[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: help wanted, standing up mirroring sync proxies on public cloud

Hi

On Wed, Feb 08, 2023 at 09:26:55PM -0800, Ross Vandegrift wrote:
> Okay, great.  We're going to go ahead and work on deploying this.
> Here's what we're going to deploy, please let us know if anything sounds
> wrong:

This is now
https://salsa.debian.org/cloud-admin-team/debian-cloud-hosting-setup/-/merge_requests/2

Sorry, Julien, you can't currently read that.

Done
- One dedicated /56 per region for all DSA stuff
- One instance, m6g.2xlarge, arm64, Debian 12 (also possible is Debian
  11)
- One dedicated data volume with ext4, on instance creation mounted on
  /srv
- SSH keys taken from https://salsa.debian.org, only from jcristau
- Network filter setup via two security groups
  - administrative, which allows
    - ingress and egress of icmp
    - egress to http and https
    - unrestricted ingress and egress to the Debian IPv6 networks at
      manda, grnet, ubc
  - syncproxy, which allows
    - egress to ssh
    - ingress to rsync and rsync-ssl (1831)
    - ingress from fasolo and genome research for sibelius

Not yet done is
- elastic IP, so the IPv4 adress will change for example on re-create
- definition of required size of data volume

Bastian

-- 
No more blah, blah, blah!
		-- Kirk, "Miri", stardate 2713.6
Reply to: