3.3 KiB
3.3 KiB
graph TB
Core[<b>Core-services</b><br/><small>DNS<br/>Email<br/>identity_management<br/>secret_management<br/>authentication<br/>SASL</small>]
subgraph Management
A[Nix-panel] --> I
Z[(central database<br/>Netbox)]--> B[Orchestrator<br/>NixOps] --> D[Proxmox]
B --> E[Nix-configuration]
B --> G[DNS]
B --> F[Email]
B --> J[Garage]
B --> H[IdentityManagement]
I[Nix-Panel API] --> Z
H --> I
end
subgraph Hardware
Systems[<b>Systems</b><br/><small>Storage<br/>Networking<br/>Operating-system<br/>Virtualization</small>]
Storage[<b>Storage</b><br/><small>exclusive_filesystem<br/>shared_blob Garage<br/>zfs</small>]
end
subgraph Virtualization
Nixos[<b>Nixos</b><br/><small>Application</small>]
LinuxOS[<b>LinuxOS</b><br/><small>Application</small>]
Services[<b>Services</b><br/><small>Edumeet<br/>NextCloud<br/>secure_document_collaboration<br/>Forgejo<br/>webmail<br/>HedgeDoc<br/>project_planning</small>]
FediServices[<b>FediServices</b><br/><small>Matrix<br/>Pixelfed<br/>Peertube<br/>Mastadon<br/>Owncast<br/>Castopod<br/>activityPub</small>]
end
Systems --> Storage
Hardware --> Virtualization
Virtualization --> Hardware
Services --> Core
FediServices --> Core
Core --> Hardware
Nixos --> Services
Nixos --> FediServices
F --> Core
G --> Core
J --> Storage
D --> Virtualization
E --> Nixos
H --> Core
- human-centric
- easy, automated, replication and migration to different datacenter provider
- blob storage replicated generically
- files on the exclusive filesystems replicated via application-aware process, e.g.:
- asynchronous, but "live" database replication
- shutdown app then rsync directories
- ZFS replication and snapshot-ing
- Strengths, Weaknesses, Opportunities, and Threats awareness for all apps
- Not everything needs to start on Nix, NixOs, or with NixOps
- Do not use "Open Core"
- GitLab
- Dovcot
- Zimbra
- LXC containers (not Docker-style)
- zfs-snapshots + replicatie (send/receive)
- s3 replicatie naar 3rd party
- locatie-mirorring? (buiten scope?)
- (maar dan Linstore op zfs)
Working session: Architecture discussion
Attendees: Robert, Valentin, Koen, Kevin
- Robert: NixOps should handle backup creation and restore, since it knows all the details for that
- There will be an interface to plug Nix expressions with scripts that can access all the resources
- Once should be able to build domain-specific applications around that
- Valentin: Backups seem to be morally equivalent to deployments "to a file"
- Koen walked us through myprotagio.nl
- Kevin will share source code with Valentin
- It's a role-based-permission and billing UI wrapping PowerDNS, Postfix Admin, and InvoiceNinja
- Written in Laravel and Tailwind
- To build a UI for deployment we'd primarily need a REST API to a database
- Primary work would be to do the architecture and design
- Valentin: Maybe we could add just the APIs for the deployment workflows from a completely new service, and connect the front-end to that
- Won't have to touch the PHP then
- But for the full integration to work one will have to understand the whole system anyway
- At that point one may as well keep maintaining it or rewrite it
- Koen: The existing thing needs work regardless, and would like to move away from PHP to Python anyway
- But for the full integration to work one will have to understand the whole system anyway
- Won't have to touch the PHP then