Network/Azure
In early 2020, we took advantage of a Microsoft for Nonprofits offer for donated credit on Azure. Through 2020, all services that were hosted internally, like intweb and Dumpstor, were moved to Azure. In early 2021, all external services, like the Hive13 web site, wiki, and open finance, were similarly moved.
This page attempts to document how it's all put together.
IPSec Tunnel
The network in the space is somewhat managed by the building owner. Hive13 is segmented out to our own VLAN, which is handed off to our main switch near the front of the space. 2701 also provides the wireless infrastructure in the building, with a guest network and a set of tenant credentials that will place a client on our VLAN. We have arranged for an IPSec tunnel to extend our network to Azure. See the VLANs section of the Wired Network page for details. Any traffic to 172.16.4.0/22 from our VLAN is routed across this IPSec tunnel to Azure.
List of VMs
Name | IP | Purpose |
Weefee | 172.16.5.40 | UniFi Controller (still on, needs to be decommissioned) |
Revprox | 172.16.5.60 | Reverse proxy for application servers |
Intwebapp | 172.16.5.61 | Intweb app server |
Bitwarden | 172.16.5.62 | Bitwarden_rs app server (running on Docker) |
Webhost | 172.16.5.63 | External web hosting server (migrated from DigitalOcean) |
Psqlmaster | 172.16.5.70 | PostgreSQL server that drives intweb |
All VMs are defined in a Terraform unit found in this GitHub repository. The OpenSSH private key for the management account is held by the CTO and other designated break-glass keyholders.
DNS
It's always DNS, and you can find our authoritative DNS zone in Azure. See the current CTO for more info.