From d81bcbaba2c90b73c21e4df2f161a45c8c755261 Mon Sep 17 00:00:00 2001 From: pizzaniels Date: Mon, 3 Apr 2023 21:31:57 +0200 Subject: [PATCH 1/8] added cyberchef.geokunis2.nl --- playbooks/all.yml | 1 + roles/cyberchef/files/docker-compose.yml | 22 ++++++++++++++++++++++ roles/cyberchef/meta/main.yml | 4 ++++ roles/cyberchef/tasks/main.yml | 14 ++++++++++++++ roles/cyberchef/vars/main.yml | 2 ++ 5 files changed, 43 insertions(+) create mode 100644 roles/cyberchef/files/docker-compose.yml create mode 100644 roles/cyberchef/meta/main.yml create mode 100644 roles/cyberchef/tasks/main.yml create mode 100644 roles/cyberchef/vars/main.yml diff --git a/playbooks/all.yml b/playbooks/all.yml index 913f1f5..c7c63cb 100644 --- a/playbooks/all.yml +++ b/playbooks/all.yml @@ -7,6 +7,7 @@ - {role: 'forgejo', tags: 'forgejo'} - {role: 'syncthing', tags: 'syncthing'} - {role: 'kms', tags: 'kms'} + - {role: 'cyberchef', tags: 'cyberchef'} - {role: 'radicale', tags: 'radicale'} - {role: 'mastodon', tags: 'mastodon'} - {role: 'seafile', tags: 'seafile'} diff --git a/roles/cyberchef/files/docker-compose.yml b/roles/cyberchef/files/docker-compose.yml new file mode 100644 index 0000000..8fc3dca --- /dev/null +++ b/roles/cyberchef/files/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3.7" + +services: + cyberchef-server: + image: mpepping/cyberchef + container_name: cyberchef + restart: always + labels: + - traefik.enable=true + - traefik.http.routers.cyberchef.entrypoints=websecure + - traefik.http.routers.cyberchef.rule=Host(`cyberchef.geokunis2.nl`) + - traefik.http.routers.cyberchef.tls=true + - traefik.http.routers.cyberchef.tls.certresolver=letsencrypt + - traefik.http.services.cyberchef.loadbalancer.server.port=8000 + - traefik.http.routers.cyberchef.service=cyberchef + - traefik.docker.network=traefik + networks: + - traefik + +networks: + traefik: + external: true diff --git a/roles/cyberchef/meta/main.yml b/roles/cyberchef/meta/main.yml new file mode 100644 index 0000000..7f5b1d3 --- /dev/null +++ b/roles/cyberchef/meta/main.yml @@ -0,0 +1,4 @@ +dependencies: + - role: common + - role: docker + \ No newline at end of file diff --git a/roles/cyberchef/tasks/main.yml b/roles/cyberchef/tasks/main.yml new file mode 100644 index 0000000..2518ba7 --- /dev/null +++ b/roles/cyberchef/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Create app directory + file: + path: "{{ service_dir }}" + state: directory +- name: Copy Docker Compose script + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: "{{ service_dir }}/docker-compose.yml" +- name: Start the Docker Compose + docker_compose: + project_src: "{{ service_dir }}" + pull: true + remove_orphans: true + diff --git a/roles/cyberchef/vars/main.yml b/roles/cyberchef/vars/main.yml new file mode 100644 index 0000000..471684a --- /dev/null +++ b/roles/cyberchef/vars/main.yml @@ -0,0 +1,2 @@ +service_name: cyberchef +service_dir: "{{ base_service_dir }}/{{ service_name }}" From 4d4ed08ce60223a99347b6d38e3d8782eb1af2b0 Mon Sep 17 00:00:00 2001 From: niels Date: Mon, 3 Apr 2023 20:03:35 +0000 Subject: [PATCH 2/8] Update 'README.md' --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0f9e51d..152e6b2 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ All services below are running under Docker, except NSD and Borg. - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) - Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) +- [Cyberchef](https://gchq.github.io/) - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) - RSS feed reader using [FreshRSS](https://miniflux.app/) From 69a520b70a09a9596cc0254476371b842ad39ed3 Mon Sep 17 00:00:00 2001 From: niels Date: Mon, 3 Apr 2023 20:04:58 +0000 Subject: [PATCH 3/8] Update 'README.md' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 152e6b2..863c44c 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ All services below are running under Docker, except NSD and Borg. - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) - Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) -- [Cyberchef](https://gchq.github.io/) +- Cyberchef [https://gchq.github.io](https://gchq.github.io) - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) - RSS feed reader using [FreshRSS](https://miniflux.app/) From 5d454bee046f9611d5d6b0436497dd93a7321e80 Mon Sep 17 00:00:00 2001 From: niels Date: Mon, 3 Apr 2023 20:05:49 +0000 Subject: [PATCH 4/8] Update 'README.md' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 863c44c..b4530ec 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ All services below are running under Docker, except NSD and Borg. - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl)) - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) -- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) +- Inbucket disposable webmail, Mailinator alternative [inbucket](https://inbucket.org) - Cyberchef [https://gchq.github.io](https://gchq.github.io) - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) From d87705fdadc69e53c0e0f41c20b9e2cdd4dad78c Mon Sep 17 00:00:00 2001 From: niels Date: Mon, 3 Apr 2023 20:06:45 +0000 Subject: [PATCH 5/8] Update 'README.md' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b4530ec..e4b8811 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ All services below are running under Docker, except NSD and Borg. - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) - Inbucket disposable webmail, Mailinator alternative [inbucket](https://inbucket.org) -- Cyberchef [https://gchq.github.io](https://gchq.github.io) +- Cyberchef (https://gchq.github.io) - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) - RSS feed reader using [FreshRSS](https://miniflux.app/) From 6587dea614d98698421d66a68e3f164949b776b4 Mon Sep 17 00:00:00 2001 From: niels Date: Mon, 3 Apr 2023 20:07:07 +0000 Subject: [PATCH 6/8] Update 'README.md' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e4b8811..aca80e0 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ All services below are running under Docker, except NSD and Borg. - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl)) - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) -- Inbucket disposable webmail, Mailinator alternative [inbucket](https://inbucket.org) +- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) - Cyberchef (https://gchq.github.io) - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) From a8b63203d82d736d6367bac6780a996cf86ad731 Mon Sep 17 00:00:00 2001 From: niels Date: Mon, 3 Apr 2023 20:07:57 +0000 Subject: [PATCH 7/8] Update 'README.md' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aca80e0..7e9db00 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ All services below are running under Docker, except NSD and Borg. - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - Cloud file storage using [Seafile](https://www.seafile.com) - Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) -- Cyberchef (https://gchq.github.io) +- Cyberchef (https://cyberchef.geokunis2.nl) - Jitsi Meet (https://meet.jit.si) - Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/) - RSS feed reader using [FreshRSS](https://miniflux.app/) From 3988a26d93013747854a6883b3ab15375b87e11d Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 10 Apr 2023 09:53:27 +0000 Subject: [PATCH 8/8] Update 'README.md' --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 7e9db00..3a811e4 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,19 @@ All services below are running under Docker, except NSD and Borg. - RSS feed reader using [FreshRSS](https://miniflux.app/) - Metrics using [Prometheus](https://prometheus.io/) +## Virtualization + +Currently this repository is ran as a physical server, but we intend to virtualize it. +First, the whole server should be virtualized on a single virtual machine. +After that, it will be split up into several virtual machines. +The services on each virtual machine should have similar services/security properties. + +Provisional split of services on virtual machines: +- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket +- "data" VM: seafile, radicale, syncthing, freshrss +- "management" VM: reverse proxy, prometheus, kms +- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM. + ## Possible future services - matrix