Last Updated: August 2020

#Overview

This diagram was created with https://app.diagrams.net/. To edit it, download the diagram file and edit it with the https://app.diagrams.net/ web application, or you may run the application from source if you wish.

#Physical Hosts
  • baikal

    • 69.61.110.118
    • cyberia's first rack server, installed in CyberWurx datacenter in Atlanta Georgia
    • j3s is the only authorized support contact right now and the only one who can log into the CyberWurx portal
  • gibson

    • dynamic(ish) ip address
    • consumer grade desktop located in fack's house
    • NOTE: gibson uses port 3215 for ssh. connect with ssh -p 3215 gibson.cyberia.club
  • stream.cyberia.club

    • dynamic(ish) ip address
    • olde desktop located in j3s's house
#Cloud Service Accounts
  • namecheap

    • fack's namecheap account is currently being used to manage DNS entires for:
      • cyberia.club
      • nullhex.com
      • capsul.org
    • all DNS updates are being done manually by j3s.
    • conventions:
      • A records are named after hostnames & point to VMs / physical hosts
      • CNAMEs are named after the service & point to the A record of the host the service runs on
  • CyberWurx portal

    • Allows us to add reverse DNS entries for Capsuls
    • View metrics, get datacenter information, support tickets, etc
    • Right now j3s is the only one who can log in / be authorized for support. Can add others though!
#Capsul

Most of cyberia's services run on Capsul, our Virtual Machine Management tool & service.

Ansible Managed Capsuls:
capsul-ay3yh10q2q  f1-xs  69.61.2.230  alpine311  Jun 20 2020 domechild.cyberia.club  (new email server)
capsul-c04bbf593b  f1-s   69.61.2.246  alpine311  Jun 01 2020 raaz.cyberia.club       (NSHC / North Star Health Collective) 
capsul-pfgy2tthx9  f1-xs  69.61.2.167  alpine311  May 10 2020 legion.cyberia.club     (postgres for forge & others in the future)
capsul-id502edkg0  f1-xs  69.61.2.170  alpine311  Apr 01 2020 rosewater.cyberia.club  (cyberia forge)
capsul-t6tfb2dh5p  f1-m   69.61.2.183  alpine311  May 10 2020 mothership.cyberia.club (prometheus & grafana & future logg agg)
capsul-w6hsx09r7v  f1-xs  69.61.2.213  alpine311  Aug 20 2020 leckie.cyberia.club     (ansible bastion + build submitter)

Legacy Capsuls:
capsul-qnx33xmi6f  f1-s   69.61.2.175  debian10   Mar 13 2020 m1.nullhex.com          (old mail server) 
cvm-lqj2x9nxic	   f1-l   69.61.2.190  debian10   Mar 07 2020 matrix.cyberia.club     (cyberia matrix) 
cvm-m1tjv0lljd	   f1-xs  69.61.2.178  debian10   Mar 10 2020 elliot.cyberia.club     (websites & git.cyberia.club, nullhex.com)

The Ansible Managed servers should have a user account for each user. The Legacy servers & baikal only have one user named cyberian, with everyone's keys authorized for that server.

Contact j3s, forest, or vvesley for more information on cyberia's capsul account.

#Host Key Fingerprints

NOTE: you can control what kind of host key your ssh client will use like this:

ssh -o HostKeyAlgorithms=ssh-ed25519 example.cyberia.club

baikal.cyberia.club
  ECDSA    SHA256:85GTFfUpDDefcNcIROtFpuTiHC1j3iNU74aaKFO03+0
  ED25519  SHA256:v9MEa97wnmA75CyzQC5lW8nOI56LJ4jTmD2f68udK80

gibson.cyberia.club
  NOTE:    gibson uses port 3215 for ssh. connect with ssh -p 3215 gibson.cyberia.club
  ECDSA    SHA256:/YSNMdW1oY5svUb7kBk213Le8+zUCWVIJcR11Agdtiw
  ED25519  SHA256:BIEMaNLaN8iPiB5GuBIr37Wlz+xKj3ZlUEasgFwsGQc

mothership.cyberia.club
  ECDSA    SHA256:3XJG2fyaPDJWjnEOW3q2KiWg5qLV6hmEPczvp8GqhE0
  ED25519  SHA256:njIT2k1t6hHuOO0VjBNmHW1QSGN4GEqQQMj/BGpnBa0

domechild.cyberia.club
  ECDSA    SHA256:IQqTPv14u3dG62hS0q2Mr6pef6KwpjPKM2uVP+SK+qA
  ED25519  SHA256:3z5BI2ZEZjzDEh0B7a2GxgMa4faqA3Y6bQdGcQp4G88

rosewater.cyberia.club
  ECDSA    SHA256:dAbABreDUpV9AG7kChcx9S6+6f+fmnhqwwInqYoxcwU
  ED25519  SHA256:nT+ISIGV95MBKkIpcHTKo30lx4qRQ0Cpu1iM3w6+Sh0

