From 717fcb9c81d2bc3cc7a84a3ebea6572d7ff0f5cf Mon Sep 17 00:00:00 2001 From: doc Date: Mon, 30 Jun 2025 20:06:28 +0000 Subject: uploading documentation --- genesishosting/infra/genesis-shield.md | 24 ++++++++++++++++++++++ genesishosting/infra/infra-maintenance-windows.md | 25 +++++++++++++++++++++++ genesishosting/infra/infra-monitoring-setup.md | 25 +++++++++++++++++++++++ genesishosting/infra/server-naming-convention.md | 19 +++++++++++++++++ genesishosting/infra/zfs-strategy.md | 23 +++++++++++++++++++++ 5 files changed, 116 insertions(+) create mode 100644 genesishosting/infra/genesis-shield.md create mode 100644 genesishosting/infra/infra-maintenance-windows.md create mode 100644 genesishosting/infra/infra-monitoring-setup.md create mode 100644 genesishosting/infra/server-naming-convention.md create mode 100644 genesishosting/infra/zfs-strategy.md (limited to 'genesishosting/infra') diff --git a/genesishosting/infra/genesis-shield.md b/genesishosting/infra/genesis-shield.md new file mode 100644 index 0000000..853f6d9 --- /dev/null +++ b/genesishosting/infra/genesis-shield.md @@ -0,0 +1,24 @@ +# Genesis Shield – Security & Threat Monitoring + +Genesis Shield is our custom-built alert and ban system, integrated across our infrastructure. + +## Features + +- Aggregates Fail2Ban logs across all VMs +- Bans pushed in real-time via Mastodon DM and Telegram +- Scripts track: + - Repeated SSH failures + - API abuse + - Web panel brute force attempts + +## Interfaces + +- Terminal dashboard for live bans/unbans +- Role-based control (root/admin only) +- Daily threat summary via Mastodon bot + +## Roadmap + +- WHMCS integration for abuse tickets +- Live threat map by country/IP +- REST API for admin toolkit diff --git a/genesishosting/infra/infra-maintenance-windows.md b/genesishosting/infra/infra-maintenance-windows.md new file mode 100644 index 0000000..0f48e77 --- /dev/null +++ b/genesishosting/infra/infra-maintenance-windows.md @@ -0,0 +1,25 @@ +# Maintenance Window Policy + +To maintain consistency and reduce customer impact, we adhere to a strict maintenance schedule. + +## Standard Window + +- **Every Sunday, 7 PM – 9 PM Eastern** +- Non-emergency changes must occur during this window + +## What’s Allowed + +- OS & kernel updates +- Docker/image upgrades +- ZFS snapshots & cleanup +- Rolling restarts of containers + +## Emergencies + +- Critical security patches can bypass the window +- All emergency changes must be logged and reviewed + +## Notifications + +- Posted on Mastodon at least 1 hour before the window begins +- Clients notified via WHMCS if it will affect their service diff --git a/genesishosting/infra/infra-monitoring-setup.md b/genesishosting/infra/infra-monitoring-setup.md new file mode 100644 index 0000000..e0f6c16 --- /dev/null +++ b/genesishosting/infra/infra-monitoring-setup.md @@ -0,0 +1,25 @@ +# Monitoring Setup + +We use a layered monitoring approach to ensure full visibility and rapid response. + +## Stack + +- **Prometheus** for metrics collection +- **Grafana** for visualization dashboards +- **Fail2Ban** for intrusion attempts +- **Genesis Shield** for aggregated alerts (Telegram + Mastodon) + +## What We Monitor + +| System | Metric Examples | +|----------------|--------------------------------------------| +| PostgreSQL | Replication lag, disk usage, active queries | +| Web Servers | HTTP response time, TLS errors | +| MinIO / Assets | Cache hit ratio, sync status | +| Docker Hosts | Container uptime, memory pressure | + +## Alerting + +- Telegram: Real-time infra alerts +- Mastodon bot: Daily summaries and status posts +- Fallback email alerts for critical failures diff --git a/genesishosting/infra/server-naming-convention.md b/genesishosting/infra/server-naming-convention.md new file mode 100644 index 0000000..0097b1c --- /dev/null +++ b/genesishosting/infra/server-naming-convention.md @@ -0,0 +1,19 @@ +# Server Naming Convention + +To reduce confusion and improve clarity, we follow a clear and themed naming structure. + +## Naming Style + +Examples: + +- `krang.internal` – Master backend server +- `replica.db3.sshjunkie.com` – Staging PostgreSQL replica +- `shredderv2` – ZFS backup server +- `anthony` – Ansible control node +- `nexus` – Main ZFS pool server for assets + +## Guidelines + +- Avoid generic names (`server1`, `host123`) +- Use themed names (e.g., TMNT characters for core infrastructure) +- Include environment tags where needed (`-test`, `-prod`) diff --git a/genesishosting/infra/zfs-strategy.md b/genesishosting/infra/zfs-strategy.md new file mode 100644 index 0000000..a69a1fa --- /dev/null +++ b/genesishosting/infra/zfs-strategy.md @@ -0,0 +1,23 @@ +# ZFS Strategy + +ZFS is used across Genesis Hosting Technologies for performance, integrity, and snapshot-based backup operations. + +## Pool Layout + +- RAIDZ1 or mirrored vdevs depending on use case +- Dataset naming: `genesisassets-secure`, `genesisshows-secure`, etc. +- Dedicated pools for: + - Mastodon media + - Client backups + - Internal scripts and logs + +## Snapshots + +- Hourly: last 24 hours +- Daily: last 7 days +- Weekly: last 4 weeks + +## Send/Receive + +- Used for offsite replication to Servarica and backup nodes +- Verified using checksums and `zfs receive -F` -- cgit v1.2.3