User Tools

Site Tools


club:infrastructure

Infrastructure

network diagram

problems

  • configuration management — our servers ought to be cattle, but right now they’re pets
  • insufficient availability — our services ought to survive when a server is dead or down for maintenance
  • learning curve — OpenBSD has some benefits over Debian, but is it impractical for new committees?

ling.c.o.a

common services

  • SSH (OpenSSH)
  • ACME (cbwrapper)
  • SMTP (Exim)
    • dependency: DKIM
    • dependency: ACME (FIXME)
  • DKIM (Exim)
    • dependency: DNS (e8e6fd1c._domainkey.c.o.a)
  • HTTP (nginx)
    • dependency: ACME (systemctl reload nginx)
  • status (lookout)

other services

buddy.c.o.a

common services

  • SSH (OpenSSH)
  • ACME (cbwrapper)
  • SMTP (OpenSMTPD)
    • dependency: DKIM
    • dependency: ACME (FIXME)
  • DKIM (DKIMproxy)
    • dependency: DNS (261d05cd._domainkey.buddy.c.o.a)
  • HTTP (nginx)
    • dependency: ACME (rcctl reload nginx)
  • status (lookout)

other services

envoy.c.o.a

  • Vultr @ SYD
  • Debian/8.4 (amd64)
  • envoy noun messenger; representative; proxy

common services

  • SSH (OpenSSH)
  • status (lookout)

other services

  • VPN for beepboop (OpenVPN)

glossary

  • ACME is how we automate the renewal of X.509 certificates for services that use TLS
  • DKIM is how we sign our mail to convince recipients that the messages are authentic for c.o.a
  • cbwrapper is a script that updates Certbot, renews certificates, and notifies dependent services
  • Jekyll is a static site generator (a compiler that converts templates and pages to plain HTML)
  • lookout is a status page service (a bunch of live numbers and sparklines for a server)

ideas

proposed network diagram

club/infrastructure.txt · Last modified: 2018/02/25 00:03 by delan