Difference between revisions of "Infrastructure"
From Hackerspace.gr
m |
m (fix infra email) |
||
(7 intermediate revisions by 3 users not shown) | |||
Line 5: | Line 5: | ||
In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services. | In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services. | ||
− | == | + | == Services == |
=== Internal === | === Internal === | ||
− | Internal infra includes services that run in the space (WAN, LAN, | + | Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc) |
=== Cloud === | === Cloud === | ||
Line 28: | Line 28: | ||
== Report Issues == | == Report Issues == | ||
− | If you see something say something. For bugs and issues you can send an email to this address: | + | If you see something, say something. For bugs and issues you can send an email to this address: |
− | [[Image:Infra_Service_Desk.png|link=]] | + | [[Image:Infra_Service_Desk.png|240px|link=]] |
− | == | + | == Team == |
− | * The | + | * The team is currently composed by drid, acinonyx, alexandros, olspookishmagus |
+ | * We use [https://gitlab.com/hsgr/ops GitLab] to keep track of our work. | ||
* You can of course find us at the hackerspace almost every day, and definitely every [[Hackday|Tuesday]]. | * You can of course find us at the hackerspace almost every day, and definitely every [[Hackday|Tuesday]]. | ||
* Most of us are always online at Hackerspace's Matrix/IRC channel: [https://riot.im/app/#/room/#hsgr:matrix.org #hsgr]. | * Most of us are always online at Hackerspace's Matrix/IRC channel: [https://riot.im/app/#/room/#hsgr:matrix.org #hsgr]. | ||
− | * For urgent things you can email us at infra@ | + | * For urgent things you can email us at infra@hackerspace.gr |
* For not urgent things see the "Report Issues" section above. | * For not urgent things see the "Report Issues" section above. | ||
+ | |||
+ | === How to join === | ||
+ | |||
+ | # Ask :) Just drop us an email. | ||
+ | # Make sure you understand how we roll (see below). | ||
+ | |||
+ | === How we roll === | ||
+ | |||
+ | Our modus operandi consists of certain principles: | ||
+ | |||
+ | * Automate Everything (Ansible). | ||
+ | * Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices. | ||
+ | * Jurisdiction. We take into account the legal aspects of a resource. | ||
+ | * Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data. | ||
+ | * Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc | ||
+ | * Open Protocols, Software, Hardware. Wherever possible. | ||
+ | * Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc | ||
+ | * No Port Blocking, No P2P Blocking. | ||
+ | * Data Encryption. Support Strongest Data and handshake Encryption | ||
+ | * Linux Config Support (eg. for WiFi enterprise). | ||
+ | * Websites. Avoid Persistent Cookies. Avoid External Trackers. Avoid Proprietary APIs. Strong SSL. SSL Cert to Self (no cloudflare). | ||
+ | * No Spaming. And no Spaming Policy. | ||
+ | * Services Config. Reproducible, track changes, documentation. | ||
+ | * Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish) | ||
+ | * Use 2FA Option. OTP, SSH key with passphrase | ||
+ | * Operational Security. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately. | ||
+ | * Operate by consensus, implement by doocracy. | ||
[[Category:Documentation]] | [[Category:Documentation]] |
Latest revision as of 23:15, 16 February 2024
Contents
About
In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.
Services
Internal
Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc)
Cloud
This includes services that run on the cloud.
- Website (source code)
- Wiki (Mediawiki)
- Media (source code)
- Mailing list (mailman)
- Mail forwarding (operators aliases)
- DNS (authoritative)
3rd Party
Report Issues
If you see something, say something. For bugs and issues you can send an email to this address:
Team
- The team is currently composed by drid, acinonyx, alexandros, olspookishmagus
- We use GitLab to keep track of our work.
- You can of course find us at the hackerspace almost every day, and definitely every Tuesday.
- Most of us are always online at Hackerspace's Matrix/IRC channel: #hsgr.
- For urgent things you can email us at infra@hackerspace.gr
- For not urgent things see the "Report Issues" section above.
How to join
- Ask :) Just drop us an email.
- Make sure you understand how we roll (see below).
How we roll
Our modus operandi consists of certain principles:
- Automate Everything (Ansible).
- Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
- Jurisdiction. We take into account the legal aspects of a resource.
- Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
- Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
- Open Protocols, Software, Hardware. Wherever possible.
- Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
- No Port Blocking, No P2P Blocking.
- Data Encryption. Support Strongest Data and handshake Encryption
- Linux Config Support (eg. for WiFi enterprise).
- Websites. Avoid Persistent Cookies. Avoid External Trackers. Avoid Proprietary APIs. Strong SSL. SSL Cert to Self (no cloudflare).
- No Spaming. And no Spaming Policy.
- Services Config. Reproducible, track changes, documentation.
- Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
- Use 2FA Option. OTP, SSH key with passphrase
- Operational Security. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
- Operate by consensus, implement by doocracy.