[HN Gopher] Sovereign: Ansible playbooks to build and maintain y...
___________________________________________________________________
Sovereign: Ansible playbooks to build and maintain your own private
cloud
Author : c0restraint
Score : 402 points
Date : 2020-01-30 14:20 UTC (8 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| jlkuester7 wrote:
| This is a pretty cool setup! I have been tinkering in the self-
| hosting world for awhile now and I would say my biggest piece of
| advice is to learn Docker. (Not trying to shill for Docker here
| or start a Docker vs. Ansible flame war.) In my personal
| experience, Docker images (and docker-compose orchestrations) are
| more pervasive than Ansible playbooks and when it comes to self-
| hosting for personal use, hosting all my services in Docker has
| made it much easier to deploy/maintain them. (Not speaking to
| business use cases since in that situation you should really have
| a deep familiarity with your tech stack and be able to roll-your-
| own Ansible playbook/Dockerfiles.)
|
| Also, there are so many great FLOSS alternatives to Google Apps.
| This repo contains some, but here are some of my favorites:
|
| * Drive/Calendar/Photos/Keep: -
| https://nextcloud.com/ (I prefer this over OwnCloud)
|
| * Docs/Sheets/Slides -
| https://www.onlyoffice.com/
|
| * Mail - https://mailu.io/ (basically a Docker-
| based deployment of Postfix/Dovecot/etc)
|
| * Hangouts - Server - https://matrix.org/
| - Client - https://about.riot.im/ - (I prefer
| Matrix.org over Jabber/XMPP)
|
| * G+/Twitter - https://joinmastodon.org/
| movedx wrote:
| > In my personal experience, Docker images (and docker-compose
| orchestrations) are more pervasive than Ansible playbooks and
| when it comes to self-hosting for personal use, hosting all my
| services in Docker has made it much easier to deploy/maintain
| them
|
| Are you building every container your self? I hope so:
| https://blog.banyansecurity.io/blog/over-30-of-official-imag...
| lxcfan wrote:
| The two are not incompatible. You can deploy containers with
| Ansible.
| yjftsjthsd-h wrote:
| Indeed:) Ansible will happily interface with pretty much
| anything; consider that it officially supports Swarm (https:/
| /docs.ansible.com/ansible/latest/modules/docker_swarm...),
| k8s (https://docs.ansible.com/ansible/latest/modules/k8s_modu
| le.h...), and puppet (https://docs.ansible.com/ansible/latest
| /modules/puppet_modul...) for example:) It makes _excellent_
| glue if used with other things, or a good tool all on its
| own. Which is especially nice because it lets you try new
| things without changing your overall setup too much; you can
| deploy all your services with RPMs, and then move one thing
| into docker, and still use ansible for everything:)
| ggregoire wrote:
| > Not trying to start a Docker vs. Ansible flame war
|
| Don't worry, they serve very different purposes. You already
| probably know but Docker is for running applications in
| isolation, while Ansible is for provisioning and configuring
| hosts. For instance, you won't use Docker to harden sshd on
| your hosts but Ansible.
| eeZah7Ux wrote:
| Yet they are both security disasters.
| bwbmr wrote:
| Are there any good resources (besides OP) for using Ansible
| in a home-server environment? Especially in a mixed docker +
| Ansible environment.
| jefurii wrote:
| After figuring out Ansible work I started using it to
| manage several personal VPS machines and the various boxes
| at home. I just used the Ansible docs, which are pretty
| good.
| chishaku wrote:
| They definitely have overlap. People use Ansible for much
| more than hardening sshd.
| newscracker wrote:
| > I would say my biggest piece of advice is to learn Docker.
| (Not trying to shill for Docker here
|
| The first step to learning Docker by downloading it,
| irritatingly, is that getting Docker Desktop on Mac or Windows
| requires creating a Docker Hub account and signing in! There's
| even a long issue thread about this on GitHub and the response
| was totally irrelevant! Luckily for those who don't want to
| jump through these hoops (through disposable addresses or
| reusable shared logins) or provide an email address, there are
| many people who have posted direct links to the different
| downloads available.
| CraigJPerry wrote:
| I think you can use chocolatey to choco install it without
| going to the docker site.
| davestephens wrote:
| No need for an Ansible vs. Docker argument when you can combine
| them both!
|
| I run a similar project called Ansible-NAS -
| https://github.com/davestephens/ansible-nas - which originally
| came about because I fell out of love with FreeNAS, and felt I
| could do a better job with Ubuntu, Ansible, and a bunch of
| Docker images.
