Components
External Services
Services required to keep the echtzeit infrastructure running.
Domain Registrars
We utilize multiple domain registrars. Domains are currently held by various persons, not by the association.
Note
We still need to find a good way to transfer our domains from individuals to the association.
DNS
Note
DeSec does not have a concept of “teams” or other means for multiple accounts to manage the same DNS Zones.
Hosting
We use Netcup as our main hoster for VMs: https://www.netcup.com/ But any hosting services which supports FreeBSD or supports booting from your own media should work.
Host
OS
All of our hosts are running FreeBSD: https://www.freebsd.org/
Containers
We run our selfhosted services in containers through FreeBSD Jails: https://docs.freebsd.org/en/books/handbook/jails/ Management of the jails is done through Bastille: https://bastillebsd.org/
Networking
Containers communicate through an virtual (host-only) network which utilizes the default FreeBSD network stack. Firewall, NAT, Port-Forwarding and so on is being taken care of by PF: https://www.openbsd.org/faq/pf/
Webserver & Reverse Proxy
We use Caddy as a reverse proxy (it is the only container with ports forwarded to the external interface), as a webserver and as an automatic TLS solution with Let’s Encrypt: https://caddyserver.com/
Services
These are the services we run on our infrastructure:
Static Sites
Static sites - such as this documentation page - are serverd directly by caddy. We generally use Hugo to generate our static sites.
Identity & Access Management
We use an LDAP directory provided by lldap to centrally manage users and groups. Single Sign-On and MFA is enabled through Authelia. Both components where selected because they have a minimal feature set focusing on solving a specific issue. They are also easy do deploy and integrate well into the rest of the environment.
Data Storage & Sharing
We use Nextcloud as a “Cloud Storage Solution” since it is currently the most mature, self-hostable solution.
Document Editing & Collaboration
Document editing is provided by OnlyOffice, intergrated into Nextcloud. We went with OnlyOffice because they provide native FreeBSD packages.
Text & Voice Communication
Provided by Nextcloud Talk. We utilize the Standalone signaling server by Struktur AG and Janus for the Talk backend. We use this solution because of its deep integration into Nextcloud.
Inventory Management
We keep track on various inventories trough Homebox. It is a very simple application but suits our needs and is easy to deploy.