Difference between revisions of "Closetbox"

From Technologia Incognita
Jump to: navigation, search
Line 21: Line 21:
  
 
These services are installed via install-scripts that we maintain together.  
 
These services are installed via install-scripts that we maintain together.  
 +
 +
== Installation ==
 +
 +
Get a empty recently installed (real or virtual) Debian Weezy machine and be root and run
 +
 +
wget -qO - https://raw.github.com/chotee/closetbox/master/bin/boostrap_local.sh | bash
 +
- or -
 +
wget -qO - http://tinyurl.com/closetbox-bs | bash
 +
 +
This will get you an installed closetbox, with services ready to go. An extra administrative user called "closetbox" was installed. This user keeps all of the ansible code and state.
  
 
== Services ==
 
== Services ==
 +
 +
=== Currently available ===
 +
* Filesharing via Owncloud.
  
 
=== To be considered ===
 
=== To be considered ===
* Filesharing
 
 
* Email (SMTP incoming, webmail, IMAPS, POP3S)  
 
* Email (SMTP incoming, webmail, IMAPS, POP3S)  
 
* Socialnetwork
 
* Socialnetwork
Line 48: Line 60:
  
 
There are two way's of using these scripts:
 
There are two way's of using these scripts:
* Install the machines, allow us to have access to the machine to push further maintenance of services.
+
* Done: Copy the installation scripts from our repository, run them yourself.
* Copy the installation scripts from our repository, run them yourself.
+
* WIP: Install the machines, allow us to have access to the machine to push further maintenance of services.  
  
 
== Installation process ==
 
== Installation process ==
Line 55: Line 67:
 
The installation is as follows:  
 
The installation is as follows:  
 
* Get a computational device that meets minimal requirements (for those services).  
 
* Get a computational device that meets minimal requirements (for those services).  
* Install base Debian on the machine.
+
* Install base Debian Weezy on the machine.
* Install Ansible via an installation script.
+
* Run the installation script.  
* Select what services to install and install those on the machine.
 
* Create user accounts as needed.
 
  
 
== Current todos ==
 
== Current todos ==
* Build the initial installation script (manual installation notes are there)
+
* improve the initial installation script. Give the user control over what is installed.  
* Start building the Ansible infrastructure and scripts for each of the services
 
* Initial host configuration/setup. This includes starting Operating system auto-update and machine hardening features.
 
  
 
== Security ==
 
== Security ==

Revision as of 23:06, 17 March 2014

Projects
Participants
Skills Open source projects, Scripting, Networks
Status Active
Niche Community
Purpose Infrastructure

Overview

A set of services that allow interested parties to run internet services ourself without having revert to being a serf and sell away our privacy for use of the land.

Our community provide those services so that we can run boxes while trying to avoid duplication of installation efforts. Because more people are involved, theoretically it should be a better configuration then that if you'd do it all yourself.

We want a solution that has many of the properties of confidence in as you have in that drawer in your house where you store your private documents.

  • Someone has to break in to your house to get a look inside.
  • You notice when it is missing and there's a high probability you'll find out when someone has had a peek.

A solution

Our solution consists of:

  • A Close(s)t-box - This is a machine that you put in your home and connect to the home network. It stores your data and optionally the data of those that trust you. This hardware can be either a low-powered ARM board with attached storage or a older model PC.
  • A Post-box - Often it's needed to have a fixed address on the internet (especially for e-mail). The cheap way is to rent a VPS at one of the many VPS providers. This machine does handle your data, but it shouldn't store any of it. Various Closet-boxes could share a post-box.

These services are installed via install-scripts that we maintain together.

Installation

Get a empty recently installed (real or virtual) Debian Weezy machine and be root and run

wget -qO - https://raw.github.com/chotee/closetbox/master/bin/boostrap_local.sh | bash - or - wget -qO - http://tinyurl.com/closetbox-bs | bash

This will get you an installed closetbox, with services ready to go. An extra administrative user called "closetbox" was installed. This user keeps all of the ansible code and state.

Services

Currently available

  • Filesharing via Owncloud.

To be considered

  • Email (SMTP incoming, webmail, IMAPS, POP3S)
  • Socialnetwork
  • Chat services
  • Publication platform
  • SIP/IP-Telephony

Maintenance

Any software has bugs, and updating it regularly is fundamental in keeping safe.

Follow operating system first: In principal we'll install software that's part of the Operating systems security update infrastructure and follow those updates.

It maybe that some desired services are not available as standard packages, then a different way must be devised to keep the software up to date.

Trust

Trust is a big thing. If you do not trust MegaCorps with your data, why would a bunch of random people?

Our answer is radical transparency. All our software is Opensource. All of the installation procedures are completely visible and reviewable.

The code and it's history is available on github: https://github.com/chotee/closetbox

There are two way's of using these scripts:

  • Done: Copy the installation scripts from our repository, run them yourself.
  • WIP: Install the machines, allow us to have access to the machine to push further maintenance of services.

Installation process

The installation is as follows:

  • Get a computational device that meets minimal requirements (for those services).
  • Install base Debian Weezy on the machine.
  • Run the installation script.

Current todos

  • improve the initial installation script. Give the user control over what is installed.

Security

Services will be configured with security in mind. Only using encrypted protocols.

We'll harden the machines, turning on firewalls and other security measures.

Every service runs as it's own user, limiting the impact of service security breaches to those services.

Decisions to make

  • What interface will owners have to install services, do user maintenance, etc.
  • How are we going to provide a backup service?