# Server and client environments

## Console

- OS: WSL2 (Debian 13)
- Processor: 4vCPU
- Memory: 4GiB
- Disk:
    - 32GiB for `/` (VHD file)
- Services:
    - [x] Terminal
    - [x] Step-CLI
    - [x] Ansible
    - [x] Git
    - [x] Kopia
    - [x] cloud-image-utils

## vmm (Hypervisor)

- OS: Debian13
- Processor: pCPU (N150)
- Memory: 3GiB (margin)
    - KSM allows more than 3GiB for vmm
- MAC:
    - c8:ff:bf:05:aa:b0
    - c8:ff:bf:05:aa:b1
- Disk:
    - SSD:
        - 64GiB for `/` (ext4 in LVM)
        - 700GiB for `/var/lib/libvirt` (ext4 in LVM)
- Services:
    - [x] QEMU/KVM
    - [x] libvirtd
    - [x] ksmtuned

## fw (Firewall)

- OS: Debian13
- Processor: 2vCPU
    - cputune.shares 2048
- Memory: 4GiB
- MAC:
    - 0a:49:6e:4d:00:00
    - 0a:49:6e:4d:00:01
- Disk:
    - SSD: 64GiB for `/` (ext4 in qcow2 file)
- Services:
    - native packages:
        - [x] nftables (firewall based on ZONE)
        - [x] Suricata (IDS)
        - [x] CrowdSec LAPI (IPS)
        - [x] Kea DHCP
        - [x] Wireguard-tool
        - [x] BIND9 (Local authoritative DNS)
        - [x] Blocky (Resolver DNS)
    - Scripts:
        - [x] ddns.sh

## infra (Infrastructure)

- OS: Debian13
- Processor: 2vCPU
    - cputune.shares 1024
- Memory: 6GiB
- MAC: 0a:49:6e:4d:01:00
- Disk:
    - SSD: 256GiB for `/` (ext4 in qcow2 file)
- Services:
    - Rootless containers:
        - [x] PostgreSQL
        - [x] lldap
        - [x] Step-CA
        - [x] Caddy (with nsupdate)
        - [x] Prometheus (alloy - push)
        - [x] Loki (alloy)
        - [x] Grafana 
    <!-- 
        Mail service is not needed, especially Diun is not needed.
        - Postfix
        - Dovecot
        - mbsync
        - Diun
    - Study (Rootless container):
        - Kali
        - Debian 
    -->

## auth (Authorization)

- OS: Debian13
- Processor: 2vCPU
    - cputune.shares 512
- Memory: 2GiB
- MAC: 0a:49:6e:4d:02:00
- Disk:
    - SSD: 64GiB for `/` (ext4 in qcow2 file)
- Services:
    - Rootless containers:
        - [x] Caddy (with nsupdate, crowdsec-http, crowdsec-bouncer module)
        - [x] authelia

## app (Application)

- OS: Debian13
- Processor: 4vCPU
    - cputune.shares 1024
- Memory: 16GiB
- MAC: 0a:49:6e:4d:03:00
- Disk:
    - SSD: 256GiB for `/` (ext4 in qcow2 file)
    - HDD: 4TB for `/home/app/data` (btrfs)
- VFIO (Hardware passthrough):
    - Graphic: N150 iGPU
    - Disk: SATA Controller
- Services:
    - OIDC native services:
        - [x] Vaultwarden
        - [x] Gitea
        - [x] Immich
        - [x] Actual budget
        - [x] Paperless-ngx
        - [x] vikunja (Comparing to Nextcloud deck)
        - [x] OpenCloud (Comparing to Nextcloud)
        - [x] affine (Notion substitution)
        - [x] Nextcloud (Use nextcloud as CalDAV and CardDav, kanban and todo)
        - [x] Collabora office (Link to Nextcloud, it works well)
        - [x] ezBookkeeping 
            - use budget.ilnmors.com for ezBookkeeping, actual budget domain is changed as actualbudget.ilnmors.com
        - [x] sure
            - comparing sure, ezBookkeeping, and actualbudget
            - ezbookkeeping has no function to share the account and budget to the other users.
            - actual budget's YNAB way is hard to adjust
            - sure is heavy, but it is not YNAB and it allows to share account the other users
        - [x] wiki.js
            - check wiki.js to use as base wiki of documents.
        - [ ] TriliumNext
        - [ ] memos
        - WriteFreely or directus + frontend(Astro)
        - MediaCMS or PeerTube
        - Funkwhale or Navidrome or Jellyfin
        - Kavita
        - Audiobookshelf
        - Miniflux
        - Linkwarden
        - Ralph
        - Conduit
        - SnappyMail
    <!--
        - n8n
    - Forward_auth
        - Homepage
    -->

## External Backup server

- OS: DSM (Synology)
- Processor: pCPU (Realtek RTD1619B)
- Memory: 1GiB
- MAC: 90:09:d0:65:a9:db
- Disk:
     - HDD: 4TB
- Services:
    - SFTP
    - Kopia repository server
    - CloudSync (Upload backup files to Cloud)