====== Webserver configuration ======

This is a document detailing our current webserver setup. It is intended to help anyone wishing to improve or maintain our online infrastructure.

===== Overview =====

  * The webserver is based on Debian
  * NFTables for our firewall
  * Crowdsec for IP banning
  * Caddy for our frontend web proxy
  * SystemD and linux groups to manage our web services
  * PostgreSQL as our database

===== Base Debian setup =====

==== sshd config tweaks ====

  * Disable password login

===== Firewall configuration =====

==== NFTables setup ====

TODO: Steps to enable NFTables SystemD service

TODO: insert our NFTables config here

==== Crowdsec setup ====


===== Caddy setup =====

TODO: Caddy installation

TODO: Group configuration

===== Database setup =====

===== Adding new webservers =====

TODO: Expand on the following
  * Creating a directory (with permissions, groups, sticky bits etc.)
  * Clone the repository
  * Create SystemD configs (copy example configs here)
  * Add Caddy host

Additional stuff:
  * Database connection