Hi On Wed, Feb 08, 2023 at 09:26:55PM -0800, Ross Vandegrift wrote: > Okay, great. We're going to go ahead and work on deploying this. > Here's what we're going to deploy, please let us know if anything sounds > wrong:
This is now https://salsa.debian.org/cloud-admin-team/debian-cloud-hosting-setup/-/merge_requests/2 Sorry, Julien, you can't currently read that. Done - One dedicated /56 per region for all DSA stuff - One instance, m6g.2xlarge, arm64, Debian 12 (also possible is Debian 11) - One dedicated data volume with ext4, on instance creation mounted on /srv - SSH keys taken from https://salsa.debian.org, only from jcristau - Network filter setup via two security groups - administrative, which allows - ingress and egress of icmp - egress to http and https - unrestricted ingress and egress to the Debian IPv6 networks at manda, grnet, ubc - syncproxy, which allows - egress to ssh - ingress to rsync and rsync-ssl (1831) - ingress from fasolo and genome research for sibelius Not yet done is - elastic IP, so the IPv4 adress will change for example on re-create - definition of required size of data volume Bastian -- No more blah, blah, blah! -- Kirk, "Miri", stardate 2713.6