|
| Sovereign is awesome, I've been watching it for a while, but
| I'm not keen on everything being installed directly onto the
| system which is what I tried to solve with Ansible-NAS.
|
| </shameless_plug>
| tvanantwerp wrote:
| Are there any resources you recommend for learning to use
| Docker specifically for self-hosted services in a home lab
| setting?
| jlkuester7 wrote:
| IMHO the official Docker documentation is great! Their
| "getting started" page is a good overview of the Docker
| basics. https://docs.docker.com/get-started/ The CLI --help
| is pretty useful too. I have also found Docker's in-depth
| documentation to be very helpful when trying to figure out
| the more complex features.
|
| I got started by just grabbing a $5 DigitalOcean droplet (can
| get them with Docker pre-installed) and then played around
| trying to setup a simple app. (I think it was RocketChat.)
| https://rocket.chat/docs/installation/docker-containers/
| zzzeek wrote:
| I run everything in containers and I spin up all the images /
| containers from ansible scripts. Am I doing it wrong? I didn't
| think these two tools were in conflict.
| dcardoza wrote:
| They do complement one another but docker has tooling that
| solves similar problems. Does docker-compose
| (https://docs.docker.com/compose/) fit your needs?
| onei wrote:
| I tend to run ansible to setup a VM, e.g. a few packages,
| lock it down to my taste, and then have ansible run docker-
| compose to deploy the application(s) of interest.
|
| You wouldn't use docker to manage the host networking
| (which is where ansible comes in), but packaging whatever
| is listening on ports as a container works really well for
| me
| dragonsh wrote:
| Sovereign can be used as is to create linux container with LXD
| without any changes. You can create container image and than
| use it across your immutable infrastructure.
|
| Don't waste time in Docker, for this purpose use lxd containers
| [1]. LXD containers are more secure than docker in general and
| provide support for unprivileged containers for over 5 years.
| You can use your ansible scripts to create and manage your
| container images the way you manage bare metal or a VM. Indeed
| the modern LXD can help you seamlessly manage VM or Linux
| container [2], because when you need to directly access
| underlying host hardware VM is still more secure than
| container. Also with mount syscall interception in version 3.19
| of LXD [3], it is possible to mount NFS inside container in a
| more secure way with unprivileged container running in user
| namespace.
|
| Initially docker itself was built using lxc [4], but then
| decided to re-invent the wheels to build its own libcontainer
| without any significant advantage over lxc, just NIH. Obviously
| given all the money which went into docker and than kubernetes
| using it. Docker is more famous in spite of being inferior
| because of the marketing money spend on it like Java (a
| language which is famous because, sun spend over 500 million in
| early years of its inception on marketing). Kubernetes is
| famous and a valid tool for google level of problems for 90% of
| startups LXD is a better fit. This is the same fight like old
| times when inferior technology wins due to sheer marketing like
| Blu-ray won but rendered not as useful, same is docker.
|
| [1] https://linuxcontainers.org/
|
| [2] https://discuss.linuxcontainers.org/t/lxd-3-18-has-been-
| rele...
|
| [3] https://discuss.linuxcontainers.org/t/lxd-3-19-has-been-
| rele...
|
| [4]
| https://vyomtech.com/2014/03/04/docker_and_linux_containers_...
| mindslight wrote:
| On the general topic of Ansible and personal infrastructure:
|
| Every time I attempt to use Ansible (or its kin) to manage my own
| network, it feels overly obtuse and ultimately unhelpful. Its
| gains seem to be rooted in configuring a large number of
| _identical_ servers, and isn 't geared for a handful of hosts
| with some commonalities and some differences. Writing playbooks
| feels like a still-imperative wrapper around shell commands, just
| in a bespoke and verbose YAML syntax.
|
| Instead I am using my own script that runs a tree of files
| through a template engine, drops them on each host being
| configured, and then runs triggers based on what has changed.
| This seems utterly simplistic, lacks polish, eschews common
| practices, etc. But the overall configuration seems
| straightforwardly grokkable compared to the heavy tools.
| asokoloski wrote:
| I had a similar reaction, after trying out Ansible at my last
| job. We ended up switching to fabric, which is all in Python.
| It was mostly good but had some awkward warts, which it seems
| that they've mostly addressed in fabric2. Anyway, it might be
| worth a look, based on my understanding of your use case.
| mindslight wrote:
| Fabric seems more down to earth, but doesn't itself solve the
| problem of actually defining the configuration of each host.
