Closetbox

From Technologia Incognita
Revision as of 11:28, 29 May 2014 by Becha (talk | contribs) (Overview)
Jump to: navigation, search
Projects
Participants
Skills Open source projects, Scripting, Networks
Status Active
Niche Community
Purpose Infrastructure

Overview

A set of services that allow interested parties to run internet services ourself without having revert to being a serf and sell away our privacy for use of the land.

Our community provide those services so that we can run boxes while trying to avoid duplication of installation efforts. Because more people are involved, theoretically it should be a better configuration then that if you'd do it all yourself.

We want a solution that has many of the properties of confidence in as you have in that drawer in your house where you store your private documents.

  • Someone has to break in to your house to get a look inside.
  • You notice when it is missing and there's a high probability you'll find out when someone has had a peek.

Link to related TechInc projects: Privacy_Software_Workshop_Series#Related_projects_by_TechInc

A solution

Our solution consists of:

  • A Close(s)t-box - This is a machine that you put in your home and connect to the home network. It stores your data and optionally the data of those that trust you. This hardware can be either a low-powered ARM board with attached storage or a older model PC.
  • A Post-box - Often it's needed to have a fixed address on the internet (especially for e-mail). The cheap way is to rent a VPS at one of the many VPS providers. This machine does handle your data, but it shouldn't store any of it. Various Closet-boxes could share a post-box.

These services are installed via install-scripts that we maintain together.

Installation

Get a empty recently installed (real or virtual) Debian Weezy machine and be root and run

wget -qO - https://raw.github.com/chotee/closetbox/master/bin/boostrap_local.sh | bash - or - wget -qO - http://tinyurl.com/closetbox-bs | bash

This will get you an installed closetbox, with services ready to go. An extra administrative user called "closetbox" was installed. This user keeps all of the ansible code and state.

Services

Currently available

  • Filesharing via Owncloud.

To be considered

  • Email (SMTP incoming, webmail, IMAPS, POP3S)
  • Socialnetwork
  • Chat services
  • Publication platform
  • SIP/IP-Telephony

Maintenance

Any software has bugs, and updating it regularly is fundamental in keeping safe.

Follow operating system first: In principal we'll install software that's part of the Operating systems security update infrastructure and follow those updates.

It maybe that some desired services are not available as standard packages, then a different way must be devised to keep the software up to date.

Trust

Trust is a big thing. If you do not trust MegaCorps with your data, why would a bunch of random people?

Our answer is radical transparency. All our software is Opensource. All of the installation procedures are completely visible and reviewable.

The code and it's history is available on github: https://github.com/chotee/closetbox

There are two way's of using these scripts:

  • Done: Copy the installation scripts from our repository, run them yourself.
  • WIP: Install the machines, allow us to have access to the machine to push further maintenance of services.

Installation process

The installation is as follows:

  • Get a computational device that meets minimal requirements (for those services).
  • Install base Debian Weezy on the machine.
  • Run the installation script.

Current todos

  • improve the initial installation script. Give the user control over what is installed.

Security

Services will be configured with security in mind. Only using encrypted protocols.

We'll harden the machines, turning on firewalls and other security measures.

Every service runs as it's own user, limiting the impact of service security breaches to those services.

Decisions to make

  • What interface will owners have to install services, do user maintenance, etc.
  • How are we going to provide a backup service?