legion.cyberia.club
  ECDSA    SHA256:EW9ydcgLg/pwoA0GPsI0VVeIBpnSi7aIHhvXOQBa+Xg
  ED25519  SHA256:cWLBFESOHrmVFrLRLjxrY4tcPmVRerJe1SB/+6tXSxAv

leckie.cyberia.club
  ECDSA    SHA256:KbzxzEKP21B0S3A/SKqqGmjiymnkk7byvoc6W4SxEwM
  ED25519  SHA256:M1QPflfIrsbhVlMaomvGQsr5AZS5YRkBHv+pnyI7bg4

raaz.cyberia.club
  ECDSA    SHA256:AJb0bZN2PTTm83zf5zI1IOEIVfeXUxQl/vTode/88jA
  ED25519  SHA256:zJv6E6lG4dAsqNmDHTO/qFVlTESKYq/KD29e8Nt/6j4

night.cyberia.club
  ECDSA    SHA256:hs+QoYtT26CAEYH/33ZFMWkpWQga9KYysfezUoPT+UA
  ED25519  SHA256:bCYhVlQ95PNy0YZuRLnqv+/1Wr1ZPbqu55fqDfV//EY

matrix.cyberia.club
  ECDSA    SHA256:VlRPAqLGxY4JUVhYirOVlfuDFtgTbaiw3x29xYizEeU
  ED25519  SHA256:BExhsVPNTp49jyJ6ezRf+Nn4TxPj8D9VZMhnjMABq6g

elliot.cyberia.club
  ECDSA    SHA256:/tsASDZ+MX519DC/Y7mHbV2CYCPnyMAbX1e0GHBOin0
  ED25519  SHA256:B9QNCnz57agsI40tMVU8UwyvZqMbz/p1ZNH5E1gL3io

m1.nullhex.com
  ECDSA    SHA256:Qe1QQ2XtlKkP0pSL5qxIJp/Iosy30bJFdmE1A2YCz34
  ED25519  SHA256:r4ZZ4uct7hVb0ZD5WbJNiHv/nWCfddpQx5uwt3mhtUE
#Automation (Ansible)

The Ops Handbook is still on the old git server, it is the main repo with the ansible inventory & playbooks.

Ansible bastion host/automation is on leckie.cyberia.club

#Service Inventory
User-oriented Name URL Developer-oriented Name Host Deployment Code Application Code
cyberia's matrix server https://matrix.cyberia.club/ synapse matrix.cyberia.club ansible/roles/synapse matrix-org/synapse
cyberia's matrix server https://riot.cyberia.club/ element (used to be called riot) matrix.cyberia.club ansible/roles/riot vector-im/element-web
cyberia's matrix server N/A postgres matrix.cyberia.club ansible/roles/postgresql git.postgresql.org
cyberia's matrix server N/A irc bridge to freenode matrix.cyberia.club TBD matrix-org/matrix-appservice-irc
cyberia's matrix server https://matrix.cyberia.club/_synapse/metrics matrix prometheus exporter matrix.cyberia.club TBD matrix-org/synapse/metrics
nullhex email https://nullhex.com/ alps elliot.cyberia.club TBD ~emersion/alps/
nullhex email nullhex.com ports 25 & 587 (STARTTLS) opensmtpd m1.nullhex.com ansible/roles/opensmtpd OpenSMTPD/OpenSMTPD
nullhex email nullhex.com:993 (imap) dovecot m1.nullhex.com ansible/roles/dovecot dovecot/core
nullhex email N/A rspamd m1.nullhex.com TBD rspamd/rspamd
capsul https://capsul.org capsul baikal.cyberia.club TBD ~forest/capsul-flask/
forge (cyberia's git server) https://forge.cyberia.club/ sourcehut rosewater.cyberia.club TBD ~sircmpwn/sourcehut
forge (cyberia's git server) N/A postgres legion.cyberia.club TBD git.postgresql.org
cyberia's website https://cyberia.club/ nginx static site elliot.cyberia.club TBD services/website
the old git server https://git.cyberia.club/ cgit elliot.cyberia.club TBD git.zx2c4.com/cgit
prometheus https://prometheus.cyberia.club/ prometheus mothership.cyberia.club rules & ansible/roles/prometheus prometheus/prometheus
alertmanager N/A alertmanager mothership.cyberia.club same as prometheus prometheus/alertmanager
grafana https://grafana.cyberia.club/ grafana mothership.cyberia.club ansible/roles/grafana grafana/grafana
Jackal https://bot.j3s.sh matrix alert bot bot.j3s.sh TBD matrix-org/go-neb
#Notes

https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/

About this wiki

commit eb514f9ab3c49ba3866060b39065ac0d11eb2ae6
Author: j3s <j3s@c3f.net>
Date:   2020-10-11T19:19:23-05:00

Add forge notes
Clone this wiki
https://giit.cyberia.club/~cyberia/docs (read-only)
git@giit.cyberia.club:~cyberia/docs (read/write)