Web Infrastructure

From The Munich Maker Lab's Wiki
Revision as of 17:07, 13 October 2024 by Milian (talk | contribs)
Jump to navigation Jump to search

Some documentation on MuMaLab's web infrastructure stuff.

Hosts

We currently have 3 VMs at Hetzner:

  • mars.munichmakerlab.de (Mars)
  • jupiter.munichmakerlab.de
  • saturn.munichmakerlab.de

Saturn

  • docker containers are started via systemd
  • cronjob added for cleanup of old docker images

Services

Service Name Hostname Server native/docker status Source
Website www.munichmakerlab.de saturn docker productive
Wiki wiki.munichmakerlab.de jupiter native productive Github Website
Nodered nodered.munichmakerlab.de jupiter docker productive
Log log.munichmakerlab.de Tumblr - productive
Etherpad pad.munichmakerlab.de mars docker productive ether/etherpad-lite
Mailinglisten lists.munichmakerlab.de mars native productive
Roombooking rooms.munichmakerlab.de jupiter docker productive
Slack Inviter slack.munichmakerlab.de saturn docker productive rauchg/slackin
Space Status status.munichmakerlab.de saturn docker productive Github Spacestatus
MQTT mqtt.munichmakerlab.de jupiter native productive
Nextcloud nextcloud.munichmakerlab.de saturn docker experimental
Traefik Reverseproxy saturn.munichmakerlab.de/dashboard/
(might be disabled)
saturn docker productive

Website

Static website at https://munichmakerlab.de

Wiki

MediaWiki at https://wiki.munichmakerlab.de/

  • Create your own account, needs to be confirmed by an admin

Maintenance

We currently have a bit of a spam problem, easiest way to fix it currently is to clean them up in the database directly.

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam, no confirmed mail address", acr_deleted = 1 where acr_email_authenticated is null and acr_rejected is null and acr_registration < now() - interval 7 day;

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null and acr_registration < now() - interval 7 day;

update mw_account_requests set acr_rejected = DATE_FORMAT(NOW(),"%Y%m%d%H%i%S"), acr_user = 1, acr_comment = "Spam", acr_deleted = 1 where acr_rejected is null;

Status

Space status at https://status.munichmakerlab.de

MuMaBus

Space Automation, see MuMaBus for details

  • MQTT at jupiter.munichmakerlab.de

Slack

Chat, with bridge to IRC

Additional Services

  • Calendar as iCal
  • ical2email. Sends reminder emails for events to mailing list, using the wordpress calendar. Python script running daily on vps02.thearrow.de

Access

The following people currently have admin access to the infrastructure:

Migration and Optimization 2024

We're planning to consolidate services into a standard deployment model, consolidate external services, and maybe add some new ones.


Consolidate:

  • Wiki: Containerize => Challenges: php modules; updating php/wiki; ggf. make it easier to include the plugins (maybe php compose module handling)
  • Mailsystem: ??

Externally hosted, and to be transfered into MuMaLab Infrastructure

Planned Services

  • NextCloud
  • evtl Ticket System
  • Single Sign On: e.g. login to wiki either locally or via SSO. Later only SSO. Can be used e.g. for nextcloud or other services as well

Details unclear

  • InfoBeamer

SSO

IDPs

  1. Option: Authentik
  2. Option: https://git.cccv.de/uffd/uffd
  3. Option: ...?

Auth:

Complete guide to Nextcloud OIDC authentication with Authentik

Integrate Authentik and Nextcloud

Wiki Plugins for OIDC etc.: Plugable Auth

Next Steps

  • test authentik on saturn
  • test connecting authentik and nextcloud
  • migrate etherpad, rooms to saturn
  • containerize wiki (build on gitlab) and migrate to saturn
  • update wiki
  • test connecting wiki to authentik
  • move systemd config to git and improve e.g. traefik or docker configs (e.g. via ansible/docker compose)
  • install ufw firewall on saturn server
  • setup different networks for docker, e.g. etherpad with db etc.