KYAULABS:Schema: Difference between revisions

From Wiki³
mNo edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:{{TitleIcon|kyau=true}} KYAU Network}}<metadesc>The short description and history of the hardware that powers the KYAU Network.</metadesc>__NOTOC__
{{DISPLAYTITLE:{{TitleIcon|kyaulabs=true}} KYAU Network}}<metadesc>The short description and history of the hardware that powers the KYAU Network.</metadesc>__NOTOC__
{{Home|break=false}}
{{Back|KYAULABS}}
<div id="tocalign">__TOC__</div>
<div id="tocalign">__TOC__</div>
= {{Icon|sitemap}} KYAU Network =
= {{Icon|sitemap}} KYAU Network =
KYAU Network is powered by [//www.archlinux.org Arch Linux] and [//kyaulabs.com KYAU Labs]. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a [//www.wireguard.com Wireguard] VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using [//gitlab.com/kyaulabs/aarch kyaulabs/aarch]. The service VMs themselves are run using [//www.libvirt.org Libvirt] with the disk volumes sitting on LVM thin volumes on-top of RAID10(far2).
KYAU Network is powered by [//www.archlinux.org Arch Linux] and [//kyaulabs.com KYAU Labs]. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a [//www.wireguard.com Wireguard] VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using [//gitlab.com/kyaulabs/aarch kyaulabs/aarch].
== {{Icon|notebook}} Security & Reliability ==
== {{Icon|notebook}} Security & Reliability ==
Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on [//dnsspy.io/scan/kyau.net DNS Spy]. Our web server, running [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs].
Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on [//dnsspy.io/scan/kyau.net DNS Spy]. Our web server, running [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs].
Line 29: Line 29:
{{margin}}
{{margin}}
{{Changelog|2020-03-03|KYAU Labs main server rebuild.}}
{{Changelog|2020-03-03|KYAU Labs main server rebuild.}}
{{Changelog|2018-11-27|Purchased 3 VPS servers off of VirMach's Black Friday specials.}}
{{Changelog|2018-04-25|Services have been relocated to KYAU Labs.}}
{{Changelog|2018-04-25|Services have been relocated to KYAU Labs.}}
{{Changelog|2017-08-15|Migration to E5v2-SAT-1-16 complete.}}
{{Changelog|2017-08-15|<s>Migration to E5v2-SAT-1-16 complete.</s> ''{{Red|Terminated}}''}}
{{Changelog|2017-08-13|E5v2-SAT-1-16 setup complete: [[ArchLinux:OVH|OVH: Custom Installation]], [[ArchLinux:Security|Hardening Arch Linux]], [[ArchLinux:KVM|KVM on Arch Linux]]}}
{{Changelog|2017-08-13|<s>E5v2-SAT-1-16 setup complete: [[ArchLinux:OVH|OVH: Custom Installation]], [[ArchLinux:Security|Hardening Arch Linux]], [[ArchLinux:KVM|KVM on Arch Linux]]</s> ''{{Red|Terminated}}''}}
{{Changelog|2017-07-29|E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.}}
{{Changelog|2017-07-29|<s>E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G.</s> ''{{Red|Terminated}}''}}
{{Changelog|2017-07-24|VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.}}
{{Changelog|2017-07-24|<s>VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-12-10|<s>KS-8G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-12-10|<s>KS-8G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-05-31|<s>SP 16G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-05-31|<s>SP 16G dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-01-13|<s>KS1 dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
{{Changelog|2013-01-13|<s>KS1 dedicated server purchased from OVH in their BHS datacenter.</s> ''{{Red|Terminated}}''}}
== {{Icon|notebook}} Network ==
== {{Icon|notebook}} Network ==
{{margin}}
{{Warning|This table urgently needs updating}}
The following is the complete network setup for everything that the KYAU Network is currently running.
The following is the complete network setup for everything that the KYAU Network is currently running.
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
Line 47: Line 47:
! OS
! OS
! Hostname
! Hostname
! vMAC
! Location
! Location
! IPv4
! IPv4
! IPv6
! Description
|-
|-
| ''E5v2-SAT-1-16''
| SERVER
| Arch Linux
| Arch Linux
| neutron.kyau.net
| neutron.wa
| ∞
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| 158.69.253.213{{White|/32}}
| Dual Xeon E5-2650v2
| 2607:5300:120:dd5::{{White|/64}}
|-
|-
| bind
| VM
| Arch Linux
| Arch Linux
| dwarf.kyau.net
| pulsar.wa
| 02:00:00:72:47:2b
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| 142.44.172.223{{White|/32}}<br/>142.44.169.173{{White|/32}}
| Grafana/InfluxDB (Monitoring)
| 2607:5300:120:dd5::1{{White|/64}}
|-
|-
| sql
| VM
| Arch Linux
| Arch Linux
| nova.kyau.net
| unifi.wa
| 02:00:00:4d:3b:3b
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| 142.44.152.32{{White|/32}}
| UniFi Controller
| 2607:5300:120:dd5::2{{White|/64}}
|-
|-
| nginx
| VM
| Arch Linux
| Arch Linux
| pulsar.kyau.net
| dragon.wa
| 02:00:00:bc:c2:b7
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| 142.44.172.255{{White|/32}}
| Minecraft Server / VPN Endpoint
| 2607:5300:120:dd5::3{{White|/64}}
|-
|-
| backup
| VM
| Arch Linux
| Arch Linux
| blackhole.kyau.net
| void.wa
| 02:00:00:2a:70:29
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| 142.44.179.213{{White|/32}}
| Development
| 2607:5300:120:dd5::4{{White|/64}}
|-
|-
| shell
| VM
| OpenBSD
| Arch Linux
| raptr.kyaulabs.com
| vpn.wa
| 02:00:00:6a:8a:64
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| 167.114.151.176{{White|/29}}
| VPN Endpoint
| 2607:5300:120:dd5::5{{White|/64}}
|-
|-
| devel
| VM
| Arch Linux
| Arch Linux
| dev.kyau.net
| voidbbs.wa
| ??
| KYAULABS-42A
| OVH.CA
| xx.x.xx.xx{{White|/32}}
| ??
| VOID BBS
| ??
|-
|-
| ''512MB SKVMS''
| VM
| Arch Linux
| Arch Linux
| ecko.kyaulabs.com
| web.wa
| 00:16:3c:c9:e4:db
| KYAULABS-42A
| RamNode (SEA)
| xx.x.xx.xx{{White|/32}}
| 107.191.104.151{{White|/32}}
| Web Server + VPN Endpoint
| 2604:180:1:447::2{{White|/64}}
|}
|}


