Fediversity/meta
6
1
Fork 1
Code Issues 6 Pull requests Packages Projects 1 Releases Wiki Activity

Compare commits

base: Fediversity:main
Branches Tags
Fediversity:main
roberth:nixops4-based-install
roberth:main
..
compare: roberth:main
Branches Tags
roberth:nixops4-based-install
roberth:main
Fediversity:main

No commits in common. "main" and "main" have entirely different histories.
main ... main

26 changed files with 0 additions and 4951 deletions
Show stats Expand all files Collapse all files

0
meeting-notes/2024-08-01 meeting notes.md → 2024-08-01 meeting notes.md
View file

0
meeting-notes/2024-08-29 meeting notes.md → 2024-08-29 meeting notes.md
View file

73
Fediversity_software_stack.md
View file

@ -1,73 +0,0 @@
# Software Stack
## Target Vertical(s)
At first our efforts for creating a software stack are mainly targeted at the Micro-Cloud providers.
The stack we make will be very much targeted at 'small groups' or 'individuals' using a large set of software that only has the options that make for a predictable and working set of tools.
Since we expect the 'Public Organisations' to have very specific needs or request it might be hard to provide them with something that works fast. To give ourselves time to develop the complete set of hardware, software, documentation and procedures we will start out serving the Public Organisations vertical the traditional way.
## Software we MUST use
There are a few 'must use' software packages:
* Nix and NixOS
* Mastodon
* PeerTube
* PixelFed
* Matrix
### Nix and NixOS
In our project plan we have stated that we will use Nix and NixOS for all our deployments and efforts.
There is a number of reasons for this:
* Nix promises to be fully reproducable. This will provide us with a stable way to deploy tested sets of software AND a way to revert changes easily. Debian, arch, rpm-based distri all do not provide us with this and it is of the highest importance that we do get this.
* We are helping the Nix(OS) community further, we are giving value to NixOS and are helping building it into a full competitive ecosystem.
* NixOS is 'upcoming' and 'hip' and 'happening'. The community is still not completly settled and there are tools that are still being developed and where we can actually help to develop the way things work. This will give our project value.
* NixOS does already contain examples of deployments of several tools in the Fediverse. We can use these to further our project quickly.
* If we do it right, we should get the maximum available speed of developing our system, since we don't have to redo stuff after we actually fixed it (at least this is what we hope).
### Mastodon
Mastodon is one of the projects (the project?) that gives the Fediverse credibiliy. It is already used by millions of users and large organisations.
The main challenge with Mastodon is that it's creators use Kubernetes to deploy it. There are instructions on how to deploy a 'simple' 'stand alone' version of Mastodon. The 'how do you deploy at scale' is hidden in 'helm-charts' however.
Mastodon servers are not 'lightweight' services (for that we might better look at goToSocial) but we need to create a way to deploy mastodon servers for people that want to use this.
### PeerTube
PeerTube is a video serving server. It is created and maintained by FramSoft. The default installation guide uses shell example lines to install and configure. The most recent version in nixpkgs is quite old.
Main challenge is to keep an eye on PeerTube development and keep our version up to date.
### Pixelfed
Pixelfed is maintained by dansup (a one man Canadian development effort). Nixpgs version is outdated and also writes data in the nix store.
### Matrix
Matrix consists of a protocol, clients and servers. Most used server is 'synapse' and most used client is called 'element'. There are noumerous problems with running Matrix. We need to work with the Matrix developers (and foundation) to get it running.
### Garage
Garage is an s3 compiant storage. We would like to use garage as an 'agnostic' data store below all of the services we support. Goal is to design it in such a way that we can use it to do full service portability.
### Mailserver
We need something that does:
* SMTP
* Spam Filtering
* IMAP
* Sieve
* SPF, DKIM, DMARC, ARC etc
### DNS Service
We need a DNS service that has an API so we can create our needed DNS entries in a centralized environment.
### NixOPS
placeholder
### ProxMox (on Nix)
placeholder
### NixPanel
A web interface that allows for easy administration of deployed Nix services on the cluster by 'human administrators' (so people that do not have 30+ years of IT admin experience.
### Monitoring
placeholder
### Compliance testing
placeholder

53
Fediversity_target_audience.md
View file

@ -1,53 +0,0 @@
# Fediversity
## The Fediverse
The 'Federated Universe' which in our project translates to 'Federated Distributed Social Media' and we take this as broad as possible.
Of course we say that 'all systems using the ActivityPub' are part of this, but also Matrix, e-mail, and EduMeet or NextCloud (for it's calender sharing) are part of this. Any open federated distributed system that allows for communication falls under this flag.
## Open Source, Open Systems, Open Everything
We take a bit of a principal stand on 'open source' (for reasons explained below).
When in our project plan it is mentioned that we use 'Open Source Software' we mean:
* Software that is publicly developed
* By an open and easy to join team
* Not governed by a 'tech giant' (companies that have more than 10.000 employees)
* In a fully open 'ecosystem' (no 'opencore')
We are especially vigilant towards systems that are open source, but require (excessive) payments to get to 'the good stuff' or lock you in to a non-open ecosystem. If alternatives exist we will prefer to use those.
The most important reason for this is that we want to make the barrier to use our proposed setup as low as possible, both in cost as in legal options.
## Two verticals
The Fediversity project is divided by it's target towards two verticals:
* The public sector
* The hosting sector
### Public Sector
The Public Sector entails:
* Universities
* Public organisations (Town city councils, National administrations)
* Libraries
* NREN (National Research and Education Networks)
* Broadcasting Organisations
For these sectors we focus on making the use of 'the Fediverse' as smooth as possible (we support them in any way possible so there are no reasons not to use it). Our main goal here is validity of the Fediverse.
Validity is a very hard to achieve goal because of the so called 'network effect'. For example: if all my friends and family are using WhatsApp, why would I change to Matrix 'there is nobody using that'. We want to fill that void with 'look, universities, libraries, broadcasting, administrations are all using the Fediverse.
## The Hosting Sector
The Hosting Sector entails:
* companies that run their own infrastructure
* traditional hosting companies (it infrastructure consultants with their own hardware and usually leased datacenter-space)
* open micro-cloud providers (more on this below)
We see a strange movement in the Open Source world where software is being made based on open principles, but then hosted (and geared towareds hosting on) the big tech hyperscalers. With our solution you would not need those hyperscalers but would instead be able to run locally.
We want to enable small idealistic 'micro-cloud' providers with the tools to succeed.
Micro-cloud providers are small (not for profit) organisations that consist at least:
* multiple experienced tech maintainers (for 24/7 support)
* knowledgable and experienced support staff (for quality support)
* experienced local sales and marketing staff (to get a durable client base)
These micro-cloud providers should (based on the tooling that we provide) be able to supply 1000's of customers with access to the Fediverse without the need to use Big Tech.

