Difference between revisions of "Network Policy"

From Oshaberi Net
Jump to navigation Jump to search
Line 55: Line 55:
 
=== Connectivity ===
 
=== Connectivity ===
 
* All nodes must have an always-on internet connection with a dedicated static IP address.
 
* All nodes must have an always-on internet connection with a dedicated static IP address.
 +
* All nodes must have matching forward and reverse DNS records.
 
* The ircd must be the only service available on the static IP address used by the node.
 
* The ircd must be the only service available on the static IP address used by the node.
 
* All nodes must offer encrypted connections with Lets Encrypt signed certificates on port 6697.
 
* All nodes must offer encrypted connections with Lets Encrypt signed certificates on port 6697.

Revision as of 12:38, 5 January 2020

Introduction

OshaberiNet is a collaborative effort between volunteers. This document describes the day-to-day procedures for operating the network.

Roles

Global Operators

Global operators own and maintain a hub node. This type of operator may take action on the entire network such as banning a user from all servers. They may also appoint a single local operator to assist with the operation of their node.

Local Operators

Local operators may own a leaf node or be appointed by a global operator. This type of operator may take action on single node in the network.

Services Operators

All global operators are services operators. Services operators are able to take action on the services system.

Precedence of Network Policy

Network Policy as described in this document shall override local node policy in all cases. All nodes and operators must abide by network policy.

Should a node fail to fully implement network policy a thirty day grace period will be extended to allow for its owner to make necessary changes. If at the end of the grace period the node owner has not complied the node will be delinked in accordance with the Delinking Procedure described in this document.

Voting Procedure

Votes must be cast as part of governing the network. Voting should be carried out as follows:

  • All network operators must vote yea or nay.
  • Votes from Global Operators shall be counted on a 1-to-1 basis.
  • The simple majority result from the Local Operators shall count as 1.
  • Votes from Global Operators and simple majority result from Local operators shall be summed for the final result.

Should a voting action result in a tie, a tie-breaker vote should be cast by simple coin flip through the gameserv provided by services: heads for yea, tails for nay.

Changing Network Policy

Network policy may be changed to better suit the needs of the network and its users.

Changing the Network Policy requires that:

  • The change be sponsored by a Global Operator.
  • The change shall have a scheduled discussion period in the network operators channel.
  • The voting procedure described in this document shall be carried out to confirm (yea) or reject (nay) the proposed change.

Nodes

Maintenance

  • All nodes must have a regularly scheduled maintenance period that is posted on the Oshaberi wiki and included in the message of the day.
  • Changes that may interrupt service should be completed during the regularly scheduled maintenance period for the node.
  • Node owners should send a WALLOP before commencing and after completing maintenance on a node.
  • Nodes must be regularly patched according to the recommendations of the operating system vendor.

Should a problem be identified with a node that impacts the day to day operation of the network, the node owner will be notified and given 30 days to correct the issue or take appropriate mitigating action.

Configuration

  • All nodes must adhere to the baseline configuration stored in GIT_REPO to ensure interoperation and consistent experience for end users.

Connectivity

  • All nodes must have an always-on internet connection with a dedicated static IP address.
  • All nodes must have matching forward and reverse DNS records.
  • The ircd must be the only service available on the static IP address used by the node.
  • All nodes must offer encrypted connections with Lets Encrypt signed certificates on port 6697.
  • All nodes must offer plaintext connections on port 6667.

Procedure For Adding A New Node

As nodes are retired or the network grows it may become necessary to add nodes to the network. Any person may apply to run a node, subject to the following procedure.

  • A current Global Operator must sponsor the application.
  • The Voting Procedure described in this document shall be carried out.

Should the vote not be found in favor of the applicant their application shall be rejected and the applicant will be barred from applying again for 6 months.

Should the vote be found in favor of the applicant a provisional period of 60 days shall be established.

During the provisional period the new node shall be linked to an existing hub node as a leaf. Operators of a provisional node may not participate in a Voting Procedure.

At the end of the provisional period the Voting Procedure shall be carried out to determine final acceptance of the node.

Should the vote not be found in favor of accepting the node it shall be delinked according to the Delinking Procedure as described in this document and the owner shall be barred from applying for 1 year.

Should the vote be found in favor of accepting the node it shall be added to the round robin DNS record and its operators will gain voting privileges, joining the network as a permanent node.