Difference between revisions of "Closetbox"

From Technologia Incognita
Jump to: navigation, search
(Created page with "{{Project |ProjectStatus=Planning |ProjectNiche=Community |ProjectPurpose=Infrastructure }} == Overview == A set of services that allow interested parties to run internet ser...")
 
Line 1: Line 1:
 
{{Project
 
{{Project
 +
|ProjectSkills=Open source projects, Scripting, Networks,
 
|ProjectStatus=Planning
 
|ProjectStatus=Planning
 
|ProjectNiche=Community
 
|ProjectNiche=Community

Revision as of 00:48, 3 March 2014

Projects
Participants
Skills Open source projects, Scripting, Networks
Status Planning
Niche Community
Purpose Infrastructure

Overview

A set of services that allow interested parties to run internet services ourself without having revert to being a serf and sell away our privacy for use of the land.

Our community provide those services so that we can run boxes while trying to avoid duplication of installation efforts. Because more people are involved, theoretically it should be a better configuration then that if you'd do it all yourself.

We want a solution that has many of the properties of confidence in as you have in that drawer in your house where you store your private documents.

  • Someone has to break in to your house to get a look inside.
  • You notice when it is missing and there's a high probability you'll find out when someone has had a peek.

A solution

Our solution consists of:

  • A Close(s)t-box - This is a machine that you put in your home and connect to the home network. It stores your data and optionally the data of those that trust you. This hardware can be either a low-powered ARM board with attached storage or a older model PC.
  • A Post-box - Often it's needed to have a fixed address on the internet (especially for e-mail). The cheap way is to rent a VPS at one of the many VPS providers. This machine does handle your data, but it shouldn't store any of it. Various Closet-boxes could share a post-box.

These services are installed via install-scripts that we maintain together.

Services

  • Email (SMTP incoming, webmail, IMAPS, POP3S)
  • Filesharing
  • Socialnetwork
  • Chat services
  • Publication platform
  • SIP/IP-Telephony

Maintenance

Any software has bugs, and updating it regularly is fundamental in keeping safe.

Follow operating system first: In principal we'll install software that's part of the Operating systems security update infrastructure and follow those updates.

It maybe that some desired services are not available as standard packages, then a different way must be devised to keep the software up to date.

Trust

Trust is a big thing. If you do not trust MegaCorps with your data, why would a bunch of random people?

Our answer is radical transparency. All our software is Opensource. All of the installation procedures are completely visible and reviewable.

There are two way's of using these scripts:

  • Install the machines, allow us to have access to the machine to push further maintenance of services.
  • Copy the installation scripts from our repository, run them yourself.

Installation process

The installation is as follows:

  • Get a computational device that meets minimal requirements (for those services).
  • Install base Debian on the machine.
  • Install Ansible via an installation script.
  • Select what services to install and install those on the machine.
  • Create user accounts as needed.

Current todos

  • Build the initial installation script (manual installation notes are there)
  • Start building the Ansible infrastructure and scripts for each of the services
  • Initial host configuration/setup. This includes starting Operating system auto-update and machine hardening features.

Security

Services will be configured with security in mind. Only using encrypted protocols.

We'll harden the machines, turning on firewalls and other security measures.

Every service runs as it's own user, limiting the impact of service security breaches to those services.

Decisions to make

  • What interface will owners have to install services, do user maintenance, etc.
  • How are we going to provide a backup service?