154 lines
5.8 KiB
Markdown
154 lines
5.8 KiB
Markdown
# Creating a New Network
|
|
|
|
This guide is for those who wish to start a new cryptic network of their
|
|
own.
|
|
|
|
By starting a new cryptic network, you are becoming the administrator of a
|
|
network. Be aware that being a network administrator is not necessarily easy,
|
|
and the users of your network will frequently need your help in order to have a
|
|
good experience. It can be helpful to have others with which you are
|
|
administering the network, in order to share responsibilities.
|
|
|
|
## Requirements
|
|
|
|
Creating a network is done using a single host, which will become the first host
|
|
in the network.
|
|
|
|
The configuration used during network creation will be identical to that used
|
|
during normal operation of the host, so be prepared to commit to that
|
|
configuration for a non-trivial amount of time.
|
|
|
|
The requirements for this host are:
|
|
|
|
* A public static IP, or a dynamic public IP with [dDNS][ddns] set up.
|
|
|
|
* There should be UDP port which is accessible publicly over that IP/DNS name.
|
|
This may involve forwarding the UDP port in your gateway if the host is
|
|
behind a NAT, and/or allowing traffic on that UDP port in your hosts
|
|
firewall.
|
|
|
|
* At least 300 GB of disk storage space.
|
|
|
|
* At least 3 directories should be chosen, each of which will be committing at
|
|
least 100GB. Ideally these directories should be on different physical
|
|
disks, but if that's not possible it's ok. See the Next Steps section.
|
|
|
|
* None of the resources being used for this network (the UDP port or storage
|
|
locations) should be being used by other networks.
|
|
|
|
## Step 1: Create a `daemon.yml` File
|
|
|
|
A `daemon.yml` will need to be created for use during network creation. You can
|
|
create a new `daemon.yml` with default values filled in by doing:
|
|
|
|
```
|
|
cryptic-net admin create-network --dump-config > /path/to/daemon.yml
|
|
```
|
|
|
|
Open this file in a text editor and perform the following changes:
|
|
|
|
* Set the `vpn.public_addr` field to the `host:port` your host is accessible on,
|
|
where `host` is the static public IP/DNS name of your host, and `port` is the
|
|
UDP port which is publicly accessible.
|
|
|
|
* Configure 3 (at least) allocations in the `storage.allocations` section.
|
|
|
|
Save and close the file.
|
|
|
|
## Step 2: Choose Parameters
|
|
|
|
There are some key parameters which must be chosen when creating a new network.
|
|
These will remain constant throughout the lifetime of the network, and so should
|
|
be chosen with care.
|
|
|
|
* Name: A human-readable name for the network. This will only be used for
|
|
display purposes.
|
|
|
|
* Subnet: The IP subnet (or CIDR) will look something like `10.10.0.0/16`, where
|
|
the `/16` indicates that all IPs from `10.10.0.0` to `10.10.255.255` are
|
|
included. It's recommended to choose from the [ranges reserved for private
|
|
networks](https://en.wikipedia.org/wiki/IPv4#Private_networks), but within
|
|
that selection the choice is up to you.
|
|
|
|
* Domain: cryptic-net is shipped with a DNS server which will automatically
|
|
configure itself with all hosts in the network, with each DNS entry taking the
|
|
form of `hostname.hosts.domain`, where `domain` is the domain chosen in this
|
|
step. The domain may be a valid public domain or not, it's up to you.
|
|
|
|
* Hostname: The hostname of your host, which will be the first host in the
|
|
network, must be chosen at this point. You can reference the [Adding a Host to
|
|
the Network](./adding-a-host-to-the-network.md) document for the constraints
|
|
on the hostname.
|
|
|
|
* IP: The IP of your host, which will be the first host in the network. This IP
|
|
must be within the chosen subnet range.
|
|
|
|
## Step 3: Prepare to Encrypt `admin.yml`
|
|
|
|
The `admin.yml` file (which will be created in the next step) is the most
|
|
sensitive part of a cryptic network. If it falls into the wrong hands it can be
|
|
used to completely compromise your network, impersonate hosts on the network,
|
|
and will likely lead to someone stealing or deleting all of your data.
|
|
|
|
Therefore it is important that the file remains encrypted when it is not being
|
|
used, and that it is never stored to disk in its decrypted form.
|
|
|
|
This guide assumes that you have GPG already set up with your own secret key,
|
|
and that you are familiar with how it works. There is no requirement to use GPG,
|
|
if you care to use a different method.
|
|
|
|
## Step 4: Create the `admin.yml` File
|
|
|
|
To create the `admin.yml` file, which effectively creates the network itself,
|
|
you can run:
|
|
|
|
```
|
|
sudo cryptic-net admin create-network \
|
|
--config-path /path/to/daemon.yml \
|
|
--name <name> \
|
|
--ip-net <ip/subnet-prefix> \
|
|
--domain <domain> \
|
|
--hostname <hostname> \
|
|
| gpg -e -r <my gpg email> \
|
|
> admin.yml.gpg
|
|
```
|
|
|
|
A couple of notes here:
|
|
|
|
* The `--ip-net` parameter is formed from both the subnet and the IP you chose
|
|
within it. So if your subnet is `10.10.0.0/16`, and your chosen IP in that
|
|
subnet is `10.10.4.20`, then your `--ip-net` parameter will be `10.10.4.20/16`.
|
|
|
|
* Only one gpg recipient is specified. If you intend on including other users as
|
|
network administrators you can add them to the recipients list at this step,
|
|
so they will be able to use the `admin.yml` file as well. You can also
|
|
manually add them as recipients later.
|
|
|
|
You will see a lot of output, as `create-network` starts up many child processes
|
|
in order to set the network up. It should exit successfully on its own after a
|
|
few seconds.
|
|
|
|
At this point you should have an `admin.yml.gpg` file in your current directory.
|
|
|
|
## Step 5: Run the Daemon
|
|
|
|
The cryptic-net daemon can be run now, using the following command:
|
|
|
|
```
|
|
sudo cryptic-net daemon -c /path/to/daemon.yml
|
|
```
|
|
|
|
**NOTE** that you _must_ use the same `daemon.yml` file used when creating the
|
|
network for the daemon itself.
|
|
|
|
At this point your host, and your network, are ready to go! You can reference
|
|
the [Getting Started](../user/getting-started.md) document to set up your
|
|
host's daemon process in a more permanent way.
|
|
|
|
## Next Steps
|
|
|
|
* Add users
|
|
* Fix directories
|
|
|
|
[ddns]: https://www.cloudflare.com/learning/dns/glossary/dynamic-dns/
|