new_stack/README.md

# SuperNETs Tech Stack Upgrade
> Project planning for the new infrastrcutre tech stack

![](./flow.png)

## Proposed Changes:
- UnrealIRCd -> InspIRCd
- Anope -> Atheme
- SSH -> Tailscale

## Network Entry Point
Clients will connect to the network using the round-robin address `irc.supernets.org`.

The round-robin DNS includes the IP addresses of all leaf servers across the network.

This setup allows clients to be routed to available leaf servers efficiently, balancing the load and improving connectivity.

## Leaf Servers
###### Main Leaf Servers:
- Serves as the "official" network leaf servers with high-availability.
- These are hardened BuyVM servers with DDoS protection.
- They only link to the main hub.

###### Third-Party Leaf Servers:
- These servers are donated by trusted individuals and provide additional connectivity for the network.
- They only link to the WILDWEST hub and are not directly connected to the main hub.
- This setup ensures that if any third-party server is compromised, only the WILDWEST hub is exposed.

## Hubs
###### Main Hub:
- Acts as the central "official" hub for main leaf servers.

###### WILDWEST Hub:
- Seperate isolated hub for allowing third-party leaf servers to link.
- This hub links to the main hub, effectively unifying the leaf servers from both the main and WILDWEST hubs.

## Services
- Services will only link to the WILDWEST hub, this way if it was ever comprimised, only the WILDWEST hub would be exposed.

## Security
Access to everything *(with the exception of some third-party leaf servers)* will be strictly allowed through Tailscale only, with additional firewall rules in place only allowing what is required for network operations.

All servers *(with the exception of some third-party leaf servers)* will only run the required software for this IRC network with no additional services running on the same machine.

The IP address of the hub servers should always remain hidden and never be known to the public.

The WILDWEST hub essentially serves as a dummy hub to protect the main hub in the event of a server comprimise.
Add README.md 2024-11-02 08:52:23 +00:00			`# SuperNETs Tech Stack Upgrade`
			`> Project planning for the new infrastrcutre tech stack`

			`![](./flow.png)`

Update README.md 2024-11-02 08:54:08 +00:00			`## Proposed Changes:`
			`- UnrealIRCd -> InspIRCd`
			`- Anope -> Atheme`
			`- SSH -> Tailscale`

Add README.md 2024-11-02 08:52:23 +00:00			`## Network Entry Point`
			Clients will connect to the network using the round-robin address `irc.supernets.org`.

			`The round-robin DNS includes the IP addresses of all leaf servers across the network.`

			`This setup allows clients to be routed to available leaf servers efficiently, balancing the load and improving connectivity.`

			`## Leaf Servers`
			`###### Main Leaf Servers:`
			`- Serves as the "official" network leaf servers with high-availability.`
			`- These are hardened BuyVM servers with DDoS protection.`
			`- They only link to the main hub.`

			`###### Third-Party Leaf Servers:`
			`- These servers are donated by trusted individuals and provide additional connectivity for the network.`
			`- They only link to the WILDWEST hub and are not directly connected to the main hub.`
			`- This setup ensures that if any third-party server is compromised, only the WILDWEST hub is exposed.`

			`## Hubs`
			`###### Main Hub:`
			`- Acts as the central "official" hub for main leaf servers.`

			`###### WILDWEST Hub:`
			`- Seperate isolated hub for allowing third-party leaf servers to link.`
			`- This hub links to the main hub, effectively unifying the leaf servers from both the main and WILDWEST hubs.`

Update README.md 2024-11-02 08:59:06 +00:00			`## Services`
			`- Services will only link to the WILDWEST hub, this way if it was ever comprimised, only the WILDWEST hub would be exposed.`

Add README.md 2024-11-02 08:52:23 +00:00			`## Security`
			`Access to everything (with the exception of some third-party leaf servers) will be strictly allowed through Tailscale only, with additional firewall rules in place only allowing what is required for network operations.`

			`All servers (with the exception of some third-party leaf servers) will only run the required software for this IRC network with no additional services running on the same machine.`

			`The IP address of the hub servers should always remain hidden and never be known to the public.`

			`The WILDWEST hub essentially serves as a dummy hub to protect the main hub in the event of a server comprimise.`