|
| Having said that, I am to the point where it would be really
| nice if my ssh pushes ran in parallel, which is one of those
| robust niceties you give up by going your own way. So I'll
| have to revisit Fabric because it would be complementary -
| thanks for the reminder!
| JackRabbitSlim wrote:
| You should check out Saltstack if you haven't already. It's
| actually not far from what your doing now...
| intrepidhero wrote:
| Not a fan of ansible's yaml, but when I setup my personal sever
| (1 websever) with ansible I though it was pretty cool I could
| duplicate my entire setup in a VM for testing with one command.
| Then it saved my butt when I got locked out of my VPS instance
| cause I lost the key. Just spin up a new one and run ansible. I
| was back online in less than 5 minutes.
|
| Not saying you couldn't do that with custom scripts, but I
| found that when I tried writing my own admin scripts I was
| solving problems that the ansible team has already solved. It's
| a matter of what you want to spend time on IMO.
| bcrosby95 wrote:
| I never really saw Ansible as a heavy tool. But a place I
| worked at in the past used cfengine, so my barometer for this
| is probably a bit different.
| mindslight wrote:
| You had a point about error checking that I think is
| pertinent to my not being in Ansible's niche. If a service
| fails to start on a single host, it's because I'm already
| tinkering with that configuration and hence will notice the
| failure. Whereas with tens of highly similar hosts, you want
| to find out about exceptions sooner. I'm actually getting to
| this point with some common things (apt upgrade), hence
| looking into Ansible again recently.
|
| Overall my goal is to write very few on-host configuration
| scripts, and prefer overwriting files. For example, most
| triggers are simply service restarts, which can also be
| performed by a full reboot.
| crmrc114 wrote:
| Dumb question maybe... but why would you not just configure this
| yourself on a single virt/host? Most of these services would take
| less than a day to configure. So many questions on why this is a
| good thing.
|
| Like, there are countless ways to configure your MTA and spam
| filtering- if you are going to have to dig through this config..
| why not just roll your own?
|
| Can someone explain to me why you need ansimble for this? or am I
| just being stupid and this is like an exercise to show what the
| toolchain can do?
| navaati wrote:
| For my fellow HNers, this is "private cloud" in the meaning of
| Owncloud, not of Openstack.
| choward wrote:
| I hear about Nextcloud a lot more than I hear about Owncloud.
| Does anyone know why this project uses Owncloud instead of
| Nextcloud?
| gramakri wrote:
| For some history: ownCloud is a very old stable product. 2-3
| years back it got forked into Nexcloud because the founder of
| ownCloud had some disagreement about ownCloud's direction.
|
| Both the products are backed by companies and both are doing
| quite well. I would say Nextcloud goes more and more into
| expanding it's use case and thus makes it product more
| extensible via plugins. This can be good or bad depending on
| how you look at it. Plugins go unmaintained/incompatible over
| time and are a constant source of pain when upgrading.
| Wordpress gets away with this because it has a massive
| community.
|
| ownCloud on the other hand has decided to double down on it's
| roots of file sharing/syncing. I heard they rewrote their
| stack from PHP to Go now and the frontend is now React.
| Tepix wrote:
| I think there's an open issue for the switch. Just need a
| good pull request by a volunteer...
| crashbunny wrote:
| This project started before Nextcloud existed, I don't know
| why it hasn't switched, though.
| AdmiralAsshat wrote:
| NextCloud was started as a fork of OwnCloud by a bunch of
| OwnCloud devs that were unhappy with the direction the
| product was taking.
|
| You can think of it in much the same way as OpenOffice vs
| LibreOffice: devs fork to make a new product, the
| "original" product stagnates and is mostly used for rent-
| seeking.
|
| The downside of both is that, to my ears, both "OpenOffice"
| and "OwnCloud" better signify to outsiders what the product
| accomplishes, while "LibreOffice" and "NextCloud" really
| don't, unless you're already familiar with the product or
| product history.
| nemoniac wrote:
| Also Nextcloud puts a LOT more effort into publicity than
| Owncloud.
| [deleted]
| judge2020 wrote:
| Based on how long this project has existed, I suspect they
| chose owncloud before nextcloud was forked and changing it
| hasn't happened/some people don't want to change their
| already working installations.
| OJFord wrote:
| Isn't this just duplicating effort that's probably already been
| done, in many cases by the first-party maintainers, in
| Dockerfiles?
|
| I don't mean to start 'Docker vs. Ansible', I just wonder why if
| you wanted a quick way to setup a single-server 'own private
| cloud' you wouldn't just go with what already exists, and list
| the images you want in a docker-compose.yaml file?