77
Nordunet conferentie samenvatting 2024-09.md
View file

@ -1,77 +0,0 @@
Partijen met interesse
Finland
3 universiteiten
Funet
Ijsland
2 universiteit
NREN + technologisch instituut (niet bekend welke)
Zweden
Uni van karlskrona
uni van lundt
Malmo (maar nog geen contact)
Denemarken
Universiteit van Kopenhagen (maar ook nog geen actief contact gehad)
Noorwegen
?
Voor Fediversity.eu een pagina maken waarin voor Nordunet staat dat ze zich aanmelden kunnen voor het project waarin ze zich kunnen aanmelden voor:
- Mastodon
- Matrix
- Peertube
- Edumeeet
Deadline oktober 1st.
Alleen als organisaties daadwerkelijk reageren op mail kunnen ze meedoen. Deze mailing gaat uit naar volledige Nordunet mailinglist. Dit gaat via Lars (met ons in CC)
---
Via Eric Kikkeborg (Nordunet) loopt het project om op elke universiteit een gefedereerde server van edumeeet te installeren. Hierbij potentieel peertube aan te haken voor video storage, want dit zit niet in edumeeet
---
netwerk interconnectie: koppelen aan netherlight (IEX voor NRENs). Karin (Surf)
---
Argus voor monitoring
dit was nog onduidelijk in het nixpanel stuk, maar dat kan dus argus+RT worden
---
Geant afspraak maken in Amsterdam voor Bonfire
dit ook gebruik maken om te zorgen voor netherlight
aanbieden voor edumeeet hosten
geant heeft een eigen frontend op argusmonitoring, dit is weer gekoppeld aan een request tracker (RT). dit potentieel ook fediversity te trekken
---
pubhubs aan edumeeet koppelen
vanuit procolix is 100k belooft aan pubhubs (overheid doen dan 12x)
edumeeet zit bij software commons conservatory waardoor het binnen nlnet valt
---
PublicSpaces met hun PeerTube project daar ook kijken of daar edumeeet aan gekoppeld kan worden
---
Guide Abe in project zien te ritselen
---
Todos:
- videos van nixcamp editen en op een fediversity peertube server zetten
- kevin vragen voor fediversity peertube server, op docker en niet op nix.
- daniel van pvv (noorse vereniging) voor packaging van matrix. + aanvraag voor grants indienen
- elgar van internet scanner vragen voor grants
- op fediversity site zetten welke services wij hosten voor EC
-

BIN
architecture-docs/24-09-19 14-29-16 5620.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.9 MiB

69
architecture-docs/NixOps4-based-installation-process.md
View file

@ -1,69 +0,0 @@
---
status: draft
---
# NixOps4-based Installation Process
This documents explains how NixOps4 could be leveraged to provide a smooth installation experience for a simple, monolithic deployment.
It does not go into detail about the way Nix Panel hooks into this, or whether Nix Panel manages the same NixOps4 deployment that also contains the infrastructure; a single NixOps4 deployment could provide a nice simplification in the early stages of the project.
## Components
Required for the setup steps in this document:
- `nixops4`: generic deployment tool using Nix
- `landscaper.iso`: installation image that bootstraps a completely new and independent Fedi cluster - a NixOS installer with a handful of extra definitions (@roberth: easy)
- `nixops4-modules-ssh-keypair`: NixOps4 resource provider that generates keys
- `nixops4-pxe-nbp`: NixOps4 resource provider that inserts an NBP image into a (local) PXE server configuration
- `nixops4-modules-ssh`: A module that calls `ssh` using `nixops4-resources-local`
- `nixops4-resources-local`: A module that can create files and call commands locally (prototyped)
- `nixops4-modules-nixos`: A module that calls `nixos-rebuild switch --target-host` or implements similar functionality
Expected needs:
- `nixops4-resources-proxmox`
- A resource provider that talks to a DNS server's API
## Steps
### 1. `landscaper` setup
1. connect your first server into the network
2. boot `landscaper.iso` from a usb stick, and install NixOS onto this server we'll call `landscaper`
`landscaper.iso` is a slightly customized NixOS installer that includes the `landscaper` NixOS module
in the default config that it generates
- mvp: copy and import the landscaper module by hand into the normal NixOS live system
The `landscaper` module contains
- nixops4 (mvp and initial setup)
- a nixops4 service (if/when nix-panel is capable of managing the infra)
- a tftp server
The NixOS installer puts the template NixOps4 expression in `/root/fediversity-network`
### 2. Add a proxmox host
1. - add a MAC address and IP address to the `proxmoxMACs` option (or similar)
- this automatically declares resources that will set up the new server
- `installation_host_key`: a temporary SSH host key pair
- `installation_pxe_nbp`: an entry in `landscaper`'s PXE server, referring to/including a kernel and initrd that run disko and performs a NixOS installation on the server disk(s)
- `ssh_host_public_key`: a resource that waits for SSH to come up, logs in to replace the host key and sends the returns the new public key as its resource output
- `nixos`: a resource that `nix copy`-es a NixOS toplevel, then updates the system profile and activates it
- unknown: built-in services like Nix-panel, perhaps depending on the number of `proxmoxMACs`
2. `nixops apply`
- this starts to create resources,
- up to the point that `ssh_host_public_key` waits for the server to boot
3. turn on the server
4. wait for `nixops apply` to complete
## Notes
Unknown: add to step 2 or step 3 (new), depending on the amount of shared infra:
- resources for certain objects in the proxmox api
- this creates nixpanel, and shared infrastructure

BIN
architecture-docs/application layer.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 250 KiB

1027
architecture-docs/nixops layer.excalidraw
View file

File diff suppressed because it is too large Load diff

BIN
architecture-docs/nixops layer.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 210 KiB

2052
architecture-docs/physical layer.excalidraw
View file

File diff suppressed because it is too large Load diff

BIN
architecture-docs/physical layer.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 216 KiB