== {{Icon|notebook}} Shell Box ==
== {{Icon|notebook}} Shell Box ==
The shell box is our on-going experiment/education in security. It is powered by [//www.openbsd.org OpenBSD] and is open to anyone, provided they are willing to go through the application process. More details should be available soon.
''The shell box was decommissioned on April 25th, 2018 when all of our services were brought in-house. It is possible that it might be revived at a later date, but don't count on it.''
{{Warning|The Shell Box was shutdown once the network was brought in-house.}}
''"One of the things I have always wanted to do since I was a younger was to run a shell provider. Shy of some dabbling with [//www.slackware.com/ Slackware], which I installed from a CDROM I got in the back of a book at the local library (pre-internet joys), this was my first major introduction to Linux and the command line. I spent a good majority of my youth on IRC messing around with "shells". I even got my first major introduction to programming (aside from BASIC and HTML) when I started coding [//docs.eggheads.org/mainDocs/botnet.html#what-is-a-botnet botnet] scripts for [//www.eggheads.org/ eggdrop] in TCL." ~Kyau''
{| class="wikitable acenter" style="font-size:90%;line-height:100%;"
|+ style="padding-bottom:4px"| Shell Box
|-
! VHost
! IPv4
! IPv6
! Source
|-
| raptr.kyaulabs.com
| 167.114.151.176{{White|/32}}
| 2607:5300:120:dd5::5{{White|/32}}
| ∞
|-
| ??
| 167.114.151.177{{White|/32}}
| 2607:5300:120:dd5::6{{White|/32}}
| ∞
|-
| quantum.protoco.de
| 167.114.151.178{{White|/32}}
| 2607:5300:120:dd5::7{{White|/32}}
| ∞
|-
| ansi.bbs.io
| 167.114.151.179{{White|/32}}
| 2607:5300:120:dd5::8{{White|/32}}
| ∞
|-
| openbsd.efnet.de
| 167.114.151.180{{White|/32}}
| 2607:5300:120:dd5::9{{White|/32}}
| ∞
|-
| ??
| 167.114.151.181{{White|/32}}
| 2607:5300:120:dd5::a{{White|/32}}
| ∞
|-
| ??
| 167.114.151.182{{White|/32}}
| 2607:5300:120:dd5::b{{White|/32}}
| ∞
|-
| ??
| 167.114.151.183{{White|/32}}
| 2607:5300:120:dd5::c{{White|/32}}
| ∞
|}


[[Category:Wiki3]]
[[Category:KYAULABS]]

Latest revision as of 21:59, 27 November 2020

Icon  Back to Category:KYAULABS

Icon KYAU Network

KYAU Network is powered by Arch Linux and KYAU Labs. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a Wireguard VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using kyaulabs/aarch.

