Difference between revisions of "Infrastructure"

From Hackerspace.gr
Jump to: navigation, search
m
(Transparency)
(7 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.
 
In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.
  
== Infra ==
+
== Services ==
  
 
=== Internal ===
 
=== Internal ===
  
Internal infra includes services that run in the space (WAN, LAN, DMZ, etc)
+
Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc)
  
 
=== Cloud ===
 
=== Cloud ===
Line 21: Line 21:
 
* Mail forwarding (operators aliases)
 
* Mail forwarding (operators aliases)
 
* DNS (authoritative)
 
* DNS (authoritative)
 +
 +
=== 3rd Party ===
 +
 +
* [https://gitlab.com/hsgr GitLab]
  
 
== Report Issues ==
 
== Report Issues ==
Line 26: Line 30:
 
If you see something say something. For bugs and issues you can send an email to this address:
 
If you see something say something. For bugs and issues you can send an email to this address:
  
[[Image:Infra_Service_Desk.jpg|link=]]
+
[[Image:Infra_Service_Desk.png|240px|link=]]
  
== Transparency ==
+
== Team ==
  
* The Infra team is currently composed by drid, comzeradd, ebal, sotiri.
+
* The team is currently composed by drid, acinonyx, alexandros, olspookishmagus
 +
* We use [https://gitlab.com/hsgr/ops GitLab] to keep track of our work.
 
* You can of course find us at the hackerspace almost every day, and definitely every [[Hackday|Tuesday]].
 
* You can of course find us at the hackerspace almost every day, and definitely every [[Hackday|Tuesday]].
 
* Most of us are always online at Hackerspace's Matrix/IRC channel: [https://riot.im/app/#/room/#hsgr:matrix.org #hsgr].
 
* Most of us are always online at Hackerspace's Matrix/IRC channel: [https://riot.im/app/#/room/#hsgr:matrix.org #hsgr].
 
* For urgent things you can email us at infra@
 
* For urgent things you can email us at infra@
 
* For not urgent things see the "Report Issues" section above.
 
* For not urgent things see the "Report Issues" section above.
 +
 +
=== How to join ===
 +
 +
# Ask :) Just drop us an email.
 +
# Make sure you understand how we roll (see below).
 +
 +
=== How we roll ===
 +
 +
Our modus operandi consists of certain principles:
 +
 +
*  Automate Everything (Ansible).
 +
* Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
 +
* Jurisdiction. We take into account the legal aspects of a resource.
 +
* Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
 +
* Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
 +
* Open Protocols, Software, Hardware. Wherever possible.
 +
* Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
 +
* No Port Blocking, No P2P Blocking.
 +
* Data Encryption. Support Strongest Data and handshake Encryption
 +
* Linux Config Support (eg. for WiFi enterprise).
 +
* Websites. Avoid Persistent Cookies. Avoid External Trackers. Avoid Proprietary APIs. Strong SSL. SSL Cert to Self (no cloudflare).
 +
* No Spaming. And no Spaming Policy.
 +
* Services Config. Reproducible, track changes, documentation.
 +
* Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
 +
* Use 2FA Option. OTP, SSH key with passphrase
 +
* Operational Security. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
 +
* Operate by consensus, implement by doocracy.
  
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Revision as of 15:18, 11 July 2019

Hackerspace Infra.png

About

In order to maintain and expand our core infrastructure we have a team of dedicated hackers for these operations. This includes infrastructure that is important for the operation of Hackerspace.gr and the achievement of its scope. This team is also responsible for privacy and security properties of our core services.

Services

Internal

Internal infra includes services that run in the space (WAN, LAN, WiFi, VPN, etc)

Cloud

This includes services that run on the cloud.

3rd Party

Report Issues

If you see something say something. For bugs and issues you can send an email to this address:

Infra Service Desk.png

Team

  • The team is currently composed by drid, acinonyx, alexandros, olspookishmagus
  • We use GitLab to keep track of our work.
  • You can of course find us at the hackerspace almost every day, and definitely every Tuesday.
  • Most of us are always online at Hackerspace's Matrix/IRC channel: #hsgr.
  • For urgent things you can email us at infra@
  • For not urgent things see the "Report Issues" section above.

How to join

  1. Ask :) Just drop us an email.
  2. Make sure you understand how we roll (see below).

How we roll

Our modus operandi consists of certain principles:

  • Automate Everything (Ansible).
  • Modular Design. Design with system parts not with systems. Make reusable parts. Follow domain best practices.
  • Jurisdiction. We take into account the legal aspects of a resource.
  • Privacy. All services are free and open. Use cryptocurrencies if needed. Always use OpenPGP for internal communications and sensitive data.
  • Leak Protection. DNS, IPv6, Firewalls, Web of Trust, etc
  • Open Protocols, Software, Hardware. Wherever possible.
  • Support Obfuscation, Tunnels, proxy, tor, ssl, ssh tunnels, vpns, etc
  • No Port Blocking, No P2P Blocking.
  • Data Encryption. Support Strongest Data and handshake Encryption
  • Linux Config Support (eg. for WiFi enterprise).
  • Websites. Avoid Persistent Cookies. Avoid External Trackers. Avoid Proprietary APIs. Strong SSL. SSL Cert to Self (no cloudflare).
  • No Spaming. And no Spaming Policy.
  • Services Config. Reproducible, track changes, documentation.
  • Availability. We aim at 99.99999% availability even if our hardware/providers does not come even close to that. No single point of failure, redundancies (we wish)
  • Use 2FA Option. OTP, SSH key with passphrase
  • Operational Security. Encrypted Laptops and devices. Use secure OS. Do not run unsigned/proprietary software in the device/os environment that access hsgr-infra. In the event that one operator's devices are compromised an adversary should not get access to hsgr-infra (2FA). In the suspicion of compromise operator is required to inform the rest of the ops immediately.
  • Operate by consensus, implement by doocracy.