diff --git a/README.md b/README.md index 48ba78e..b28be77 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,10 @@ # Max -This repository contains Ansible scripts to setup our main home server `max`. -The `common` role executes some common OS tasks. -The `docker` role installs Docker. -The other roles are specifically for the various services we run. +Max is our VM running all of our web servers, provisioned with Terraform and configured with Ansible. ## Running services -All services below are running under Docker, except NSD and Borg. +All services below are implemented using Docker: - Reverse proxy using [Traefik](https://doc.traefik.io/traefik/) - Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl)) @@ -17,53 +14,8 @@ All services below are running under Docker, except NSD and Borg. - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl)) - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) -- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) -- Cyberchef (https://cyberchef.geokunis2.nl) +- Disposable mail server using [Inbucket](https://inbucket.org) +- Digital toolbox using [Cyberchef](https://cyberchef.geokunis2.nl) - Jitsi Meet (https://meet.jit.si) - RSS feed reader using [FreshRSS](https://miniflux.app/) - Metrics using [Prometheus](https://prometheus.io/) - -## Virtualization - -Currently this repository is ran as a physical server, but we intend to virtualize it. -First, the whole server should be virtualized on a single virtual machine. -After that, it will be split up into several virtual machines. -The services on each virtual machine should have similar services/security properties. - -Provisional split of services on virtual machines: -- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket -- "data" VM: seafile, radicale, syncthing, freshrss -- "management" VM: reverse proxy, prometheus, kms -- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM. - -## Possible future services - -- matrix -- peertube? -- Pixelfed? -- Prometheus -- Concourse CI? - -## TODO - -- Clear view of what services + which versions we are running. This way, we can track security updates better. -- Host tobb website? -- Move from Ubuntu to Debian -- move Mastodon to pim.kunis.nl -- Podman -- Replace watchtower with Podman features - -### NSD - -#### ZSK Rollover - -Could make automatic key rollovers with cron or some other tool. - -#### Idempotency - -Currently I always resign zones. -But for idempotency I should probably only do it if the zone has changed or the keys have changed. - -### Firewall - -A little more difficult because of docker networking but probably doable.