Giter Club home page Giter Club logo

privyplace's Introduction

PrivyPlace

Disclaimer: still in development, use at your own risk

PrivyPlace is a opiniated personal cloud distribution based on a selection of open source software and deployed on a single node Kubernetes cluster.

It makes use of several open-source software, mainly:

Additionnaly to the infrastucture, several apps are available to install on the cluster, for now:

  • An application portal, based on Homer
  • FreshRSS a great RSS aggregator
  • Searx an internet metasearch engine
  • srt2hls an audio HLS streaming server
  • Droppy a file storage server with a web interface
  • The Lounge a web IRC client
  • mStream a music streaming server
  • Shiori a simple bookmark manager
  • Adminer for database management

Alt text

Security considerations

PrivyPlace assumes, for now, a single tenant cluster where everyone connected is an administrator.

SSO and ingress protection

By default, once the first run setup done (see below), all applications will be secured by proper default values and a Single Sign-On solution. For now, it use the external auth ingress functionality coupled to Organizr.

All apps that support reverse proxy header authentification can make use of it to manage user. This is the case for Grafana where the x-organizr-user header is used to pass the Organizr user to Grafana.

The authentification can be disabled on specific ingress like in the stream app by using the annotation nginx.ingress.kubernetes.io/enable-global-auth: "false".

Usage

Requirements

local machine

pip3 install ansible PyYAML openshift
git clone https://github.com/mbugeia/privyplace
cd privyplace

remote server

  • Debian 10 (untested on other)
  • root ssh access
  • Firewall rules to allow ports 80 and 443 from internet
  • A domain with DNS configured to point to your server, for example
yourdomain.tld. 300 IN A yourserveripv4
*.yourdomain.tld. 300 IN A yourserveripv4

Configure

Configure ansible inventory

cp inventory.yml.example inventory.yml

Then edit inventory.yml and replace yourdomain.tld by your real domain name.

Customize your installation

Common default value are in group_vars/all.yml, you can overide them in group_vars/privyplace.yml, some options need to be set:

# mains options
letsencrypt_email: "[email protected]"
letsencrypt_env: # staging or prod
main_domain: yourdomain.tld

# passwords
postgres_password: postgresmasterpassword
freshrss_db_password: freshrsspassword

# shh public key to connect to ansible-executor
authorized_keys: |
  ssh-rsa your ssh public key

You can override default value here like freshrss_domain: "myrssdomain.tld" or disable app by setting app_freshrss_enabled: false.

Deploy

ansible-playbook -i inventory.yml privyplace.yml --diff

First run configuration

As for now, Organizr need to be configured manually. Once the deploy is finished, go to https://yourdomain.tld.

You can then follow Organizr first time setup instructions https://docs.organizr.app/books/installation/page/first-time-setup

Here is the values you need to set to makes it work:

  • Install type: Personal
  • Admin infos: Whatever you want
  • Security: Whatever you want
  • Database: Name: organizr Location: /data

Enjoy you self-hosted applications

Go to https://portal.yourdomain.tld

Advanced Usage

Access the cluster from you local machine

Partial deploy

# Check before deploy
ansible-playbook -i inventory.yml privyplace.yml --diff --check
# Deploy only ingress
ansible-playbook -i inventory.yml privyplace.yml --diff --tags ingress
# Deploy only roles setup-cluster
ansible-playbook -i inventory.yml privyplace.yml --diff --tags setup-cluster
# Deploy only organizr
ansible-playbook -i inventory.yml privyplace.yml --diff --tags organizr

Build monitoring ressources

apt install jsonnet
GO111MODULE="on" go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb
mkdir kube-prometheus
cd kube-prometheus
jb init
jb install github.com/coreos/kube-prometheus/jsonnet/kube-prometheus
# customize custom-kube-prometheus.jsonnet
./build-monitoring.sh

Build docker image

export DOCKER_ID_USER="privyplace"
# build and push latest php/* images
./docker-build.sh docker/debian/php
# make a clean release and push all debian images
./docker-build.sh docker/debian v0.0.1

Knows issues

  • SSO doesn't redirect back to the app after login

privyplace's People

Contributors

mbugeia avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

elmergonzalezb swipswaps nexxus-lmt

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.