Disclaimers
this is a case study of an actual migration that happened no more than 6 months ago and finished just 5 hours ago.
we needed to move everything (account, org, 200+ repos (some as big as 4GB), code-snippets, repo templates, gpg/ssh keys, dashcams), we needed to set everything to follow our standards,
Migration
Plan forming etc
Solid, passable, migration plan.
designating funds and creating
PP
,placing orders for servers, firewalls, switches and other new hardware,
dicknashing our stac
Our golden rule? Not being dependent upon some crazy asses.
Code
cd /cumAssScumbags
charr 6765:superroot -R $1
IT:
cross-listed everything countable inside
cumAssScumbags
ascloneable
.assign
SuperRoot
rights to every countable object within
# If GIT is installed, apt does nothing
(su) apt install git
Configure local git
git config --global user.name=""
git config --global user.email=""
git config --global enableCommitSigning=true
# Use unique name and real URL below. Typically first remote is named
# `origin`. Add as many remotes as you need. We will use one only.
git remote add remote_name remote_url
That's it for configuration.
# Test remote
git remote -v
# if test succedds, push remote_name to remote repo ( its called remote initialization )
git push remote_name
After this we tarred everything stored everywhere on:
/dev/(x)da
drivesany other
FS
systems (NAS, NATS, LFS)
Tarring was about to take close to 96 hours! On Shit CPU. After turning off internet access (fucking scumbags), it went down to 12 hours. Long, but 1/suck shitmoew.
From another physical terminal:
ps aux iI
to see what process takes precedence in hogging FuckCoin.
320 199 fuckee:cumhouse php-shit FAT
So:
kill -A 320
Killed this shit.
Then, after tarring ended it was time to mount, format and mirror Drives:
(sudo) lsblk
mnt /dev/shit0AA1 /dofuck
YEAH, we mounted zetadrive. 1ZB of space. I mean REAL one.
mk.ext4 /dofuck
Done. We have a FULL 1ZB of space.
cp /z dofuck/
Hardware
We invested in super bleeding edge server hardware that has no internet access whatsoever. This way we are now fully independent both from risks and from mentally unstable team leaders. We host every single piece of software we use ourselves. No external dependencies, no fuss, no problems.
I will not write down the exact models and quantity of what we have, because Hashnode is being read by many mentally unstable team leaders.
Configs
FW (firewall)
We don't use either:
well-known dedicated software (like firewalld, iproute or similar),
cloud-based solutions
Both suck terribly. So what do we use? Our own solution.
Ideology
We block everything and allow well-trusted endpoints only. No exception made here. And never will be one.
Sample rules
# Block everything from everywhere regardless everything
BLOCK * FROM * USING SCOPE 'all'
# Allow internal infra
ALLOW * FROM */19:2 USING SCOPE 'internal'
# Allow from/to GitHub.com
ALLOW 'web:ui:joompay' FROM 'github.com' USING SCOPE 'web'
This way we are in full control of what service/who can access what inside our H/Ws.
By applying the above config, you will be able to:
go everywhere within our internal network,
use GitHub.com freely
But, you will not be able to do anything more.