path: root/TODOs.org

* Tasks
** DONE Provision DigitalOcean's droplet from Terraform
CLOSED: [2019-05-25 Sat 13:29]
** DONE Properly provision Ubuntu droplet
CLOSED: [2019-05-25 Sat 17:50]
** TODO Use Digital Ocean's Volumes for persistent extended storage
** TODO Automate deployment of updates
During build, decrypt content of files and update the deployment.

How does Terraform tfstate file can be handled in this case?

UPDATE:
Terraform does support the so called "backends" to coordinate lock and usage of the =.tfstate= files. On this regard there are no restrictions on continously deploying with Terraform from the CI pipelines.

However the current applications do *not* properly support blue/green deployment, like email, Nextcloud, etc.

We could try to share a shared volume, but that would be a consistency nightmare.

The other option is to always recreate everything, with downtime. The advantage is that we get actual immutable deployments with stateful storage, but there would be downtime for every deployment. This is due to the nature of most of the packaged applications being single node *only*.

There's also the IP reputation issue: recreating everything from scratch every time would lead to new droplets with new IP addresses, which is not a good thing to be changing in a server box.

A reasonable alternative would be to redeploy everything on a different node, with a different TLD, and manually check that. But that would be just like an staging environment, with all of it's downsides too.

In this situation, I if go on with automating the deployment I'd rather pick the downtime option.

I'll start with other services other than email and consider alternatives later.
** WAITING Configure DNS from Terraform
* Must
** Fully deployable from code
Use NixOps and Terraform to fully automate all of the configuration.
* Services
** DONE =euandreh.org=: Static webhosting
CLOSED: [2019-05-26 Sun 10:17]
** TODO =mail.euandreh.org=: Email + webmail
** TODO =cloud.euandreh.org=: Nextcloud: storage, calendar, contacts, notes
** TODO =hydra.euandreh.org=: Hydra
Does Hydra support release management?
** TODO =annex.euandreh.org=: Public content from Git Annex repositories
Only an static file server, with folders for individual assets.
** DONE =wallabag.euandreh.org=: Wallabag
CLOSED: [2019-05-25 Sat 18:02]
** TODO =pi-hole.euandreh.org=: Pi-hole
** TODO =pwk.euandreh.org=: Piwik
** TODO Software development
*** TODO =git.euandreh.org=: CGit or GitWeb
https://github.com/iconoeugen/docker-gitweb
*** TODO =cd.euandreh.org=: Hydra
** CANCELLED =perkeep.euandreh.org=: Perkeep
I'm already covered by using Git Annex for almost everything.
** WAITING =matrix.euandreh.org=: Matrix Synapse server
I'm not using IRC a lot right now. Wait for me to interact more with mailing lists and gauge the need of IRC.
* Questions
** DONE Do I want or need Docker? Should I use it?
CLOSED: [2019-05-25 Sat 18:1980]
It was a better path than sticking with NixOps and nixcloud-webservices. It's more widespread and has more things done for it.
** CANCELLED How to share the Nix store across services?
** DONE How to leverage DigitalOcean's block storage?
CLOSED: [2019-05-25 Sat 18:19]
Provision it using Terraform, and use it's path as the =$VOLUME_HOME= variable for containers.

This was I can compartimentalize the data storage to easily backup and duplicate, but also destroy a running droplet and create a new one.
* Nice to have
** =*.euandreh.org=
** Nix Terraform provisioning
* Resources
** [[https://github.com/mail-in-a-box/mailinabox][Mail-in-a-Box]]
** [[https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/][NSA-proof your e-mail in 2 hours]]
** [[https://www.iredmail.org/][iRedMail]]
** [[https://blog.harveydelaney.com/hosting-websites-using-docker-nginx/][Hosting Multiple Websites with SSL using Docker, Nginx and a VPS]]
** [[https://github.com/sovereign/sovereign/][Sovereign]]
** [[https://github.com/nixcloud/nixcloud-webservices][nixcloud-webservices]]
** [[https://github.com/Kickball/awesome-selfhosted#email][Awesome-Selfhosted: Email]]