IT infrastructure and software landscape revamp • Isaak Tsalicoglou, OVERBRING

With the need to increase the flexibility of operations of TECTRA Ltd by enabling secure and speedy access to and work on/with information from outside the office, while maintaining the company’s minimal independence on paid third-party services, I revamped the company’s IT infrastructure and software landscape to enable remote and more-efficient work through the use of the following hardware, software and tools:

Infrastructure and access

Configured, procured, built, installed and administered (with ultra-low monthly effort) three low-powered, Celeron-based servers for three locations (one main, two “satellites”), with Debian 10/11/12 and Proxmox VE
Servers at 3 different locations for local access speeds, redundancy, and off-site backups
Replaced old and power-hungry client PCs with low-powered and capable refurbished Lenovo desktops (ThinkCentre SFF and Tiny) and laptops (Thinkpad X220/X230/T420/T430)
Wireguard VPN enabling secure access to the intranet from anywhere, including from smartphone
External-facing services reverse-proxied by NGINX to internal KVM VMs via the Yggdrasil iPv6 mesh network

Services

Google Workspace emails downloaded locally with fetchmail, processed with procmail into separate mailboxes, filtered with spamassassin, served by courier-imap, and accessed via Thunderbird or Roundcube ; email sending from different email identities (accounting@..., sales@...) through an exim4 SMTP relay to Google’s servers
File serving to Windows and Linux laptops and desktops via Samba , with antivirus-scanning by ClamAV
DNS-based ad and malware filtering using Pi-hole with ESNI through unbound to OpenDNS and Cloudflare DNS servers
Company calendars and contacts using Radicale for CalDAV and CardDAV and Thunderbird’s Lightning and CardBook extensions
Prosody server for internal messaging with XMPP
Tracking of progress from sales inquiry to invoice settlement using kanban on WeKan
Sharing of product and offer documentation with customers thanks to filebrowser on files.tectra.gr instead of Dropbox

Security and backups

Redundancy and distribution of some datasets/directories through a GlusterFS cluster with 5 replicas across 3 locations
Incremental syncronization between the main and the satellite servers using Unison
Automated incremental, off-site backups using borgbackup
Automated notifications of events using ntfy.sh and a Telegram bot

Other

Information on databases with NocoDB and through APIs and microservices developed specifically for the company’s requirements
Legacy Windows XP-only software (Visioneer PaperPort 8.0) for access to the company’s 30-year-old archive of scanned documents virtualized using KVM, later replaced by open-source software (paperman) and finally made obsolete through the conversion of all proprietary, ancient MAX files to PDF using max2pdf