VPS and DNS Setup for MakerFLOSS¶
This page documents the technical infrastructure behind MakerFLOSS — including our VPS server and DNS management. The setup is managed via the Ansible project AnsibleBaobabV4.
VPS Server¶
Overview¶
| Field | Value |
|---|---|
| Hostname | makerfloss |
| IP address | 88.99.32.236 |
| SSH port | 7576 |
| Role | Forgejo git forge |
| Description | "Forgejo git forge" |
Services¶
The server runs the following services via Docker:
- Forgejo — self-hosted git forge, available at
https://forgejo.makerfloss.eu - Traefik — reverse proxy with automatic TLS certificates via Let's Encrypt
- Node Exporter — Prometheus metrics (port 9100)
Firewall Rules¶
| Port | Protocol | Purpose |
|---|---|---|
| 80 | TCP | Traefik HTTP (redirects to HTTPS) |
| 443 | TCP | Traefik HTTPS |
| 7577 | TCP | Forgejo SSH (git over SSH) |
| 9100 | TCP | Node Exporter metrics |
Forgejo Configuration¶
| Field | Value |
|---|---|
| Domain | forgejo.makerfloss.eu |
| Root URL | https://forgejo.makerfloss.eu |
| SSH domain | forgejo.makerfloss.eu |
| SSH port | 7577 |
| Open registration | Yes (for now) |
Current Limitations¶
- WireGuard is not configured yet — the server is isolated from the internal network.
- Backup is disabled, as the backup server (
papa) is unreachable without a WireGuard tunnel. - Centralised logging is disabled for the same reason (Loki on
tembois unreachable).
DNS Management¶
Registrar and DNS Provider¶
The domain makerfloss.eu is registered and managed via Gandi.net.
The Gandi LiveDNS API is used for declarative DNS management via the Ansible role baobab.gandi_dns.
DNS Records¶
These records are managed automatically by Ansible and must not be edited manually in the Gandi panel:
| Name | Type | TTL | Value | Purpose |
|---|---|---|---|---|
@ |
A | 300 | 88.99.32.236 |
Apex domain → VPS |
forgejo |
A | 300 | 88.99.32.236 |
Forgejo git forge |
www |
CNAME | 3600 | makerfloss.eu. |
www → apex |
TLS Certificates¶
Traefik automatically manages TLS certificates via Let's Encrypt using DNS-01 challenge:
- DNS provider: Gandi (
gandiv5via lego) - Certificate resolver:
letsencrypt - Wildcard:
makerfloss.euand*.makerfloss.eu - ACME email:
sjat+letsbaobab@ziethen.dk
Updating DNS Records¶
DNS records are updated by running the DNS playbook in AnsibleBaobabV4:
Always change records in host_vars/makerfloss.yml (under gandi_dns_records) — never directly in the Gandi panel.
Access¶
SSH¶
Git (via Forgejo)¶
Infrastructure Code¶
All configuration lives in the Ansible project AnsibleBaobabV4:
| File/directory | Contents |
|---|---|
host_vars/makerfloss.yml |
All host-specific configuration |
play_dns.yml |
Playbook for DNS management |
play_containers.yml |
Playbook for container deployment |
roles/baobab.gandi_dns/ |
Ansible role for Gandi LiveDNS |
roles/baobab.traefik/ |
Ansible role for Traefik reverse proxy |
roles/baobab.forgejo/ |
Ansible role for Forgejo git forge |