC” from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor)
ns_anchor -> cloud_anchor [color=red, label="DNSSEC"];
// Red arrows from TLS Internet → B-Cluster and cloud
InternetTLS -> b_big_anchor [color=red];
InternetTLS -> cloud_anchor [color=red];
}
Reference in New Issue View Git Blame Copy Permalink