Web Infrastructure: Difference between revisions

From The Munich Maker Lab's Wiki
Jump to navigation Jump to search
No edit summary
mNo edit summary
Line 31: Line 31:
|
|
|-
|-
| Etherpad || [https://pad.munichmakerlab.de pad.munichmakerlab.de] || jupiter || docker || productive
| Etherpad || [https://pad.munichmakerlab.de pad.munichmakerlab.de] || saturn||docker||productive
|Current version: 1.9.4
|Current version with plugins: [https://github.com/orgs/munichmakerlab/packages/container/package/etherpad 1.9.4-adapted]
Latest version: [https://github.com/ether/etherpad-lite ether/etherpad-lite]
Latest version: [https://github.com/ether/etherpad-lite ether/etherpad-lite]
|-
|-
| Mailinglisten || [https://lists.munichmakerlab.de lists.munichmakerlab.de] || mars || native || productive
| Mailinglisten||[https://lists.munichmakerlab.de lists.munichmakerlab.de]||mars||native||productive
|
|
|-
|-
| Roombooking || [https://rooms.munichmakerlab.de rooms.munichmakerlab.de] || jupiter || docker || deactivated
|Roombooking
|[https://rooms.munichmakerlab.de rooms.munichmakerlab.de]||jupiter||docker||deactivated  
|[https://github.com/LibreBooking/app BookedSchedular]
|[https://github.com/LibreBooking/app BookedSchedular]
|-
|-
| Slack Inviter || [https://slack.munichmakerlab.de slack.munichmakerlab.de] || saturn || docker || productive
| Slack Inviter||[https://slack.munichmakerlab.de slack.munichmakerlab.de]||saturn||docker ||productive
|[https://github.com/rauchg/slackin rauchg/slackin]
|[https://github.com/rauchg/slackin rauchg/slackin]
|-
|-
| Space Status || [https://status.munichmakerlab.de status.munichmakerlab.de] || saturn || docker || productive
|Space Status
|[https://status.munichmakerlab.de status.munichmakerlab.de]||saturn||docker||productive
|[https://github.com/munichmakerlab/spacestatus Github Spacestatus]
|[https://github.com/munichmakerlab/spacestatus Github Spacestatus]
|-
|-
| MQTT || [https://mqtt.munichmakerlab.de mqtt.munichmakerlab.de] || jupiter || native || productive
|MQTT||[https://mqtt.munichmakerlab.de mqtt.munichmakerlab.de]||jupiter||native||productive
|
|
|-
|-
| Nextcloud || [https://nextcloud.munichmakerlab.de nextcloud.munichmakerlab.de] || saturn || docker || experimental
|Nextcloud||[https://nextcloud.munichmakerlab.de nextcloud.munichmakerlab.de]||saturn||docker||experimental
|
|
|-
|-
| Traefik Reverseproxy || [https://saturn.munichmakerlab.de/dashboard/ saturn.munichmakerlab.de/dashboard/] </br> (might be disabled) || saturn || docker || productive
|Traefik Reverseproxy||[https://saturn.munichmakerlab.de/dashboard/ saturn.munichmakerlab.de/dashboard/] <br> (might be disabled)||saturn||docker||productive
|
|
|}
|}


=== Website ===
===Website===
Static website at https://munichmakerlab.de
Static website at https://munichmakerlab.de


=== Wiki ===
===Wiki===
MediaWiki at https://wiki.munichmakerlab.de/
MediaWiki at https://wiki.munichmakerlab.de/  
* Create your own account, needs to be confirmed by an admin
*Create your own account, needs to be confirmed by an admin


==== Maintenance ====
====Maintenance====
We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly.
We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly.
<pre>
<pre>
Line 74: Line 76:
</pre>
</pre>


=== Status ===
===Status===
Space status at https://status.munichmakerlab.de
Space status at https://status.munichmakerlab.de
* Details at [[StartYourEngines]]
*Details at [[StartYourEngines]]


=== MuMaBus ===
===MuMaBus===
Space Automation, see [[MuMaBus]] for details
Space Automation, see [[MuMaBus]] for details
* MQTT at jupiter.munichmakerlab.de
*MQTT at jupiter.munichmakerlab.de


