We have decided to restart the monthly state of Project Segfault blog posts again!
This month had a lot of changes, ranging from the long-awaited ISP change on Soleil Levant, to the launch of the India Node & the pubnix and the website's rewrite!
Beginning with Soleil, we have finally moved over to Orange S.A. for our ISP from Bouygues Telecom. This also came with an increase in our network speeds!
We also now have a more powerful UPS, which means we can use a more performant RAID write policy, leading to better performance!
This also means the router/ONT got redundant power thanks to the old UPS.
We also now have redundant network cards, after the issues we faced with the Broadcom one that came with the server.
We use an active-backup bond, which means it will switch over to the new Intel NIC if the inbuilt Broadcom one fails.
This thing has been procrastinated for so long.
In short, we are trying to restructure Project Segfault to make it more secure.
This includes separating things into multiple VMs, and deleting old & unused configs, containers etc.
We have started work on this long-awaited project now, and will continue to do so in the coming weeks. A lot of the services have already been migrated, such as akkoma, authentik, hedgedoc, all 3 matrix clients, maubot (matrix bots), plausible, vaultwarden and vikunja.
You can find more information about the restructure and the current status of the same at its wiki page
These new changes have made Soleil Levant more redundant, and hopefully, also more stable.
In other server-related news, the India Node is finally up!
We will follow the same policies we followed for the US Node, including the complete separation of data.
The US node, Pizza-1 and the Status VPS have received complete IPv6 support!
We are working on setting it up on Soleil Levant, but there is no ETA :P.
Bharti Airtel, the ISP of the IN Node does not provide IPv6 capabilities when a static IP is procured. Hence, we cannot setup IPv6 on it.
However, we also have a bit of sad news, Hebergnity, which has been the VPS we have been using for uptime monitoring for ages, has been shut down due to VMWare ransomware. Due to this, we have migrated to OVH for status.
But, the OVH VPS is a lot more expensive than Hebergnity, so we need your donations more than ever to sustain it.
UPDATE 25/03/23: There was a message sent by Hebergnity's founder in their discord server, stating that the VPSes should be back by this weekend. We will be migrating back to it as soon as we get it.
The website has had a massive revamp, now having a new navbar, faster page loads, a new design, and more!
We also rely on Uptime Kuma based announcements instead of having a separate endpoint for it, which makes it easier for us to update things internally!
We have also removed the contact form, which was painful to maintain and rarely used.
We now have a "CDN" that is balanced between our US/IN/EU nodes with GeoDNS, just like our privacy frontends.
The CDN is currently very basic but will be updated soon to have more including a webui for uploading and managing files!
We first had the idea of setting up a Pubnix over 6 months ago, and we have finally set it up!
Basically, a pubnix is a Linux system you can SSH into and host stuff on. It allows you to also learn a lot about unix system administration.
Our pubnix however, is a lot different from the other popular ones, allowing the user to host containers, install packages without admin intervention (via nix), manage stuff via the cockpit webui and get full freedom over their webserver configuration, along with giving them access to *-username.p.projectsegfau.lt.
The pubnix account also allows you to signup for most of our other services via unified OIDC auth (authentik).
You can also learn more about it and document its features on the wiki category for the pubnix
We now have a wiki to document many parts of Project Segfault, ranging from the documentation of our infrastructure to user-facing information and guides.
We had a ton of problems with networking on mailcow, and hence decided to move over to MailU.
This is because Orange does not allow outgoing to port 25, which is required to send email.
Another mail service we now have is simplelogin.
The service is hosted on the status vps, since its the only other server with good mail reputation we have.
It allows you to send and receive emails securely with aliases, and even has inbuilt PGP support!
However, we have decided to make it an invite-only service since bigger mailservers are very finicky about reputation.
We now have a jitsi instance, which allows you to have private video conferences with end-to-end encryption.
We hope this helps more people move away from privacy-invasive services like Zoom.
We now have a Hedgedoc instance, which allows you to collaboratively write markdown. You can think of Hedgedoc as a privacy friendly, alternative to google docs.
In addition, have a Vaultwarden instance, which is a self-hosting friendly Bitwarden server. This allows you to safely host your passwords and other sensitive data, with great encryption.
Due to popular demand, we have now setup a teddit instance, which is another frontend to reddit.
We now have a Rimgo instance, which is a frontend for Imgur.