From fe4312f9f63c1c1a303ee53a911c483e93e48fa8 Mon Sep 17 00:00:00 2001 From: Raine Date: Sat, 14 Oct 2023 15:21:40 +0000 Subject: [PATCH 1/6] Add README.md --- README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..23d84ca --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +This repo contains all major decisions made by IXVD's team regarding her infrastructure. \ No newline at end of file From 098d43e833dff93ace0db01e8dc2078b9935851a Mon Sep 17 00:00:00 2001 From: Raine Date: Sat, 14 Oct 2023 17:29:54 +0200 Subject: [PATCH 2/6] doc: docker --- 001-everything-in-containers.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 001-everything-in-containers.md diff --git a/001-everything-in-containers.md b/001-everything-in-containers.md new file mode 100644 index 0000000..6706d1d --- /dev/null +++ b/001-everything-in-containers.md @@ -0,0 +1,22 @@ +Everything in containers. +--- + +We at IXVD have everything in containers, powered by Docker. +Containers allow for isolation of services and keep everything organized. + +# neong tooling +We use custom tools that interface with docker-compose. +We do this because our infrastructure has become too big to keep everything in one docker-compose file. + +Therefore we have a tool that enters directories named "stacks" that adds another layer of isolation; a music client does not need to access our financial records. + +# Networking +All public facing containers are added to a network called `proxy`. This can talk to our automated nginx/certbot instance and make sure it's securely accessible. +Internal infrastructure does not use HTTPS at all. + +# Docker +We chose for docker as our container engine. +It's well maintained and has been used by the community for a long time. +Therefore, we can easily resolve issues and find answers to things we want to implement. +Also the networking solutions provided by Docker are amazing and allow for very complex but robust infrastructure. + From 9eb2bff6fad2daaa634d33ff5109124705d922a5 Mon Sep 17 00:00:00 2001 From: Raine Date: Sun, 15 Oct 2023 20:06:17 +0000 Subject: [PATCH 3/6] Add 002-distributed-architecture.md --- 002-distributed-architecture.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 002-distributed-architecture.md diff --git a/002-distributed-architecture.md b/002-distributed-architecture.md new file mode 100644 index 0000000..d1673c9 --- /dev/null +++ b/002-distributed-architecture.md @@ -0,0 +1,24 @@ +We at IXVD chose to deprecate our old server "neo" to make place for a new server architecture. + +EUX will stays the same however internally we redesigned the infrastructure to be even more secure* + +# What changed? +We are still using the same service provider, however we're using their cloud option. +This platform allows for scaling, as this project's funding comes out of our own pockets, being able to scale down is a nice plus. +Also, with the new architecture we can easily add new services and not have to worry about interference of ports or such since we can spin up a new server for it, again a big plus. +We're also able to monitor services without an external party; with our old server, if it we're to turn off we would not know without an external party notifying us. + +# Pricing +Our old server had a monthly cost of about 50 euros**. +With the new architecture it's at about 40 euros** which can easily scale up or down depending on use. + +--- + +Abbreviations: +- IXVD: I eXchange Various Data +- EUX: End User eXperience + +Clarifications: +- *: Isolation of servers op top of containers. + Security is not our specialty. "we just avoid bad stuff". +- **: at time of commit, could differ at time of reading. \ No newline at end of file From 581495870a6172cf681da914bfc40aa1420113b7 Mon Sep 17 00:00:00 2001 From: Raine Date: Thu, 9 Nov 2023 21:14:45 +0100 Subject: [PATCH 4/6] Add README.md --- README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..23d84ca --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +This repo contains all major decisions made by IXVD's team regarding her infrastructure. \ No newline at end of file From 9a10f9a53a07416bb85f229756b704d518a68b52 Mon Sep 17 00:00:00 2001 From: Raine Date: Thu, 9 Nov 2023 21:14:45 +0100 Subject: [PATCH 5/6] doc: docker --- 001-everything-in-containers.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 001-everything-in-containers.md diff --git a/001-everything-in-containers.md b/001-everything-in-containers.md new file mode 100644 index 0000000..6706d1d --- /dev/null +++ b/001-everything-in-containers.md @@ -0,0 +1,22 @@ +Everything in containers. +--- + +We at IXVD have everything in containers, powered by Docker. +Containers allow for isolation of services and keep everything organized. + +# neong tooling +We use custom tools that interface with docker-compose. +We do this because our infrastructure has become too big to keep everything in one docker-compose file. + +Therefore we have a tool that enters directories named "stacks" that adds another layer of isolation; a music client does not need to access our financial records. + +# Networking +All public facing containers are added to a network called `proxy`. This can talk to our automated nginx/certbot instance and make sure it's securely accessible. +Internal infrastructure does not use HTTPS at all. + +# Docker +We chose for docker as our container engine. +It's well maintained and has been used by the community for a long time. +Therefore, we can easily resolve issues and find answers to things we want to implement. +Also the networking solutions provided by Docker are amazing and allow for very complex but robust infrastructure. + From ad0dd1eea6e12ba6ec79649c86fb606836b6887a Mon Sep 17 00:00:00 2001 From: Raine Date: Thu, 9 Nov 2023 21:31:09 +0100 Subject: [PATCH 6/6] feat: restic as backup --- 002-restic-as-backup.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 002-restic-as-backup.md diff --git a/002-restic-as-backup.md b/002-restic-as-backup.md new file mode 100644 index 0000000..9fc7daf --- /dev/null +++ b/002-restic-as-backup.md @@ -0,0 +1,7 @@ +# Restic as backup. + +We use restic as backup tool because we use multiple servers in our infrastructure and restic allows for compact backups. + +We can enforce a policy to keep all data but lose the ability to "snipe" a backup from a specific date.. over time. +To view the current policy, check out ixvd/hub/backup-policy.txt. +