From 09f7be03a96bddef349d34a441aa48d91055b0fe Mon Sep 17 00:00:00 2001
From: Dionysus <acidvegas@blackhole.supernets.org>
Date: Sat, 2 Nov 2024 08:52:23 +0000
Subject: [PATCH] Add README.md

---
 README.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9474ec7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+# SuperNETs Tech Stack Upgrade
+> Project planning for the new infrastrcutre tech stack
+
+![](./flow.png)
+
+## Network Entry Point
+Clients will connect to the network using the round-robin address `irc.supernets.org`.
+
+The round-robin DNS includes the IP addresses of all leaf servers across the network.
+
+This setup allows clients to be routed to available leaf servers efficiently, balancing the load and improving connectivity.
+
+## Leaf Servers
+###### Main Leaf Servers:
+- Serves as the "official" network leaf servers with high-availability.
+- These are hardened BuyVM servers with DDoS protection.
+- They only link to the main hub.
+
+###### Third-Party Leaf Servers:
+- These servers are donated by trusted individuals and provide additional connectivity for the network.
+- They only link to the WILDWEST hub and are not directly connected to the main hub.
+- This setup ensures that if any third-party server is compromised, only the WILDWEST hub is exposed.
+
+## Hubs
+###### Main Hub:
+- Acts as the central "official" hub for main leaf servers.
+
+###### WILDWEST Hub:
+- Seperate isolated hub for allowing third-party leaf servers to link.
+- This hub links to the main hub, effectively unifying the leaf servers from both the main and WILDWEST hubs.
+
+## Security
+Access to everything *(with the exception of some third-party leaf servers)* will be strictly allowed through Tailscale only, with additional firewall rules in place only allowing what is required for network operations.
+
+All servers *(with the exception of some third-party leaf servers)* will only run the required software for this IRC network with no additional services running on the same machine.
+
+The IP address of the hub servers should always remain hidden and never be known to the public.
+
+The WILDWEST hub essentially serves as a dummy hub to protect the main hub in the event of a server comprimise.
+