Web Infrastructure: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
No edit summary |
||
| Line 98: | Line 98: | ||
== Migration and Optimization 2024 == | == Migration and Optimization 2024 == | ||
We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones. | We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones. | ||
Consolidate: | |||
* Wiki: Containerize => Challenges: php modules; updating php/wiki; ggf. make it easier to include the plugins (maybe php compose module handling) | |||
* Mailsystem: ?? | |||
Externally hosted, and to be transfered into MuMaLab Infrastructure | Externally hosted, and to be transfered into MuMaLab Infrastructure | ||
| Line 107: | Line 113: | ||
* NextCloud | * NextCloud | ||
* evtl Ticket System | * evtl Ticket System | ||
* Single Sign On: e.g. login to wiki either locally or via SSO. Later only SSO. Can be used e.g. for nextcloud or other services as well | |||
Details unclear | Details unclear | ||
* InfoBeamer | * InfoBeamer | ||
=== SSO === | |||
IDPs | |||
#Option: [https://goauthentik.io/ Authentik] | |||
# Option: https://git.cccv.de/uffd/uffd | |||
# Option: ...? | |||
Auth: | |||
[https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-oidc-authentication-with-authentik/ Complete guide to Nextcloud OIDC authentication with Authentik] | |||
[https://docs.goauthentik.io/integrations/services/nextcloud/ Integrate Authentik and Nextcloud] | |||
Wiki Plugins for OIDC etc.: [https://www.mediawiki.org/wiki/Extension:PluggableAuth Plugable Auth] | |||
=== Next Steps === | |||
* test authentik on saturn | |||
* test connecting authentik and nextcloud | |||
* migrate paddle to saturn | |||
* containerize wiki (build on gitlab) and migrate to saturn | |||
* update wiki | |||
* test connecting wiki to authentik | |||
[[Category:Infrastructure]] | [[Category:Infrastructure]] | ||
Revision as of 21:36, 7 October 2024
Some documentation on MuMaLab's web infrastructure stuff.
Hosts
We currently have 3 VMs at Hetzner:
- mars.munichmakerlab.de (Mars)
- jupiter.munichmakerlab.de
- saturn.munichmakerlab.de
Saturn
- docker containers are started via systemd
- cronjob added for cleanup of old docker images
Services
| Service Name | Hostname | Server | native/docker | status | Source |
|---|---|---|---|---|---|
| Website | www.munichmakerlab.de | saturn | docker | productive | |
| Wiki | wiki.munichmakerlab.de | jupiter | native | productive | Github Website |
| Nodered | nodered.munichmakerlab.de | jupiter | docker | productive | |
| Log | log.munichmakerlab.de | Tumblr | - | productive | |
| Etherpad | pad.munichmakerlab.de | mars | docker | productive | ether/etherpad-lite |
| Mailinglisten | lists.munichmakerlab.de | mars | native | productive | |
| Roombooking | rooms.munichmakerlab.de | jupiter | docker | productive | |
| Slack Inviter | slack.munichmakerlab.de | saturn | docker | productive | rauchg/slackin |
| Space Status | status.munichmakerlab.de | saturn | docker | productive | Github Spacestatus |
| MQTT | mqtt.munichmakerlab.de | jupiter | native | productive | |
| Nextcloud | nextcloud.munichmakerlab.de | saturn | docker | experimental | |
| Traefik Reverseproxy | saturn.munichmakerlab.de/dashboard/ (might be disabled) |
saturn | docker | productive |
Website
Static website at https://munichmakerlab.de
Wiki
MediaWiki at https://wiki.munichmakerlab.de/
- Create your own account, needs to be confirmed by an admin
Maintenance
We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly.
update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam, no confirmed mail address", acr_deleted = 1 where acr_email_authenticated is null and acr_rejected is null and acr_registration < now() - interval 7 day; update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null and acr_registration < now() - interval 7 day; update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null;
Status
Space status at https://status.munichmakerlab.de
- Details at StartYourEngines
MuMaBus
Space Automation, see MuMaBus for details
- MQTT at jupiter.munichmakerlab.de
Slack
Chat, with bridge to IRC
- Application in itself is SaaS. Talk to tarwin or tiefpunkt
- IRC bridge is powered by RelayBot, hosted on ???
Additional Services
- Calendar as iCal
- ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de
Access
The following people currently have admin access to the infrastructure:
Migration and Optimization 2024
We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones.
Consolidate:
- Wiki: Containerize => Challenges: php modules; updating php/wiki; ggf. make it easier to include the plugins (maybe php compose module handling)
- Mailsystem: ??
Externally hosted, and to be transfered into MuMaLab Infrastructure
- Tickets (https://tickets.mumalab.org/courses/)
- Calendar -> Google Calendar -> NextCloud
- ToolJet (OpenUnitState)
Planned Services
- NextCloud
- evtl Ticket System
- Single Sign On: e.g. login to wiki either locally or via SSO. Later only SSO. Can be used e.g. for nextcloud or other services as well
Details unclear
- InfoBeamer
SSO
IDPs
- Option: Authentik
- Option: https://git.cccv.de/uffd/uffd
- Option: ...?
Auth:
Complete guide to Nextcloud OIDC authentication with Authentik
Integrate Authentik and Nextcloud
Wiki Plugins for OIDC etc.: Plugable Auth
Next Steps
- test authentik on saturn
- test connecting authentik and nextcloud
- migrate paddle to saturn
- containerize wiki (build on gitlab) and migrate to saturn
- update wiki
- test connecting wiki to authentik
