1.9 KiB
community services for woodbine.nyc
Experiment in digital autonomy
Latest code is hosted on https://git.woodbine.nyc/micro/woodbine.nyc
In general, everything is orchestrated by the compose files.
Sometimes, you will see a -setup service in the compose file. This usually runs a script that checks or generates secrets, and does initial configuration if needed.
Goals
We hope this is understandable by a single individual, after learning a bit about docker compose and caddy.
setup
Make a backblaze B2 account for backups. Add the secrets to ./secrets/backup/.
Fill out env.template and make sure to pass it in the next command
running
We have two scripts in the scripts/ directory - up and down
./scripts/up
To stop all the containers, you can ctrl+c, or
./scripts/down
To generate secrets for all services
./scripts/secrets
port forwarding
The caddy service expects to be able to bind to ports 80 and 443
One simple way is to allow unprivileged users access to these low ports
echo 'net.ipv4.ip_unprivileged_port_start=80' | sudo tee -a /etc/sysctl.conf
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80
alpha
- [~] single sign-on (authelia)
- per-user webdav folders via authelia
- any OIDC service setup
- [~] file backup (duplicity)
- postgres backup (duplicity)
- decide on single postgres instance or multiple
- reverse proxy (caddy)
- personal home pages (caddy-webdav)
- migrate from yaml to env for authelia config
- setup notifications via smtp
beta
- file restore
- postgres restore
- wiki
- matrix server (dendrite)
- mail server (stalwart or maddy)
- mailing list (listmonk)
- code forge (gitea or forgejo)
0.1
- only expose 443, 587, 993
- running on betabasement-woodbine.nyc
- audit on secrets management
- audit on mail server
- audit on general architecture
credits
thank you https://hackerspace.zone