path:
/readme.md
5.54 KB | plain1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# My ansible files
These are my ansible files that i use to deploy my two servers.
i'm using alpine linux on all my servers.
#### one of them (called wanderduene) runs the following services:
* __acme-redirect__ handles acme-cert stuff with lets-encrypt and redirects everything else to https
* __bind__ dns server - it serves dns zones for all my domains, master
* __nginx__ webserver - terminates all https stuff for other services and serves static content
* __maddy__ my mailserver - using it actively for all my mail business
* __pleroma__ a mastodon compatible ActivityPub server - using it for all my social-media needs
* __synapse__ a homeserver for the matrix protocol - using it to communicate with others
* __gitolite & cgit__ (or providing git hosting via ssh and a webinterface
* __prometheus & grafana__ for some basic monitoring
* __radicale__ cal- & card-dav server - using it to sync contacts and calendar across my devices
* __oeffisearch__ web based journey planner for Germany and partly Europe
* __frps__ a reverseproxy for services benhind nat - using it to make my machines at home accessible online
#### And the other one (called taurus):
* __acme-redirect__ handles acme-cert stuff with lets-encrypt and redirects everything else to https
* __bind__ dns server - it serves dns zones for all my domains, slave
* __nginx__ webserver - terminates all https stuff for other services and serves static content
* __syncthing__ decentralized peer-to-peer file sync - using it to sync files across all my devices, on this server as a online backup
* __rest-server__ http-server for restic's protocol - using it to sync my restic backups to this server
## Port mappings
### wanderduene
| Port | tcp | udp | Service | Protocol | Description | Firewalled |
|:------:|:---:|:---:|-------------------|------------|----------------|:----------:|
| 22 | x | | sshd | ssh | | no |
| 25 | x | | maddy | smtp | | no |
| 53 | x | x | bind | dns | | no |
| 80 | x | | acme-redirect | http | | no |
| 143 | x | | maddy | imaps | | no |
| 443 | x | | nginx | https | | no |
| 465 | x | | maddy | smtps | | no |
| 587 | x | | maddy | smtps | | no |
| 993 | x | | maddy | imaps | | no |
| 1234 | x | | fritzbox-exporter | http | | no |
| 2201 | x | | frps | ssh | ? | yes |
| 3000 | x | | grafana | http | | yes |
| 4000 | x | | pleroma | http | | yes |
| 4369 | ? | ? | epmd | ? | ? | yes |
| 5001 | x | | oeffi-web | http | instance1 | yes |
| 5002 | x | | oeffi-web | http | instance2 | yes |
| 5003 | x | | oeffi-web | http | instance3 | yes |
| 5004 | x | | oeffi-web | http | instance4 | yes |
| 5050 | x | | frps | frp | | no |
| 5232 | x | | radicale | http | | yes |
| 5432 | x | | postgres | postgresql | | yes |
| 8008 | x | | synapse | http | | yes |
| 8001 | x | | fcgiwrap (cgit) | ? | | yes |
| 8081 | x | | oeffisearch | http | instance1 | yes |
| 8082 | x | | oeffisearch | http | instance2 | yes |
| 8083 | x | | oeffisearch | http | instance3 | yes |
| 8084 | x | | oeffisearch | http | instance4 | yes |
| 8088 | x | | frps | http | vhost | yes |
| 8142 | x | | chartsrv | http | | yes |
| 9090 | x | | prometheus | http | | yes |
| 9100 | x | | node_exporter | http | | yes |
| 37311 | ? | ? | ? | ? | | yes |
### taurus
| Port | tcp | udp | Service | Protocol | Description | Firewalled |
|:------:|:---:|:---:|-------------------|------------|----------------|:----------:|
| 22 | x | | sshd | ssh | | no |
| 53 | x | x | bind | dns | | no |
| 80 | x | | acme-redirect | http | | no |
| 443 | x | | nginx | https | | no |
| 8060 | x | | rest-server | http | | yes |
| 8384 | x | | syncthing | http | | yes |
| 9100 | x | | node_exporter | http | | yes |
| 22000 | x | | syncthing | | | no |
| 21027 | | x | syncthing | | | no |
this file might be out of date, i don't plan to update it regularly