update README.md
This commit is contained in:
parent
9eb52229f1
commit
723bc7ed33
1 changed files with 4 additions and 52 deletions
56
README.md
56
README.md
|
|
@ -1,13 +1,10 @@
|
|||
# Max
|
||||
|
||||
This repository contains Ansible scripts to setup our main home server `max`.
|
||||
The `common` role executes some common OS tasks.
|
||||
The `docker` role installs Docker.
|
||||
The other roles are specifically for the various services we run.
|
||||
Max is our VM running all of our web servers, provisioned with Terraform and configured with Ansible.
|
||||
|
||||
## Running services
|
||||
|
||||
All services below are running under Docker, except NSD and Borg.
|
||||
All services below are implemented using Docker:
|
||||
|
||||
- Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
|
||||
- Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
|
||||
|
|
@ -17,53 +14,8 @@ All services below are running under Docker, except NSD and Borg.
|
|||
- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
|
||||
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
|
||||
- Cloud file storage using [Seafile](https://www.seafile.com)
|
||||
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
|
||||
- Cyberchef (https://cyberchef.geokunis2.nl)
|
||||
- Disposable mail server using [Inbucket](https://inbucket.org)
|
||||
- Digital toolbox using [Cyberchef](https://cyberchef.geokunis2.nl)
|
||||
- Jitsi Meet (https://meet.jit.si)
|
||||
- RSS feed reader using [FreshRSS](https://miniflux.app/)
|
||||
- Metrics using [Prometheus](https://prometheus.io/)
|
||||
|
||||
## Virtualization
|
||||
|
||||
Currently this repository is ran as a physical server, but we intend to virtualize it.
|
||||
First, the whole server should be virtualized on a single virtual machine.
|
||||
After that, it will be split up into several virtual machines.
|
||||
The services on each virtual machine should have similar services/security properties.
|
||||
|
||||
Provisional split of services on virtual machines:
|
||||
- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket
|
||||
- "data" VM: seafile, radicale, syncthing, freshrss
|
||||
- "management" VM: reverse proxy, prometheus, kms
|
||||
- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM.
|
||||
|
||||
## Possible future services
|
||||
|
||||
- matrix
|
||||
- peertube?
|
||||
- Pixelfed?
|
||||
- Prometheus
|
||||
- Concourse CI?
|
||||
|
||||
## TODO
|
||||
|
||||
- Clear view of what services + which versions we are running. This way, we can track security updates better.
|
||||
- Host tobb website?
|
||||
- Move from Ubuntu to Debian
|
||||
- move Mastodon to pim.kunis.nl
|
||||
- Podman
|
||||
- Replace watchtower with Podman features
|
||||
|
||||
### NSD
|
||||
|
||||
#### ZSK Rollover
|
||||
|
||||
Could make automatic key rollovers with cron or some other tool.
|
||||
|
||||
#### Idempotency
|
||||
|
||||
Currently I always resign zones.
|
||||
But for idempotency I should probably only do it if the zone has changed or the keys have changed.
|
||||
|
||||
### Firewall
|
||||
|
||||
A little more difficult because of docker networking but probably doable.
|
||||
|
|
|
|||
Reference in a new issue