martinx3-administrativedevelopment / servercontainertemplate Goto Github PK
View Code? Open in Web Editor NEWContains documentation to create a podman server
License: GNU Affero General Public License v3.0
servercontainertemplate's People
Contributors
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
Stargazers
Watchers
Forkers
terenceskillservercontainertemplate's Issues
Meet project requirements
Grundsätzliche Projektdurchführung:
Anforderungen an Demo-Szenario.
Finde bzw. entwickle geeigneten Docker-Container als Grundlage für das Szenario.
Entwickle Architektur für das Demo-Szenario.
Realisiere Demo-Szenario.
Guter anwendungsbezogener Vortrag/Demo zum Projekt.
Projektdokumentation
Add a GitLabContainer
With a basic configuration.
Enable IPv6 as soon as it is available and stable
There is an open slirp4netns issue for this -> rootless-containers/slirp4netns#253
IPv6 is in the works and experimental. Thus it is not recommended to be used in this stage.
Exception: You could bind a container to one IPv6 address, it's a workaround.
[Service] Add LDAP
https://github.com/bitnami/bitnami-docker-openldap#how-to-use-this-image
Connect it with OpenID
#25
[Maintenance] Scheduled RAID tests
Password storage
Server with Bitwarden
https://github.com/bitwarden/server
[Maintenance] Grafana / prometheus server resource usage
Munin, Telegraf oder zabbix statt prometheus?
Create a deploy script / technology
Create a script / tool to automatically partition the server and install the needed things.
Like ansible or something else
[Maintenance] Turn cockpit into a container with https
[Podman] network-alias on multiple networks doesn't work
--network-alias=alias
[…]NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release.
https://docs.podman.io/en/latest/markdown/podman-pod-create.1.html#network-alias-alias
[Maintenance] Add watchtower to check for new docker container tags
Add Nextcloud
[Maintenance] Scheduled smart tests and monitoring
https://wiki.archlinux.org/index.php/S.M.A.R.T.#smartd
As example with email support
Schedule self-tests
DEVICESCAN -s (S/../.././11|L/../../6/12)
Smart Monitor
https://github.com/AnalogJ/scrutiny#docker
https://github.com/analogj/scrutiny/pkgs/container/scrutiny
https://hub.docker.com/r/linuxserver/scrutiny
Postgresql upgrade data script
[Maintenance] Add a step to prune unused images / tags
Linux
We have access to the cron utility, so this will be simple. Run crontab -e, pick an editor (nano) if you haven’t done so already and then add this line to the bottom and save it:
0 3 * * * /usr/bin/docker system prune -f
Docker is most likely installed at /usr/bin/docker but you can verify that by running which docker. Change the path if you need to. Also make sure the line isn’t commented out with a #.
[Security] Firewall & brute force protection
Aside from the security part of the arch wiki
Choose a firewall and add rules to every service manual.
Easiest solution seems to be the iptables wrapper
https://wiki.archlinux.org/title/Uncomplicated_Firewall
UFW also has a rate limit feature against brute force attacks
(Add a hint to each docker service)
Tor Bridge
Add LDAP Support
A first configuration with basic data is enough.
Create Readme.md with instructions
Create Readme.md with exact instructions to reproduce the result.
Add remote browser access
Add access via Browser from another Computer of the same Network
Create a Gitlab Docker-Compose.yml
Single Sign-On & Identity and Access Management
Rebase this template on a server installation documentation / image generation
[Maintenance] New nginx-proxy version
https://github.com/nginx-proxy/nginx-proxy
0.9.0
Switch to
https://github.com/linuxserver/docker-swag
https://hub.docker.com/r/linuxserver/swag
Remove https://github.com/MartinX3-EducationOrganization/nginx-certbot
Symlink the Let'sEncrypt Certificat on the Host to the Cockpit service
Wireguard VPN
[Maintenance] Monitor patch status of server OS
Scan for CVEs in running pods
https://github.com/aquasecurity/trivy
https://aquasecurity.github.io/trivy/v0.28.0/docs/advanced/container/podman/
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
[Maintenance] Monitor system status of server OS
https://github.com/mikaku/Monitorix
Monitorix is a free, open source, lightweight system monitoring tool.