946
architecture-docs/software layer.excalidraw
View file

@ -1,946 +0,0 @@
{
"type": "excalidraw",
"version": 2,
"source": "https://excalidraw.com",
"elements": [
{
"id": "DtPL2hCzDRPzq5Ctso51i",
"type": "rectangle",
"x": 243.87109375,
"y": 337.7890625,
"width": 274.20703125,
"height": 99.8203125,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "aX",
"roundness": {
"type": 3
},
"seed": 568632136,
"version": 64,
"versionNonce": 2139974968,
"isDeleted": false,
"boundElements": [
{
"type": "text",
"id": "5UTwXFUkCq2qESODJQsqQ"
},
{
"id": "TAHBKHXcDD9UuMSsGp7HQ",
"type": "arrow"
}
],
"updated": 1727101619491,
"link": null,
"locked": false
},
{
"id": "5UTwXFUkCq2qESODJQsqQ",
"type": "text",
"x": 323.3246612548828,
"y": 375.19921875,
"width": 115.29989624023438,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "aY",
"roundness": null,
"seed": 2069748296,
"version": 18,
"versionNonce": 861165640,
"isDeleted": false,
"boundElements": null,
"updated": 1727101447905,
"link": null,
"locked": false,
"text": "Applications",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "center",
"verticalAlign": "middle",
"containerId": "DtPL2hCzDRPzq5Ctso51i",
"originalText": "Applications",
"autoResize": true,
"lineHeight": 1.25
},
{
"id": "qoGVD5dskUAdrAIebkjh-",
"type": "text",
"x": 682.9296875,
"y": 269.25390625,
"width": 303.3397521972656,
"height": 250,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "aZ",
"roundness": null,
"seed": 1247642168,
"version": 102,
"versionNonce": 1661828920,
"isDeleted": false,
"boundElements": [
{
"id": "TK9sqafTNPqcDKZkFWfW1",
"type": "arrow"
},
{
"id": "TAHBKHXcDD9UuMSsGp7HQ",
"type": "arrow"
}
],
"updated": 1727101619491,
"link": null,
"locked": false,
"text": "DNS\nEmail\n+\nMastodon\nPixelfed\nMatrix\nPeertube\nEdumeet\n\nall packaged as falkes (or npin)",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "left",
"verticalAlign": "top",
"containerId": null,
"originalText": "DNS\nEmail\n+\nMastodon\nPixelfed\nMatrix\nPeertube\nEdumeet\n\nall packaged as falkes (or npin)",
"autoResize": true,
"lineHeight": 1.25
},
{
"id": "YDzmHPAT_mAJgHQMOloUz",
"type": "line",
"x": 759.25,
"y": 272.4921875,
"width": 0.7734375,
"height": 49.73046875,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "aa",
"roundness": {
"type": 2
},
"seed": 1020397112,
"version": 30,
"versionNonce": 1464270136,
"isDeleted": false,
"boundElements": null,
"updated": 1727101572526,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
0.7734375,
49.73046875
]
],
"lastCommittedPoint": null,
"startBinding": null,
"endBinding": null,
"startArrowhead": null,
"endArrowhead": null
},
{
"id": "TK9sqafTNPqcDKZkFWfW1",
"type": "arrow",
"x": 760.1703810523934,
"y": 298.4518569294183,
"width": 62.005400197606605,
"height": 0.2604506794182839,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ab",
"roundness": {
"type": 2
},
"seed": 283285048,
"version": 91,
"versionNonce": 1787796296,
"isDeleted": false,
"boundElements": null,
"updated": 1727101606356,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
62.005400197606605,
-0.2604506794182839
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "qoGVD5dskUAdrAIebkjh-",
"focus": -0.7650184483084235,
"gap": 1,
"fixedPoint": null
},
"endBinding": {
"elementId": "6wtckrQnWgmXgicwSmJM5",
"focus": 0.00366288013040744,
"gap": 7.80078125,
"fixedPoint": null
},
"startArrowhead": null,
"endArrowhead": "arrow",
"elbowed": false
},
{
"id": "6wtckrQnWgmXgicwSmJM5",
"type": "text",
"x": 829.9765625,
"y": 285.1953125,
"width": 243.29985344409943,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ac",
"roundness": null,
"seed": 186639432,
"version": 80,
"versionNonce": 1190356040,
"isDeleted": false,
"boundElements": [
{
"id": "TK9sqafTNPqcDKZkFWfW1",
"type": "arrow"
}
],
"updated": 1727101605980,
"link": null,
"locked": false,
"text": "must be at 'mail provider'",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "left",
"verticalAlign": "top",
"containerId": null,
"originalText": "must be at 'mail provider'",
"autoResize": true,
"lineHeight": 1.25
},
{
"id": "1iCrJxYo6DIhRdHB94PJM",
"type": "line",
"x": 671.40625,
"y": 272.69921875,
"width": 1.7265625,
"height": 194.84375,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ad",
"roundness": {
"type": 2
},
"seed": 281504072,
"version": 100,
"versionNonce": 2068907848,
"isDeleted": false,
"boundElements": null,
"updated": 1727101613724,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
1.7265625,
194.84375
]
],
"lastCommittedPoint": null,
"startBinding": null,
"endBinding": null,
"startArrowhead": null,
"endArrowhead": null
},
{
"id": "TAHBKHXcDD9UuMSsGp7HQ",
"type": "arrow",
"x": 522.84765625,
"y": 396.03125,
"width": 146.37890625,
"height": 30.078125,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ae",
"roundness": {
"type": 2
},
"seed": 692117064,
"version": 54,
"versionNonce": 1188759096,
"isDeleted": false,
"boundElements": null,
"updated": 1727101619491,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
146.37890625,
-30.078125
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "DtPL2hCzDRPzq5Ctso51i",
"focus": 0.48006086758013156,
"gap": 4.76953125,
"fixedPoint": null
},
"endBinding": {
"elementId": "qoGVD5dskUAdrAIebkjh-",
"focus": 0.3988198984705134,
"gap": 13.703125,
"fixedPoint": null
},
"startArrowhead": null,
"endArrowhead": "arrow",
"elbowed": false
},
{
"id": "_VH-6pKt07BTGGXlGC8Jq",
"type": "text",
"x": 1292.03515625,
"y": 220.26953125,
"width": 308.7397973537445,
"height": 100,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "af",
"roundness": null,
"seed": 791744824,
"version": 160,
"versionNonce": 105269064,
"isDeleted": false,
"boundElements": null,
"updated": 1727101667656,
"link": null,
"locked": false,
"text": "Requirement:\nalles een nummertje met legenda\n+wie verantwoordelijk\n+wie uitvoering",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "left",
"verticalAlign": "top",
"containerId": null,
"originalText": "Requirement:\nalles een nummertje met legenda\n+wie verantwoordelijk\n+wie uitvoering",
"autoResize": true,
"lineHeight": 1.25
},
{
"id": "TeDuX_7cpSFfbUet6ll7H",
"type": "text",
"x": 1184.70703125,
"y": 379.734375,
"width": 502.7596130371094,
"height": 100,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ag",
"roundness": null,
"seed": 175920440,
"version": 192,
"versionNonce": 1648258120,
"isDeleted": false,
"boundElements": null,
"updated": 1727102044144,
"link": null,
"locked": false,
"text": "Specific features (focus on stability)\n- Bulk storage on S3 (garage)\n- clear 'deploy->upgrade->decommision' cycle\n- platform allows for 'beta groups' or a/b/c-testing",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "left",
"verticalAlign": "top",
"containerId": null,
"originalText": "Specific features (focus on stability)\n- Bulk storage on S3 (garage)\n- clear 'deploy->upgrade->decommision' cycle\n- platform allows for 'beta groups' or a/b/c-testing",
"autoResize": true,
"lineHeight": 1.25
},
{
"type": "rectangle",
"version": 93,
"versionNonce": 1507135800,
"index": "aj",
"isDeleted": false,
"id": "GQXUcK4OEOjNM7Eqhxpyd",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"angle": 0,
"x": 415.880859375,
"y": 667.630859375,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 217.95703125000006,
"height": 35.89453125,
"seed": 1235492936,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"boundElements": [
{
"type": "text",
"id": "3D2wGEnZVefLc7_sJ_Xxb"
},
{
"id": "NXaJ23If0F19kM7aym0O_",
"type": "arrow"
},
{
"id": "aAjfW6qspkgB1akHlyWkH",
"type": "arrow"
},
{
"id": "WpRyIUWzENNCXqvvHZfZP",
"type": "arrow"
}
],
"updated": 1727102154833,
"link": null,
"locked": false
},
{
"id": "3D2wGEnZVefLc7_sJ_Xxb",
"type": "text",
"x": 466.63939666748047,
"y": 673.078125,
"width": 116.43995666503906,
"height": 25,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ak",
"roundness": null,
"seed": 769762632,
"version": 52,
"versionNonce": 989305160,
"isDeleted": false,
"boundElements": null,
"updated": 1727102100118,
"link": null,
"locked": false,
"text": "O -> T -> A",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "center",
"verticalAlign": "middle",
"containerId": "GQXUcK4OEOjNM7Eqhxpyd",
"originalText": "O -> T -> A",
"autoResize": true,
"lineHeight": 1.25
},
{
"type": "rectangle",
"version": 165,
"versionNonce": 1354021960,
"index": "an",
"isDeleted": false,
"id": "k1jDyY11QR5nqun68HJLF",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"angle": 0,
"x": 415.689453125,
"y": 719.982421875,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 217.95703125000006,
"height": 35.89453125,
"seed": 98287176,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"boundElements": [
{
"type": "text",
"id": "txicKELc-zOhSKOxQTsye"
}
],
"updated": 1727102103443,
"link": null,
"locked": false
},
{
"type": "text",
"version": 127,
"versionNonce": 1650848584,
"index": "ao",
"isDeleted": false,
"id": "txicKELc-zOhSKOxQTsye",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"angle": 0,
"x": 466.44799041748047,
"y": 725.4296875,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 116.43995666503906,
"height": 25,
"seed": 526169416,
"groupIds": [],
"frameId": null,
"roundness": null,
"boundElements": [],
"updated": 1727102103443,
"link": null,
"locked": false,
"fontSize": 20,
"fontFamily": 5,
"text": "O -> T -> A",
"textAlign": "center",
"verticalAlign": "middle",
"containerId": "k1jDyY11QR5nqun68HJLF",
"originalText": "O -> T -> A",
"autoResize": true,
"lineHeight": 1.25
},
{
"type": "rectangle",
"version": 148,
"versionNonce": 679569480,
"index": "ap",
"isDeleted": false,
"id": "STcNVe-lgh2prciDD69Uz",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"angle": 0,
"x": 412.177734375,
"y": 766.748046875,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 217.95703125000006,
"height": 35.89453125,
"seed": 401627208,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 3
},
"boundElements": [
{
"type": "text",
"id": "iqUN9gQ54TgyrDuoyFMzP"
}
],
"updated": 1727102108477,
"link": null,
"locked": false
},
{
"type": "text",
"version": 110,
"versionNonce": 1941774152,
"index": "aq",
"isDeleted": false,
"id": "iqUN9gQ54TgyrDuoyFMzP",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"angle": 0,
"x": 462.93627166748047,
"y": 772.1953125,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 116.43995666503906,
"height": 25,
"seed": 2009993032,
"groupIds": [],
"frameId": null,
"roundness": null,
"boundElements": [],
"updated": 1727102108477,
"link": null,
"locked": false,
"fontSize": 20,
"fontFamily": 5,
"text": "O -> T -> A",
"textAlign": "center",
"verticalAlign": "middle",
"containerId": "STcNVe-lgh2prciDD69Uz",
"originalText": "O -> T -> A",
"autoResize": true,
"lineHeight": 1.25
},
{
"id": "SPpUJbvu2CvpE4xFXoCbg",
"type": "text",
"x": 739.26171875,
"y": 669.08984375,
"width": 50.679970502853394,
"height": 125,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ar",
"roundness": null,
"seed": 123989320,
"version": 78,
"versionNonce": 45884216,
"isDeleted": false,
"boundElements": [
{
"id": "NXaJ23If0F19kM7aym0O_",
"type": "arrow"
},
{
"id": "aAjfW6qspkgB1akHlyWkH",
"type": "arrow"
},
{
"id": "WpRyIUWzENNCXqvvHZfZP",
"type": "arrow"
}
],
"updated": 1727102154833,
"link": null,
"locked": false,
"text": "P (a)\n\nP (b)\n\nP (c)",
"fontSize": 20,
"fontFamily": 5,
"textAlign": "left",
"verticalAlign": "top",
"containerId": null,
"originalText": "P (a)\n\nP (b)\n\nP (c)",
"autoResize": true,
"lineHeight": 1.25
},
{
"id": "NXaJ23If0F19kM7aym0O_",
"type": "arrow",
"x": 636.5859375,
"y": 687.05859375,
"width": 91.77734375,
"height": 2.734375,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "as",
"roundness": {
"type": 2
},
"seed": 2120885832,
"version": 56,
"versionNonce": 206681912,
"isDeleted": false,
"boundElements": null,
"updated": 1727102137262,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
91.77734375,
-2.734375
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "GQXUcK4OEOjNM7Eqhxpyd",
"focus": 0.22691204557318118,
"gap": 2.748046875,
"fixedPoint": null
},
"endBinding": {
"elementId": "SPpUJbvu2CvpE4xFXoCbg",
"focus": 0.7642924830826207,
"gap": 10.8984375,
"fixedPoint": null
},
"startArrowhead": null,
"endArrowhead": "arrow",
"elbowed": false
},
{
"type": "arrow",
"version": 59,
"versionNonce": 1518361400,
"index": "at",
"isDeleted": false,
"id": "ydi8Dr54R1ioC5Ny1iv9S",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"angle": 0,
"x": 710.7051892347587,
"y": 265.6407229135232,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"width": 91.77734375,
"height": 2.734375,
"seed": 175727160,
"groupIds": [],
"frameId": null,
"roundness": {
"type": 2
},
"boundElements": [],
"updated": 1727102139641,
"link": null,
"locked": false,
"startBinding": null,
"endBinding": null,
"lastCommittedPoint": null,
"startArrowhead": null,
"endArrowhead": "arrow",
"points": [
[
0,
0
],
[
91.77734375,
-2.734375
]
],
"elbowed": false
},
{
"id": "aAjfW6qspkgB1akHlyWkH",
"type": "arrow",
"x": 640.96875,
"y": 692.72265625,
"width": 91.53515625,
"height": 39.140625,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "aw",
"roundness": {
"type": 2
},
"seed": 258418744,
"version": 42,
"versionNonce": 983626056,
"isDeleted": false,
"boundElements": null,
"updated": 1727102150601,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
91.53515625,
39.140625
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "GQXUcK4OEOjNM7Eqhxpyd",
"focus": -0.6585011503511781,
"gap": 7.130859375,
"fixedPoint": null
},
"endBinding": {
"elementId": "SPpUJbvu2CvpE4xFXoCbg",
"focus": -0.1908834930107233,
"gap": 6.7578125,
"fixedPoint": null
},
"startArrowhead": null,
"endArrowhead": "arrow",
"elbowed": false
},
{
"id": "WpRyIUWzENNCXqvvHZfZP",
"type": "arrow",
"x": 633.93359375,
"y": 691.86328125,
"width": 99.33984375,
"height": 90.4296875,
"angle": 0,
"strokeColor": "#1e1e1e",
"backgroundColor": "transparent",
"fillStyle": "solid",
"strokeWidth": 2,
"strokeStyle": "solid",
"roughness": 1,
"opacity": 100,
"groupIds": [],
"frameId": null,
"index": "ax",
"roundness": {
"type": 2
},
"seed": 248592696,
"version": 47,
"versionNonce": 1083058744,
"isDeleted": false,
"boundElements": null,
"updated": 1727102154833,
"link": null,
"locked": false,
"points": [
[
0,
0
],
[
99.33984375,
90.4296875
]
],
"lastCommittedPoint": null,
"startBinding": {
"elementId": "GQXUcK4OEOjNM7Eqhxpyd",
"focus": -0.7938960596563331,
"gap": 1,
"fixedPoint": null
},
"endBinding": {
"elementId": "SPpUJbvu2CvpE4xFXoCbg",
"focus": -0.9258394742107856,
"gap": 5.98828125,
"fixedPoint": null
},
"startArrowhead": null,
"endArrowhead": "arrow",
"elbowed": false
}
],
"appState": {
"gridSize": 20,
"gridStep": 5,
"gridModeEnabled": false,
"viewBackgroundColor": "#ffffff"
},
"files": {}
}