=== Slack ===
===Slack ===
Chat, with bridge to IRC
Chat, with bridge to IRC
* Application in itself  is SaaS. Talk to [[User:Tarwin|tarwin]] or [[User:Tiefpunkt|tiefpunkt]]
*Application in itself  is SaaS. Talk to [[User:Tarwin|tarwin]] or [[User:Tiefpunkt|tiefpunkt]]
* IRC bridge is powered by [https://github.com/munichmakerlab/RelayBot RelayBot], hosted on ???
* IRC bridge is powered by [https://github.com/munichmakerlab/RelayBot RelayBot], hosted on ???


=== Additional Services ===
===Additional Services===
* [https://munichmakerlab.de/calendar.ics Calendar as iCal]
*[https://munichmakerlab.de/calendar.ics Calendar as iCal]
* ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de
*ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de


== Access ==
==Access==
The following people currently have admin access to the infrastructure:
The following people currently have admin access to the infrastructure:
* [[User:Milian|Milian]]
*[[User:Milian|Milian]]
* [[User:Phier|Phier]]
*[[User:Phier|Phier]]
* [[User:Tiefpunkt|tiefpunkt]]
*[[User:Tiefpunkt|tiefpunkt]]


== Migration and Optimization 2024 ==
==Migration and Optimization 2024==
We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones.
We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones.


Line 103: Line 105:
Consolidate:
Consolidate:


* Wiki: Containerize => Challenges: php modules; updating php/wiki; ggf. make it easier to include the plugins (maybe php compose module handling)
*Wiki: Containerize => Challenges: php modules; updating php/wiki; ggf. make it easier to include the plugins (maybe php compose module handling)
* Mailsystem: ??
*Mailsystem: ??


Externally hosted, and to be transfered into MuMaLab Infrastructure
Externally hosted, and to be transfered into MuMaLab Infrastructure
* Tickets (https://tickets.mumalab.org/courses/)
*Tickets (https://tickets.mumalab.org/courses/)
* Calendar -> Google Calendar -> NextCloud
*Calendar -> Google Calendar -> NextCloud
* [https://tooljet.yt.gl/ ToolJet] (OpenUnitState)
*[https://tooljet.yt.gl/ ToolJet] (OpenUnitState)


Planned Services
Planned Services
* NextCloud
*NextCloud
* evtl Ticket System
*evtl Ticket System
* Single Sign On: e.g. login to wiki either locally or via SSO. Later only SSO. Can be used e.g. for nextcloud or other services as well
*Single Sign On: e.g. login to wiki either locally or via SSO. Later only SSO. Can be used e.g. for nextcloud or other services as well


Details unclear
Details unclear
* InfoBeamer
*InfoBeamer


=== SSO ===
===SSO ===




Line 125: Line 127:


#Option: [https://goauthentik.io/ Authentik]
#Option: [https://goauthentik.io/ Authentik]
# Option: https://git.cccv.de/uffd/uffd
#Option: https://git.cccv.de/uffd/uffd
# Option: ...?
#Option: ...?


Auth:  
Auth:  
Line 136: Line 138:
Wiki Plugins for OIDC etc.: [https://www.mediawiki.org/wiki/Extension:PluggableAuth Plugable Auth]
Wiki Plugins for OIDC etc.: [https://www.mediawiki.org/wiki/Extension:PluggableAuth Plugable Auth]


=== Next Steps ===
===ToDos===
 
{| class="wikitable"
* test authentik on saturn
|+
* test connecting authentik and nextcloud
!Topic
* done: migrate etherpad
* containerize wiki (build on gitlab) and migrate to saturn
* update wiki
* test connecting wiki to authentik
* move systemd config to git and improve e.g. traefik or docker configs (e.g. via ansible/docker compose)
* install ufw firewall on saturn server
* setup different networks for docker, e.g. etherpad with db etc.
* update apps? e.g. etherpad


!Tasks
!Notes
|-
|SSO
|
*test authentik on saturn
*test connecting authentik and nextcloud
*test connecting wiki to authentik
|
|-
|Wiki
|
* containerize wiki (build on gitlab) and migrate to saturn as staging wiki
*update wiki
|
|-
|Update Apps
| e.g. Etherpad
|
|-
|Security
|
*Setup Firewall
*update docker networks for better separation?
|
|-
|IaC
|
* Setup Ansible in Repo
*Playbook for Server
*Playbook for Docker
|}
[[Category:Infrastructure]]
[[Category:Infrastructure]]

Revision as of 15:52, 15 October 2024

Some documentation on MuMaLab's web infrastructure stuff.

