This repository has been archived on 2023-04-26. You can view files and clone it, but cannot push or open issues or pull requests.
max/README.md

53 lines
1.9 KiB
Markdown
Raw Normal View History

2023-01-08 20:19:13 +00:00
# Homeservers
This repository contains Ansible scripts to setup our home servers.
The `common` role executes some common OS tasks.
The `docker` role installs Docker.
The other roles are specifically for the various services we run.
## Running services
All services below are running under Docker, except NSD because I couldn't figure out how to enable IPv6 for it.
- Authoritative DNS using [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) (ns.pizzapim.nl)
- Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
- Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
- Static website using [Hugo](https://gohugo.io/) ([pizzapim.nl](https://pizzapim.nl))
- File sychronisation using [Syncthing](https://syncthing.net/)
- Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
2023-01-11 00:04:13 +00:00
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
2023-01-08 20:19:13 +00:00
## Possible future services
- matrix
- peertube?
- jitsi
2022-12-14 20:35:59 +00:00
## TODO
2023-01-07 20:51:28 +00:00
### NSD
2022-12-14 20:35:59 +00:00
2023-01-08 20:19:13 +00:00
#### ZSK Rollover
2022-12-14 20:35:59 +00:00
2023-01-08 20:19:13 +00:00
Could make automatic key rollovers with cron or some other tool.
#### Idempotency
2022-12-20 16:02:09 +00:00
2023-01-08 20:19:13 +00:00
Currently I always resign zones.
But for idempotency I should probably only do it if the zone has changed or the keys have changed.
2022-12-20 16:02:09 +00:00
2023-01-08 20:19:13 +00:00
### Firewall
2023-01-02 16:18:29 +00:00
2023-01-09 22:31:43 +00:00
A little more difficult because of docker networking but probably doable.
2023-01-11 00:07:42 +00:00
### Backup server
Given that I am now backing up my data to another server using Borg, it makes sense to include that server into IaC as well.
Should be pretty straight forward:
- Install Borg and Borgmatic
- Initialize the Borg repository if it doesn't exist yet.
- Add the homeserver's public key to authorized keys.