This repository has been archived on 2023-04-26. You can view files and clone it, but cannot push or open issues or pull requests.
max/README.md

70 lines
2.6 KiB
Markdown
Raw Normal View History

2023-03-14 21:11:24 +00:00
# Max
2023-01-08 20:19:13 +00:00
2023-03-14 21:11:24 +00:00
This repository contains Ansible scripts to setup our main home server `max`.
2023-01-08 20:19:13 +00:00
The `common` role executes some common OS tasks.
The `docker` role installs Docker.
The other roles are specifically for the various services we run.
## Running services
2023-01-17 20:20:21 +00:00
All services below are running under Docker, except NSD and Borg.
2023-01-08 20:19:13 +00:00
- Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
- Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
2023-01-26 07:20:38 +00:00
- Static website using [Jekyll](https://jekyllrb.com/) ([pizzapim.nl](https://pizzapim.nl))
2023-01-08 20:19:13 +00:00
- File sychronisation using [Syncthing](https://syncthing.net/)
- Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
2023-01-17 20:19:35 +00:00
- Cloud file storage using [Seafile](https://www.seafile.com)
2023-01-27 22:23:00 +00:00
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
2023-04-03 20:07:57 +00:00
- Cyberchef (https://cyberchef.geokunis2.nl)
2023-01-27 22:23:00 +00:00
- Jitsi Meet (https://meet.jit.si)
2023-01-18 23:14:10 +00:00
- RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/)
2023-01-08 20:19:13 +00:00
2023-04-10 09:53:27 +00:00
## Virtualization
Currently this repository is ran as a physical server, but we intend to virtualize it.
First, the whole server should be virtualized on a single virtual machine.
After that, it will be split up into several virtual machines.
The services on each virtual machine should have similar services/security properties.
Provisional split of services on virtual machines:
- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket
- "data" VM: seafile, radicale, syncthing, freshrss
- "management" VM: reverse proxy, prometheus, kms
- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM.
2023-01-08 20:19:13 +00:00
## Possible future services
- matrix
- peertube?
- Pixelfed?
2023-01-22 22:34:37 +00:00
- Prometheus
2023-01-26 07:20:38 +00:00
- Concourse CI?
2023-01-08 20:19:13 +00:00
2022-12-14 20:35:59 +00:00
## TODO
2023-01-26 07:20:38 +00:00
- Clear view of what services + which versions we are running. This way, we can track security updates better.
- Host tobb website?
- Move from Ubuntu to Debian
2023-02-11 18:46:30 +00:00
- move Mastodon to pim.kunis.nl
2023-02-07 13:25:06 +00:00
- Podman
- Replace watchtower with Podman features
2023-01-11 19:49:05 +00:00
2023-01-07 20:51:28 +00:00
### NSD
2022-12-14 20:35:59 +00:00
2023-01-08 20:19:13 +00:00
#### ZSK Rollover
2022-12-14 20:35:59 +00:00
2023-01-08 20:19:13 +00:00
Could make automatic key rollovers with cron or some other tool.
#### Idempotency
2022-12-20 16:02:09 +00:00
2023-01-08 20:19:13 +00:00
Currently I always resign zones.
But for idempotency I should probably only do it if the zone has changed or the keys have changed.
2022-12-20 16:02:09 +00:00
2023-01-08 20:19:13 +00:00
### Firewall
2023-01-02 16:18:29 +00:00
2023-01-09 22:31:43 +00:00
A little more difficult because of docker networking but probably doable.