# community services for woodbine.nyc Experiment in digital autonomy Latest code is hosted on https://git.woodbine.nyc/micro/woodbine.nyc In general, everything is orchestrated by the compose files. Sometimes, you will see a -setup service in the compose file. This usually runs a script that checks or generates secrets, and does initial configuration if needed. ## Goals We hope this is understandable by a single individual, after learning a bit about docker compose and caddy. ## setup Make a backblaze B2 account for backups. Add the secrets to ./secrets/backup/. Fill out smtp secrets for the mail server ## running To enable additional services, add their compose file to the following command podman compose --env-file env.production \ --file services/secrets.yaml \ --file services/backup.yaml \ --file services/smtp.yaml \ --file services/caddy.yaml \ --file services/authelia.yaml \ --file services/web.yaml \ up --build ## port forwarding The caddy service expects to be able to bind to ports 80 and 443 One simple way is to allow unprivileged users access to these low ports echo 'net.ipv4.ip_unprivileged_port_start=80' | sudo tee -a /etc/sysctl.conf sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80 ## alpha - [~] single sign-on (authelia) - [ ] per-user webdav folders via authelia - [ ] any OIDC service setup - [~] file backup (duplicity) - [ ] postgres backup (duplicity) - [ ] decide on single postgres instance or multiple - [x] reverse proxy (caddy) - [x] personal home pages (caddy-webdav) - [x] migrate from yaml to env for authelia config - [x] setup notifications via smtp ## beta - [ ] file restore - [ ] postgres restore - [ ] wiki - [ ] matrix server (dendrite) - [ ] mail server (stalwart or maddy) - [ ] mailing list (listmonk) - [ ] code forge (gitea or forgejo) ## 0.1 - [ ] only expose 443, 587, 993 - [ ] running on betabasement-woodbine.nyc - [ ] audit on secrets management - [ ] audit on mail server - [ ] audit on general architecture ## credits thank you https://hackerspace.zone