Digital Infrastructure of the YOU(th) CARE initiative¶

New dedicated server¶

• A dedicated server has been deployed from scratch to host the main services around the e-learning platform.
  It is hosted in a Hetzner datacenter located in Germany https://www.hetzner.com and managed by Traversées.

• Hardware profile : EX130-S model, featuring a Intel Xeon Gold 5412U (RAM 256Gb, 24 cores) with two disks of 3.84TB NVMe SSD (IPv4 162.55.20.209). https://www.hetzner.com/dedicated-rootserver/ex130-s/configurator/#/
  If needed, a larger disk can be added on demand later. The same for memory capacities. The current hosting cost is about 170 EUR/month (covered by Traversées).

• Server configuration :

  • Operating sytem: Debian 12
  • ProxMox Virtual Environment (PVE 8.2)
  • Disk geometry: RAID 1 with 2 common partition: /boot (ext3) and /boot/efi (esp); one partition with LVM with a unique Volume Group (vg0). The logical volumes within vg0 are root, swap and data.

• DNS registers

  • The main DNS registers of youth-care.eu are managed by the YC team (Giulia Pugnana)
  • The following domains have been created (beginning of August 2024):
    • community.youth-care.eu > campus-yc.rio20.net (Moodle/Iomad in production mode)
    • dev.campus.youth-care.eu > dev.campus-yc.rio20.net (Moodle/Iomad in development mode)
    • meet.youth-care.eu > bbb-yc.rio20.net (Big Blue Blutton) https://meet.youth-care.eu
    • video.youth-care.eu > peertube-yc.rio20.net (Peertube)
    • kb.youth-care.eu > knowledge-base-yc.rio20.net (Redmine) https://kb.youth-care.eu

Security, backup, privacy¶

• Security

  • PVE firewall and Fail2ban (shield for intrusions and attacks) have been installed in the main PVE environment.

• Backups

  • Each services (virtual servers) will be backed up daily and weekly to the Cloud Storage of Hetzner according to a differenciated backup policy (to be defined later).

• Privacy

  • All data are private and protected given that all the stack is being self-hosted in the YC dedicated server.
  • Security backups are encrypted before their sending to the Hetzner cloud storage.
  • Third-party software, like Gladia, has to be mentioned in the users digital agreement.

• Access and administration

  • Critical administration ID and passwords will have to be centralized by Traversées.
  • Other administration access (teacher, moderator...) will be managed directly by users.
  • In general, Traversées recomends a strong password generator, a password manager and a two-factor authentification process (2FA).

Logical stack¶

• Stack of services (virtualized in the main host)
  • Redmine (ticketing and knowledge base) https://kb.youth-care.eu
  • Moodle and Iomad (Iomad is an extension of Moodle for a multi-entities configuration)
  • Big Blue Button (advanced videoconferencing) https://meet.youth-care.eu
  • Peertube (streaming and video on demand)
  • Zabbix (server monitoring) (hosted in another Traversées server)
  • Matrix/Discourse (messaging)
  • Jitsi (videoconferencing)
  • Matomo (web statistics) (hosted in another Traversées server)

All this stack, from the host server to web applications, is based on free and open source software.

• Third-party services or software
  • Gladia (AI live captions for Big Blue Button): an account has been created to test the automatic live captions during videoconferencing.
  • Edwiser: The RemUI template https://edwiser.org/remui-moodle-theme/ for Moodle has been bought in its "Bundle" extended, as suggested in the original tender and confirmed by the YC coordination team.