56 lines
2.4 KiB
Markdown
56 lines
2.4 KiB
Markdown
# SuperNETs Tech Stack Upgrade
|
|
> Project planning for the new infrastrcutre tech stack
|
|
|
|
![](./flow.png)
|
|
|
|
## Proposed Changes:
|
|
- UnrealIRCd -> InspIRCd
|
|
- Anope -> Atheme
|
|
- SSH -> Tailscale
|
|
|
|
## Network Entry Point
|
|
Clients will connect to the network using the round-robin address `irc.supernets.org`.
|
|
|
|
The round-robin DNS includes the IP addresses of all leaf servers across the network.
|
|
|
|
This setup allows clients to be routed to available leaf servers efficiently, balancing the load and improving connectivity.
|
|
|
|
## Leaf Servers
|
|
###### Main Leaf Servers:
|
|
- Serves as the "official" network leaf servers with high-availability.
|
|
- These are hardened BuyVM servers with DDoS protection.
|
|
- They only link to the main hub.
|
|
|
|
###### Third-Party Leaf Servers:
|
|
- These servers are donated by trusted individuals and provide additional connectivity for the network.
|
|
- They only link to the WILDWEST hub and are not directly connected to the main hub.
|
|
- This setup ensures that if any third-party server is compromised, only the WILDWEST hub is exposed.
|
|
|
|
## Hubs
|
|
###### Main Hub:
|
|
- Acts as the central "official" hub for main leaf servers.
|
|
|
|
###### WILDWEST Hub:
|
|
- Seperate isolated hub for allowing third-party leaf servers to link.
|
|
- This hub links to the main hub, effectively unifying the leaf servers from both the main and WILDWEST hubs.
|
|
|
|
## Services
|
|
- Services will only link to the WILDWEST hub, this way if it was ever comprimised, only the WILDWEST hub would be exposed.
|
|
|
|
## Security
|
|
Access to everything *(with the exception of some third-party leaf servers)* will be strictly allowed through Tailscale only, with additional firewall rules in place only allowing what is required for network operations.
|
|
|
|
All servers *(with the exception of some third-party leaf servers)* will only run the required software for this IRC network with no additional services running on the same machine.
|
|
|
|
The IP address of the hub servers should always remain hidden and never be known to the public.
|
|
|
|
The WILDWEST hub essentially serves as a dummy hub to protect the main hub in the event of a server comprimise.
|
|
|
|
## Roadmap
|
|
- [ ] Planning & development *(in progress)*
|
|
- [ ] Deploy the IRCd to the main leaf servers & setup the main hub as a test-bed network.
|
|
- [ ] Deploy IRC services to the test-bed.
|
|
- [ ] Deploy the WILDWEST hub & link directly to the main hub
|
|
- [ ] Full testing & debugging & stress testing of the new network
|
|
- [ ] Mainline the new stack deprecating the old IRC network
|