5 files changed, 96 insertions, 10 deletions

diff --git a/SCHEMA_CENTRAL.md b/SCHEMA_CENTRAL.md
index 0aee615..49e5463 100644
--- a/SCHEMA_CENTRAL.md
+++ b/SCHEMA_CENTRAL.md
@@ -1,6 +1,6 @@
 # Schema Central - Infrastructure Araucaria

 

-> Derniere mise a jour : 2026-02-19

+> Derniere mise a jour : 2026-02-23

 > Domaine : arauco.online | Reseau : 192.168.99.0/24

 

 ## Vue d'ensemble

@@ -44,6 +44,12 @@ flowchart TB
             nginx_test["nginx test :8080"]

         end

 

+        subgraph huinca_srv ["huinca - .66<br/>2 vCPU | 4 GB RAM | 70 GB"]

+            postfix_h["Postfix :25/:465/:587"]

+            dovecot_h["Dovecot :993"]

+            dkim_h["OpenDKIM + SpamAssassin"]

+        end

+

         subgraph lautaro ["lautaro - .108 - Raspberry Pi<br/>Non accessible"]

             ha_l["Home Assistant :8123"]

         end

@@ -52,7 +58,6 @@ flowchart TB
             lemolemo["lemolemo .33<br/>10 GB"]

             toki["toki .44<br/>10 GB"]

             copihue["copihue .11"]

-            huinca["huinca .66<br/>70 GB"]

             kura["kura<br/>5 GB"]

         end

     end

@@ -64,11 +69,13 @@ flowchart TB
     kvm -->|"virsh / br0"| chillka

     kvm -->|"virsh / br0"| npagnun

     kvm -->|"virsh / br0"| huitral

+    kvm -->|"virsh / br0"| huinca_srv

     lvm -.->|"vgarauco0-*"| dormant

 

     dnsmasq -.->|"DNS"| chillka

     dnsmasq -.->|"DNS"| npagnun

     dnsmasq -.->|"DNS"| huitral

+    dnsmasq -.->|"DNS"| huinca_srv

     dnsmasq -.->|"DNS"| lautaro

 

     keycloak -->|"JDBC"| pg_kc

@@ -94,6 +101,7 @@ flowchart TB
 | araucaria (host) | [araucaria_host.mmd](micro/vms/araucaria_host.mmd) | Hote KVM, interfaces, LVM, services, VMs gerees |

 | npagnun | [npagnun.mmd](micro/vms/npagnun.mmd) | Ubuntu 24.04, Keycloak + PostgreSQL (Docker) |

 | huitral | [huitral.mmd](micro/vms/huitral.mmd) | Debian 12, Docker: Medusa, Vikunja, HA, der-topogo, nginx |

+| huinca | [huinca.mmd](micro/vms/huinca.mmd) | Ubuntu 24.04, serveur mail natif: Postfix, Dovecot, OpenDKIM, SpamAssassin |

 | chillka | [chillka.mmd](micro/vms/chillka.mmd) | Gitea, Samba, HTTP, SSH |

 | lautaro | [lautaro.mmd](micro/vms/lautaro.mmd) | Raspberry Pi, Home Assistant (non accessible) |

 

@@ -218,5 +226,5 @@ git diff HEAD..origin/main -- <fichier> # diff sur un fichier specifique
 | lemolemo | .33 | - | 10 GB | dormant |

 | toki | .44 | - | 10 GB | dormant |

 | copihue | .11 | - | - | dormant |

-| huinca | .66 | - | 70 GB | dormant |

+| huinca | .66 | 4 GB | 70 GB | running |

 | kura | - | - | 5 GB | dormant |

diff --git a/macro/vue_ensemble.mmd b/macro/vue_ensemble.mmd
index 99bda1f..24c29c4 100644
--- a/macro/vue_ensemble.mmd
+++ b/macro/vue_ensemble.mmd
@@ -40,6 +40,13 @@ flowchart LR
         nginx_t["nginx :8080"]

     end

 

+    subgraph huinca ["huinca 192.168.99.66 - 4GB"]

+        direction TB

+        postfix_h["Postfix :25/:465/:587"]

