kiara/fedi-goals
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

boil down technology list to what we know for sure

Browse source
This commit is contained in:
Valentin Gagarin 2025-06-11 18:03:26 +02:00
parent e4177b1c0f
commit 5b07c90927
1 changed files with 4 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
architecture.md
View file

@ -85,7 +85,10 @@
## Technologies used ## Technologies used
### [NixOS](https://nixos.org/) This is an incomplete and evolving list of core components planned to be used in this project.
It will grow to support more advanced use cases as the framework matures.
### Nix and [NixOS](https://nixos.org/)
NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem.
As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create.
@ -94,35 +97,6 @@ Considered alternatives include:
- containers: do not by themselves offer the needed reproducibility - containers: do not by themselves offer the needed reproducibility
#### [npins](https://github.com/andir/npins)
Npins is a dependency pinning tool for Nix which leaves recursive dependencies explicit, keeping the consumer in control.
Considered alternatives include:
- Flakes: defaults to implicitly following recursive dependencies, leaving control with the publisher.
### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/)
SelfHostBlocks offers Nix module contracts to decouple application configuration from implementation details, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/).
Offered contracts include back-ups, reverse proxies, single sign-on and LDAP.
In addition, we have been in contact with its creator.
Considered alternatives include:
- nixpkgs-provided NixOS service modules: support far more applications, but tightly coupled with service providers, whereas we expect them to [sooner or later](https://discourse.nixos.org/t/pre-rfc-decouple-services-using-structured-typing/58257) follow suit.
- NixOS service modules curated from scratch: would support any setup imaginable, but does not seem to align as well with our research-oriented goals.
### [OpenTofu](https://opentofu.org/)
OpenTofu is the leading open-source framework for infrastructure-as-code.
This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services.
As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs.
Considered alternatives include:
- Terraform: not open-source
### [Proxmox](https://proxmox.com/) ### [Proxmox](https://proxmox.com/)
Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in.
@ -141,68 +115,6 @@ Considered alternatives include:
- file storage: less centralized for backups - file storage: less centralized for backups
### [PostgreSQL](https://www.postgresql.org/)
PostgreSQL is a relational database.
It is used by most of our applications.
Considered alternatives include:
- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups
### [Valkey](https://valkey.io/)
Valkey is a key-value store.
It is an open-source fork of Redis.
Considered alternatives include:
- Redis: not open-source
### [OpenSearch](https://opensearch.org/)
OpenSearch offers full-text search, and is used for this in many applications.
It is an open-source fork of ElasticSearch.
Considered alternatives include:
- ElasticSearch: not open-source
### [OctoDNS](https://github.com/octodns/octodns)
OctoDNS is a DNS server that may be configured using the Nix-native [NixOS-DNS](https://janik-haag.github.io/NixOS-DNS/).
Considered alternatives include:
- PowerDNS: offers a front-end option, but less geared toward the use-case of configuring by Nix
### [Authelia](https://github.com/authelia/authelia)
Authelia is a single sign-on provider that integrates with LDAP.
Considered alternatives include:
- KaniDM: does not do proper LDAP
- Authentik: larger package with focus on many things we do not need
- Keycloak: larger package with focus on many things we do not need
### [lldap](https://github.com/lldap/lldap)
Lldap is a light LDAP server, allowing to centralize user roles across applications.
Considered alternatives include:
- 389 DS: older larger package
- FreeIPA: wrapper around 389 DS
### [Attic](https://github.com/zhaofengli/attic)
Attic is a multi-tenant Nix cache featuring recency-based garbage collection written in Rust.
Considered alternatives include:
- cache-server: distributed cache written in Python that seems more of a research project than an actively maintained repository.
## Architecture ## Architecture
At the core of Fediversity lies a NixOS configuration module for a set of selected applications. At the core of Fediversity lies a NixOS configuration module for a set of selected applications.