Merge branch 'master' of ssh://git.pim.kunis.nl:56287/home/max

This commit is contained in:
Pim Kunis 2023-04-11 22:41:27 +02:00
commit da13d96bf7
6 changed files with 57 additions and 0 deletions

View file

@ -18,10 +18,24 @@ All services below are running under Docker, except NSD and Borg.
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
- Cloud file storage using [Seafile](https://www.seafile.com) - Cloud file storage using [Seafile](https://www.seafile.com)
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org) - Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
- Cyberchef (https://cyberchef.geokunis2.nl)
- Jitsi Meet (https://meet.jit.si) - Jitsi Meet (https://meet.jit.si)
- RSS feed reader using [FreshRSS](https://miniflux.app/) - RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/) - Metrics using [Prometheus](https://prometheus.io/)
## Virtualization
Currently this repository is ran as a physical server, but we intend to virtualize it.
First, the whole server should be virtualized on a single virtual machine.
After that, it will be split up into several virtual machines.
The services on each virtual machine should have similar services/security properties.
Provisional split of services on virtual machines:
- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket
- "data" VM: seafile, radicale, syncthing, freshrss
- "management" VM: reverse proxy, prometheus, kms
- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM.
## Possible future services ## Possible future services
- matrix - matrix

View file

@ -6,6 +6,7 @@
- {role: 'forgejo', tags: 'forgejo'} - {role: 'forgejo', tags: 'forgejo'}
- {role: 'syncthing', tags: 'syncthing'} - {role: 'syncthing', tags: 'syncthing'}
- {role: 'kms', tags: 'kms'} - {role: 'kms', tags: 'kms'}
- {role: 'cyberchef', tags: 'cyberchef'}
- {role: 'radicale', tags: 'radicale'} - {role: 'radicale', tags: 'radicale'}
- {role: 'mastodon', tags: 'mastodon'} - {role: 'mastodon', tags: 'mastodon'}
- {role: 'seafile', tags: 'seafile'} - {role: 'seafile', tags: 'seafile'}

View file

@ -0,0 +1,22 @@
version: "3.7"
services:
cyberchef-server:
image: mpepping/cyberchef
container_name: cyberchef
restart: always
labels:
- traefik.enable=true
- traefik.http.routers.cyberchef.entrypoints=websecure
- traefik.http.routers.cyberchef.rule=Host(`cyberchef.geokunis2.nl`)
- traefik.http.routers.cyberchef.tls=true
- traefik.http.routers.cyberchef.tls.certresolver=letsencrypt
- traefik.http.services.cyberchef.loadbalancer.server.port=8000
- traefik.http.routers.cyberchef.service=cyberchef
- traefik.docker.network=traefik
networks:
- traefik
networks:
traefik:
external: true

View file

@ -0,0 +1,4 @@
dependencies:
- role: common
- role: docker

View file

@ -0,0 +1,14 @@
- name: Create app directory
file:
path: "{{ service_dir }}"
state: directory
- name: Copy Docker Compose script
copy:
src: "{{ role_path }}/files/docker-compose.yml"
dest: "{{ service_dir }}/docker-compose.yml"
- name: Start the Docker Compose
docker_compose:
project_src: "{{ service_dir }}"
pull: true
remove_orphans: true

View file

@ -0,0 +1,2 @@
service_name: cyberchef
service_dir: "{{ base_service_dir }}/{{ service_name }}"