From 63756c3212b3d0e51bbeaf969d0f49ebde7bbf59 Mon Sep 17 00:00:00 2001 From: counterweight Date: Sat, 13 Jan 2024 12:33:15 +0100 Subject: [PATCH] Things --- hosting-providers.md | 39 +++++++++++++++++++++++++ infra_tests/vpn_dns_tests.md | 6 ++++ infra_tests/wireguard_and_nginx_test.md | 25 +++++++++++++--- 3 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 hosting-providers.md create mode 100644 infra_tests/vpn_dns_tests.md diff --git a/hosting-providers.md b/hosting-providers.md new file mode 100644 index 0000000..42a7dc9 --- /dev/null +++ b/hosting-providers.md @@ -0,0 +1,39 @@ + + +- https://fort.pw + - The shady guys. Definitely privacy friendly, but no clue on how professional and reliable they are. + - Pricing is unbeatable. + - No clue as to panel features, they are very obscure about that. + - According to bitcoin-vps, accepts with LN. +- https://1984.hosting + - Our beloved punk icelanders + - Privacy friendly + - Prices are competitive but offering is limited + - Can only pre-pay VPS for closed time periods, no hourly billing, and does not accept LN payments. It's very unflexible. + - No large storage options. +- https://njal.la + - Our beloved punk swedes + - Privacy friendly + - Prices are not competitive at all + - Does not accept LN payments, but has a wallet and top up feature, so we can make individual large onchain payments. + - No large storage options. +- https://noez.de + - Great variety of machines in the offering + - VPSs with ~ 1TB of disk are not that expensive (<75€/month) + - Seems quite professional. + - Not cypherpunk at all. + - I checked myself by making an account: they do accept lightning. They use coingate, the same provider as hostinger. + - Allows to not verify with phone if you are willing to pay with Bitcon + - https://noez.de/en/docs/article/58/i-don039t-want-to-verify-by-phone +- https://liteserver.nl + - Has some very competitive VPSs with large HDD storage + - According to bitcoin-vps, accepts lightnint network payments via coin-gate +- https://www.aaroli.com/ + - Seems to be privacy friendly and allow anonymous interaction + - Has some very competitive VPSs with large HDD storage + - Feels like is probably a reseller and not running their own infra +- https://app.seimaxim.com/ + - Seems to have great prices for big fat dedicated servers + - If the bills go up a lot, it would probably be more efficient to buy one of these and deploy everything there + - Not cypherpunk at all. + - From bitcoin-vps: > Anonymous signup allowed. Bitcoin full nodes are allowed. Also offers GPU mining servers, domains, shared hosting, and HTTP/SOCKS proxies. Uses Coinbase payment gateway \ No newline at end of file diff --git a/infra_tests/vpn_dns_tests.md b/infra_tests/vpn_dns_tests.md new file mode 100644 index 0000000..d84a0dc --- /dev/null +++ b/infra_tests/vpn_dns_tests.md @@ -0,0 +1,6 @@ + +We need a way to have proper names for services within the VPN so that people don't go around hardcoding IPs. + +From what I've read in the article below, it should be possible to make the Wireguard configuration also point to a custom DNS where we could centralize name resolution for all members. They wouldn't need to take any extra action besides setting up his Wireguard profile. This is good because I want to avoid people having to configure a million crazy things. + +https://www.procustodibus.com/blog/2023/01/wireguard-internal-dns-names/ \ No newline at end of file diff --git a/infra_tests/wireguard_and_nginx_test.md b/infra_tests/wireguard_and_nginx_test.md index 4803686..af0104d 100644 --- a/infra_tests/wireguard_and_nginx_test.md +++ b/infra_tests/wireguard_and_nginx_test.md @@ -7,11 +7,13 @@ This would allow for having internal webpages that can only be reached by users - Perfect protection against sniffing between our member devices and all our services. - The possibility to fully unplug any user at will by simply removing his keys from the Wireguard VPN config. +From what I've understood from this Mattermost docs () this should also allow us to pipe all Mattermost related traffic through the VPN. + ## Test plan -- [ ] Get a VPS in 1984.hosting -- [ ] Install Ubuntu Server -- [ ] Install Wireguard +- [X] Get a VPS in ~~1984.hosting~~ +- [X] Install Ubuntu Server +- [X] Install Wireguard - https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-22-04 - [ ] Install client and check that VPN is working fine - [ ] Deploy silly webpage with containerized Nginx and open access in the same VPS @@ -22,4 +24,19 @@ This would allow for having internal webpages that can only be reached by users ## Test logs -Drop notes here as we try stuff +- I've created an account in 1984 with my counterweightoperator@protonmail.com email. +- I've set up a tiny VPS + - Ubuntu Server 22.04.1 + - counter ganzua as the SSH key, no password + - fuuuug, 1984 only takes onchain payments and doesn't have a credit based system. If I only want a small VPS for a bit, I need to at least buy it for a month with an onchain transaction. This is very suboptimal. +- I'm going to create an account in njal.la to check if their panel and payment options are better. + - nja.la also does not accept lightning network payments, but at least has a wallet that can be toppped up big time in a single shot, completely unrelated to any server purchase. + - The nasty bit is that nja.la server offering is rather limited and the prices are not competitive at all (~x3 more expensive than 1984). +- Now I'm wondering if the guys at fort.pw might be a better option. The only issue is they are shady as fuck. But so are we, ain't we? +- Well, scrap all the previous stuff. I'm just going to try with my battle-tested, comfy and nice fiat VPS provider. Let's not make perfect the enemy of good. The purpose of this test is to test the Wireguard and Nginx set up, not a hosting provider. We will have time for that. + +- I create a VPS with: + - Ubuntu Server 22 + - 1vcore, 2gb ram + - I install wireguard `sudo apt install wireguard` + - Run `ip link add dev wg0 type wireguard`