Difference between revisions of "Infrastructure"

From Hackerspace.gr
Jump to: navigation, search
(add principles)
m (fix infra email)
 
(3 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.
 
In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.
  
== Infra ==
+
== Services ==
  
 
=== Internal ===
 
=== Internal ===
  
Internal infra includes services that run in the space (WAN, LAN, DMZ, etc)
+
Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc)
  
 
=== Cloud ===
 
=== Cloud ===
Line 28: Line 28:
 
== Report Issues ==
 
== Report Issues ==
  
If you see something say something. For bugs and issues you can send an email to this address:
+
If you see something, say something. For bugs and issues you can send an email to this address:
  
 
[[Image:Infra_Service_Desk.png|240px|link=]]
 
[[Image:Infra_Service_Desk.png|240px|link=]]
  
== Transparency ==
+
== Team ==
  
* The Infra team is currently composed by drid, comzeradd, ebal, sotiri.
+
* The team is currently composed by drid, acinonyx, alexandros, olspookishmagus
* We use [https://gitlab.com/infralibre/org GitLab] to keep track of our work.
+
* We use [https://gitlab.com/hsgr/ops GitLab] to keep track of our work.
 
* You can of course find us at the hackerspace almost every day, and definitely every [[Hackday|Tuesday]].
 
* You can of course find us at the hackerspace almost every day, and definitely every [[Hackday|Tuesday]].
 
* Most of us are always online at Hackerspace's Matrix/IRC channel: [https://riot.im/app/#/room/#hsgr:matrix.org #hsgr].
 
* Most of us are always online at Hackerspace's Matrix/IRC channel: [https://riot.im/app/#/room/#hsgr:matrix.org #hsgr].
* For urgent things you can email us at infra@
+
* For urgent things you can email us at infra@hackerspace.gr
 
* For not urgent things see the "Report Issues" section above.
 
* For not urgent things see the "Report Issues" section above.
  
Line 45: Line 45:
 
# Ask :) Just drop us an email.
 
# Ask :) Just drop us an email.
 
# Make sure you understand how we roll (see below).
 
# Make sure you understand how we roll (see below).
# If none of the existing members has any objection we'll get back you with an onboarding process.
 
  
 
=== How we roll ===
 
=== How we roll ===
Line 54: Line 53:
 
* Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
 
* Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
 
* Jurisdiction. We take into account the legal aspects of a resource.
 
* Jurisdiction. We take into account the legal aspects of a resource.
* Logging. We keep no traffic logs. As less logs as possible regarding PII, DNS, Timestamps, Bandwidth use, IP Addresses.
 
 
* Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
 
* Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
 
* Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
 
* Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
* Open Protocols, Software, Hardware. Wherever possible. When not possible we use factory defaults, minimal configuration, and modes we can easily combine in various equipment.  
+
* Open Protocols, Software, Hardware. Wherever possible.  
 
* Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
 
* Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
* No Port Blocking, No P2P Blockin.  
+
* No Port Blocking, No P2P Blocking.  
 
* Data Encryption. Support Strongest Data and handshake Encryption
 
* Data Encryption. Support Strongest Data and handshake Encryption
 
* Linux Config Support (eg. for WiFi enterprise).
 
* Linux Config Support (eg. for WiFi enterprise).
Line 66: Line 64:
 
* Services Config. Reproducible, track changes, documentation.
 
* Services Config. Reproducible, track changes, documentation.
 
* Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
 
* Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
* Ethics. We operate in good faith and best effort.
 
* Full Disclosure (Internal when detected, external when fixed).
 
* Ethical Copy (what we need to say, to the people we need to say it to). User can Control Private Key.
 
 
* Use 2FA Option. OTP, SSH key with passphrase
 
* Use 2FA Option. OTP, SSH key with passphrase
* Operational Securety. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. Do not discuss not publicly available information with third party. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
+
* Operational Security. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
 
* Operate by consensus, implement by doocracy.
 
* Operate by consensus, implement by doocracy.
  
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Latest revision as of 23:15, 16 February 2024

Hackerspace Infra.png

About

In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.

Services

Internal

Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc)

Cloud

This includes services that run on the cloud.

3rd Party

Report Issues

If you see something, say something. For bugs and issues you can send an email to this address:

Infra Service Desk.png

Team

  • The team is currently composed by drid, acinonyx, alexandros, olspookishmagus
  • We use GitLab to keep track of our work.
  • You can of course find us at the hackerspace almost every day, and definitely every Tuesday.
  • Most of us are always online at Hackerspace's Matrix/IRC channel: #hsgr.
  • For urgent things you can email us at infra@hackerspace.gr
  • For not urgent things see the "Report Issues" section above.

How to join

  1. Ask :) Just drop us an email.
  2. Make sure you understand how we roll (see below).

How we roll

Our modus operandi consists of certain principles:

  • Automate Everything (Ansible).
  • Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
  • Jurisdiction. We take into account the legal aspects of a resource.
  • Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
  • Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
  • Open Protocols, Software, Hardware. Wherever possible.
  • Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
  • No Port Blocking, No P2P Blocking.
  • Data Encryption. Support Strongest Data and handshake Encryption
  • Linux Config Support (eg. for WiFi enterprise).
  • Websites. Avoid Persistent Cookies. Avoid External Trackers. Avoid Proprietary APIs. Strong SSL. SSL Cert to Self (no cloudflare).
  • No Spaming. And no Spaming Policy.
  • Services Config. Reproducible, track changes, documentation.
  • Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
  • Use 2FA Option. OTP, SSH key with passphrase
  • Operational Security. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
  • Operate by consensus, implement by doocracy.