# infrastructure overview ## agenda our setup is based on https://v.st/Main_Page# - [ ] go over what services we provide - [ ] matrix server (synapse) - [ ] docs (hedgedoc) - [ ] element client for matrix - [ ] git hosting (forgejo)-- note that it's still called gitea in some places - [ ] social (mastodon) - [ ] wiki (bookstack) https://wiki.woodbine.nyc/ - [ ] streaming (owncast) - [ ] events.woodbine.nyc - [ ] things.woodbine.nyc (https://git.woodbine.nyc/micro/woodbine.nyc) - [ ] identity with [keycloak](https://www.keycloak.org/) (https://login.woodbine.nyc/) - [ ] https://www.obico.io/ - [ ] go over what services we use - [ ] docs + matrix server most important in micro's opinion - [ ] physical infrastructure - [ ] host - everything besides woodbine.nyc and tv.woodbine.nyc are hosted on digital ocean on micro's account. - digital ocean is $85/mo - other people with digital ocean accounts can be added to the team to manage the server - [ ] domains - all woodbine dns is managed through porkbun. there is a single woodbine-wide account for managing all dns entries. - 2fa for porkbun is linked to the woodbine riseup email acct. - they may have changed the password for this so we couldn't log in - *.woodbine.nyc points to our digital ocean droplet - but requests to woodbine.nyc get redirected to squarespace - [ ] access and secrets - ssh access to droplet requires creating a new user (as root) in the terminal, adding them to the sudo group, adding their ssh key to their authorized_key file - all current users should have root access - [ ] service configuration - https://git.woodbine.nyc/micro/woodbine.nyc is the ideal monorepo for all the basement self-hosted infrastructure - the ideal is that you could host this repo, log into a debian-based system - root/hackerspace-zone/start-all and stop-all enumerate all the docker services that are running - the script runs the setup script for each individual service - the current source of truth is the local repo in the root user `hackerspace-zone` directory of the digital ocean server. this is out of sync with the version that's hosted on at https://git.woodbine.nyc/ - log in as root and run `docker ps` to see everthing that's running - mastodon takes up a lot of resources - [obico](https://www.obico.io/) (computer vision for 3d print fail detection) is running in a container - ngnix - is handling the redirect from woodbine.nyc to squarespace - - user data all lives in root/hackerspace-zone/data - this is the most important thing to back up - [ ] initial setup - [ ] ongoing maintenance - [ ] manual vs automated steps - [ ] adding a new service - need to create a new nginx template for a new service in `/root/hackerspace-zone/nginx/nginx/templates` - the nginx docker-compose file makes use of these templates to - set up name-based virtual hosts for each service, mapping domain names to the ports - force keycloak login - [ ] adding new keycloak users - [ ] log into https://login.woodbine.nyc/admin - [ ] go to add user - [ ] add username & email - [ ] add "update password" to Required User Actions to force user to change password at next login - [ ] set a temporary password in the credentials tab so they can log in at all to be forced to change their password (?) ## questions - [ ] how do we add signal-matrix bridge ## todos - [ ] migrate to systemd-nspawn for hosting on mesh - [ ] maybe set up a visual front-end for exploring/managing containers - fleet.linuxserver.io has templates for self-hosting new services (with a bias towards home media server stuff) - [ ] figure out how to allow keycloak administration - [ ] registration can leak email address they registered with somehow - [ ] it's unclear what happens to people's matrix identities if we shut down our matrix server - [ ] matrix: what's the difference between the user experience of someone who created a matrix.org account or a woodbine.nyc - [ ] matrix: "don't ionvite people to rooms, invite people to spaces" ---