Project Ideas
⭐️Core Infrastructure
⭐️Centralized authentication Problem: Servers and services have their own separate user databases. Adding users, deleting users, and changing passwords has to be done in multiple places. Solution: A centralized database of user information with a way of authenticating against it.cr Example technologies: LDAP via FreeIPA, Samba, or OpenLDAP. SSO via Keycloak,Authentik, or Authelia Questions: LDAP or SSO?
⭐️Local DNS Problem: To connect with equipment and services over the network users have to look up IP Addresses on table maintained by hand instead of just using names. It's a problem for the sysadmin group, and it's a problem for HM too. Solution: a local DNS server that supports dynamic name registration Possible technologies: BIND9 or Technitium Questions: Use a hackmanhattan.com subdomain like sagroup.hackmanhattan.com? Implement a canary domain? Or otherwise deal with browser DNS over HTTPS?
⭐️VPN Problem: System administrators would like to be able to access the sysadmin group's equipment from outside HM.HM leadership would like that to happen in a secure and energy efficient manner Solution: a host-to-network (remote-access) VPN perhaps using a Raspberry PI or other small platform to minimize idle energy use Possible technologies: Wireguard, OpenVPN, RaspberryPi, PiVPN Questions: Does Wireguard or OpenVPN better integrate with whatever centralized authentication system we implement? Can we restrict access to just sysadmin group equipment?yste Do we want to? Are we going to conflict with HM's VPN implementation?
🐣Web Server request: host a password manager
🐣Install a certificate for HTTPS Problem: When we implement a web app, either it runs over HTTP, which causes modern browsers to complain about it being insecure, or it runs over HTTPS with a self-signed certificate, which browsers complain about. Soution: Get a certificate for a web server that is signed by a public certificate authority that browsers recognize by default. Possible technologies: Let’s Encrypt, Web Server, Public and local DNS. What DNS names to we want to use? Can we implement automated renewals?
🪛Set up remote logging for servers’ I.D.R.A.Cs Problem: Each server's Integrated Dell Remote Access Controller keeps a log of events and anomalies, but administrators have to log into each server's I.D.R.A.Cs to view each one. Solution: Configure the I.D.R.A.Cs to send logs to a central system
🪛Centralized Logging Problem: Systems (servers, software, etc. generate log files of of events and anomalies, but administrators have to log into each server and view each one. Solution: Send logs over the network for collection at a single point Possible technologies: rsyslog, Elasticsearch, OpenSearch
🪛Make a diskless workstation system Problem: HM sometimes get donations of laptops of desktops with their drives removed as security measure. It would be useful to be able to use them without further investment. It might also be desireable to take laptops or desktops even with drives and boot them into different "personalities" e.g. Linux, WIndows, CAD workstation, etc. to use in a class or workshop. Solution: Boot over the network Possible Technologies: PXE Boot, TFTP, Ventoy Server, LTSP or similar Resources: Archwiki has a good page on the subject Questions: Can we boot a Raspberry Pi via PXE? Can we boot Windows?
🪛Install a Wiki Problem: We might wish to store sysadmin group's documentation on our own wiki rather that HackManhattan's. Or mess around with different wiki software. Solution: Locally host a wiki application Possible technologies: MediaWiki (what Wikipedia and HM use), DokuWiki, BookStackAMP stack Questions:
🪛Private cloud file storage (aka Google Drive) NextCloud
🪛Monitoring system Problem: Finding out whether a service or host is up and responding to requests is a manual process spread out over multiple tools. Diagnosing the cause of a problem often involves manual running tests at various points in the data flow chain. Solution: Automate tests and collect the data into a central dashboard. Possible technologies: Nagios, Inciga.
🪛VOIP Voicemail, Phone Tree Possible Technolgies: Asterisk
🪛Compute cluster Distributed computation of processor intensive tasks such as Blender animations.
🪛Multiplayer Game Server Possible technologies: Nakama, Godot
🪛Enhance Server Security SELinux, AppArmor, Polkit, seatd
🪛IProvisioning/Configuration Management/IaC Ansible, OpenTofu, Pulumi
🪛High Availability Clustering
🪛Private Cloud Infrastructure Possible technologies: OpenStack, OpenShift
🪛Project Management Possible technologies: OpenProject
🪛IP Camera system
🪛Containerization
🪛Change management system
🪛Trace power connectors and map what they're connected to in a new page