+        dovecot_h["Dovecot :993"]

+        dkim_h["OpenDKIM + SpamAssassin"]

+    end

+

     subgraph lautaro ["lautaro 192.168.99.108 RPi"]

         ha_l["HA :8123<br/>non accessible"]

     end

@@ -49,7 +56,6 @@ flowchart LR
         d1["lemolemo .33 10GB"]

         d2["toki .44 10GB"]

         d3["copihue .11"]

-        d4["huinca .66 70GB"]

         d5["kura 5GB"]

     end

 

@@ -57,11 +63,13 @@ flowchart LR
     kvm --> chillka

     kvm --> npagnun

     kvm --> huitral

+    kvm --> huinca

     lvm -.-> dormant

 

     dnsmasq -.->|"DNS"| chillka

     dnsmasq -.->|"DNS"| npagnun

     dnsmasq -.->|"DNS"| huitral

+    dnsmasq -.->|"DNS"| huinca

     dnsmasq -.->|"DNS"| lautaro

 

     keycloak --> pg_kc

diff --git a/micro/reseau/caddy_reverse_proxy.mmd b/micro/reseau/caddy_reverse_proxy.mmd
index 92ff28f..de89f35 100644
--- a/micro/reseau/caddy_reverse_proxy.mmd
+++ b/micro/reseau/caddy_reverse_proxy.mmd
@@ -32,6 +32,7 @@ flowchart LR
             r_pm["pm.arauco.online"]

             r_lsb["lsb.arauco.online"]

             r_api_lsb["api-lsb.arauco.online"]

+            r_mail["mail.arauco.online"]

             r_redir["arauco.online<br/>-> 301 www.*"]

         end

     end

@@ -52,6 +53,10 @@ flowchart LR
         ws_note["WebSocket HA<br/>read_timeout 0"]

     end

 

+    subgraph huinca ["huinca .66"]

+        mail_status["mail.arauco.online<br/>status page / webmail<br/>:80"]

+    end

+

     dns_pub --> nat

     nat --> listen

 

@@ -62,6 +67,7 @@ flowchart LR
     r_pm -->|"HTTP"| pm

     r_lsb -->|"HTTP"| lsb_sf

     r_api_lsb -->|"HTTP"| lsb_be

+    r_mail -->|"HTTP"| mail_status

 

     tls --> routing

 

@@ -75,6 +81,6 @@ flowchart LR
     class dns_pub,client,gw,nat extStyle

     class listen,tls netStyle

     class headers,kc_block secStyle

-    class r_www,r_kc,r_ha,r_vk,r_pm,r_lsb,r_api_lsb,r_redir routeStyle

+    class r_www,r_kc,r_ha,r_vk,r_pm,r_lsb,r_api_lsb,r_mail,r_redir routeStyle

     class keycloak iamStyle

-    class dt,ha,vk,pm,lsb_sf,lsb_be,ws_note svcStyle

+    class dt,ha,vk,pm,lsb_sf,lsb_be,ws_note,mail_status svcStyle

diff --git a/micro/reseau/topologie_reseau.mmd b/micro/reseau/topologie_reseau.mmd
index 95d9364..6886369 100644
--- a/micro/reseau/topologie_reseau.mmd
+++ b/micro/reseau/topologie_reseau.mmd
@@ -2,13 +2,13 @@
 flowchart LR

     subgraph internet ["Internet"]

         direction TB

-        ddns["DDNS Namecheap<br/>arauco.online<br/>git.arauco.online<br/>www.arauco.online"]

+        ddns["DDNS Namecheap<br/>arauco.online<br/>git.arauco.online<br/>www.arauco.online<br/>mail.arauco.online"]

         upstream["Forwarders DNS<br/>8.8.8.8 / 8.8.4.4 / 1.1.1.1"]

     end

 

     subgraph swisscom ["Routeur Swisscom"]

         gw["Gateway 192.168.99.1"]

-        nat["NAT ext:2222<br/>-> .51:1220"]

+        nat["NAT ext:2222<br/>-> .51:1220<br/>mail:25/465/587/993<br/>-> .66"]

     end

 

     subgraph host_if ["araucaria - Interfaces"]

