This repository has been archived on 2023-04-26. You can view files and clone it, but cannot push or open issues or pull requests.
max/README.md
2023-03-14 21:11:24 +00:00

57 lines
2.1 KiB
Markdown

# Max
This repository contains Ansible scripts to setup our main home server `max`.
The `common` role executes some common OS tasks.
The `docker` role installs Docker.
The other roles are specifically for the various services we run.
## Running services
All services below are running under Docker, except NSD and Borg.
- Authoritative DNS using [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) (ns.pizzapim.nl)
- Reverse proxy using [Traefik](https://doc.traefik.io/traefik/)
- Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl))
- Static website using [Jekyll](https://jekyllrb.com/) ([pizzapim.nl](https://pizzapim.nl))
- File sychronisation using [Syncthing](https://syncthing.net/)
- Microblogging server using [Mastodon](https://joinmastodon.org/) ([social.pizzapim.nl](https://social.pizzapim.nl))
- Calendar and contact synchronisation using [Radicale](https://radicale.org/v3.html) ([dav.pizzapim.nl](https://dav.pizzapim.nl))
- KMS server using [vlmcsd](https://github.com/Wind4/vlmcsd)
- Cloud file storage using [Seafile](https://www.seafile.com)
- Inbucket disposable webmail, Mailinator alternative (https://inbucket.org)
- Jitsi Meet (https://meet.jit.si)
- Backups using [Borg](https://www.borgbackup.org/) and [Borgmatic](https://torsion.org/borgmatic/)
- RSS feed reader using [FreshRSS](https://miniflux.app/)
- Metrics using [Prometheus](https://prometheus.io/)
## Possible future services
- matrix
- peertube?
- Pixelfed?
- Prometheus
- Concourse CI?
## TODO
- Clear view of what services + which versions we are running. This way, we can track security updates better.
- Host tobb website?
- Move from Ubuntu to Debian
- move Mastodon to pim.kunis.nl
- Podman
- Replace watchtower with Podman features
### NSD
#### ZSK Rollover
Could make automatic key rollovers with cron or some other tool.
#### Idempotency
Currently I always resign zones.
But for idempotency I should probably only do it if the zone has changed or the keys have changed.
### Firewall
A little more difficult because of docker networking but probably doable.