micro
/
woodbine.nyc
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '964c06895b'
${ noResults }
woodbine.nyc/readme.md

78 lines
2.1 KiB
Raw Blame History

# community services for woodbine.nyc
Experiment in digital autonomy
Latest code is hosted on https://git.woodbine.nyc/micro/woodbine.nyc
In general, everything is orchestrated by the compose files.
Sometimes, you will see a -setup service in the compose file.
This usually runs a script that checks or generates secrets, and does initial configuration if needed.
## Goals
We hope this is understandable by a single individual, after learning a bit about docker compose and caddy.
## setup
Make a backblaze B2 account for backups. Add the secrets to ./secrets/backup/.
Fill out smtp secrets for the mail server
## running
To enable additional services, add their compose file to the following command
podman compose --env-file env.production \
--file services/secrets.yaml \
--file services/backup.yaml \
--file services/smtp.yaml \
--file services/caddy.yaml \
--file services/authelia.yaml \
--file services/web.yaml \
up --build
## port forwarding
The caddy service expects to be able to bind to ports 80 and 443
One simple way is to allow unprivileged users access to these low ports
echo 'net.ipv4.ip_unprivileged_port_start=80' | sudo tee -a /etc/sysctl.conf
sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80
## alpha
- [~] single sign-on (authelia)
- [ ] per-user webdav folders via authelia
- [ ] any OIDC service setup
- [~] file backup (duplicity)
- [ ] postgres backup (duplicity)
- [ ] decide on single postgres instance or multiple
- [x] reverse proxy (caddy)
- [x] personal home pages (caddy-webdav)
- [x] migrate from yaml to env for authelia config
- [x] setup notifications via smtp
## beta
- [ ] file restore
- [ ] postgres restore
- [ ] wiki
- [ ] matrix server (dendrite)
- [ ] mail server (stalwart or maddy)
- [ ] mailing list (listmonk)
- [ ] code forge (gitea or forgejo)
## 0.1
- [ ] only expose 443, 587, 993
- [ ] running on betabasement-woodbine.nyc
- [ ] audit on secrets management
- [ ] audit on mail server
- [ ] audit on general architecture
## credits
thank you https://hackerspace.zone
Reference in new issue View Git Blame Copy Permalink