18
meeting-notes/10-01-24 Weekly Meeting Notes.txt
View file

@ -1,18 +0,0 @@
Attendees: Eric, Kevin, Koen, Valentin, Hans, Ronny, Roberth
* Taeer and Koen reinstalled Pixelfed, and it's running now
* Will test today
* Introducing Eric from NLnet
* Assists grantees who have difficulties meeting their deliverables
* Side note on meeting notes: would be great to have a proper Wiki so ephemeral project information is easier to manage
* Juerd Waalboer from Procolix can set one up, Koen will ask
* Koen and Valentin discussed the health of the Nix community and how we can support it
* Ronny participated in Koens in-erson presentation on the project
* Some attendees wanted to know more details about the architecture
* Koen: Should probably set up a public webinar just for the architecture
* Koen will get VPN access to Tweag today
* Next thing Valentin will do is sort out short-term and mid-term goals, and werite down who has to do what when
* Propose to have a monorepo until the separate projects are mature enough to split out, central issue tracker, wiki for meta things; one source of truth for everyone to look at and know at a glance what everyone else is doing
* Robert: May not work well with NixOps4, have many issues independent of Fediversity
* Valentin will think about how to deal with that
* (Koen made an introduction of the architecture for Eric)

34
meeting-notes/2024-009-19 standup notes.md
View file

@ -1,34 +0,0 @@
Attendees:
Procolix
- Koen
- Laurens
- Kevin
- Hans
Tweag
- Valentin
- Bogdan
- Nicolas
- Taeer
**Notes**
We now have a working cluster
- Also a network storage
Koen, Laurens, and Ronny had a long discussion on Wednesday 2024-09-19
- tl;dr made an architecture diagram of what's been discussed Monday/Tuesday
On Tuesday, Robert explained in detail to Valentin and Nicolas how NixOps4 is supposed to work, what state the code is currently in, and what exactly are the plans for the future
- We (roughly) agreed that it's good enough to start integrating
Robert should start building a rudimentary Proxmox provider
- Until that is done, Tweag will supply an example configuration and development environment for deploying VMs via ISO installer
- This will be an extension of the official tutorial: [https://nix.dev/tutorials/nixos/provisioning-remote-machines](https://nix.dev/tutorials/nixos/provisioning-remote-machines)
Planned for next week
- Koen wants to set up Edumeet for next week
- Valentin will take care of knowledge management starting October so it's easier to have everyone informed at all times
- Nicolas and Kevin will discuss setting up CI on Friday

