diff options
| author | arf20 <aruizfernandez05@gmail.com> | 2023-12-28 23:42:31 +0100 |
|---|---|---|
| committer | arf20 <aruizfernandez05@gmail.com> | 2023-12-28 23:42:31 +0100 |
| commit | eb4343c07833d4eb9e287b2c52001b08a9bfc12f (patch) | |
| tree | d8c4b4edbff668bcc2f61afc829cc338d138d155 | |
| parent | 396f21a94e1ddfb5feb2d5b2849ae00c99ec393c (diff) | |
| download | arfnet2-eb4343c07833d4eb9e287b2c52001b08a9bfc12f.tar.gz arfnet2-eb4343c07833d4eb9e287b2c52001b08a9bfc12f.zip | |
Plan
| -rw-r--r-- | arfnet2.md | 20 |
1 files changed, 17 insertions, 3 deletions
@@ -1,11 +1,25 @@ # ARFNET2 deployment +After the disastrous ISP [schism](http://arf20.com/explanation.txt) +## Masterplan Stage 1, very safe - Close all ports - Nuke (or stop) all old VMs (exclude OPNSense) - Make DMZ - - Make the following ones (cloning deb12 template) - - Open following ports + - Make new basic VMs (cloning deb12 template) + - Open basic ports + +Stage 2, new services + - IONOS VPS for mail + - Some new very safe services + +Stage 3*, finally + - Another VPS in unknown provider for + - Tor + - Reverse-proxying the media library + - PHP on main site with more web services from scratch, hopefully secure + - More new services + - Our own authoritative nameserver for the domain zone ## Networks - DMZ untagged 192.168.4.0/24: Services and management @@ -25,7 +39,7 @@ Stage 1, very safe - HP printer .7 ## VMs and services -All VMs must run the wazuh agent +All VMs are Debian 12 (templated) with wazuh agent ### router DMZ.1 - (routing/firewalling) |