Network/Azure

From Hive13 Wiki
Jump to navigation Jump to search

In early 2020, we took advantage of a Microsoft for Nonprofits offer for donated credit on Azure. Through 2020, all services that were hosted internally, like intweb and Dumpstor, were moved to Azure. In early 2021, all external services, like the Hive13 web site, wiki, and open finance, were similarly moved.

This page attempts to document how it's all put together.

IPSec Tunnel

The network in the space is somewhat managed by the building owner. Hive13 is segmented out to our own VLAN, which is handed off to our main switch near the front of the space. 2701 also provides the wireless infrastructure in the building, with a guest network and a set of tenant credentials that will place a client on our VLAN. We have arranged for an IPSec tunnel to extend our network to Azure. See the VLANs section of the Wired Network page for details. Any traffic to 172.16.4.0/22 from our VLAN is routed across this IPSec tunnel to Azure.

List of VMs

Name IP Purpose
Weefee 172.16.5.40 UniFi Controller (still on, needs to be decommissioned)
Revprox 172.16.5.60 Reverse proxy for application servers
Intwebapp 172.16.5.61 Intweb app server
Bitwarden 172.16.5.62 Bitwarden_rs app server (running on Docker)
Webhost 172.16.5.63 External web hosting server (migrated from DigitalOcean)
Psqlmaster 172.16.5.70 PostgreSQL server that drives intweb

All VMs are defined in a Terraform unit found in this GitHub repository. The OpenSSH private key for the management account is held by the CTO and other designated break-glass keyholders.

DNS

It's always DNS, and you can find our authoritative DNS zone in Azure. See the current CTO for more info.