50
meeting-notes/2024-09-16 meeting notes.md
View file

@ -1,50 +0,0 @@
Attendees:
- Tweag
- Bogdan
- Nicolas
- Valentin
- Procolix
- Hans
- Koen
- Kevin
- Laurens
- Robert
- NLnet
- Ronny
**Notes**
- Koen put together concept documents:
- software stack: [https://git.fediversity.eu/Fediversity/meta/src/branch/main/Fediversity_software_stack.md](https://git.fediversity.eu/Fediversity/meta/src/branch/main/Fediversity_software_stack.md)
- target audience: [https://git.fediversity.eu/Fediversity/meta/src/branch/main/Fediversity_target_audience.md](https://git.fediversity.eu/Fediversity/meta/src/branch/main/Fediversity_target_audience.md)
Koen's primary goal for the next months is to achieve consensus
- In the past, too many open source projects went into conflict about who is doing what
- No objections to the general direction
- Postponed discussing details to later in the meeting
Robert drafted an outline of how NixOps4 deployments would work: [https://git.fediversity.eu/Fediversity/meta/src/branch/main/architecture-docs/NixOps4-based-installation-process.md](https://git.fediversity.eu/Fediversity/meta/src/branch/main/architecture-docs/NixOps4-based-installation-process.md)
Koen proposes the following procedure, suggested by Ronny:
- daily meetings/standups (16h?)
- Ronny: timebox it to 15 min and have a strict agenda
- weekly 'how are we doing' longer sessions
Valentin:
- Tweag+Procolix engineers meet to try a full deployment of Pixelfed
- Deliverable: List of things to do to make it smoother
- Valentin has many questions on risk assessment of the R&D aspects of e.g. the GUI (portal)
- Koen will put in text 'why do we need a GUI' and 'risks'.
Laurens: Should we get Nordunet into the dailies?
- Koen: Let's wait for Erik to discuss with his team
- He'll get back to us Tue/Wed
Valentin asks to have Nordunet an outline how they will communicate progress with everyone else, which format, frequency, how to get notified, ...
- Ronny: Universities/public sector organisations may be interested in more than just Fediversity things (such as Nextcloud). If we put more packages into the pool, we may be more of a turnkey solution for them.
- Koen: This would be to discuss with Erik, he seemed enthusiastic.
- Side note: they would like Edumeet

28
meeting-notes/2024-10-01 standup notes.md
View file

@ -1,28 +0,0 @@
Koen:
- Have a pixelfed server
- part of the admin interface is broken
- next: re-install from scratch
- Had a discussion with Laurens about all the different projects
- Pixelfed is developed only by Daniel who seems not particularly keen on letting others in
- Mastodon is a more mature product, 4 developers with an organisation around it
- Oriented around Kubernetes
Peertube is backed by Framasoft, 12 people, but the frontpage has a disclaimer that it's a side project
- Laurens: 1 frontend, 1 backend developer active
- State of Matrix is completely unclear
- Same people working on multiple seemingly competing things (Element, Synapse, Conduit, Conduwit, ... ???)
- NLnet prefers funding individuals, which often leads to funding one-person projects
Niols:
- With Kevin tried to migrate Pixelfed from the Nixpkgs version to the Fediverse version
- Not just a mySQL, also Redis (which is more than just a cache) but also files on disk...
- It was painful but valuable information future
- Now have a working CI
- Will be away starting Wednesday, back next Tuesday
Robert:
- Have run NixOS with NixOps
- Need to clean up the CLI a bit, then should be ready for initial testing next week
Valentin:
- Public holiday on 2024-10-03 in Germany

43
meeting-notes/2024-10-02_ec-meeting.md
View file

@ -1,43 +0,0 @@
## Progress report
Attendees: Koen, Ronny, Valentin, Jean-Luc Dorel (European Commission)
* Working website at fediversity.eu
* Set up a Git repository
* Will be restructured for more clarity
* Set up Mastodon and Pixelfed, Pixelfed planned
* Working on deployment automation that will be shared
* 45 grant proposals for Fediversity projects
* 547 total proposals for the NLnet October deadline
* It will take until end of December for selection, 4 reviewers
* Cannot disclose preliminary survey due to impartiality requirements
* Koen met Walter (CEO of NORDUnet) and Erik Kikkenborg (our new contact for Fediversity)
* Got declarations of intent from 3 universities
* Discussed to offer all of the projects in the proposal, as well as
* Edumeet
* It's quite new but can completely replace BigBlueButton, more open
* Developed and adopted by NORDUnet
* Allows us to connect Geant, since they're also very interested
* EduVPN (https://www.eduvpn.org/client-apps/)
* Will help us connect with SURF (https://surf.nl), talked with Wladimir
* Nextcloud
* The nordics still use Owncloud, this might help them switch to more open software
* We may be able to connect the new applications to the fediverse
* Recording videos with Edumeet you can publish them on Peertube and publish them in the fediverse
* This makes it easier for institutions to see all the projects
* Jean-Luc: This sounds like a digression. The project is primarily about the fediverse, please keep that in mind.
* Please document whatever you do and make sure it's reproducible
* Koen: These are very important to get the universities on board, and opens up future opportunities to transition them to FOSS and fediverse
* Changes in personnel:
* Matthias left Tweag
* Taeer joined the project, will soon leave
* Valentin and Nicolas joined recently
* (brief explanation of the role of Nix and NixOS)
* (discussion of advantages and drawbacks of the computational approach Nix takes)
* We will nixify the pilot applications
* We have chosen Proxmox is an intermediate layer to programmatically create virtual machines and virtual networks
* There's an NGI-funded project that allows deploying Proxmox with NixOS
* This will help involve people who are already hosting with Proxmox
* Jean-Luc: What about EDPS (https://www.edps.europa.eu)? They could be a downstream "customer" for the project.
* They need a data protection impact assessment of Mastodon
* Koen: Remy will pick this up

20
meeting-notes/2024-10-07 standup notes.md
View file

@ -1,20 +0,0 @@
Attendees: Hans, Kevin, Laurens, Koen, Ronny, Valentin, Robert
Koen:
- Together with Juerd installed Mediawiki with Nix
- In short, it was a lot of pain
- Together with Kevin finished the VPN setup
- EduVPN is not packaged for NixOS yet
Valentin:
- Started looking in detail at tactical implementation planning, ran into a bunch of detail questions
- General idea: Wire everything up with Nix and remove all the excess code so it's easier to understand and work with
- Met with Ronny to discuss mid-term strategy
- Brought up the idea to deploy something that "doesn't scale"
Koen: myprotagio.nl is already somewhat far progressed, need to integrate that
- Will put up the source on Forgejo
- Let's call it "ordering portal"
Robert:
- Working on NixOps to make it usable for a multi-node config

25
meeting-notes/2024-10-08 standup notes.md
View file

@ -1,25 +0,0 @@
Attendees: Ronny, Eric, Koen, Nicolas, Laurens, Kevin, Hans, Valentin, Robert
* Valentin: Got stuck making a pure website build
* Hugo is impure, fetches plugins during the build. Have to think about it
* Ronny: Would be good to show the meeting notes on the website
* Valentin: Possible, but can also use the wiki, shouldn't matter
* Koen: Mediawiki NixOS module needs changes to get more predictable
* Apache and nginx deployments behave differently
* Hans found that the nginx module changed in 24.05 against 23.11 which seems to break some gzip settings
* This breaks Matrix workflows such as verification
* Kevin met difficulties separating the network into an internal and external part in Proxmox
* If the Proxmox host has access to the internal management interface, you have to completely rebuild the cluster and change the VPN accordingly
* Robert: NixOps should be ready to try deploying multiple machines
* Koen:
* Met Erik Kikkeborg from NORDUnet
* Aligned on how to proceed with EduMeet
* Erik will meet with his steering group of application managers (one level above IT departments), which should result in increase participation of univiersities
* Met with EDPS; they started a Mastodon (EU voice) and Peertube (EU video) pilot
* This apparently was lacking coordination, which led to a premature end of the pilot
* Next attempt will have a contract with their management and the implementing organisations
* The contract can be used as a template for future participating organisations
* Met with Ronny to iterate on the roadmap
* Conclusion: Have to clarify how we spend the money so our next report to Jean-Luc can be more focused. This will include tighter coordination between partners. Procolix needs a project manager on-site to keep track of progress.
* Will post updates on that in two weeks
* There's a possiblity to add a "hop-on partner" in spring 2025, asking for additional grant money

