Siliconvortex

This is my web page. There are many like it, but this one is mine.

Implemented features

• Hosting this page itself
• As secure as possible, courtesy of OpenBSD
• A pretty secure HTTP server (as measured by Observatory)
  • acme-client to get LE certificates, and checked/updated daily
  • forced http -> https renegotiation
  • using relayd to terminate TLS; inject common security policy headers
  • OCSP stapling, updated daily
• Restricting login to public ssh server via certificates only
• Available on tor too.
• Some code hosted on this server
• Rate-limiting on all public interfaces

Goals

• Restricting port access on all public interfaces (via ssh login, and pf rules)
• All setup codified, repeatable, and testable
• All code hosted on this server
• All data compressed/encrypted off-site for quick DR
• Single script DR to restore 100% functionality
• Control via VPN circuit only - public ssh is used only to open vpn tunnel ports - authpf
• Diagram of how it all works
• Line by line explanation - excellent docs
• CI/CD for changes
• host dns authority
• auto update dns registrar with ip - ifstated
• Prefer using OpenBSD utilities from base
• Use OpenBSD utilities from packages when necessary
• Cringe, and add another TODO item on this list if using something else
• "Free" BSD/MIT licensed software only

Stretch Goals

• implement kubelet to support using kubernetes as scheduler
• learn about mesos
• investigate clickable identity via web-browser/certs

Tried this? Mastodon