Icon Security & Reliability

Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on DNS Spy. Our web server, running nginx with Let's Encrypt SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on SSL Labs.

IconWe are currently looking for a low-end, multiple IPv4, VPS provider on a separate network/continent for our slave DNS server
Icon Arch Linux x64_86
NEUTRON
Icon Supermicro X9DR3-F ATX Server Board
Icon 2x Intel Xeon E5-2650 v2; (20M Cache, 2.6GHz, 8.0 GT/s QPI)
Icon 2x Noctua NH-U9DX i4 CPU Fan
Icon 2x Noctua NF-R8 redux Case Fan
Icon 6x SAMSUNG 8GB PC3L-10600R (2Rx4, 1.35V, ECC Registered)
Icon 4x SAMSUNG 4GB PC3L-10600R (2Rx4, 1.5V, ECC Registered)
Icon EVGA GeForce GTX 960
Icon LSI 9207-8i SAS Host Bus Adapter
Icon SAMSUNG SSD 830 Series 128GB
Icon 2x HGST Ultrastar C10K900 600GB 2.5" SAS2 10000RPM
Icon 2x Seagate Barracuda 5TB 2.5" SATA 6Gb/s
Icon InWin R400-03N Open-Bay 4U Server Case
Icon 1Gb/s (unmetered)

Icon Why Arch Linux?

Arch Linux was an in-house decision not taken lightly, in 2013 the switch from FreeBSD to Arch Linux was made without regret. Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about security and keep on top of advisories. That being said we do not live in a perfect world, and server logs are proof of that.

Icon History

 
2020-03-03 : KYAU Labs main server rebuild.
2018-11-27 : Purchased 3 VPS servers off of VirMach's Black Friday specials.
2018-04-25 : Services have been relocated to KYAU Labs.
2017-08-15 : Migration to E5v2-SAT-1-16 complete. Terminated
2017-08-13 : E5v2-SAT-1-16 setup complete: OVH: Custom Installation, Hardening Arch Linux, KVM on Arch Linux Terminated
2017-07-29 : E5v2-SAT-1-16 purchased from OVH SYS in their BHS datacenter to replace the KS-8G. Terminated
2017-07-24 : VPS-SSD1 purchased from OVH in their BHS datacenter for the creation of tutorials. Terminated
2013-12-10 : KS-8G dedicated server purchased from OVH in their BHS datacenter. Terminated
2013-05-31 : SP 16G dedicated server purchased from OVH in their BHS datacenter. Terminated
2013-01-13 : KS1 dedicated server purchased from OVH in their BHS datacenter. Terminated

Icon Network

The following is the complete network setup for everything that the KYAU Network is currently running.

Network Overview
Machine/VM OS Hostname Location IPv4 Description
SERVER Arch Linux neutron.wa KYAULABS-42A xx.x.xx.xx/32 Dual Xeon E5-2650v2
VM Arch Linux pulsar.wa KYAULABS-42A xx.x.xx.xx/32 Grafana/InfluxDB (Monitoring)
VM Arch Linux unifi.wa KYAULABS-42A xx.x.xx.xx/32 UniFi Controller
VM Arch Linux dragon.wa KYAULABS-42A xx.x.xx.xx/32 Minecraft Server / VPN Endpoint
VM Arch Linux void.wa KYAULABS-42A xx.x.xx.xx/32 Development
VM Arch Linux vpn.wa KYAULABS-42A xx.x.xx.xx/32 VPN Endpoint
VM Arch Linux voidbbs.wa KYAULABS-42A xx.x.xx.xx/32 VOID BBS
VM Arch Linux web.wa KYAULABS-42A xx.x.xx.xx/32 Web Server + VPN Endpoint

Icon Shell Box

The shell box was decommissioned on April 25th, 2018 when all of our services were brought in-house. It is possible that it might be revived at a later date, but don't count on it.

Retrieved from "https://kyau.net/w/index.php?title=KYAULABS:Schema&oldid=4532"