Try   HackMD

AVADO issues to solve

tags: AVADO

Problem: Connecting to common services though wamp.

Either we include tooling (nodejs) that is in the container
Benefit is that it is cleaner bc we pass though the wamp service bus.. drawback is that the docker images get larger bc we need to use a nodejs alpine image, which is way larger than a regular alpine image..
Or we try to call functions in other docker containers from the package , but is this feasible ? Can I call exec on another container from within another container ? Or is that just not the way to go ?
Benefit: we can control the functionalities in the dappmanager and maintain it there.

Problem: version management on the core system

The update script needs to be aware of the version the core system is in.
We should be able to detect the version of the base OS to avoid running a script against a wrong version of the OS.
suggestion: use a file /usr/src/dappnode/VERSION that contains a semver version starting at 0.0.2
in absence of this file - we assume that the OS is in its first version 0.0.1

Problem : Routing through ZeroTier

Commands

zerotier-cli listnetworks

wget -O - http://localhost:81/network/add/9b7e39e618

Option 1 : use same subnet







hierarchy



AVADO (172.30.0.0/22)

AVADO (172.30.0.0/22)



BIND (172.30.0.2)

BIND (172.30.0.2)



AVADO (172.30.0.0/22)->BIND (172.30.0.2)





ZT-PACKAGE(172.30.3.1)

ZT-PACKAGE(172.30.3.1)



AVADO (172.30.0.0/22)->ZT-PACKAGE(172.30.3.1)





ZT-client (172.30.3.2)

ZT-client (172.30.3.2)



ZT-PACKAGE(172.30.3.1)->ZT-client (172.30.3.2)





remote laptop (172.30.3.100)

remote laptop (172.30.3.100)



ZT-client (172.30.3.2)->remote laptop (172.30.3.100)

"ZT-client" -> "remote laptop" is bridged through ZT. How can we bridge between Z-client and AVADO network ?

Option 2 : use different subnet







hierarchy



AVADO (172.30.0.0/22)

AVADO (172.30.0.0/22)



BIND (172.30.0.2)

BIND (172.30.0.2)



AVADO (172.30.0.0/22)->BIND (172.30.0.2)





ZT-PACKAGE(172.30.4.1)

ZT-PACKAGE(172.30.4.1)



AVADO (172.30.0.0/22)->ZT-PACKAGE(172.30.4.1)





ZT-client (172.30.4.2)

ZT-client (172.30.4.2)



ZT-PACKAGE(172.30.4.1)->ZT-client (172.30.4.2)





remote laptop (172.30.4.100)

remote laptop (172.30.4.100)



ZT-client (172.30.4.2)->remote laptop (172.30.4.100)

"ZT-client" -> "remote laptop" is bridged through ZT. How can we route between Z-client and AVADO network ?

How does BIND find its way to the network 172.30.4.0 ?

problem : SOLANA validator a.k.a hardened AVADO server install

We should set up a validator for SOLANA. There are 3 major milestones

  1. Provisioning script for AVADO-SERVER

Given a provisioned server with DEBIAN 11 on it - be able to run a script that installs the base system + create credentials that can be sent later to the user.
Procedure to reset access if user locks himself out.

  1. Create a hardened version of AVADO (AVADO-SERVER)

We should be able to install AVADO on a server provisioned with Debian 11 , so that it ideally has no ports open other than what's strictly necessary to run solana.

Security checks

It should be impossible for outside actors to gain access to the AVADO other than using the existing methods (openVPN / Zt in the future)
WiFi should obviously be disabled for these kind of installs. Firewall should be set up that only access is possible through the known channels (OpenVPN or Zerotier). SSH should be disabled - and made possible only after connecting to the VPN / Zt.

  1. Create a script to install and upgrade a SOLANA installation

SOLANA should be installed on the host system. We can run arbitrary scripts from the host through the dappmanager - using signed commands (shell command that have a crypto signature by AVADO). This way we should be able to run install & upgrade scripts from within a package.

Last changed by 
Stefaan Ponnet
0
298

Read more

FRENS MANIFESTO

We Frens believes that staking should be Easy, Fun, Social and Decentralized. Our mission is to enable groups of friends to start staking Ethereum. We bring opportunities for staking to communities who may not have the financial means to do so but want to contribute to the network and reap its rewards. Instead of being just another staking pool, FRENS will be a staking pool factory - allowing you and your friends to create your own staking pools. With FRENS, staking becomes easy and fun. Our web-app allows you to create your own staking pool with just a few clicks. Our smart contracts ensure that your staking is safe and secure. We will do this in several stages

Jan 10, 2023
SKYGAZERS MANIFESTO

Skygazers is on a mission to revolutionize digital and real-life artistic creation by introducing a new state-of-the-art collaboration platform. Our ambition is to bootstrap a worldwide collaborative community of artists and entrepreneurs. We will grow and foster a community of artists and fans through the novel technology of digital transfer of value. We will do this in several stages Build an NFT collection creation platform that depicts your creative ideas. Through these NFTs, create crowdsourcing tools to fund a creative core team to implement these creative ideas Build a Dapp to engage NFT holders in colleboratively storywriting that will inspire the core team Build a tool to author lore of the universe depicted by the NFT collection. The lore refers to the story, history, or background of the particular universe or fictional setting of your NFT creation

Dec 14, 2022
Skygazers governance proposal

A community of people creating the story of the Skygazers requires collaborative ownership of its assets. Here we propose a governance mechanism for Skygazers. Its future will be under stewardship of its community. SGT token SGT is an ERC-20 compatible token with a fixed supply that governs Skygazers. Holders of SGT can make proposals and vote via governance. SGT is not a fundraiser not is it an investment token. The initial distribution of the SGT token will be as follows

Dec 14, 2021
Untitled

Nov 19, 2019
Read more from Stefaan Ponnet
Published on HackMD