Hosts

We currently have 3 VMs at Hetzner:

  • mars.munichmakerlab.de (Mars)
  • jupiter.munichmakerlab.de
  • saturn.munichmakerlab.de

Saturn

  • docker containers are started via systemd
  • cronjob added for cleanup of old docker images

Services

Service Name Hostname Server native/docker status Source
Website www.munichmakerlab.de saturn docker productive
Wiki wiki.munichmakerlab.de jupiter native productive Github Website
Nodered nodered.munichmakerlab.de jupiter docker productive
Log log.munichmakerlab.de Tumblr - productive
Etherpad pad.munichmakerlab.de saturn docker productive Current version with plugins: 1.9.4-adapted

Latest version: ether/etherpad-lite

Mailinglisten lists.munichmakerlab.de mars native productive
Roombooking rooms.munichmakerlab.de jupiter docker deactivated BookedSchedular
Slack Inviter slack.munichmakerlab.de saturn docker productive rauchg/slackin
Space Status status.munichmakerlab.de saturn docker productive Github Spacestatus
MQTT mqtt.munichmakerlab.de jupiter native productive
Nextcloud nextcloud.munichmakerlab.de saturn docker experimental
Traefik Reverseproxy saturn.munichmakerlab.de/dashboard/
(might be disabled)		 saturn docker productive

Website

Static website at https://munichmakerlab.de

Wiki

MediaWiki at https://wiki.munichmakerlab.de/

  • Create your own account, needs to be confirmed by an admin

Maintenance

We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly. 

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam, no confirmed mail address", acr_deleted = 1 where acr_email_authenticated is null and acr_rejected is null and acr_registration < now() - interval 7 day;

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null and acr_registration < now() - interval 7 day;

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null;

Status

Space status at https://status.munichmakerlab.de

MuMaBus

Space Automation, see MuMaBus for details

  • MQTT at jupiter.munichmakerlab.de

Slack

Chat, with bridge to IRC

Additional Services

  • Calendar as iCal
  • ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de

Access

The following people currently have admin access to the infrastructure:

Migration and Optimization 2024

We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones.


Consolidate:

  • Wiki: Containerize => Challenges: php modules; updating php/wiki; ggf. make it easier to include the plugins (maybe php compose module handling)
  • Mailsystem: ??

Externally hosted, and to be transfered into MuMaLab Infrastructure

Planned Services

  • NextCloud
  • evtl Ticket System
  • Single Sign On: e.g. login to wiki either locally or via SSO. Later only SSO. Can be used e.g. for nextcloud or other services as well

Details unclear

  • InfoBeamer

SSO

IDPs

  1. Option: Authentik
  2. Option: https://git.cccv.de/uffd/uffd
  3. Option: ...?

Auth:

Complete guide to Nextcloud OIDC authentication with Authentik

Integrate Authentik and Nextcloud

Wiki Plugins for OIDC etc.: Plugable Auth

ToDos

Topic Tasks Notes
SSO
  • test authentik on saturn
  • test connecting authentik and nextcloud
  • test connecting wiki to authentik
Wiki
  • containerize wiki (build on gitlab) and migrate to saturn as staging wiki
  • update wiki
Update Apps e.g. Etherpad
Security
  • Setup Firewall
  • update docker networks for better separation?
IaC
  • Setup Ansible in Repo
  • Playbook for Server
  • Playbook for Docker
Retrieved from "https://wiki.munichmakerlab.de/index.php?title=Web_Infrastructure&oldid=7473"