# Homeservers This repository contains Ansible scripts to setup our home servers. The `common` role executes some common OS tasks. The `docker` role installs Docker. The other roles are specifically for the various services we run. ## Running services All services below are running under Docker, except NSD because I couldn't figure out how to enable IPv6 for it. - Authoritative DNS using [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) (ns.pizzapim.nl) - Reverse proxy using [Traefik](https://doc.traefik.io/traefik/) - Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl)) - Static website using [Hugo](https://gohugo.io/) ([pizzapim.nl](https://pizzapim.nl)) - File sychronisation using [Syncthing](https://syncthing.net/) - Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl)) - Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl)) - KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd) ## Possible future services - matrix - peertube? - jitsi ## TODO Name every docker container well ### NSD #### ZSK Rollover Could make automatic key rollovers with cron or some other tool. #### Idempotency Currently I always resign zones. But for idempotency I should probably only do it if the zone has changed or the keys have changed. ### Borg Backup Ideal situation is to backup all of (and only) /data. Issue with Mastodon: the cache is saved at /data as well. Should put this in a location that is not backed up. After investigating, borg backup with borgmatic is excellent. Instead of cron, I will use systemd timers to schedule borgmatic. https://dev.to/bowmanjd/schedule-jobs-with-systemd-timers-a-cron-alternative-15l8 ### Firewall A little more difficult because of docker networking but probably doable.