20
meeting-notes/2024-10-09 standup notes.md
View file

@ -1,20 +0,0 @@
Attendees: Kevin, Koen, Ronny, Valentin, Nicolas, Robert
* Koen:
* Will give Valentin admin access to the wiki
* Collected feedback internally and will come up with a job description for a project manager
* Will meet with the EU OSPO
* Will gather info on online office options
* Will go to the LibreOffice conference for two days -- goals?
* Ask Remy to 'sit with' Valentin to pick up some project management tasks until we find someone.
* Valentin figured out how to get Hugo modules to build purely, will reconstruct the website with less junk
* Kevin:
* Set up the VPN at https://vpn.fediversity.eu
* Will write down how it's configured and put it into the wiki
* Next will set up an LDAP
* Nicolas:
* CI now runs, Kevin had set up a NixOS runner, Nicolas figured out how to make actions run natively on it
* We have a workflow file to build the NixOS configurations and run the already defined tests: https://git.fediversity.eu/Fediversity/simple-nixos-fediverse/pulls/25
* The machine we have access to fails the tests though, probably because it's too slow (~45 minutes to run a test that runs in <10 minutes on Nicolas and Taeer's machines)
* Robert started work on improving logging in NixOps
* Will meet with Nicolas to try a deployment, find the worst problems to solve first

11
meeting-notes/2024-10-10 standup notes.md
View file

@ -1,11 +0,0 @@
Attendees: Laurens, Valentin, Ronny, Robert
* Robert: No updates, Nicolas is busy with a different project
* Planning to meet tomorrow
* Valentin
* Contacted Remy
* Spent more time simplfiying the website building code
* Not sure if it's worth continuing, [Brandolini's law](https://en.wikipedia.org/wiki/Brandolini%27s_law) is hitting hard
* What to do?
* Ronny: Start from scratch and recreate the design with fewer moving parts
* Laurens' contract ends in October, will continue with different Fediverse things

14
meeting-notes/2024-10-11 standup notes.md
View file

@ -1,14 +0,0 @@
Attendees: Valentin, Hans, Kevin, Ronny
* Valentin:
* Didn't have time to spend on the website
* No access to the wiki yet
* No answer from Remy yet
* Kevin:
* No progress on LDAP, was busy with a client
* Will continue today
* Hans:
* Didn't get to do much
* Valentin: I'm available for support
* Ronny:
* For Valentin: specify requirements for the project manager role

23
meeting-notes/2024-10-14 standup notes.md
View file

@ -1,23 +0,0 @@
Attendees: Kevin, Laurens, Koen, Valentin, Nicolas, Robert
Koen:
- Talked with many people about the PM role, got consistent advice to collect requirements from participants
- Please everyone send a short list until Thursday
- Conference had ~50 attendees
- Organized by Paolo Vecchi ([https://openuk.uk/profiles/paolo-vecci/](https://openuk.uk/profiles/paolo-vecci/)); interested in our infrastructure setup
- Talked with Michael Meeks, CEO of Collabora Online ([https://www.collaboraonline.com/](https://www.collaboraonline.com/))
- Conclusion: We should use Collabora Online, they are fully open source with the business model oriented around paid support
- Found potential partners to run our software
- Found Passbolt ([https://www.passbolt.com/](https://www.passbolt.com/)), a from-scratch fully open key management solution (run by a [different] Kevin Muller)
Kevin: Kept struggling with the LDAP setup
- Can create the accounts manually for now
Koen: LDAP can eat a lot of time, maybe we should put up a job posting to find a developer who would add LDAP (or generally, RBAC/SSO support) to projects we use
- Everyone I talk to asks for this
- It would be the holy grail of such an offering, but it's not trivial to do
Ronny: Centralised identity management and SSO are separate things. There seems to be no fully open source SSO solution that supports 2FA (especially SMS) yet
Valentin: Re-implemented essentially what Hugo/Jekyll do in 700 LOC of Nix
- Needs a bit of cleanup and then will reconstruct the design

14
meeting-notes/2024-10-15 standup notes.md
View file

@ -1,14 +0,0 @@
Attendees: Hans, Valentin, Laurens, Koen, Ronny, Kevin
* Koen:
* Talked with NLUUG board member Björn; could help us with communication Nov-Mar
* Should be a smooth transition from Laurens to Björn
* Ronny:
* Not a lot of projects in the identity management field, those which are have a commercial addon
* We have a person in our network keen on the topic, maybe they have a solution or can give a pointer
* Robert:
* Valentin and I looked into the site generator yesterday and we discussed state handling in NixOps
* Valentin:
* Will finish the Nix-static-site-generator templating engine and then on vacation for 2 weeks, return on 2024-10-30
* Kevin:
* Gave VPN and Proxmox access to everyone who asked
* Now busy documenting everything