|
| (Which would additionally set you up for 'scaling' if you had any
| concern that you might be able to save some cash with a two or
| three smaller servers than one big one by the time you'd
| installed everything you want.)
| thinkmassive wrote:
| Not everyone wants Docker installed on their servers. It's not
| a requirement with this playbook.
|
| Furthermore, if you do want to use containers, there are tools
| like ansible-bender[1] that use Ansible to build container
| images.
|
| [1] https://github.com/ansible-community/ansible-bender (edited
| the link to point to the ansible-community repo)
| OJFord wrote:
| But I'd have thought if you care that Docker isn't installed
| on your servers, you're probably not running this anyway?
|
| It seems to me that the target demographic is people that
| just want the least effort minimal faff way of getting some
| services up and running for personal non-production use. And
| for that it was my suggestion that many of the services
| probably already provide a Dockerfile upstream, so the
| easiest thing to do would be to install docker-compose, list
| the images, and `up`.
| thinkmassive wrote:
| This project has nothing to do with Docker, and there are
| many reasons why someone would want to avoid running Docker
| on a server (a separate issue from using containers). I'm
| confused about why you think Docker is relevant to this set
| of Ansible playbooks, and also why this would only be
| suitable for "personal non-production use."
|
| The only requirement for a remote host to be managed by
| Ansible is python, and even that can be installed by
| Ansible itself using the `raw` module on an initial run
| with nothing but ssh access.
|
| No need to gather a bunch of random Dockerfiles from
| various places, tweak them to be compatible, and create a
| docker-compose file from scratch... how is that "the
| easiest thing" when this is a complete set of Ansible
| playbooks where the work is already done?
| OJFord wrote:
| I meant easier than creating these Ansible playbooks from
| scratch, when many if not all of the playbooks will do
| the same required steps as have already been encoded in
| Dockerfiles in many cases by the maintainer of the
| upstream project (the one being deployed) itself. There
| certainly could be value in collecting that in one place
| still.
|
| The first line of the readme says it's for a 'personal
| cloud'.
| thinkmassive wrote:
| The initial commit of this repo is from August 2013, a
| few months before the first public beta release of
| docker-compose.
| LinuxBender wrote:
| This looks useful. Is the fork more out of date than the
| source it was forked from, or am I reading the dates wrong?
| thinkmassive wrote:
| Oh, good catch, I would use https://github.com/ansible-
| community/ansible-bender
|
| I just copied the first link that showed up in a search,
| which looks like it's the personal repo of the project
| maintainer but is pretty far behind the upstream repo now.
| _jal wrote:
| Isn't docker just duplicating effort that's already been done
| in LXC or jails?
| OJFord wrote:
| Are LXC and jails polularly used by maintainers of projects
| like owncloud, readlater, and such that Sovereign installs?
|
| I explicitly said that I wasn't making it about Docker vs.
| Ansible - I don't care - I just mean that Docker is very
| often used by first party maintainers (and if not by someone
| else) to package these services, so use what's there; if it
| had happened to have been something else that took off in
| that way, an Ansible playbook say, then that, but it's
| Dockerfiles that are in that position.
| slowhand09 wrote:
| This is dated 2015. I hadn't heard of Docker in 2015.
| OJFord wrote:
| That's as may be, but it did exist, and was popular.
| gramakri wrote:
| For those in the market to run a private cloud, please try
| https://cloudron.io . Our motivation is to make it simple to
| selfhost apps . The main advantage is that we take care of
| automatic updates across all the apps we package. Happy to answer
| any questions.
|
| Disclaimer: I am the co-founder
| jlgaddis wrote:
| Is it really self-hosting if you're running it on someone's
| cloud?
| wpietri wrote:
| Definitely.
|
| I mean, you could play an infinite regress game. Do you own
| the hardware? Do you own the cage the hardware is in? Do you
| own the building that the cage is in, and the land that the
| building is on? And then we can go toward owning the power
| company and the connections to anybody your servers talk to.
|
| But in practice, self-hosting is about control. If what
| you're running it on is a commodity cloud instance that you
| could get from a half-dozen providers, then any one cloud
| provider has very little leverage over you.
| Tepix wrote:
| No. If you have dedicated hardware (rented or owned) and
| full disk encryption you have decent control over your
| data. On a virtual server you have no control and no
| privacy.
| gramakri wrote:
| I think like many other terms like 'cloud', 'private', 'start
| up' there is a lot of gray area :). It's up to you where you
| draw the line. For me, self-hosting means running software in
| a manner where I have control of the data/application code
| and the server. With that definition, running software on
| EC2/DO/Linode is self-hosting. When I self-host using these
| servers, I know what the server is running and where the data
| resides.
|
| Also, I think there are other similar popular terms. For
| those who run in their own premises, the term is on-premise.
| For those running it home, usually they call it home
| lab/NAS/home server. Self-hosting to me encompasses all this.
|
| Also, self-hosting doesn't necessarily mean just open source.
| There are some amazing closed apps out there that you can
| self-host - emby, confluence, teamspeak to name a few.
|
| Two of my favorite spots - https://github.com/awesome-
| selfhosted/awesome-selfhosted and
| https://www.reddit.com/r/selfhosted/
| ocdtrekkie wrote:
| I think it's also important to highlight that perfect is
| the enemy of good. I moved from Google services (A) to an
| open source platform... that I was paying them to host on
| Google Cloud (B). Sure, it's still at Google, but the
| ability for Google to mine data from it is significantly
| reduced. Of course, later, I moved to hosting it in-house
| (C), where I have direct physical control.
|
| It's likely if my choices were A or C, I'd have never left
| A. But that B option eased the transition for me, and made
| it possible for me to get to the point I felt like the
| investment was worth it to create a fully on-premise
| solution.
|
| There's a part D to this too, actually: I'm still using a
| service to manage the DNS and TLS for it. Eventually I
| should be able to move away from that too. But without the
| intermediate step, it'd be too prohibitive and frustrating
| to have moved to step C.
| gramakri wrote:
| Great point about D. I self-host at home (it's a
| thinkcenter m600) but it depends on external services. I
| use DO DNS and Let's Encrypt TLS, backup to S3. Not to
| mention I rely on comcast for internet and public IP!
| solarkraft wrote:
| Interesting stack. From a first glance it seems to be a bunch
| of self-made Dockerfiles with an extra manifest. I like the
| idea, but wouldn't want anything proprietary for this
| relatively simple task.
|
| I suppose this product isn't for me anyway, since eventually
| (not that long ago) I just bit the bullet and learned the
| basics of Docker and docker-compose. It's not that hard, costs
| nothing and is pretty rewarding, imo.
| zapt02 wrote:
| For anyone looking for a free alternative to this, check out:
| https://caprover.com/
|
| It has many of the same apps as Cloudron and is completely
| free. And you can of course host your own Dockerfiles on top of
| it.
|
| I think the pricing for Cloudron is way off. I'm not going to
| spend 5 dollars per month for a DigitalOcean droplet and then
| 30 dollars per month to host a few open-source apps on that
| Droplet. Especially since CapRover does 99% of this for free.
| jophde wrote:
| I currently just let my desktop run constantly. It runs Windows
| in a KMS for games and sleeping breaks it so I never even
| suspend. It only seems to use about $10/month in power. I have
| been considering using DDNS through my router and Cloudflare and
| trying to create a iOS/Android app that will automatically upload
| my photos to the my DDNS for storage on my desktop. It feels a
| little crazy but the idea of syncing my photos to my own machine
| with no middle man is comforting.
|
| DDNS seems like it's a local too good to be true for solving the
| dynamic IP problem. I'd prefer to have a static IP for my gigabit
| Internet but sadly Webpass doesn't allow it. Does anyone have
| experience doing something like this?
| Annatar wrote:
| Quit this damn nonsense with Ansible or whatever garbage fashion
| fad is in vogue these days and finally learn how to make OS
| packages so you can do configuration management with normal shell
| scripting inside of them, because that's what it's for. The
| amount of incompetence and insanity from incompetence has gone
| too far. Damn it, this is exactly why IT sucks so bad!!!
| skube wrote:
| Not sure why you are being downvoted. There are way too many
| people posing as engineers out there inventing all sorts of
| stupid shit. If you can't deploy the software you write you
| shouldn't be writing software - period.
| ex_amazon_sde wrote:
| HN has decided that running arbitrary commands on your
| production systems is OK.
|
| And that doing packaging, staging with CI/CD and immutable
| infrastructure is unnecessary.
|
| FAANG companies clearly disagree.
| davestephens wrote:
| Maybe you've never worked with someone that sucked at shell
| scripting, or packaging.
|
| Ansible is awesome for enabling people to do reasonably
| complicated things in a consistent manner, at scale, without
| having to write all of the boilerplate code to be able to do
| so.
