applications issueshttps://forge.liiib.re/indiehost/applications/-/issues2015-05-02T20:05:17Zhttps://forge.liiib.re/indiehost/applications/-/issues/28allow running on >1 host2015-05-02T20:05:17ZOzouxallow running on >1 host*Created by: michielbdejong*
right now, the server-wide services assume that the user's data volume is on the same server. They also assume that all per-user containers are running on the same server. It would be nice to allow for bigge...*Created by: michielbdejong*
right now, the server-wide services assume that the user's data volume is on the same server. They also assume that all per-user containers are running on the same server. It would be nice to allow for bigger server farms, where one server acts as a load balancer, one as a file server, one as an application server, etcetera.
https://forge.liiib.re/indiehost/applications/-/issues/27consider switching to systemd2014-11-14T12:01:58ZOzouxconsider switching to systemd*Created by: michielbdejong*
Right now, we're using the `docker run --restart` flag for restart after failure (and the default `docker -d -r` flag for restart after reboot), but it could have advantages [?-like what?] to switch to syste...*Created by: michielbdejong*
Right now, we're using the `docker run --restart` flag for restart after failure (and the default `docker -d -r` flag for restart after reboot), but it could have advantages [?-like what?] to switch to systemd or upstart.
https://forge.liiib.re/indiehost/applications/-/issues/26Rename the repo2015-05-02T19:56:40ZOzouxRename the repoI think a better name would be `michiel-app-store` or `michiel-implementation`. I'll have my own also, and then from October, we'll work on merging both. (it will be easier to do this AFK)
I think a better name would be `michiel-app-store` or `michiel-implementation`. I'll have my own also, and then from October, we'll work on merging both. (it will be easier to do this AFK)
https://forge.liiib.re/indiehost/applications/-/issues/25Why bouncer and not HAproxy2014-11-14T12:01:45ZOzouxWhy bouncer and not HAproxyI think this is concerning from a security point of view to use this piece of software for the most important part - namely serving ssl certificates. Especially when there is something Industry proven that is doing great job.
I think this is concerning from a security point of view to use this piece of software for the most important part - namely serving ssl certificates. Especially when there is something Industry proven that is doing great job.
https://forge.liiib.re/indiehost/applications/-/issues/24discussion about which meta-software to offer2015-05-02T20:01:39ZOzouxdiscussion about which meta-software to offer*Created by: michielbdejong*
I think it's quite clear we want to offer certain base functionality:
- identity: a domain name you control, with a (static) website served over https
- decentralized communication: email, jabber, pubsubhubb...*Created by: michielbdejong*
I think it's quite clear we want to offer certain base functionality:
- identity: a domain name you control, with a (static) website served over https
- decentralized communication: email, jabber, pubsubhubbub
- blogging: tools so that you can more easily publish content on the web
- file hosting: tools so that you can keep your photos and files on your server
And then there are miscellaneous apps that have some specific functionality, which are each sort of isolated and light-weight to add, like maybe:
- gitlab,
- etherpad,
- bugzilla,
- addressbook,
- calendar,
- etcetera.
but at another level, there is a number of important meta-software projects out there that we may just want to offer hosting for, without them being necessarily a miscellaneous app. Each of them covers basically file sharing + a lot of miscellaneous apps, and each user would need only one of those, because they replace each other. i think at the moment the most important ones in terms of momentum are (my knowledge may be incomplete here?):
- owncloud
- cozycloud
- sandstorm
- yunohost
- arkos
- turnkeylinux
i'm sure there will be others over the years. would it make sense to just try to offer hosting for each of these? i guess each have their pros and cons, and it's good if people can try them out, compare them, and use the best one for daily use on their domain name, hosted by their indiehoster.
