2024-10-31 13:39:53 +01:00
|
|
|
```mermaid
|
|
|
|
graph TB
|
2024-10-24 15:26:44 +02:00
|
|
|
|
2024-10-31 14:03:25 +01:00
|
|
|
subgraph Management
|
2024-11-10 21:40:58 +01:00
|
|
|
A[Nix-panel] --> I
|
2024-11-12 11:20:16 +01:00
|
|
|
Z[(central database<br/>Netbox)]--> B[Orchestrator<br/>NixOps] --> D[Proxmox]
|
2024-11-10 21:40:58 +01:00
|
|
|
B --> E[Nix-configuration]
|
|
|
|
B --> G[DNS]
|
|
|
|
B --> F[Email]
|
|
|
|
B --> J[Garage]
|
2024-11-21 09:09:14 +01:00
|
|
|
B --> H[<b>IdentityManagement</b><br/><small>Authentication<br/>Authorization<br/>Accounting</small>]
|
2024-11-10 21:40:58 +01:00
|
|
|
I[Nix-Panel API] --> Z
|
|
|
|
H --> I
|
2024-11-21 09:09:14 +01:00
|
|
|
Core[<b>Core-services</b><br/><small>DNS<br/>Email<br/>identity_management<br/>secret_management<br/>authentication<br/>SASL</small>]
|
2024-10-31 14:03:25 +01:00
|
|
|
end
|
2024-10-24 15:26:44 +02:00
|
|
|
|
|
|
|
|
2024-10-31 14:21:52 +01:00
|
|
|
subgraph Hardware
|
|
|
|
Systems[<b>Systems</b><br/><small>Storage<br/>Networking<br/>Operating-system<br/>Virtualization</small>]
|
2024-11-10 21:40:58 +01:00
|
|
|
Storage[<b>Storage</b><br/><small>exclusive_filesystem<br/>shared_blob Garage<br/>zfs</small>]
|
2024-10-31 14:21:52 +01:00
|
|
|
end
|
2024-10-24 15:26:44 +02:00
|
|
|
|
2024-10-31 14:21:52 +01:00
|
|
|
subgraph Virtualization
|
|
|
|
Nixos[<b>Nixos</b><br/><small>Application</small>]
|
|
|
|
LinuxOS[<b>LinuxOS</b><br/><small>Application</small>]
|
2024-10-24 15:26:44 +02:00
|
|
|
|
2024-11-11 15:57:59 +01:00
|
|
|
Services[<b>Services</b><br/><small>Edumeet<br/>NextCloud<br/>secure_document_collaboration<br/>Forgejo<br/>webmail<br/>HedgeDoc<br/>project_planning</small>]
|
|
|
|
FediServices[<b>FediServices</b><br/><small>Matrix<br/>Pixelfed<br/>Peertube<br/>Mastadon<br/>Owncast<br/>Castopod<br/>activityPub</small>]
|
2024-10-31 14:21:52 +01:00
|
|
|
end
|
2024-10-24 15:26:44 +02:00
|
|
|
|
|
|
|
|
2024-10-31 14:21:52 +01:00
|
|
|
Systems --> Storage
|
2024-10-31 13:39:53 +01:00
|
|
|
Hardware --> Virtualization
|
2024-11-10 21:40:58 +01:00
|
|
|
Virtualization --> Hardware
|
2024-10-31 13:39:53 +01:00
|
|
|
Services --> Core
|
|
|
|
FediServices --> Core
|
2024-10-31 14:21:52 +01:00
|
|
|
Core --> Hardware
|
2024-10-31 13:39:53 +01:00
|
|
|
Nixos --> Services
|
|
|
|
Nixos --> FediServices
|
2024-11-10 21:40:58 +01:00
|
|
|
F --> Core
|
|
|
|
G --> Core
|
|
|
|
J --> Storage
|
|
|
|
D --> Virtualization
|
|
|
|
E --> Nixos
|
|
|
|
H --> Core
|
2024-10-24 15:26:44 +02:00
|
|
|
```
|
2024-10-31 13:39:53 +01:00
|
|
|
|
2024-11-10 21:40:58 +01:00
|
|
|
|
2024-10-24 15:26:44 +02:00
|
|
|
* human-centric
|
|
|
|
* easy, automated, replication and migration to different datacenter provider
|
|
|
|
* blob storage replicated generically
|
|
|
|
* files on the exclusive filesystems replicated via application-aware process, e.g.:
|
|
|
|
* asynchronous, but "live" database replication
|
|
|
|
* shutdown app then rsync directories
|
|
|
|
* ZFS replication and snapshot-ing
|
|
|
|
* Strengths, Weaknesses, Opportunities, and Threats awareness for all apps
|
|
|
|
* Not everything needs to start on Nix, NixOs, or with NixOps
|
|
|
|
* Do not use "Open Core"
|
|
|
|
* GitLab
|
|
|
|
* Dovcot
|
|
|
|
* Zimbra
|
|
|
|
* LXC containers (not Docker-style)
|
2024-11-10 21:40:58 +01:00
|
|
|
* zfs-snapshots + replicatie (send/receive)
|
|
|
|
* s3 replicatie naar 3rd party
|
|
|
|
* locatie-mirorring? (buiten scope?)
|
|
|
|
* (maar dan Linstore op zfs)
|
|
|
|
|
|
|
|
### Working session: Architecture discussion
|
|
|
|
|
|
|
|
Attendees: Robert, Valentin, Koen, Kevin
|
|
|
|
|
|
|
|
- Robert: NixOps should handle backup creation and restore, since it knows all the details for that
|
|
|
|
- There will be an interface to plug Nix expressions with scripts that can access all the resources
|
|
|
|
- Once should be able to build domain-specific applications around that
|
|
|
|
- Valentin: Backups seem to be morally equivalent to deployments "to a file"
|
|
|
|
- Koen walked us through myprotagio.nl
|
|
|
|
- Kevin will share source code with Valentin
|
|
|
|
- It's a role-based-permission and billing UI wrapping PowerDNS, Postfix Admin, and InvoiceNinja
|
|
|
|
- Written in Laravel and Tailwind
|
|
|
|
- To build a UI for deployment we'd primarily need a REST API to a database
|
|
|
|
- Primary work would be to do the architecture and design
|
|
|
|
- Valentin: Maybe we could add just the APIs for the deployment workflows from a completely new service, and connect the front-end to that
|
|
|
|
- Won't have to touch the PHP then
|
|
|
|
- But for the full integration to work one will have to understand the whole system anyway
|
|
|
|
- At that point one may as well keep maintaining it or rewrite it
|
|
|
|
- Koen: The existing thing needs work regardless, and would like to move away from PHP to Python anyway
|
2024-11-21 09:09:14 +01:00
|
|
|
|
|
|
|
## Architecture meeting
|
|
|
|
- Identitymanagement == AAA
|
|
|
|
- Central database is two databases, one accounting and one state
|
|
|
|
- Datamodel -> dns, aaa, ip, machines, etc.
|
|
|
|
- Data complete first, model later
|
|
|
|
- Data flows/processes
|
|
|
|
- Describe casestories
|
|
|
|
- Nixos -> VM
|
|
|
|
- LinuxOS out of scope
|
|
|
|
- Services and Fediservices one box
|
|
|
|
- move secretsmanagement
|
|
|
|
- move core-services to management
|