354
meeting-notes/Notes fediversity meeting NLnet - OID.md
View file

@ -1,354 +0,0 @@
Meeting OID-NLnet
2024-09-19
Aanwezig:
- Koen de Jonge (KJ)
- Laurens Hof (LH)
- Michiel Leenaars (ML)
- Ronny Lam (RL)
Notulen
KJ:
in juni duidelijk geworden dat we proxmox gebruiken voor project
Robert is academisch qua denkwijze, maar wat robert aan het maken is, is wel wat we nodig hebben. Dit is het stuk wat we gebruiken om automatisch deployments te doen
ML: robert staat op payroll van oid?
KJ: Ja, Taeer staat op eigen payroll, dus die zitten wat anders te doen
ML: het plaatje moet helder: wat doet de hosting panel, wat doet de hosting
nodig beschrijven wat de functionele eisen
KJ: vorige week in auto met KJ en Robert helder kunnen krijgen hoe dit te doen
hebben een maandlang gesproken over gebruik kubernetes
nu elke dag standups, maar dat implementeren is nog een uitdaging
ML: In welke rol is Valentin onderdeel van project geworden?
Koen: was ook voor mij onverwacht, want hij kwam hier sinds augustus ingerold,
na maand break (vakantie+ziek) onverwacht matthias+taeer+jime plotseling weg (en theophane al eerder weg). nu opeens valentin+nicholas
KJ: valentin wil heel hard vooruit
hierdoor weer opnieuw uitleggen waarom geen docker gebruiken
RL: dat was het voordeel van een requirement document geweest
ML: geen docker want containers niet genoeg security
KJ: nu oplossing voor geen docker gebruiken gevonden,
eerst stond in document dat we tegen Big Tech zijn. nu er uit gehaald en geformuleerd dat we pro-open zijn
als je docker gebruikt draag je bij aan het docker-ecosysteem, en daarom niet voldoende pro-open
dit is een gesprek wat je niet wil voeren want kom je in anti-capitalisme systemen
je kan het ook positief formuleren: er zijn ook linux alternatieven, en ons project wil juist bijdragen aan het verbeteren van dit ecosysteem
ML en KJ eens dat het beter is als positief te formuleren (bijdragen aan ecosysteem) dan als docker-bad
KJ: Renaud Chaput is enorme k8s fan, en gebruikt dit voor mastodon.social , en mastodon documentatie is hier op ingericht en gaat er vanuit van gebruik van k8s
KJ: quote valentin: je wil niet gevecht met upstream aangaan om nixos te gebruiken
ML: je wil niet mastodon maar GtS
KJ: het is mijn fout om teveel te focusen op nixos, want fighting upstream
KJ: als je met taeer en robert in een groep zit dan kom je makkelijk op gedachte 'alles met nixos en nixops', en dat is de holy grail
ML: wij duwen niet nixos, maar wij bieden het gratis aan. maar staat je vrij andere distro te gebruiken, maar dan regelen we de package niet. voor nixos biedt nlnet wel package aan
KJ: als je gevecht met upstream aangaat, voelt de dev ook in een gevechts modus
KJ: nu makkelijker door proxmos te volgen en stukken buiten scope te verklaren
KJ: om goed te laten werken met fediversity moet bulk storage met S3 geschreven worden anders past het niet goed in ons project. dit is momenteel alleen mastodon, andere software packages niet
KJ: eerst waren we alleen nixos, maar daar stappen we nu vanaf door ook proxmox gebruiken
proxmox is nu wel gepackaged voor nix, maar we moeten hebben over busfactor. is nog onduidelijk of dit onderhouden blijft
RL: is proxmox op nix uberhaupt wel nodig?
wel rekening houden met business model van bedrijf achter proxmox, want dat lijkt niet goed met nixos aan te sluiten
ML: als je packages serieus wil nemen kan support niet op uurtje-factuurtje doen en heb je nodig dat er full support is die betrouwbaar
KJ: proxmox op nixos gaan ze zelf niet doen want zijn veel te druk met allerlei andere dingen en nu eindelijk geld verdienen
ML: packagen van proxmox op nixos heeft 2 mensen een maand gekost om te doen
KJ: is er dan een team dat het bijhoudt
RL: ik word er ziek van, dat we nix door alles heen aan het pushen
KJ: ik ben er ook vanaf dat het overal nixos is
onderste laag op proxmox die doet het gewoon
KJ: ik heb geen goed voorbeeld voor elk van onze software die op nixos werkt nu
ML: in mijn visie hebben we hier tweag voor om deze software op nixos te laten packagen
KJ: dan zit je met onderhoudsprobleem, wil blijft de updates doen
als de developers niet zelf nixos gebruiken dan gaan ze niet maintainance voor packages doen
RL: maintainance is een heel erg groot probleem zegt valentin, want is geen geld voor en te weinig vrijwilligers
KJ: gaat alleen werken als het primair op nixos developed wordt
KJ: we hebben 10 packages en die moeten we simpelweg aan zoveel mensen gaan leveren
maar wil nixos naar buiten communiceren, maar dit levert een spagaat op
maar voor we er zijn bij de holy grail (alles op nixos) gaat nog wel 10 jaar duren
RL: als je een goed geschreven manifest hebt is dit te doen
ML: "we zijn een research project, dus research is cruciaal onderdeel van project". dus ook praktsiche resultaten, maar ook contribution aan daadwerkelijk research
KJ: we hebben nu aantal componenten die we van ergens anders pakken, want dat werkt gwoon
moeten zorgen dat we neerzetten nu daadwerkelijk werkt, en dat het voor mensen vertrouwd is en gewoon kennen
daarom proxmox want iedereen kent dat, veel meer dan docker of k8s
hierdoor veel makkelijker te gebruiken gewoon voor developers thuis met een raspberry pi. natuurlijjk
ML: ontwikkelaars, is dat onze doelgroepn?
KJ: ik wil eindgebruikers ondersteunen, maar om daar te komen heb je support van developers nodig. want die heb je nodig dat ze gaan ontwikkelen voor panel, zodat die devs gaan zeggen 'pak maar dit nixpanel', want dan heb je het zo draaiend
ML: heb je wel eens naar nixpacks gekeken, want dat is wat concurrenten aan het doen zijn
wordt gedaan door railway, aantal grote concurrenten zijn dit inmiddels gaan gebruiken
KJ: valentin is heel hard aan het zoeken of we hier niet wiel opnieuw aan het uitvinden
ML: voor het panelstuk, is daar iemand nu mee bezig
KJ: nee, tot nu niet. dat gaat nicholas doen, op basis van my.protagio.nl
(demo hiervan voor ML)
KJ: gemaakt door procolix (bram, koen van de kolk en iemand uit turkey en rogier, en lei van bureau moeilijke dingen). geschreven in toolkit, maar naam vergeten
basisversie hiervan is geimplementeerd, en dit aan nicholas geven
ML: is dit getest?
KJ: niet formeel
zon paneel moet altijd 2 dingen hebben: DNS zone en een mail server. applicaties gebruiken email voor verificatie
my.protagio.nl is al geinternationaliseerd
ML: is dit eindgebruikerspanel?
KJ: eindgebruiker, maar kan ook als reseller
concept reseller helemaal buiten beschouwing gelaten
in KJ visie heb je allemaal microcloudproviders, en die zijn de reseller
ML: is afhankelijk van hoe aggresief je installatiemodel is
KJ: degene die de techniek doet moet je ook de verkoper zijn, want op kleine schaal kun je niet veroorloven dat er split is tussen sales en tech guys
KJ: je moet willen dat het kleine organisaties hebt: 2 techneuten, 2 eindgebruiker ondersteuners, 1 verkoper, 1 finance personen. en daar wil je dan van elke stad een organisatie van draait
ML: wat als je dit wil doen in steden zoals kinshasa waarin er geen 24u stroom is
ML: als je de last mile goed wil doen wil je wel nog trusted partners hebben
KJ: die verdient zn geld dan op andere manier dan leveren dan de dienst
zodra je resellers in gaat bouwen krijg je een capitalistisch model en kom je uiteindelijk op hyperscalers uit
ML: even gemist
KJ: ik heb business model voor bedacht als je bedrijf te groot wordt kun je gewoon het bedrijf in tweeen splitsen en verder gaan
wie betaalt packages
de community er om heen
je kan wel heel veel klanten hebben maar die gaan snel weg als packages niet goed zijn
maar als je veel klatnen hebt kun je wel 2 engineers in dienst nemen voor packages
KJ: maar probeem hebben we niet want wij worden de grootste in nederland en wij gaan dit wel doen
tuxis (?) komt er wel bij in NL maar
framasoft gaat dit dan ook doen, maar dan alleen voor eigen klanten
en als dan andere klanten in frankrijk komen die worden dan zo groot dat ze dan met ons gaan samenwerken
ML: ik wil wel service portability
KJ; maar dan krijg je geen support meer, maar dit is wel goed
ML: referentie naar film waarom die service portability zo belangrijk is
KJ: migreren kan met mastodon, maar doet wel zeer want dat kost nog wel uurtje om te doen
ML: de naadloze switch is de killer feature, de propositie moet heel strak zijn:
heel breed, betaalbaar en stabiel
