boil down technology list to what we know for sure
This commit is contained in:
Valentin Gagarin
parent
e4177b1c0f
commit
5b07c90927
1 changed files with 4 additions and 92 deletions
|
|
@ -85,7 +85,10 @@
|
|||
|
||||
## Technologies used
|
||||
|
||||
### [NixOS](https://nixos.org/)
|
||||
This is an incomplete and evolving list of core components planned to be used in this project.
|
||||
It will grow to support more advanced use cases as the framework matures.
|
||||
|
||||
### Nix and [NixOS](https://nixos.org/)
|
||||
|
||||
NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem.
|
||||
As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create.
|
||||
|
|
@ -94,35 +97,6 @@ Considered alternatives include:
|
|||
|
||||
- containers: do not by themselves offer the needed reproducibility
|
||||
|
||||
#### [npins](https://github.com/andir/npins)
|
||||
|
||||
Npins is a dependency pinning tool for Nix which leaves recursive dependencies explicit, keeping the consumer in control.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- Flakes: defaults to implicitly following recursive dependencies, leaving control with the publisher.
|
||||
|
||||
### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/)
|
||||
|
||||
SelfHostBlocks offers Nix module contracts to decouple application configuration from implementation details, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/).
|
||||
Offered contracts include back-ups, reverse proxies, single sign-on and LDAP.
|
||||
In addition, we have been in contact with its creator.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- nixpkgs-provided NixOS service modules: support far more applications, but tightly coupled with service providers, whereas we expect them to [sooner or later](https://discourse.nixos.org/t/pre-rfc-decouple-services-using-structured-typing/58257) follow suit.
|
||||
- NixOS service modules curated from scratch: would support any setup imaginable, but does not seem to align as well with our research-oriented goals.
|
||||
|
||||
### [OpenTofu](https://opentofu.org/)
|
||||
|
||||
OpenTofu is the leading open-source framework for infrastructure-as-code.
|
||||
This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services.
|
||||
As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- Terraform: not open-source
|
||||
|
||||
### [Proxmox](https://proxmox.com/)
|
||||
|
||||
Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in.
|
||||
|
|
@ -141,68 +115,6 @@ Considered alternatives include:
|
|||
|
||||
- file storage: less centralized for backups
|
||||
|
||||
### [PostgreSQL](https://www.postgresql.org/)
|
||||
|
||||
PostgreSQL is a relational database.
|
||||
It is used by most of our applications.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups
|
||||
|
||||
### [Valkey](https://valkey.io/)
|
||||
|
||||
Valkey is a key-value store.
|
||||
It is an open-source fork of Redis.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- Redis: not open-source
|
||||
|
||||
### [OpenSearch](https://opensearch.org/)
|
||||
|
||||
OpenSearch offers full-text search, and is used for this in many applications.
|
||||
It is an open-source fork of ElasticSearch.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- ElasticSearch: not open-source
|
||||
|
||||
### [OctoDNS](https://github.com/octodns/octodns)
|
||||
|
||||
OctoDNS is a DNS server that may be configured using the Nix-native [NixOS-DNS](https://janik-haag.github.io/NixOS-DNS/).
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- PowerDNS: offers a front-end option, but less geared toward the use-case of configuring by Nix
|
||||
|
||||
### [Authelia](https://github.com/authelia/authelia)
|
||||
|
||||
Authelia is a single sign-on provider that integrates with LDAP.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- KaniDM: does not do proper LDAP
|
||||
- Authentik: larger package with focus on many things we do not need
|
||||
- Keycloak: larger package with focus on many things we do not need
|
||||
|
||||
### [lldap](https://github.com/lldap/lldap)
|
||||
|
||||
Lldap is a light LDAP server, allowing to centralize user roles across applications.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- 389 DS: older larger package
|
||||
- FreeIPA: wrapper around 389 DS
|
||||
|
||||
### [Attic](https://github.com/zhaofengli/attic)
|
||||
|
||||
Attic is a multi-tenant Nix cache featuring recency-based garbage collection written in Rust.
|
||||
|
||||
Considered alternatives include:
|
||||
|
||||
- cache-server: distributed cache written in Python that seems more of a research project than an actively maintained repository.
|
||||
|
||||
## Architecture
|
||||
|
||||
At the core of Fediversity lies a NixOS configuration module for a set of selected applications.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue