sjat/MakerFLOSS
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
MakerFLOSS/docs/infrastruktur/vps-og-dns.md
sjat 25f27f1f20 docs: updated todo
2026-04-14 16:46:06 +02:00

4 KiB
Raw Permalink Blame History

VPS and DNS Setup for MakerFLOSS

This page documents the technical infrastructure behind MakerFLOSS — including our VPS server and DNS management. The setup is managed via the Ansible project AnsibleBaobabV4.

VPS Server

Overview

Field Value
Hostname makerfloss
IP address 88.99.32.236
SSH port 7576
Role Forgejo git forge
Description "Forgejo git forge"

Services

The server runs the following services via Docker:

  • Forgejo — self-hosted git forge, available at https://forgejo.makerfloss.eu
  • Traefik — reverse proxy with automatic TLS certificates via Let's Encrypt
  • Node Exporter — Prometheus metrics (port 9100)

Firewall Rules

Port Protocol Purpose
80 TCP Traefik HTTP (redirects to HTTPS)
443 TCP Traefik HTTPS
7577 TCP Forgejo SSH (git over SSH)
9100 TCP Node Exporter metrics

Forgejo Configuration

Field Value
Domain forgejo.makerfloss.eu
Root URL https://forgejo.makerfloss.eu
SSH domain forgejo.makerfloss.eu
SSH port 7577
Open registration Yes (for now)

Current Limitations

  • WireGuard is not configured yet — the server is isolated from the internal network.
  • Backup is disabled, as the backup server (papa) is unreachable without a WireGuard tunnel.
  • Centralised logging is disabled for the same reason (Loki on tembo is unreachable).

DNS Management

Registrar and DNS Provider

The domain makerfloss.eu is registered and managed via Gandi.net.

The Gandi LiveDNS API is used for declarative DNS management via the Ansible role baobab.gandi_dns.

DNS Records

These records are managed automatically by Ansible and must not be edited manually in the Gandi panel:

Name Type TTL Value Purpose
@ A 300 88.99.32.236 Apex domain → VPS
forgejo A 300 88.99.32.236 Forgejo git forge
www CNAME 3600 makerfloss.eu. www → apex

TLS Certificates

Traefik automatically manages TLS certificates via Let's Encrypt using DNS-01 challenge:

  • DNS provider: Gandi (gandiv5 via lego)
  • Certificate resolver: letsencrypt
  • Wildcard: makerfloss.eu and *.makerfloss.eu
  • ACME email: sjat+letsbaobab@ziethen.dk

Updating DNS Records

DNS records are updated by running the DNS playbook in AnsibleBaobabV4:

ansible-playbook play_dns.yml --limit makerfloss

Always change records in host_vars/makerfloss.yml (under gandi_dns_records) — never directly in the Gandi panel.

Access

SSH

ssh -p 7576 sjat@88.99.32.236

Git (via Forgejo)

git clone ssh://git@forgejo.makerfloss.eu:7577/<user>/<repo>.git

Infrastructure Code

All configuration lives in the Ansible project AnsibleBaobabV4:

File/directory Contents
host_vars/makerfloss.yml All host-specific configuration
play_dns.yml Playbook for DNS management
play_containers.yml Playbook for container deployment
roles/baobab.gandi_dns/ Ansible role for Gandi LiveDNS
roles/baobab.traefik/ Ansible role for Traefik reverse proxy
roles/baobab.forgejo/ Ansible role for Forgejo git forge