Design and IT Infrastructure of the YC project

# Digital Infrastructure of the YOU(th) CARE initiative

<br>

### New dedicated server

* A **dedicated server** has been deployed from scratch to host the main services around the e-learning platform.

It is hosted in a Hetzner datacenter located in Germany https://www.hetzner.com and managed by Traversées.

* **Hardware profile** : EX130-S model, featuring a Intel Xeon Gold 5412U (RAM 256Gb, 24 cores) with two disks of 3.84TB NVMe SSD (IPv4 162.55.20.209). https://www.hetzner.com/dedicated-rootserver/ex130-s/configurator/#/

If needed, a larger disk can be added on demand later. The same for memory capacities. The current hosting cost is about 170 EUR/month (covered by Traversées).  

* **Server configuration** : 

  * Operating sytem: Debian 12

  * ProxMox Virtual Environment (PVE 8.2)

  * Disk geometry: RAID 1 with 2 common partition: /boot (ext3) and /boot/efi (esp); one partition with LVM with a unique Volume Group (vg0). The logical volumes within vg0 are root, swap and data.

* **DNS registers**

  * The main DNS registers of youth-care.eu are managed by the YC team (Giulia Pugnana) 

  * The following domains have been created (beginning of August 2024):

    * community.youth-care.eu > campus-yc.rio20.net (Moodle/Iomad in production mode)

    * dev.campus.youth-care.eu > dev.campus-yc.rio20.net (Moodle/Iomad in development mode)

    * meet.youth-care.eu > bbb-yc.rio20.net (Big Blue Blutton) https://meet.youth-care.eu

    * video.youth-care.eu > peertube-yc.rio20.net (Peertube)

    * kb.youth-care.eu > knowledge-base-yc.rio20.net (Redmine) https://kb.youth-care.eu

### Security, backup, privacy

* **Security**

  * PVE firewall and Fail2ban (shield for intrusions and attacks) have been installed in the main PVE environment.

* **Backups**

  * Each services (virtual servers) will be backed up daily and weekly to the Cloud Storage of Hetzner according to a differenciated backup policy (to be defined later). 

* **Privacy**

  * All data are private and protected given that all the stack is being self-hosted in the YC dedicated server. 

  * Security backups are encrypted before their sending to the Hetzner cloud storage. 

  * Third-party software, like Gladia, has to be mentioned in the users digital agreement. 

* **Access and administration**

  * Critical administration ID and passwords will have to be centralized by Traversées.

  * Other administration access (teacher, moderator...) will be managed directly by users. 

  * In general, Traversées recomends a strong password generator, a password manager and a two-factor authentification process (2FA).

### Logical stack

* **Stack of services** (virtualized in the main host) 

  * Redmine (ticketing and knowledge base) https://kb.youth-care.eu 

  * Moodle and Iomad (Iomad is an extension of Moodle for a multi-entities configuration)

  * Big Blue Button (advanced videoconferencing) https://meet.youth-care.eu (BBB has two multi-language system: 1. FaiBlue with multi-audio channel system  2. BBB 2.7 with audio-to-text automatized transcription; we'll have to test and choose).

  * Peertube (streaming and video on demand)

  * Zabbix (server monitoring) (hosted in another Traversées server)

  * Matrix/Discourse (messaging)

  * Jitsi (videoconferencing)

  * Matomo (web statistics) (hosted in another Traversées server) 

All this stack, from the host server to web applications, is based on free and open source software. 

* **Third-party services or software**

  * Gladia (AI live captions for Big Blue Button): an account has been created to test the automatic live captions during videoconferencing.

  * Edwiser: The RemUI template https://edwiser.org/remui-moodle-theme/ for Moodle has been bought in its "Bundle" extended, as suggested in the original tender and confirmed by the YC coordination team.