KJ: terug naar discussie
in communicatie nadruk leggen dat we dit met NixOS gaan doen. want wil niet dat mensen andere distros gebruiken, maar nixos
snelle releases bij mastodon is te ondervangen met flakes en npins
nog steeds wel plan on in VMs een k8s cluster bouwen want dat schaalt
want daar
ML: het doel is om een technisch sluitende oplossing te maken
KJ: onderdeel van pilot is ontwikkeling van business model
KJ: voorjaar 2025 gaan we dienst leveren
moeten nu snel zijn want mastodon gaat nu al beetje dood, want mensen gaan nu al naar bluesky
groene amsterdammer sterk overwegen om te stoppen met mastodon want duurt wel erg lang voor het aanslaat
staat tegenover dat de correspondent en rob wijnberg hier wel open voor staan
KJ:
voor hosting zijn we het research project aan het doen
subgrantproces steken we ook vooral hier voor in
voor het public organisations deel werken we samen met nordunet en gaan we de validiteit van de fediverse promoten.
daar koppelen we nu heel hard edumeet aan, want dat heeft niemand en sluit gaat aan
Eric kikiborg zit hier hard achteraan. Lars was niet bereikbaar
in ijsland 2 uni en nren, en 3 unis in finland, en 2 unis in zweden, deze hebben wel interesse
mensen wisten helemaal niet van fediverse, maar door onze promotie nu wel
wat we nu in nordics gaan doen, daar hebben nu de kans om in 1x te laten zien dat het werkt
Ronnie: wat daar interessant zou zijn daar ook nextcloud en mail meenemen, en peertube
KJ: Eric Kikiborg is trekker van edumeet project, waarmee heeft voorsprong heeft op BBB, want werkt veel beter
ze hebben geen manier om te deployen
we kunnen hier servers klaar maken en opsturen zodat het daar in rek gehangen kan worden
gelijk ook mogelijkheid om dan nextcloud en peertube te implementeren
evt libre/onlineoffice? britse team vs duitse team voor online editen bij online office
KJ:
grootste gedeelte van project gaat naar hosting, dat is de hosting van de future
in de nordics gaan we aan unis die nu mee willen doen gaan we dit leveren, en geven wij geld om uit te rollen opd e universiteit. dit betalen we vanuit nordunet budget
eric begrijpt dit, en lars niet
ML: gaat ook om details zoals hebben van een webmail client
RL: stalwart heeft ook geen webmail client
ML: dit is wel belangrijk want anders haken mensen af als je geen webmail client hebt
ML: platform is voor frank (?) heel veel waard
want met zon packaged deal maakt het veel makkelijker om binnen te komen bij andere organisaties
KJ: om dit te kunnen realiseren moet de hosting stack af zijn
proberen om dit los te koppelen zodat dit niet te grote barriere is voor hosting dat het nu klaar moet zijn
ML: panel moet gewoon goed zijn en binnen kwartier naar de klik moet je server af zijn, zodra je klikt
KJ: dit kan alleen als hosting stack af is
KJ: dit is niet zover weg, hopelijk maart april mei 2025
KJ: maar we willen nu al contact leggen met nordunet, zodat we nu al gebruikers krijgen in de nordics, zodat we kunnen laten zien af is
RL: voor het helemaal af is, dit moet zo snel mogelijk (nov) mee beginnen
Nu gelijk al onboarden met een fediverse server
en proces om te automatiseren komt hierna pas
KJ: wel in kleine aantallen, iets van 20 instances
dus nog niet alle subfaculteiten enzo, dat pas in loop van volgend jaar
ML: die autonomie is waar het nu aan ontbreekt
KJ: waar dit nu om gaat is dat de mastodon groei doormaakt
want in NL gebeurt is dat de groene amsterdammer en NPO afhaakt, omdat ze binnen 5 maanden resultaat willen zijn
ML: samenvatten als fake it till you make it
KJ: negatief maar wel correct
KJ: de nordics krijgen geen panel
ML: forms server is wel belangrijk en toegevoegde waar
zijn twee opties: liberaforms (is gepackeged als nix).
KJ: willen medische wereld uit project trekken
RL: die frontend die is er al, dat dit in eerste instantie een maitlje wordt is prima, zolang je maar niet belooft dat in een kwartier klaar is
KJ: we maken een mockup app store die functioneert als frontend
ML: wel duidelijk maken dat we panel maken, en screenshot hiervan laten zien
KJ: op nordunet helemala geen hosting en panel en nixos helemala niet genoemd
zijn 2 mensen op conferentie, procurement en glasvezel mensen
ML: Jan Mijer heeft alle connecties binnen nordunet, is ambassadeur en filesender is zijn baby. als filesender er bij zit dan gaat hij heel hard lopen
ML: filesender is enorme storage hog en mensen besteden dat heel erg graag uit
KJ: we kunnen evt op netherlight koppelen, maar dat kan evt met eric geregeld worden
ML; handig binnen NRENs te hebben wat dat vinden mensen binnen nrens heel erg belangrijk
RL: zijn nu met horizon dingen bezig, maar hoe nu praktisch aan de slag
daily standup al genoemd. moeten soort van scrum-achtig gaan werken
sprints van twee weken gaan verzinnen
KJ: spritns invoeren al wel eerder geprobeerd
RL: weten waar we heen willen, moeten backlog hebben
ML: hebben roadmap nodig
ML: niet zo van de sprints
RL: wat hebben we afgelopen 2 weken gedaan
KJ:
ML: wij zijn niet zo van matrix, vinden het een suspect project, gaan hun eigen course met VC dingen, komt uit israelisch security site
zetten hierom dus in op xmpp
gebruiken zelf dus ook, intern gebruiken we snikket. movim als webclient
probleem is matrix doet sommige dingen wel heel goed, wel unified ding
in tegenstelling tot xmpp
---
lunchbreak
---
Doorspreken van product schema
KJ: hardware kant
in netbox installeer je wat er staat, installeer je bootstrap, en dan deployed ie op de servers. deployed dan ook s3 garage storage dozen
dit zit dan aan het internet en hoef je hier niet meer zorgen over te maken
ML: wat als 1 vd server stuk gaat, hoe ziet het fallback systeem er uit
RL: de data staat in s3 garage
in de VM staat alleen ram en cpu
als er iets dood gaat, dan kan dit vervangen worden vanuit monitoring door andere vm naar garage s3 te laten verwijzen
RL: voor repliceerbaarheid is wel van belang om te beschrijven hoe de hardware configuratie er uit ziet zodat anderen dit over kunnen nemen
KJ: vervolgens API om VMs en linux containers te kunnen maintainen
nadeel van containers dat je ze moet herstarten
KJ: hiermee hardware gedeelte afgestemt, nu monitoring laag
---
NixOps zorgt dat het draait volgens configuratie
configuratiedatabase is iets anders dan netbox, is een nix hosting database
zit een api in die de state van alles bijhoudt
deze api praat met frontend, en die start alle VMs
RL: waar je nog rekening mee moet houden is de IP management
KJ: uitdelen van IPs zit in Nix Hosting System
Nix Hosting systeem bestaat uit
- storage plek met hoge data
- state in de gaten houden
- declaratie vaan hoe hoe werken kan ontvangen
- Nix Hosting systeem staat los van de applicaties
- wete hoe verkeer en data geroute moet worden
RL: is het altijd s3 of kan het ook ipfs zijn
verantwoordelijkheid voor snapshots ligt bij de applicatie, niet bij de infrastructuur
nixops is vergelijkbaar met ansible
---
appplicatie layer
voor elke applicatie van te voren bepalen per feature bepalen welke feature/modules wij beschikbaar stellen. bepalen van modules gebeurd op basis van stabiliteit
gaan een OTAP straat bouwen. OTAP straat draaien per software versie die we aanbieden
alles wat bulk storage is wordt in s3 opgeslagen
als een applicatie dat niet kan dan passen we aplicatie aan of laten applicatie aanpassen
dingen waar dat niet kan, zoals mariadb onder mastodonserver
ML: zorgen dat je eigen copy hebt, alle blobs, van alle software die fediversity aanbieden
ML: DNS is over hoe de structuur van je aplpicatie in elkaar zi, moet als onderdeel van Nix Hosting Systeem
---
grants:
elge en johan gaan iets indienen voor monitoring applicaties van de buitenkant of ze juiste standaarden gebruiken
auke en sjoerd gaan iets indienen om solid op fediversity te draaien
---
identiteitsmanagement: overal oauth
probleem bij ldap is dat het nergens is ingebouwd, maar overal is tegenaan geplakt
ook gebruiken van yivi omdat we dat nu eenmaal hebben
ML: evt Opaque als standaard voor secure login
---
om te zorgen voor voor sneeuwbal is het ook belangrijk om duidelijke branding mee te nemen
zodat het duidelijk is dat het niet een gewone mastodon server is m aar dat het een fediversity server is
---
ML: backup servers as extra service toevoegen, want sluit goed aan bij wensen van eindgebruikers, net als VPN
RL: kunnen dit dan ook aanbieden cold storage