p
/
hedgedoc-exporter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f2ddd562a'
${ noResults }
hedgedoc-exporter/None/basement.woodbine.nyc/infrastructure.md

4.1 KiB
Raw Blame History

infrastructure overview

agenda

our setup is based on https://v.st/Main_Page#

  • go over what services we provide
  • go over what services we use
    • docs + matrix server most important in micro's opinion
  • physical infrastructure
    • host
      • everything besides woodbine.nyc and tv.woodbine.nyc are hosted on digital ocean on micro's account.
      • digital ocean is $85/mo
      • other people with digital ocean accounts can be added to the team to manage the server
    • domains
      • all woodbine dns is managed through porkbun. there is a single woodbine-wide account for managing all dns entries.
      • 2fa for porkbun is linked to the woodbine riseup email acct.
        • they may have changed the password for this so we couldn't log in
        • *.woodbine.nyc points to our digital ocean droplet
        • but requests to woodbine.nyc get redirected to squarespace
  • access and secrets
    • ssh access to droplet requires creating a new user (as root) in the terminal, adding them to the sudo group, adding their ssh key to their authorized_key file
    • all current users should have root access
  • service configuration
    • https://git.woodbine.nyc/micro/woodbine.nyc is the ideal monorepo for all the basement self-hosted infrastructure
    • the ideal is that you could host this repo, log into a debian-based system
    • root/hackerspace-zone/start-all and stop-all enumerate all the docker services that are running
      • the script runs the setup script for each individual service
    • the current source of truth is the local repo in the root user hackerspace-zone directory of the digital ocean server. this is out of sync with the version that's hosted on at https://git.woodbine.nyc/
    • log in as root and run docker ps to see everthing that's running
    • mastodon takes up a lot of resources
    • obico (computer vision for 3d print fail detection) is running in a container
  • ngnix
    • is handling the redirect from woodbine.nyc to squarespace
  • user data all lives in root/hackerspace-zone/data
    • this is the most important thing to back up
  • initial setup
  • ongoing maintenance
  • manual vs automated steps
  • adding a new service
    • need to create a new nginx template for a new service in /root/hackerspace-zone/nginx/nginx/templates
    • the nginx docker-compose file makes use of these templates to
      • set up name-based virtual hosts for each service, mapping domain names to the ports
      • force keycloak login
  • adding new keycloak users
    • log into https://login.woodbine.nyc/admin
    • go to add user
    • add username & email
    • add "update password" to Required User Actions to force user to change password at next login
    • set a temporary password in the credentials tab so they can log in at all to be forced to change their password (?)

questions

  • how do we add signal-matrix bridge

todos

  • migrate to systemd-nspawn for hosting on mesh
  • maybe set up a visual front-end for exploring/managing containers
    • fleet.linuxserver.io has templates for self-hosting new services (with a bias towards home media server stuff)
  • figure out how to allow keycloak administration
  • registration can leak email address they registered with somehow
  • it's unclear what happens to people's matrix identities if we shut down our matrix server
  • matrix: what's the difference between the user experience of someone who created a matrix.org account or a woodbine.nyc
  • matrix: "don't ionvite people to rooms, invite people to spaces"