https://forge.liiib.re/indiehost/applications/-/issues/23consider adding LDAP for user management2014-09-01T13:32:08ZOzouxconsider adding LDAP for user management*Created by: michielbdejong*
i just learned a bit about how ynh does this: http://community.remotestorage.io/t/sandstorm-io-personal-cloud-platform/212/5
@pierreozoux you brought this up already, that it's a shitty experience to not ha...*Created by: michielbdejong*
i just learned a bit about how ynh does this: http://community.remotestorage.io/t/sandstorm-io-personal-cloud-platform/212/5
@pierreozoux you brought this up already, that it's a shitty experience to not have SSO / one single password reset option. maybe we could at least use LDAP as much as possible? we could actually reuse a lot of the packaging work from ynh, there (maybe just Dockerize each ynh app? or even run a ynh server inside Docker or even just without Docker?)
https://forge.liiib.re/indiehost/applications/-/issues/22move run.sh to systemd2014-08-22T08:05:31ZOzouxmove run.sh to systemd*Created by: michielbdejong*
for integration in CoreOS and also on other operating systems, a good to make sure containers are restarted when they die
*Created by: michielbdejong*
for integration in CoreOS and also on other operating systems, a good to make sure containers are restarted when they die
https://forge.liiib.re/indiehost/applications/-/issues/21Discussion about infrastructure2014-09-01T10:14:10ZOzouxDiscussion about infrastructureAfter reading all:
http://www.slideshare.net/bobtfish/docker-confjune2014
http://nerds.airbnb.com/smartstack-service-discovery-cloud/
http://clockworkcubed.com/2014/05/consul-and-synapse-service-discovery-and-elastic-load-balancing/
http...After reading all:
http://www.slideshare.net/bobtfish/docker-confjune2014
http://nerds.airbnb.com/smartstack-service-discovery-cloud/
http://clockworkcubed.com/2014/05/consul-and-synapse-service-discovery-and-elastic-load-balancing/
http://jasonwilder.com/blog/2014/02/04/service-discovery-in-the-cloud/
http://jasonwilder.com/blog/2014/07/15/docker-service-discovery/
http://www.consul.io/intro/vs/smartstack.html
http://igor.moomers.org/smartstack-vs-consul/
I feel this is the path:
https://coreos.com/blog/docker-dynamic-ambassador-powered-by-etcd/
Ouh, I'm getting excited :)
So the idea would be to have a manifest file for each of app we support.
I will write a BDD scenario:
Given a user (john) wants to access his wordpress the first time
And the user has already an account with indiehosters
When he goes to his [app store page](http://libreprojects.net/)
And he clicks on wordpress
Then he is redirected to john.indiegue.st/wordpress
And our user sees a waiting page
Then our backend catches this http request
And our backend understands that there is no wordpress for this user
And our backend read the manifest file for wordpress
And our backend satisfies MySQl dependencie
(Given a user (john) wants to access his mysql the first time...)
And our backend satisfies all [dependencies](http://12factor.net/backing-services)
And our backend send the http request to the service ambassador
And the service ambassador responds
The idea is that I don't want poor failover made by hand. Technology is mature for kickass failover. I want to have a rocking service. When one of the VM is down, I don't want the service down for the user :) So yes, one MySQL per user, but a replicated master-master one! And every services consuming MySQL are able to do it so, even if one MySQL instance is down :)
I'm still hoping that we don't have to write this manifest file, and could handle it at the Fleet or Docker level.
And about some services that are shared among users (mail, jabber..), I strongly believe we should use the same scemas as for users. We should dog food it ;) It's not a special case, it's just that the user is Michiel instead of John ;)
And I don't think we will run backup of services of each others (cross hosters). I will personaly have 3 VMs, and they'll backup each other. It's either that, or we share a common cluster (3 VMs also, but we can grow them to more).
https://forge.liiib.re/indiehost/applications/-/issues/20data formats should be tagged in image names2014-08-20T15:13:39ZOzouxdata formats should be tagged in image names*Created by: michielbdejong*
- discard the current format without tagging it
- start a branch for the proper data format, with `/data/server-wide/IMG/` and `/data/per-user/DOMAIN/IMG/`.