@@ -30,7 +30,8 @@ flowchart LR
         r_chillka[".55 git.arauco.online<br/>.55 chillka.local"]

         r_npagnun[".35 npagnun.local<br/>.35 keycloak.arauco.local"]

         r_huitral[".22 huitral.local"]

-        r_other[".33 lemolemo | .44 toki<br/>.11 copihue | .66 huinca"]

+        r_huinca[".66 mail.arauco.online<br/>.66 huinca.local"]

+        r_other[".33 lemolemo | .44 toki<br/>.11 copihue"]

     end

 

     subgraph ptr ["PTR Records"]

@@ -72,7 +73,7 @@ flowchart LR
     class ddns,upstream,nat,gw extStyle

     class eth0,br0,eth1 netStyle

     class virbr0 dormStyle

-    class dns_svc,r_araucaria,r_chillka,r_npagnun,r_huitral,r_other dnsStyle

+    class dns_svc,r_araucaria,r_chillka,r_npagnun,r_huitral,r_huinca,r_other dnsStyle

     class ptr1,ptr2 dnsStyle

     class vnet1,vnet7,vnet8 netStyle

     class rt1,rt2,rt3,rt4 routeStyle

diff --git a/micro/vms/huinca.mmd b/micro/vms/huinca.mmd
new file mode 100644
index 0000000..8c265a7
--- /dev/null
+++ b/micro/vms/huinca.mmd
@@ -0,0 +1,63 @@
+%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%%

+flowchart LR

+    subgraph mail_stack ["Services Mail natifs"]

+        direction TB

+        postfix["Postfix<br/>SMTP :25 :465 :587"]

+        dovecot["Dovecot<br/>IMAP :993<br/>LMTP + Sieve"]

+        opendkim["OpenDKIM<br/>milter DKIM"]

+        spamassassin["SpamAssassin<br/>anti-spam"]

+        clamav["ClamAV + Amavis<br/>antivirus"]

+        fail2ban_m["fail2ban<br/>postfix, dovecot, sasl"]

+        postfix -->|"milter"| opendkim

+        postfix -->|"content_filter"| spamassassin

+        spamassassin --> clamav

+    end

+

+    subgraph tls ["TLS"]

+        direction TB

+        certs["/etc/ssl/mail/<br/>fullchain.pem<br/>privkey.pem"]

+        sync["rsync cron depuis<br/>araucaria Caddy<br/>Let's Encrypt"]

+        sync --> certs

+    end

+

+    subgraph config ["Config huinca"]

+        direction TB

+        vm_info["huinca .66<br/>Ubuntu 24.04 LTS<br/>2 vCPU 4 GB RAM<br/>LVM 70 GB"]

+        partitions["/var/mail 40 GB<br/>/var/log 5 GB<br/>/ 15 GB"]

+        user_info["user: toshiro<br/>SSH cle uniquement"]

+    end

+

+    subgraph access ["Acces reseau"]

+        direction TB

+        dns["mail.arauco.online<br/>huinca.local<br/>-> 192.168.99.66"]

+        nat["NAT Swisscom<br/>:25 :465 :587 :993<br/>-> .66"]

+        clients["Clients mail<br/>Thunderbird / K-9"]

+    end

+

+    subgraph mailboxes ["Boites mail"]

+        direction TB

+        maildir["Maildir<br/>/home/*/Maildir/"]

+        aliases["Aliases<br/>postmaster -> toshiro<br/>root -> toshiro"]

+    end

+

+    clients -->|"IMAPS :993"| dovecot

+    clients -->|"SMTPS :465/587"| postfix

+    nat --> postfix

+    dns -.-> postfix

+    certs -.-> postfix

+    certs -.-> dovecot

+    dovecot --> maildir

+

+    classDef mailStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0

+    classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8

+    classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0

+    classDef configStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8

+    classDef storStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8

+    classDef tlsStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0

+

+    class postfix,dovecot mailStyle

+    class opendkim,spamassassin,clamav,fail2ban_m secStyle

+    class dns,nat,clients netStyle

+    class vm_info,partitions,user_info configStyle

+    class maildir,aliases storStyle

+    class certs,sync tlsStyle