From eb4343c07833d4eb9e287b2c52001b08a9bfc12f Mon Sep 17 00:00:00 2001
From: arf20 <aruizfernandez05@gmail.com>
Date: Thu, 28 Dec 2023 23:42:31 +0100
Subject: Plan

---
 arfnet2.md | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'arfnet2.md')

diff --git a/arfnet2.md b/arfnet2.md
index eeb46b3..278e183 100644
--- a/arfnet2.md
+++ b/arfnet2.md
@@ -1,11 +1,25 @@
 # ARFNET2 deployment
+After the disastrous ISP [schism](http://arf20.com/explanation.txt)
 
+## Masterplan
 Stage 1, very safe
  - Close all ports
  - Nuke (or stop) all old VMs (exclude OPNSense)
  - Make DMZ
- - Make the following ones (cloning deb12 template)
- - Open following ports
+ - Make new basic VMs (cloning deb12 template)
+ - Open basic ports
+
+Stage 2, new services
+ - IONOS VPS for mail
+ - Some new very safe services
+
+Stage 3*, finally
+ - Another VPS in unknown provider for
+    - Tor
+    - Reverse-proxying the media library
+ - PHP on main site with more web services from scratch, hopefully secure
+ - More new services
+ - Our own authoritative nameserver for the domain zone
 
 ## Networks
  - DMZ untagged 192.168.4.0/24: Services and management
@@ -25,7 +39,7 @@ Stage 1, very safe
  - HP printer .7
 
 ## VMs and services
-All VMs must run the wazuh agent
+All VMs are Debian 12 (templated) with wazuh agent
 
 ### router DMZ.1
  - (routing/firewalling)
-- 
cgit v1.2.3