p
/
hedgedoc-exporter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '181f45d92f'
${ noResults }
hedgedoc-exporter/None/basement.woodbine.nyc/infrastructure.md

80 lines
4.1 KiB
Raw Blame History

# infrastructure overview
## agenda
our setup is based on https://v.st/Main_Page#
- [ ] go over what services we provide
- [ ] matrix server (synapse)
- [ ] docs (hedgedoc)
- [ ] element client for matrix
- [ ] git hosting (forgejo)-- note that it's still called gitea in some places
- [ ] social (mastodon)
- [ ] wiki (bookstack) https://wiki.woodbine.nyc/
- [ ] streaming (owncast)
- [ ] events.woodbine.nyc
- [ ] things.woodbine.nyc (https://git.woodbine.nyc/micro/woodbine.nyc)
- [ ] identity with [keycloak](https://www.keycloak.org/) (https://login.woodbine.nyc/)
- [ ] https://www.obico.io/
- [ ] go over what services we use
- [ ] docs + matrix server most important in micro's opinion
- [ ] physical infrastructure
- [ ] host
- everything besides woodbine.nyc and tv.woodbine.nyc are hosted on digital ocean on micro's account.
- digital ocean is $85/mo
- other people with digital ocean accounts can be added to the team to manage the server
- [ ] domains
- all woodbine dns is managed through porkbun. there is a single woodbine-wide account for managing all dns entries.
- 2fa for porkbun is linked to the woodbine riseup email acct.
- they may have changed the password for this so we couldn't log in
- *.woodbine.nyc points to our digital ocean droplet
- but requests to woodbine.nyc get redirected to squarespace
- [ ] access and secrets
- ssh access to droplet requires creating a new user (as root) in the terminal, adding them to the sudo group, adding their ssh key to their authorized_key file
- all current users should have root access
- [ ] service configuration
- https://git.woodbine.nyc/micro/woodbine.nyc is the ideal monorepo for all the basement self-hosted infrastructure
- the ideal is that you could host this repo, log into a debian-based system
- root/hackerspace-zone/start-all and stop-all enumerate all the docker services that are running
- the script runs the setup script for each individual service
- the current source of truth is the local repo in the root user `hackerspace-zone` directory of the digital ocean server. this is out of sync with the version that's hosted on at https://git.woodbine.nyc/
- log in as root and run `docker ps` to see everthing that's running
- mastodon takes up a lot of resources
- [obico](https://www.obico.io/) (computer vision for 3d print fail detection) is running in a container
- ngnix
- is handling the redirect from woodbine.nyc to squarespace
-
- user data all lives in root/hackerspace-zone/data
- this is the most important thing to back up
- [ ] initial setup
- [ ] ongoing maintenance
- [ ] manual vs automated steps
- [ ] adding a new service
- need to create a new nginx template for a new service in `/root/hackerspace-zone/nginx/nginx/templates`
- the nginx docker-compose file makes use of these templates to
- set up name-based virtual hosts for each service, mapping domain names to the ports
- force keycloak login
- [ ] adding new keycloak users
- [ ] log into https://login.woodbine.nyc/admin
- [ ] go to add user
- [ ] add username & email
- [ ] add "update password" to Required User Actions to force user to change password at next login
- [ ] set a temporary password in the credentials tab so they can log in at all to be forced to change their password (?)
## questions
- [ ] how do we add signal-matrix bridge
## todos
- [ ] migrate to systemd-nspawn for hosting on mesh
- [ ] maybe set up a visual front-end for exploring/managing containers
- fleet.linuxserver.io has templates for self-hosting new services (with a bias towards home media server stuff)
- [ ] figure out how to allow keycloak administration
- [ ] registration can leak email address they registered with somehow
- [ ] it's unclear what happens to people's matrix identities if we shut down our matrix server
- [ ] matrix: what's the difference between the user experience of someone who created a matrix.org account or a woodbine.nyc
- [ ] matrix: "don't ionvite people to rooms, invite people to spaces"
---
Reference in new issue View Git Blame Copy Permalink