meta/architecture-docs/Fediversity-architecture-notes.md

100 lines
3.7 KiB
Markdown
Raw Normal View History

2024-10-31 13:39:53 +01:00
```mermaid
graph TB
subgraph Management
2024-11-10 21:40:58 +01:00
A[Nix-panel] --> I
Z[(central database<br/>Netbox)]--> B[Orchestrator<br/>NixOps] --> D[Proxmox]
2024-11-10 21:40:58 +01:00
B --> E[Nix-configuration]
B --> G[DNS]
B --> F[Email]
B --> J[Garage]
B --> H[<b>IdentityManagement</b><br/><small>Authentication<br/>Authorization<br/>Accounting</small>]
2024-11-10 21:40:58 +01:00
I[Nix-Panel API] --> Z
H --> I
Core[<b>Core-services</b><br/><small>DNS<br/>Email<br/>identity_management<br/>secret_management<br/>authentication<br/>SASL</small>]
end
2024-10-31 14:21:52 +01:00
subgraph Hardware
Systems[<b>Systems</b><br/><small>Storage<br/>Networking<br/>Operating-system<br/>Virtualization</small>]
2024-11-10 21:40:58 +01:00
Storage[<b>Storage</b><br/><small>exclusive_filesystem<br/>shared_blob Garage<br/>zfs</small>]
2024-10-31 14:21:52 +01:00
end
2024-10-31 14:21:52 +01:00
subgraph Virtualization
Nixos[<b>Nixos</b><br/><small>Application</small>]
LinuxOS[<b>LinuxOS</b><br/><small>Application</small>]
2024-11-11 15:57:59 +01:00
Services[<b>Services</b><br/><small>Edumeet<br/>NextCloud<br/>secure_document_collaboration<br/>Forgejo<br/>webmail<br/>HedgeDoc<br/>project_planning</small>]
FediServices[<b>FediServices</b><br/><small>Matrix<br/>Pixelfed<br/>Peertube<br/>Mastadon<br/>Owncast<br/>Castopod<br/>activityPub</small>]
2024-10-31 14:21:52 +01:00
end
2024-10-31 14:21:52 +01:00
Systems --> Storage
2024-10-31 13:39:53 +01:00
Hardware --> Virtualization
2024-11-10 21:40:58 +01:00
Virtualization --> Hardware
2024-10-31 13:39:53 +01:00
Services --> Core
FediServices --> Core
2024-10-31 14:21:52 +01:00
Core --> Hardware
2024-10-31 13:39:53 +01:00
Nixos --> Services
Nixos --> FediServices
2024-11-10 21:40:58 +01:00
F --> Core
G --> Core
J --> Storage
D --> Virtualization
E --> Nixos
H --> Core
```
2024-10-31 13:39:53 +01:00
2024-11-10 21:40:58 +01:00
* human-centric
* easy, automated, replication and migration to different datacenter provider
* blob storage replicated generically
* files on the exclusive filesystems replicated via application-aware process, e.g.:
* asynchronous, but "live" database replication
* shutdown app then rsync directories
* ZFS replication and snapshot-ing
* Strengths, Weaknesses, Opportunities, and Threats awareness for all apps
* Not everything needs to start on Nix, NixOs, or with NixOps
* Do not use "Open Core"
* GitLab
* Dovcot
* Zimbra
* LXC containers (not Docker-style)
2024-11-10 21:40:58 +01:00
* zfs-snapshots + replicatie (send/receive)
* s3 replicatie naar 3rd party
* locatie-mirorring? (buiten scope?)
* (maar dan Linstore op zfs)
### Working session: Architecture discussion
Attendees: Robert, Valentin, Koen, Kevin
- Robert: NixOps should handle backup creation and restore, since it knows all the details for that
- There will be an interface to plug Nix expressions with scripts that can access all the resources
- Once should be able to build domain-specific applications around that
- Valentin: Backups seem to be morally equivalent to deployments "to a file"
- Koen walked us through myprotagio.nl
- Kevin will share source code with Valentin
- It's a role-based-permission and billing UI wrapping PowerDNS, Postfix Admin, and InvoiceNinja
- Written in Laravel and Tailwind
- To build a UI for deployment we'd primarily need a REST API to a database
- Primary work would be to do the architecture and design
- Valentin: Maybe we could add just the APIs for the deployment workflows from a completely new service, and connect the front-end to that
- Won't have to touch the PHP then
- But for the full integration to work one will have to understand the whole system anyway
- At that point one may as well keep maintaining it or rewrite it
- Koen: The existing thing needs work regardless, and would like to move away from PHP to Python anyway
## Architecture meeting
- Identitymanagement == AAA
- Central database is two databases, one accounting and one state
- Datamodel -> dns, aaa, ip, machines, etc.
- Data complete first, model later
- Data flows/processes
- Describe casestories
- Nixos -> VM
- LinuxOS out of scope
- Services and Fediservices one box
- move secretsmanagement
- move core-services to management