supernets/new_stack
4
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Project planning for the new tech stack
11 Commits 1 Branch 0 Tags 181 KiB
main
Go to file
Dionysus b75e3533f4 Update README.md
2024-11-02 09:11:56 +00:00
flow.png Upload files to "/" 2024-11-02 08:55:49 +00:00
README.md Update README.md 2024-11-02 09:11:56 +00:00

README.md

SuperNETs Tech Stack Upgrade

Project planning for the new infrastrcutre tech stack

Proposed Changes:

  • UnrealIRCd -> InspIRCd
  • Anope -> Atheme
  • SSH -> Tailscale

Network Entry Point

Clients will connect to the network using the round-robin address irc.supernets.org.

The round-robin DNS includes the IP addresses of all leaf servers across the network.

This setup allows clients to be routed to available leaf servers efficiently, balancing the load and improving connectivity.

Leaf Servers

Main Leaf Servers:
  • Serves as the "official" network leaf servers with high-availability.
  • These are hardened BuyVM servers with DDoS protection.
  • They only link to the main hub.
Third-Party Leaf Servers:
  • These servers are donated by trusted individuals and provide additional connectivity for the network.
  • They only link to the WILDWEST hub and are not directly connected to the main hub.
  • This setup ensures that if any third-party server is compromised, only the WILDWEST hub is exposed.

Hubs

Main Hub:
  • Acts as the central "official" hub for main leaf servers.
WILDWEST Hub:
  • Seperate isolated hub for allowing third-party leaf servers to link.
  • This hub links to the main hub, effectively unifying the leaf servers from both the main and WILDWEST hubs.

Services

  • Services will only link to the WILDWEST hub, this way if it was ever comprimised, only the WILDWEST hub would be exposed.

Security

Access to everything (with the exception of some third-party leaf servers) will be strictly allowed through Tailscale only, with additional firewall rules in place only allowing what is required for network operations.

All servers (with the exception of some third-party leaf servers) will only run the required software for this IRC network with no additional services running on the same machine.

The IP address of the hub servers should always remain hidden and never be known to the public.

The WILDWEST hub essentially serves as a dummy hub to protect the main hub in the event of a server comprimise.

Roadmap

  • Planning & development (in progress)
  • Deploy the IRCd to the main leaf servers & setup the main hub as a test-bed network.
  • Deploy IRC services to the test-bed.
  • Deploy the WILDWEST hub & link directly to the main hub
  • Full testing & debugging & stress testing of the new network
  • Mainline the new stack deprecating the old IRC network