74 lines
3.7 KiB
Markdown
74 lines
3.7 KiB
Markdown
# Nocturn9x Private Cloud - Ecosystem overview
|
||
|
||
This repository aims to lay down the structure of the private cloud to allow for easy addition of nodes by replicating our configuration.
|
||
|
||
## General Security Considerations
|
||
|
||
The most important thing when configuring a node is security. For this reason, a node added to the network that hosts sensitive
|
||
user data **must** implement some sort of security system the likes of SELinux. Nodes that host non-sensitive applications such as pasting
|
||
services and minecraft servers *may* skip this requirement. A sensitive application is defined as one storing any sort of non-anonymized,
|
||
user-identifying information, either temporarily or permanently, in any way, shape or form. Sensitive applications that do not make use of
|
||
best practices to secure user data (like encryption) will not be hosted on the network unless a secure workaround to such limitation exists.
|
||
|
||
## Node Setup
|
||
|
||
For simplicity as well as security purposes, most (if not all) services running on the current node(s) are dockerized or otherwise containerized in some manner.
|
||
It is advised for other node owners to follow this practice to simplify application deployment as well as confining their scope to contain potential security
|
||
issues that may arise.
|
||
|
||
## Network Setup
|
||
|
||
The network is set up as a collection of internet-facing servers and to which traffic is routed and forwarded from a main instance for conveniency purposes,
|
||
but individual nodes can (and should) have a fallback domain to make them reachable should the central node be offline. Nodes are assigned codenames, and
|
||
the current set of codenames is already taken:
|
||
- Centria (root instance, managed by me)
|
||
- Norlangarth (secondary instance, managed by [Art](https://git.nocturn9x.space/prod2))
|
||
- Aincrad (non-sensitive instance, managed by [Davide](https://git.nocturn9x.space/DavideGalilei))
|
||
|
||
|
||
Other potential future codenames are listed below, in no particular order:
|
||
- Zakkaria
|
||
- Rulid
|
||
- Swilvane
|
||
- Alne
|
||
- Jotunheimr
|
||
- Thrymheim
|
||
- Legrue
|
||
- Yggdrasil
|
||
- Lindarth
|
||
- Myujen
|
||
- Algade
|
||
- Rovia
|
||
- Ronbaru
|
||
- Collinia
|
||
- Danac
|
||
- Floria
|
||
- Urbus
|
||
|
||
Codenames are assigned by me ([nocturn9x](https://git.nocturn9x.space/nocturn9x)) for an added coolness™️ factor, but you may pick one from the list
|
||
as well and I'll most likely grant it.
|
||
|
||
__Note__: I'm a huge SAO nerd.
|
||
|
||
__Note 2__: I know it's supposed to be Centoria, but I'm used to calling it Centria. Deal with it.
|
||
|
||
__Note 3__: Jotunheimr has no umlaut for a reason. ASCII is simple.
|
||
|
||
__Note 4__: Bonus points if your server's hostname matches its codename.
|
||
|
||
## Subdomains
|
||
|
||
Each service is assigned a subdomain of the `nocturn9x.space` domain to make it reachable from Centria, but each node may have its own (sub)domain(s) and we
|
||
encourage node owners to publish them in order to make the network more resilient should Centria be offline.
|
||
|
||
## Usage Policies
|
||
|
||
I don't think I need to specify detailed usage policies if you've come this far, but the basics are:
|
||
- Don't be a dick. Access to this service is provided on an approval-only basis and is free of charge for everyone
|
||
- I fund these services out of my own pocket and with donations, so please don't abuse them
|
||
- If you really _need_ to post leaked source code to this git service, at least make it private. I won't shut it down if it is
|
||
- Try hosting any kind of child pornography material and you'll see me out of your house with an M4 faster than you can say the word "fuck"
|
||
- Be nice to others
|
||
- Don't act entitled (unless you pay for a specific service, in which case be a dick I guess). The services are provided on a best-effort basis
|
||
|
||
Other than that, if you have basic common sense and follow the netiquette (at least even partially), do pretty much what you want. |