Transparency Report


Our Infrastructure. No secrets.

Full Disclosure

The Lollipop Cloud project is fully self-hosted. We are using the software, tools and environments that we recommend to others for hosing our public and private infrastructure.

We like transparency, this is our report.

Sponsorships

We are proud to be sponsored by the following projects. We greatly appreciate their contributions to 🍭☁️ and cannot thank them enough.

Packet.com and Works On Arm

Please note: we are not receiving funding from Packet.com or Works on Arm at this time. We are only receiving hardware support.

Thanks to Packet.com and Works on arm we have a HiSilicon arm server with the specs below. We were accepted into the program in January 2019 and received hardware at the start of February 2019. The server is dedicated to our project and hosted on the Packet.com infrastructure in Dallas, TX USA.

We have setup this server to run our Jenkins node as well as a number of libvirt Ubuntu Virtual Machines that handle building our Docker Images and some other software. This has become our only arm build server as of February 2019.

Specifications
  • HiSilicon 64 core CPU
  • 128Gb RAM
  • 240Gb Intel SSD
  • 2x 240Gb Intel SSD
  • Bonded networking cards
  • Reserved (dedicated) instance in the Dallas, TX USA datacenter

Public Resources

Git Sources

Our Gitea instance (link) (git sources) hosts code for everything. Web site source code, Dockerfiles, documentation on how to deploy a Lollipop Cloud. EVERYTHING.

Website Analytics

We have deployed Fathom for website analytics (open source Google Analytics). We have 2 instances deployed: one instance for our main website and one instance for our Gitea instance. If you’d like to see our analytics, we’ve included links and login details below.

Please note: Fathom respects “Do Not Track”.

Main Website

Link : https://web.fathom.lollipopcloud.solutions/

Username : anon@anon

Password : anon

Gitea

Link : https://git.fathom.lollipopcloud.solutions/

Username : anon@anon

Password : anon

Server Satus

Our public facing infrastructure is running munin for resource utilization monitoring. We use this information to gauge our headroom, what services are going to be more problematic on smaller ARM boards as well as how much vertical scaling this project may be able to achieve.

If you’re interested in what our resource usage is for a public project you can view the munin stats and graphs at https://munin.lollipopcloud.solutions.

You’ll see a list of servers. Each is described below.

  • git.lollipopcloud.solutions: our main Gitea server
  • jenkins.lollipopcloud.solutions: our main Jenkins instance that also runs 4 libvirt VMs for building our Docker containers and more
  • main.lollipopcloud.solutions: our main server hosting our website, chat services and ActivityPub services
  • registry.lollipopcloud.solutions: our main Docker registry server
  • sourapple.lollipopcloud.solutions: our x86-64 server that mirrors our public Docker registry, builds Raspbian and builds Armbian

Public Infrastructure

The infrastructure and software that runs the lollipopcloud.solutions website and services.

Hosting

We have 2 main servers for our public infrastructure. Each has the following specs.

  • Scaleway Paris data center
  • ARM64-2GB instance
  • 4 core ARM VPS with 2Gb ram
  • 64bit arm (aarch64/arm64v8)
  • ipv4 and ipv6 enabled
  • CloudFlare DNS setup (NOT passed through their proxy serices)

Bare Metal Setup

This is the common base for all of our servers. We have deployed per our main documentation.

  • Ubuntu or Debian based on time deployed
  • Borg backups
  • Caddy
  • Chrony (ntp)
  • Docker
  • FirewallD
  • incron
  • munin

Containers / Services

  • Main Server
    • matterbridge
    • prosody
    • matrix
    • privatebin
    • acme.sh
    • postgres
    • fathom (2 instances)
    • Plume
    • Pleroma
  • Gitea server
    • gitea
  • Docker registry server
    • This is hosted on the primary build server and publicly accessible
    • Docker registry
    • reg-server
    • docker_auth
    • minio

Docker Hub Mirrored Packages

  • Postgres
  • NextCloud
  • TT-RSS

Private Infrastructure

Build LAN

We run a small LAN for building our Docker images, Armbian images, backups and similar. Below are the details of the hardware and software we have deployed. This is NON public infrastructure that the core Lollipop team members manage.

Unless otherwise stated the below Lollipops are hosted inside the United States of America.

Over time we may increase visibility into these systems and services but for now we have passwords and other private information that cannot be exposed without compromising the integrety of our systems.

  • Simple 8 port switch
  • Orange Pi R1 with OpenWRT as basic router / VPN endpoint
  • Orange Pi Zero with OpenWRT as a basic WiFi Access Point
  • Nano Pi M4 + sata Hat
    • NAS for backups (borg/rclone) and bulk storage
    • ZFS mirror of 2x 2Tb 2.5” 5400 RPM hard drives
  • Scaleway VPS for running a VPN server to tie all servers and LANs together
  • HP z400 Workstation (Xeon 3550, 24Gb RAM) for building Armbian, Raspbian and other packages that require x86-64 hardware
  • Packet.com HiSilicon arm server (64 CPUs / 128Gb RAM). This hardware runs our Jenkins instance as well as runs all of our primary Docker builds. This hardware has been graciously provided by Packet.com and the Works on Arm initiative. This also hosts our Docker registry and download site.
  • Depricated hardware/servers
    • Orange Pi PC Plus
    • Orange Pi PC
    • Intel Compute Stick (x86-64)
    • Scaleway arm VPS 2Gb instance
    • O-Droid HC2

Security

  • We use Yubikey 4 tokens to guard our GPG secrets
  • We have a bitwarden_rs deployment on our Private Infrastructure for managing oranization secrets. This is NOT a public service.
  • we have a NextCloud deployment on our Private Infrastructure for managing organizational documents. This is NOT a public service.