- from there on, data format versioning is 100% pe...*Created by: michielbdejong*
- discard the current format without tagging it
- start a branch for the proper data format, with `/data/server-wide/IMG/` and `/data/per-user/DOMAIN/IMG/`.
- from there on, data format versioning is 100% per IMG, meaning we don't really need to tag the server-wide portion (being just this super minimal directory path scheme).
- if we ever need to make a breaking change in the data format of an image, then we rename the image, and possibly create a migration script. This means some users may be running 'resite' and some may be running 'resite2', on the same server, without any problem.
https://forge.liiib.re/indiehost/applications/-/issues/19bouncer certs should live on `/data/domain.com/bouncer/`, not `/data/default/...2014-08-21T11:30:43ZOzouxbouncer certs should live on `/data/domain.com/bouncer/`, not `/data/default/bouncer/cert`*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/18init script should be server-wide `server-init.sh` + `domain-init.sh`2014-08-21T11:48:34ZOzouxinit script should be server-wide `server-init.sh` + `domain-init.sh`*Created by: michielbdejong*
so not specific to the mailserver
*Created by: michielbdejong*
so not specific to the mailserver
https://forge.liiib.re/indiehost/applications/-/issues/17init script should generate files only if missing2014-11-13T18:03:10ZOzouxinit script should generate files only if missing*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/16email password should be in `/data/michielbdejong.com/mail/password/anything`2014-08-21T12:05:52ZOzouxemail password should be in `/data/michielbdejong.com/mail/password/anything`*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/15there should be an authoritative contact email address in `/data/domain.com/c...2014-08-20T15:18:02ZOzouxthere should be an authoritative contact email address in `/data/domain.com/contact.txt`*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/14per-user volumes should be per hostname2014-08-20T15:15:15ZOzouxper-user volumes should be per hostname*Created by: michielbdejong*
so `/data/michielbdejong.com/` instead of `/data/michiel/`
*Created by: michielbdejong*
so `/data/michielbdejong.com/` instead of `/data/michiel/`
https://forge.liiib.re/indiehost/applications/-/issues/13mailserver's `/var/mysql/data` should be a symlink to `/data/default/mail/var...2014-08-21T12:05:52ZOzouxmailserver's `/var/mysql/data` should be a symlink to `/data/default/mail/var/mysql/data`*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/12mailserver's changed config files should be symlinks to `/data/default/mail/e...2014-08-21T12:05:52ZOzouxmailserver's changed config files should be symlinks to `/data/default/mail/etc/postfix/*` etc.*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/11initscript should take hostname `/data/default/mail/hostname.txt`2014-08-21T11:48:34ZOzouxinitscript should take hostname `/data/default/mail/hostname.txt`*Created by: michielbdejong*
*Created by: michielbdejong*
https://forge.liiib.re/indiehost/applications/-/issues/10add bind DNS2019-01-11T15:40:18ZOzouxadd bind DNS*Created by: michielbdejong*
Not very urgent maybe, but right now, to update DNS I have to log in to namecheap and to gandi. Running the authoritative DNS server on our own servers (one each, for instance?) would allow to automate thing...*Created by: michielbdejong*
Not very urgent maybe, but right now, to update DNS I have to log in to namecheap and to gandi. Running the authoritative DNS server on our own servers (one each, for instance?) would allow to automate things more in the long run. It would also be nice to make sure we implement things like ipv6, dnssec, and dane.
https://registry.hub.docker.com/search?q=bind
https://forge.liiib.re/indiehost/applications/-/issues/9converge our servers2014-11-13T10:16:45ZOzouxconverge our servers*Created by: michielbdejong*
@pierreozoux we're now both running our personal website on Docker, but we're each using a different setup to do so. Let's talk about how we can converge our setups, so that they become compatible with each ...*Created by: michielbdejong*
@pierreozoux we're now both running our personal website on Docker, but we're each using a different setup to do so. Let's talk about how we can converge our setups, so that they become compatible with each other and we can develop it twice as fast! :)