AniNIX/Wiki
3
0
Fork 0
Code Issues 9 Pull Requests 3 Releases Activity

Moving Services to Ubiqtorate

Browse Source 
Updates for Operation
Cleanup on README
Added table of counters for tracking technology selection
Naming cleanup
Renamed Bastion to Nazara
This commit is contained in:
DarkFeather
2020-10-08 16:38:15 -05:00
parent 06f37260ec
commit 5c42170cc2
29 changed files with 107 additions and 1057 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
Entities/Bastion.md
View File

@@ -1,25 +0,0 @@
A Bastion host is a gateway to accessing other hosts. It is a safeguard against admin error.
# Etymology
Bastion hosts are named because they are the first line of defense against administrative error -- they prevent admins from being locked out of correcting their changes.
# Capacity and Components
A Bastion host needs minimal CPU or memory.
# Hosted Services and Entities
Nothing is hosted by a Bastion.
# Connections
See [[:Category:Entity|the entity list]] -- any host should be able to connect to a Bastion with [[SSH]] and X11, and it should be able to dial to any service provider.
# Additional Reference
Bastion hosts should be deployed alongside any Hypervisor and set to start on boot. The encrypted credentials volume should be encrypted per [[ShadowArch]]'s recommendations, and it should not be added to /etc/fstab or /etc/crypttab.
To create a Bastion:
1. Create a new VM in the Hypervisor and mark it to start on boot. For an example Hypervisor, see [[Forge2]].
1. Install ShadowArch with the Spartacus layout and without encryption or GUI -- encryption complicates boot and GUI is unnecessary. Applications with GUI will be X11-forwarded.
1. Log in as root and convert the exfat partition from the Spartacus layout to an encrypted ext4 or xfs one.
1. "make -C /usr/local/src/ConfigPackages/Bastion install"
1. Log in as the bastion user on the new VM and run new-ssh-key for each [[SSH]]-capable host.
1. Set a NAT rule in the router to allow access to the Bastion host on a non-22 port.
}}

17
Entities/Nazara.md Normal file
View File

@@ -0,0 +1,17 @@
A Nazara host is a gateway to accessing other hosts. It is a safeguard against admin error.
# Etymology
Nazara hosts are named because they are the first line of defense against administrative error -- they prevent admins from being locked out of correcting their changes.
# Capacity and Components
A Nazara host needs minimal CPU or memory.
# Hosted Services and Entities
Nothing is hosted by a Nazara.
# Connections
Any host should be able to connect to a Nazara with [SSH](../Services/SSH.md) and X11, and it should be able to dial to any service provider.
# Additional Reference
Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.