Infrastructure

From Hackerspace.gr
Revision as of 15:11, 11 July 2019 by Drid (Talk | contribs)

Jump to: navigation, search
Hackerspace Infra.png

About

In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.

Services

Internal

Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc)

Cloud

This includes services that run on the cloud.

3rd Party

Report Issues

If you see something say something. For bugs and issues you can send an email to this address:

Infra Service Desk.png

Transparency

  • The Infra team is currently composed by drid, comzeradd, ebal, sotiri.
  • We use GitLab to keep track of our work.
  • You can of course find us at the hackerspace almost every day, and definitely every Tuesday.
  • Most of us are always online at Hackerspace's Matrix/IRC channel: #hsgr.
  • For urgent things you can email us at infra@
  • For not urgent things see the "Report Issues" section above.

How to join

  1. Ask :) Just drop us an email.
  2. Make sure you understand how we roll (see below).
  3. If none of the existing members has any objection we'll get back you with an onboarding process.

How we roll

Our modus operandi consists of certain principles:

  • Automate Everything (Ansible).
  • Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
  • Jurisdiction. We take into account the legal aspects of a resource.
  • Logging. We keep no traffic logs. As less logs as possible regarding PII, DNS, Timestamps, Bandwidth use, IP Addresses.
  • Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
  • Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
  • Open Protocols, Software, Hardware. Wherever possible. When not possible we use factory defaults, minimal configuration, and modes we can easily combine in various equipment.
  • Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
  • No Port Blocking, No P2P Blockin.
  • Data Encryption. Support Strongest Data and handshake Encryption
  • Linux Config Support (eg. for WiFi enterprise).
  • Websites. Avoid Persistent Cookies. Avoid External Trackers. Avoid Proprietary APIs. Strong SSL. SSL Cert to Self (no cloudflare).
  • No Spaming. And no Spaming Policy.
  • Services Config. Reproducible, track changes, documentation.
  • Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
  • Ethics. We operate in good faith and best effort.
  • Full Disclosure (Internal when detected, external when fixed).
  • Ethical Copy (what we need to say, to the people we need to say it to). User can Control Private Key.
  • Use 2FA Option. OTP, SSH key with passphrase
  • Operational Securety. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. Do not discuss not publicly available information with third party. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
  • Operate by consensus, implement by doocracy.