|
| This is forgetting the fact that Ansible is reasonably
| opinionated, which is great for lowering the barrier to entry
| and helping devs/admins to be productive quickly.
|
| When I just need to Get Shit Done, Ansible is awesome.
| wtf1234 wrote:
| > lowering the barrier to entry
|
| That's the opposite of a good thing.
|
| > When I just need to Get Shit Done, Ansible is awesome.
|
| "just" is the keyword. "just" instead of caring about long
| term maintainability and security
| djsumdog wrote:
| I wrote something similar that's custom for my personal
| infrastructure:
|
| https://github.com/sumdog/bee2
|
| There are some blog posts in the README that go into how I built
| a lot of it. A lot of it is specialized for me though. I have a
| ton of rspec/tests but I don't have a real config schema or
| entirely useful error messages. I might add some in the future.
|
| Looking at the list in this, I'd advice against
| nextCloud(ownCloud). I recently setup their official Docker
| containers and the web piece works alright, but their F-droid app
| continually crashes and I had to uninstall it and the nextcloud-
| client in Gentoo's package manager segfaults at home and refused
| to build at work.
|
| I've read other stories of data loss with nextcloud. It might be
| better now but my initial experiences made me use syncthing.
| Syncthing does use relays if you're behind a NAT, but if you have
| openvpn setup, you can also force it to use a direct IP address
| as well.
|
| If you're thinking if self hosting and have the time, I'd suggest
| building it yourself; borrowing (and properly
| accrediting/licensing) other open source projects, their ansible
| scripts and containers and such. You learn a whole lot about why
| this tooling is so complex.
| cs702 wrote:
| Does anyone here on HN have experience _using_ Sovereign in a
| team setting? I have a few questions:
|
| * _Mobile contact and calendar syncing_ : How well and reliably
| does it work?
|
| * _Calendar group features_ : how well do they work?
|
| * _Setup and maintenance_ : how much hassle is involved?
| ses1984 wrote:
| Doing that stuff is hard.
|
| Sovereign doesn't solve all your operational problems.
|
| I think it's suitable for personal use. I wouldn't run it in a
| production setting without thoroughly understanding all parts
| of the stack.
|
| I would say it's good for personal use or to demonstrate what
| ansible is capable of.
| fak3r wrote:
| I've used this project off and on for years, and it's always
| worked perfectly. I'd have an infosec conference to go to, I'd
| setup a host with wireguard, give my friends the cert, we'd all
| tunnel out though that, then tear it down after the con. Total
| cost a few dollars (most are $5/month)
| TheFiend7 wrote:
| This looks super cool.
|
| Though somewhat offtopic, this line absolutely cracked me up.
|
| >A VPS (or bare-metal server if you wanna ball hard).
|
| I can appreciate a sense of humor.
| Tepix wrote:
| Wow, didn't expect to see Sovereign at the top of HN today! I'm
| one of the project contributors.
|
| If this project piques your interest, please consider
| contributing! We could really need more helping hands.
|
| Ansible is easy to learn and most (not all!) problems due to new
| versions are easy to fix.
|
| Also, if you only want to use a fraction of what Sovereign has to
| offer to reduce your server's attack surface, that's easy! Just
| follow the instructions.
| dguido wrote:
| There are so many servers and apps being installed by Sovereign
| that I'm certain few would be able to keep it secure
| (https://github.com/sovereign/sovereign/wiki/Software-used-
| by...). The big win for the cloud is that you're paying a
| fraction of the cost for access to a, typically, enormous
| security and operations team. If you want to build software like
| this that allows people to self-host, you need to scale down what
| you deploy to what a single person can reasonably manage. This
| isn't it.
|
| Fun todo: Install this somewhere, nmap it for open ports, then
| ask "How many of these services had a remotely exploitable CVE in
| the last year?" "If one of these services had one tomorrow, would
| I know to patch it and take action faster than someone would
| takeover my box?" I don't see any containment mechanisms on any
| of these services beyond what's included by default so a
| compromise of one service likely leads to total compromise of the
| entire box.
|
| I had to think about this a lot with AlgoVPN
| (https://github.com/trailofbits/algo), and we built a system with
| no out-of-the-box remote administration, strong isolation between
| services with AppArmor, CPU accounting, and privilege reductions,
| and limited third party dependencies and software. You can't
| count on a full-time, expert system administrator.
| PaulRobinson wrote:
| fail2ban and rkhunter are in the kit, and that offsets some of
| the issues: you get some assurance and protection right there
| out of the box.
