KYAULABS:Schema: Difference between revisions
m (→Network) |
m (→KYAU Network) |
||
Line 3: | Line 3: | ||
<div id="tocalign">__TOC__</div> | <div id="tocalign">__TOC__</div> | ||
= {{Icon|sitemap}} KYAU Network = | = {{Icon|sitemap}} KYAU Network = | ||
KYAU Network is powered by [//www.archlinux.org Arch Linux] and [//kyaulabs.com KYAU Labs]. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a [//www.wireguard.com Wireguard] VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using [//gitlab.com/kyaulabs/aarch kyaulabs/aarch] | KYAU Network is powered by [//www.archlinux.org Arch Linux] and [//kyaulabs.com KYAU Labs]. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a [//www.wireguard.com Wireguard] VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using [//gitlab.com/kyaulabs/aarch kyaulabs/aarch]. | ||
== {{Icon|notebook}} Security & Reliability == | == {{Icon|notebook}} Security & Reliability == | ||
Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on [//dnsspy.io/scan/kyau.net DNS Spy]. Our web server, running [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs]. | Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on [//dnsspy.io/scan/kyau.net DNS Spy]. Our web server, running [//www.nginx.org nginx] with [//letsencrypt.org Let's Encrypt] SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on [//www.ssllabs.com/ssltest/analyze.html?d=kyau.net SSL Labs]. |
Revision as of 03:11, 14 November 2020
KYAU Network
KYAU Network is powered by Arch Linux and KYAU Labs. While once utilizing dedicated servers to power, everything is now located on-site via the local KYAU Labs datacenter with external access being routed through a VPS using a Wireguard VPN. KYAU Labs chiefly utilizes Kernel-based Virtual Machines (KVM) to separate services onto separate virtual machines (VMs). Each VM and/or VPS is setup using kyaulabs/aarch.
Security & Reliability
Our network has been setup with security and reliability as our two primary focus points. Our DNS server has been setup to achieve an A+ with 100% in all four categories on DNS Spy. Our web server, running nginx with Let's Encrypt SSL certificates, has been setup to achieve an A+ rating with 100 points in every category on SSL Labs.
We are currently looking for a low-end, multiple IPv4, VPS provider on a separate network/continent for our slave DNS server |
NEUTRON |
---|
Supermicro X9DR3-F ATX Server Board |
2x Intel Xeon E5-2650 v2; (20M Cache, 2.6GHz, 8.0 GT/s QPI) |
2x Noctua NH-U9DX i4 CPU Fan 2x Noctua NF-R8 redux Case Fan |
6x SAMSUNG 8GB PC3L-10600R (2Rx4, 1.35V, ECC Registered) 4x SAMSUNG 4GB PC3L-10600R (2Rx4, 1.5V, ECC Registered) |
EVGA GeForce GTX 960 |
LSI 9207-8i SAS Host Bus Adapter |
SAMSUNG SSD 830 Series 128GB |
2x HGST Ultrastar C10K900 600GB 2.5" SAS2 10000RPM 2x Seagate Barracuda 5TB 2.5" SATA 6Gb/s |
InWin R400-03N Open-Bay 4U Server Case |
1Gb/s (unmetered) |
Why Arch Linux?
Arch Linux was an in-house decision not taken lightly, in 2013 the switch from FreeBSD to Arch Linux was made without regret. Running Arch Linux on a server in a production environment is very feasible, provided you know a bit about security and keep on top of advisories. That being said we do not live in a perfect world, and server logs are proof of that.
History
Network
WARNING: This table urgently needs updating |
The following is the complete network setup for everything that the KYAU Network is currently running.
Machine/VM | OS | Hostname | vMAC | Location | IPv4 | IPv6 |
---|---|---|---|---|---|---|
E5v2-SAT-1-16 | Arch Linux | neutron.kyau.net | ∞ | OVH.CA | 158.69.253.213/32 | 2607:5300:120:dd5::/64 |
bind | Arch Linux | dwarf.kyau.net | 02:00:00:72:47:2b | OVH.CA | 142.44.172.223/32 142.44.169.173/32 |
2607:5300:120:dd5::1/64 |
sql | Arch Linux | nova.kyau.net | 02:00:00:4d:3b:3b | OVH.CA | 142.44.152.32/32 | 2607:5300:120:dd5::2/64 |
nginx | Arch Linux | pulsar.kyau.net | 02:00:00:bc:c2:b7 | OVH.CA | 142.44.172.255/32 | 2607:5300:120:dd5::3/64 |
backup | Arch Linux | blackhole.kyau.net | 02:00:00:2a:70:29 | OVH.CA | 142.44.179.213/32 | 2607:5300:120:dd5::4/64 |
shell | OpenBSD | raptr.kyaulabs.com | 02:00:00:6a:8a:64 | OVH.CA | 167.114.151.176/29 | 2607:5300:120:dd5::5/64 |
devel | Arch Linux | dev.kyau.net | ?? | OVH.CA | ?? | ?? |
512MB SKVMS | Arch Linux | ecko.kyaulabs.com | 00:16:3c:c9:e4:db | RamNode (SEA) | 107.191.104.151/32 | 2604:180:1:447::2/64 |
Shell Box
The shell box is our on-going experiment/education in security. It is powered by OpenBSD and is open to anyone, provided they are willing to go through the application process. More details should be available soon.
WARNING: The Shell Box was shutdown once the network was brought in-house. |
"One of the things I have always wanted to do since I was a younger was to run a shell provider. Shy of some dabbling with Slackware, which I installed from a CDROM I got in the back of a book at the local library (pre-internet joys), this was my first major introduction to Linux and the command line. I spent a good majority of my youth on IRC messing around with "shells". I even got my first major introduction to programming (aside from BASIC and HTML) when I started coding botnet scripts for eggdrop in TCL." ~Kyau
VHost | IPv4 | IPv6 | Source |
---|---|---|---|
raptr.kyaulabs.com | 167.114.151.176/32 | 2607:5300:120:dd5::5/32 | ∞ |
?? | 167.114.151.177/32 | 2607:5300:120:dd5::6/32 | ∞ |
quantum.protoco.de | 167.114.151.178/32 | 2607:5300:120:dd5::7/32 | ∞ |
ansi.bbs.io | 167.114.151.179/32 | 2607:5300:120:dd5::8/32 | ∞ |
openbsd.efnet.de | 167.114.151.180/32 | 2607:5300:120:dd5::9/32 | ∞ |
?? | 167.114.151.181/32 | 2607:5300:120:dd5::a/32 | ∞ |
?? | 167.114.151.182/32 | 2607:5300:120:dd5::b/32 | ∞ |
?? | 167.114.151.183/32 | 2607:5300:120:dd5::c/32 | ∞ |