Difference between revisions of "Project Bringing Sexy Back"
imported>Echarlie (→gopherspace) |
imported>Echarlie (→mail) |
||
Line 237: | Line 237: | ||
=== mail === | === mail === | ||
− | * Train spamassassin | + | * Train spamassassin (use corpus) |
* Sieve doesn't seem to work | * Sieve doesn't seem to work | ||
Revision as of 21:24, 15 May 2018
Note: This page does not reflect current infrastructure. It is for planning purposes.
This is an effort toward the end of Fall 2017 and early Spring 2018 to get new hardware, determining if we can use old hardware for anything, bring many vtluug services back to life plus add new services, fix major problems relating to the current infrastructure, make managing the current infrastructure easier, and to provide enough documentation so that anybody can have a very good understanding of how everything works without having to ask the officers about every little thing. This will be summarized in the Sysadmin Handbook
One major change is running an Proxmox cluster to managing everything, along with offering a VPS service in addition to shell accounts on Acidburn. This is not possible with the current hardware.
Contents
Getting new hardware
Cyberdelia is the only connected physical machine right now, besides our router. See Infrastructure 2017. We are planning to request funding from the SBB for new infrastructure as early as possible Spring 2018.
We are still working on exactly what to ask for, but here are some desirable things: //TODO link items
Priority | Item | Estimated Cost |
---|---|---|
10 | Dell Poweredge R620s | $600 ish |
Ideally we will get 2. A much more detailed price analysis will be done for the SBB.
\o/ We got $1300 to get 2 R620s!!
Hardware Configuration
Hardware
- temp88191
- Cyberdelia
- Wood
- 2x SGI (Phantomphreak/Joey)
- 2x R620s (Meltdown/Spectre)
Configuration
- Router/DNS Server: joey (sry temp88191 is too old)
- NAS: Cyberdelia due to its HDD capacity
- Proxmox hosted-engine: Both R620s, Phantomphreak
- HPC: Wood due to its 4U height that can easily fit gpus
Diagrams in progress
Networking
See Infrastructure for a mostly up to date networking layout.
This section reflects the services decscribed in the following section.
Public IPv4 addresses
Function | DNS | IP |
---|---|---|
Router/DNS | joey.vtluug.org | 128.173.88.191 |
Proxmox Controller | meltdown.vtluug.org | 128.173.89.244 |
Web/Proxy server | sczi.vtluug.org | 128.173.88.78 |
Shell Server | acidburn.vtluug.org | 128.173.89.245 |
FreeIPA | zerocool.vtluug.org | 128.173.89.247 |
Mirror | mirror.vtluug.org | 128.173.89.246 |
Matt's server | mjh.ece.vt.edu | 128.173.88.104 |
As per echarlie, "check rdns. if there isn't an entry, and it's in ece's allocated block, we can use it."
Private IPv4 addresses
We also use private addresses for things like NAS. This isn't 100% figured out yet, but we will probably do something like use 10.0.0.0-100 as static IPs and run DHCP on 10.0.0.101+.
IPv6 addresses
See Infrastructure.
Service Importance
Note: This section's PoV does not taking into account the current state of service. Instead, it assumes services are being installed to a new infrastructure.
All necessary services send notifications to officers for alerts.
Syntax:
- Host (hostname)
- Services running on host
Essential
Bare Metal
- Routing (joey)
- DNS (joey)
- Firewall (joey)
- NAS ("new" dell 2900 - dirtycow, dell 2900 - cyberdelia, r310 - fallout)
- Proxmox VE (meltdown,spectre,phantomphreak)
VMs
- FreeIPA (chimera)
- Sczi (sczi)
- vtluug.org
- wiki.vtluug.org
- hokieprivacy.org
- linx.vtluug.org + linx.li
- bash.vtluug.org
- pSQL
Very Important
Bare Metal
- VPS system via Proxmox
- Somewhat automated system where a user is given a VM
- Give each user an ipv6 address
- NAS Backup
VMs
- Shell (acidburn)
- Wadsworth
- duckhunter9000
- multimediamanv2
- Produces /files/irc-vtluug.org
- Member pages @ vtluug.org/~user
- rsyslog (theplague)
- Need to research this a bunch
- jitsi.vtluug.org (jitsi)
- Proxy through sczi
- emby.vtluug.org (emby)
- Proxy through sczi
Important
VMs
- mirror.vtluug.org (mirror)
- syncthing discovery server (sync)
- Tahoe-LAFS (crashoverride)
- telnet BBS
- How tf do these things work
- wargame.vtluug.org (wargame)
- Archive Team Warrior
- map.vtluug.org (map)
Other things to consider
- diaspora*
- finger (kerberos-based)
- talkd
Migration
NOTE: We're not going to use docker //TODO (??? elaborate)
VTLUUG Site
- Migrate to docker
VTLUUG wiki
- Backup content
- Migrate to docker
Gobblerpedia
- Backup content
- Migrate to docker
Wadsworth/phenny
- Backup db (for .in)
- Migrate to docker
VTBash
- Migrate to docker
Hokieprivacy
- Migrate to docker
Linx
- Move files to NAS
- Migrate to docker
Acidburn
- Migrate homedirs to NAS (what do you mean; they're already there)
- Currently have a ton of users - most people don't use it anymore or have accounts in new ldap system (resolved: ewontfix notabug)
- Have people re-register with FreeIPA - this is a dick move; need ways to do remotely
- Implement background tmux irc systemd service (or just tell people to use crontabs @reboot )
/tank
- Backup then clean up
- Either to tardis or a temporary NAS
Issues with current services
When (re)implementing services listed above do the following changes.
VTLUUG Site
- We're literally proxying a static github page (vtluug.github.io)
- Probably should be redesigned to be slightly more dynamic using jekyll or flask or something
VTLUUG wiki
- Need meeting script
- Need to clean up a lot of old information
Gobblerpedia
- Lots of out of date information
- Building templates (populate automatically from database)
Wadsworth/phenny
- Things constantly break, but there's nothing we can really do about this
- Migrate to irc3 pythong library for a stable core
- Migrate SysV scripts to systemd unit files
VTBash
- Old shitty interface converted from python2 to python3
- Nothing good seems to already exist, so we probably need to write one from scratch
- Need to merge 2 old sqlite databases
- Causes bug when only 1 quote author is entered, this is why they can't be merged
Hokieprivacy
- Mobile formatting is fucked -- someone should look into the hugo templates and fix
- Out of date
Linx
- Offload storage to NAS
- Binaries need updating
- Need to do reddit stress test
vtluug.org/files
- Need easy way fo non-root to add stuff here
- Train spamassassin (use corpus)
- Sieve doesn't seem to work
gopherspace
- who tf uses gopher (fwiw, gopher was 90% of the goal of project bringing sexy back)
- legacy IP only, b/c pygopherd is shite
TOR services
linx, hokieprivacy, and the main site (hence vtluug.org) can be accessed over tor. advertise these urls or make them more memorable (or both)