|
| You can also comment out the bits you don't want from
| https://github.com/sovereign/sovereign/blob/master/site.yml
| before you run the top level playbook.
| wpietri wrote:
| This touches on a problem I've been thinking about a lot. AWS,
| etc, have solved the problem of hardware operation.
| Containerization is doing the same for OS operation. I think
| the next thing is _app_ operation.
|
| For some things, I'm happy to use SaaS providers, where they
| are responsible for the whole stack. For others, I'm happy to
| use apps, where they just provide the code, and I provide the
| platform. But for a number of things, I want something in
| between: I provide storage and compute, they provide code and
| operations.
|
| Bitwarden for me is a good example. They're a password manager
| who provides their backend as a docker container anybody can
| run. I like that, as I don't really want them to have my data,
| and if they go out of business, I don't want to be cut off from
| my passwords. But I won't run the backend myself, because I
| don't have the time and expertise necessary to make sure it
| stays secure.
|
| Another good example is photo hosting. I would rather keep all
| my photos on space I control. But I also need modern,
| maintained software for syncing, serving, and controlling
| access to photos and related data. I'm happy to pay somebody to
| make and maintain that software, but not nearly as happy if
| that means that at any point they might shut down and take my
| data with them.
|
| I suspect we're headed toward a future where people like
| Synology and Digital Ocean sell storage+compute, and then other
| companies sell and maintain user-selected software that runs on
| those environments. Basically, some sort of app store for
| servers. But I'd love to see this happen in an open,
| nonproprietary way, as the drawbacks of Apple's and Google's
| app stores have become pretty clear.
| omnimus wrote:
| Maybe something like this https://remotestorage.io/ becomes
| popular. I would love to make apps that use user owned
| universal storage/server.
| yjftsjthsd-h wrote:
| Sandstorm was a really nice solution to this, but it required
| each app to be integrated with it, which I personally think
| is what killed it. (Which sucked, because for what it
| supported it was the best option available)
| ocdtrekkie wrote:
| Please don't past-tense Sandstorm! The community is still
| working on it. Albeit a little slower. ;)
| wpietri wrote:
| Ah, interesting! Just reading the home page wearing my
| developer hat makes this stand out: "Each document, chat
| room, mail box, notebook, blog, or anything else you create
| is a "grain" in Sandstorm. Sandstorm containerizes each one
| in its own secure sandbox from which it cannot talk to the
| world without express permission."
|
| The notion that every document is its own independent unit
| sounds pretty menacing to me. Could be fine for some
| things, but getting things running there is sounding like a
| fair bit of work to me, and very limited.
|
| And then this part is especially bad: "[maybe someday] You
| won't have to deal with payments | Eventually, we hope to
| make Sansdtorm implement in-app purchases and deposit the
| proceeds directly to your bank account"
|
| Right there a lot of incentive to integrate has leaked out.
| "Please build for our platform in exchange for no money" is
| not quite the worst offer I've had, but it's definitely not
| appealing. Looking through the Wayback machine, I see
|
| But the part that really concerns me is that they seem to
| think that server apps can run like mobile apps. To me one
| of the most powerful things about SaaS products is that the
| aggregated use information drives both product and
| operational improvements and allows rapid response to bugs
| and issues. So as a developer choosing between this and a
| SaaS approach, this feels like having one foot in a bucket
| to me.
|
| For example, I recently outsourced my mail hosting to
| Fastmail precisely because I want experts to run things.
| Would I be happier if the data were stored somewhere I
| control? Definitely. But not if that means the experts
| aren't paying attention anymore.
| ocdtrekkie wrote:
| Sandstorm's design is a little bit menacing! And it does
| require a fair bit of work sometimes to fit web apps not
| built for Sandstorm into Sandstorm's model. (The holy
| grail here is apps built for Sandstorm, but the platform
| needs to be bigger before more developers do that.)
| Usually packaging for Sandstorm largely entails locking
| an app into a single-document model, and stripping out
| authentication (since Sandstorm handles it).
|
| But the end goal is pretty well worth it: Any grain is
| incredibly secure by default, and for the most part, app
| vulnerabilities are irrelevant. A grain where only you
| have access doesn't need any sort of authentication or
| security in the app at all. And since each document is
| it's own sandbox, sharing a document with someone doesn't
| give them a way in to exploit access to your other
| documents as might happen with a vulnerability in a more
| traditional design.
