uploading documentationHEADmaster

5 files changed, 116 insertions, 0 deletions

diff --git a/genesishosting/infra/genesis-shield.md b/genesishosting/infra/genesis-shield.md
new file mode 100644
index 0000000..853f6d9
--- /dev/null
+++ b/genesishosting/infra/genesis-shield.md
@@ -0,0 +1,24 @@
+# Genesis Shield – Security & Threat Monitoring
+
+Genesis Shield is our custom-built alert and ban system, integrated across our infrastructure.
+
+## Features
+
+- Aggregates Fail2Ban logs across all VMs
+- Bans pushed in real-time via Mastodon DM and Telegram
+- Scripts track:
+  - Repeated SSH failures
+  - API abuse
+  - Web panel brute force attempts
+
+## Interfaces
+
+- Terminal dashboard for live bans/unbans
+- Role-based control (root/admin only)
+- Daily threat summary via Mastodon bot
+
+## Roadmap
+
+- WHMCS integration for abuse tickets
+- Live threat map by country/IP
+- REST API for admin toolkit
diff --git a/genesishosting/infra/infra-maintenance-windows.md b/genesishosting/infra/infra-maintenance-windows.md
new file mode 100644
index 0000000..0f48e77
--- /dev/null
+++ b/genesishosting/infra/infra-maintenance-windows.md
@@ -0,0 +1,25 @@
+# Maintenance Window Policy
+
+To maintain consistency and reduce customer impact, we adhere to a strict maintenance schedule.
+
+## Standard Window
+
+- **Every Sunday, 7 PM – 9 PM Eastern**
+- Non-emergency changes must occur during this window
+
+## What’s Allowed
+
+- OS & kernel updates
+- Docker/image upgrades
+- ZFS snapshots & cleanup
+- Rolling restarts of containers
+
+## Emergencies
+
+- Critical security patches can bypass the window
+- All emergency changes must be logged and reviewed
+
+## Notifications
+
+- Posted on Mastodon at least 1 hour before the window begins
+- Clients notified via WHMCS if it will affect their service
diff --git a/genesishosting/infra/infra-monitoring-setup.md b/genesishosting/infra/infra-monitoring-setup.md
new file mode 100644
index 0000000..e0f6c16
--- /dev/null
+++ b/genesishosting/infra/infra-monitoring-setup.md
@@ -0,0 +1,25 @@
+# Monitoring Setup
+
+We use a layered monitoring approach to ensure full visibility and rapid response.
+
+## Stack
+
+- **Prometheus** for metrics collection
+- **Grafana** for visualization dashboards
+- **Fail2Ban** for intrusion attempts
+- **Genesis Shield** for aggregated alerts (Telegram + Mastodon)
+
+## What We Monitor
+
+| System         | Metric Examples                           |
+|----------------|--------------------------------------------|
+| PostgreSQL     | Replication lag, disk usage, active queries |
+| Web Servers    | HTTP response time, TLS errors             |
+| MinIO / Assets | Cache hit ratio, sync status               |
+| Docker Hosts   | Container uptime, memory pressure          |
+
+## Alerting
+
+- Telegram: Real-time infra alerts
+- Mastodon bot: Daily summaries and status posts
+- Fallback email alerts for critical failures
diff --git a/genesishosting/infra/server-naming-convention.md b/genesishosting/infra/server-naming-convention.md
new file mode 100644
index 0000000..0097b1c
--- /dev/null
+++ b/genesishosting/infra/server-naming-convention.md
@@ -0,0 +1,19 @@
+# Server Naming Convention
+
+To reduce confusion and improve clarity, we follow a clear and themed naming structure.
+
+## Naming Style
+
+Examples:
+
+- `krang.internal` – Master backend server
+- `replica.db3.sshjunkie.com` – Staging PostgreSQL replica
+- `shredderv2` – ZFS backup server
+- `anthony` – Ansible control node
+- `nexus` – Main ZFS pool server for assets
+
+## Guidelines
+
+- Avoid generic names (`server1`, `host123`)
+- Use themed names (e.g., TMNT characters for core infrastructure)
+- Include environment tags where needed (`-test`, `-prod`)
diff --git a/genesishosting/infra/zfs-strategy.md b/genesishosting/infra/zfs-strategy.md
new file mode 100644
index 0000000..a69a1fa
--- /dev/null
+++ b/genesishosting/infra/zfs-strategy.md
@@ -0,0 +1,23 @@
+# ZFS Strategy
+
+ZFS is used across Genesis Hosting Technologies for performance, integrity, and snapshot-based backup operations.
+
+## Pool Layout
+
+- RAIDZ1 or mirrored vdevs depending on use case
+- Dataset naming: `genesisassets-secure`, `genesisshows-secure`, etc.
+- Dedicated pools for:
+  - Mastodon media
+  - Client backups
+  - Internal scripts and logs
+
+## Snapshots
+
+- Hourly: last 24 hours
+- Daily: last 7 days
+- Weekly: last 4 weeks
+
+## Send/Receive
+
+- Used for offsite replication to Servarica and backup nodes
+- Verified using checksums and `zfs receive -F`