[ocaml-infra] Setting up a host "infra.ocaml.org"

[Sylvain Le Gall]

Hi all,

TL;DR I would like to create an isolated host infra.ocaml.org that
contains at least a Debian repository.

I am considering what need to be done to migrate and improve forge.o.o
(right now forge.ocamlcore.org, tomorrow forge.ocaml.org).

One of the thing that is "extremly" useful is to have a central,
secured hosts holding data repository for all other hosts. In my
current "home" installation, I have one host that contains for
examples my personnal Debian repository. This repository contains
Debian packages that need to be installed on every other hosts and I
use it to distribute home-made program accross all hosts using
standard Debian apt-get scheme, This may also contains some admin
panel/monitoring tools. The hosts is particular because it should be
extra protected against attack, since compromising this hosts can lead
to compromise all other hosts. In other words you should not use it
for public facing products.

Right now, the forge.o.o repository is hosted on the forge.o.o itself
(but it doesn't distribute data to any other hosts).

We may also use a private/public github account to store the
repository, if it makes more sense to you. But in this case, we will
need to figure how to GPG sign the release file.

Here are my questions:
- what would you prefer: dedicated hosts or public github or private
github (less infra disclosure, less possible attack)
- would this kind of central repository be used on other .ocaml.org hosts ?
- in case you prefer a host: Anil can you set a small instance (1CPU,
3GB DD, 512MB RAM)
- in case you prefer a github repository: Am I allowed to create a
private/public github repository on ocaml.org ?
- I will inject some fusionforge packages + custom scripts packages,
OCaml Labs/OCamlPro people do you have some packages to inject as well
?

Regards
Sylvain