|
| The business model story for selling Sandstorm apps isn't
| super great right now, you probably could have a
| licensing model that requested network access through the
| Powerbox to check the license or something, but in many
| cases, there's already a wide variety of great open
| source apps that are free and just frustrating to host
| and manage without a platform like Sandstorm (or
| Cloudron). (EDIT: Now that I think about it, Sandstorm
| used to have a paid license key/feature key system that
| made no callbacks, I think the licensing info was
| encrypted asymmetrically.)
|
| As for your support of SaaS data collection, I just can't
| really agree with you: People who want to give data to a
| developer can choose to do so, but I think it's ethically
| wrong to collect data without permission. (Sandstorm
| servers do have the ability to opt in to provide basic
| app usage data back to Sandstorm's development team.)
|
| I love FastMail, and have been an enthusiastic customer
| since 2016. :)
| newscracker wrote:
| > Fun todo: Install this somewhere, nmap it for open ports,
| then ask "How many of these services had a remotely exploitable
| CVE in the last year?" "If one of these services had one
| tomorrow, would I know to patch it and take action faster than
| someone would takeover my box?" I don't see any containment
| mechanisms on any of these services beyond what's included by
| default so a compromise of one service likely leads to total
| compromise of the entire box.
|
| This is the same concern I have with self-hosting anything with
| sensitive personal information on it. Without continuous
| monitoring, alerts and periodic review of audit trails, it's
| anybody's guess what's going on with all the self-hosters'
| data. With larger companies that provide a SaaS solution,
| there's a little more hope that someone is looking at this
| seriously all the time.
| Tepix wrote:
| You're not expected to use and install all of the services
| offered by Sovereign, just as you're not expected to install
| all packages of your Linus distribution. I guess we need to
| make this more explicit in the documentation. Just pick
| services you plan to use during the installation phase as
| outlined in the instructions.
| Domenic_S wrote:
| The documentation instructs you to pick the services you plan
| NOT to use:
|
| > _Don't want one or more of the above services? Comment out
| the relevant role in site.yml._
| slovette wrote:
| Is there a benefit to doing this over something like Cloudron(1)?
|
| I see this being for people that just want things to work without
| much of the effort to make it so. If that's the case, a simple
| web UI that treats all the little solutions as "apps" in a way
| makes sense. Not plugging here, just curious to the practical
| everyday differences.
|
| 1. https://cloudron.io
| ocdtrekkie wrote:
| Cloudron.io seems pretty nice, speaking as someone who
| uses/works on a different platform (Sandstorm.io). Cloudron is
| going to cost you money if you want the benefits of automatic
| updates and the like, which is a downside for some (I think
| paying for good products/services is worthwhile), but I
| absolutely think making management of a ton of apps simple like
| a phone is the key to self-hosted online services. One of the
| biggest features of a good self-hosting platform should be
| unified authentication and identity, so you aren't managing
| your account on a dozen different apps.
|
| I've always been impressed by Cloudron's well-maintained app
| library and constant march of major feature improvements to the
| platform.
| rlander wrote:
| Just wanted to mention that Sandstorm is awesome. For some
| reason, despite being around for years, I only found out
| about it recently. I really think that it should be way more
| popular than it currently is. Lots of apps are outdated, so
| I'm planning on investing some personal time to contribute to
| it.
| ocdtrekkie wrote:
| By all means, hit us up on the mailing list or in IRC if
| you have any questions or need any help!
| choward wrote:
| One of the most important things when managing data is not losing
| it. Does this have a solution for doing backups built in or do
| you come up with your own solution like using something your web
| host provides?
| tzumby wrote:
| I haven't used this myself but it looks like it uses nightly
| encrypted backups using Tarsnap
| nemoniac wrote:
| Did you miss the bit about tarsnap?
| choward wrote:
| Apparently I did. Oops.
| say_it_as_it_is wrote:
| Could anyone describe what this means without the marketing
| cloud-speak bullshit?
| Ohn0 wrote:
| It's using ansible to setup and configure a bunch of open
| source applications for common "cloud" apps like email, files,
| rss, etc.
| jj11837 wrote:
| Seriously, this technology isn't new.
| slowhand09 wrote:
| True, but its new to some people. Probably 1/3 of the
| articles posted on HN are several years old, but still new to
| some people.
| apetresc wrote:
| It's abundantly clear in the README. Every single component is
| spelled out. Did you only read the title or something?
| ainiriand wrote:
| You really have a very good username.
| say_it_as_it_is wrote:
| living up to it as best I can
___________________________________________________________________
(page generated 2020-01-30 23:00 UTC)