[Maintenance] Implement linuxserver.io where possible
CI/CD pipeline
Buildkite is written in Golang
Jenkins is written in Java
In theory Buildkite should use less RAM.
https://github.com/buildkite/agent
https://github.com/compono/podman-buildkite-plugin
To deploy and upgrade services?
Move away from compose to kubernetes yaml files
podman-play-kube - Create containers, pods or volumes based on Kubernetes YAML
https://docs.podman.io/en/latest/markdown/podman-play-kube.1.html
Network plugins
https://github.com/containernetworking/plugins
Backup solution for the server itself
Backup backup backup
The container volumes need to be backuped
Maybe the OS as well
Maybe renting a dedicated server running a S3 compatible storage like ceph or minio
https://dev.to/hendr_ik/automate-backing-up-your-docker-volumes-3gdk
Or maybe a borg client in a container mounting every volume?
https://www.borgbackup.org/
Add document management system
Add basic first use instructions
[Service] Add OpenID
OpenID is an open standard and decentralized authentication protocol.
eID support
https://github.com/eid-login/eid-login-nextcloud
Connect it with LDAP
#14
PostgreSQL - MultiUser support
- Switch to https://hub.docker.com/r/bitnami/postgresql
- The postgresql user should only be used for a pgadmin docker-compose
- In the readme for projects using the DB a step to create the individual user should be inserted
[Maintenance] Add an email server for administrator notifications
https://dovecot.org/
https://hub.docker.com/r/dovecot/dovecot
Mailu.io
https://github.com/docker-mailserver/docker-mailserver
rootless SMTP -> https://github.com/haraka/Haraka
LDAP plugin
https://github.com/haraka/Haraka/blob/master/Plugins.md
https://github.com/haraka/haraka-plugin-auth-ldap
Dockerimage
https://github.com/instrumentisto/haraka-docker-image
Temp file upload service like WeTransfer for email attachments
[Maintenance] Container Management Portainer.io
https://github.com/portainer/portainer
Making Docker and Kubernetes management easy.
Starting with version 2.6
portainer/portainer#5188
SeLinux oder AppArmor
Migration DNS zu https://www.nsupdate.info/
Add a manual to use IPMI from your local computer
Add static page to list all services
Make data persistent
Add a VOLUME to guarantee persistent data storage
[Service] Add a server client backup solution for other computers
As example
https://github.com/grke/burp
It also has a client ui
https://git.ziirish.me/ziirish/burp-ui
Or borg backup client server solution
https://www.borgbackup.org/
[Roadmap] Move away from docker to rootless podman
As example
https://mkdev.me/en/posts/dockerless-part-1-which-tools-to-replace-docker-with-and-why
https://jaxenter.de/buildah-linux-container-docker-80513
move to rootless podman
use docker-compose or podman-compose
podman-dnsname
https://github.com/containers/
https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md
https://rootlesscontaine.rs/
https://github.com/rootless-containers
systemctl --user enable podman.socket --now
DOCKER_HOST=unix:///run/user/1000/podman/podman.sock docker-compose up
Finance software
Create a short summarisation of what we need to do in the Readme.md
Create a short summarisation of what we need to do in the Readme.md
Add services from public list
Maybe some services are usefull or better than already listed/used in this repo.
[Maintenance] Recovery System on dedicated partition
Alpine Linux based?
Dedicated partition?
How to change the bootloader from a broken initframfs recovery to point to the recovery OS?
BTRFS RAID 1 at the end of the partition?
1GB?
if bootloader not accecible because of a headless server, is it switchable by a bootable recovery image with grub tools? (grub bootloader)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.