From 37043fe3d7b91140cc80f44b4057faab3caf4e69 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 14 May 2025 10:51:13 +0200 Subject: [PATCH 01/93] format for VCS --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 00517ad..78e3aaa 100644 --- a/fediversity.md +++ b/fediversity.md @@ -125,7 +125,6 @@ The proposed work aligns with this objective by promoting a federated approach t #### Measurability - The proposed work is realistically achievable. The use of open-source software and hardware, along with the focus on portability, will enable the proposed ActivityPub services to be easily adopted by our target audiences. The proposed federated approach to social media and communication aligns with the growing demand for decentralized and user-controlled alternatives to traditional social media platforms. @@ -480,6 +479,7 @@ Societal outcomes ### Target groups further categorised (and how we can impact them) +Public organizations and NRENs (National Research and Education Networks) are broad target groups. We'll break them down in target groups relevant for our project. Public organisations can include government agencies, non-profit organisations, and public utilities. -- 2.48.1 From 389fb1c374347e3211f57d11388005ab98589414 Mon Sep 17 00:00:00 2001 From: cinereal Date: Tue, 20 May 2025 15:43:04 +0200 Subject: [PATCH 02/93] rewrite proposal given: - surging interest in digital autonomy more generally - dependence on the open-source community to build upon the project's innovations long-term i propose amending the project so as to: - demote fediverse from project goals to sample services, deferring service selection to stakeholder needs - emphasize service quality over quantity - more explicitly mention self-hosting options, while mentioning the procolix use-case as a sample use-case to facilitate for project sustainability i expect these changes benefit: - the EC, for better addressing today's concerns - the implementing team, as focus on quality seems a better way to ensure project success and impact - end-users, by better taking into account actual demand - the open-source community, which has more use for a sustainable project offering high-quality examples to expand on and learn from --- fediversity.md | 681 +++++++++++++++++++------------------------------ 1 file changed, 263 insertions(+), 418 deletions(-) diff --git a/fediversity.md b/fediversity.md index 78e3aaa..56c786b 100644 --- a/fediversity.md +++ b/fediversity.md @@ -18,20 +18,15 @@ | 2023-10-12 | Page 41 | Updated Gant Chart | | 2023-10-12 | Page 3 | Added Open Source, Open Standards, Open Dependencies | | 2023-10-12 | Page 15 | Added work package interdependencies and added a new page | +| 2025-05-xx | Page x | See https://git.fediversity.eu/kiara/fedi-goals/commits/branch/main | # Preamble -Let's make the internet once again the safe and collaborative, thus federated, space that it originally promised to be. +Let's make the internet once again a place where innovation empowers people and organisations while respecting their autonomy. -Fediversity is part of the future of open collaboration and open discussion, forming a federated safe space for what used to be called social networking. -The Fediverse, funded by the NGI program as an implementation of such a federated space, is already taking shape and approaching ten million users. -It has special safeguards for marginalized and oppressed groups in our global society. -This NGI technology is mature enough to be joined by older institutions and organizations, many tech-savvy media outlets and public institutions have already joined[^1]. -But for wider adoption the Fediverse needs to be supported by dedicated and knowledgeable support organisations, for which this project will lay the groundwork in the form of reproducible deployment configurations, how-to documents, cookbooks, playbooks and descriptions of success stories. - -Not only will we create a complete script for support organisations that want to host Fediverse services and other open discussion tools on how to deploy them on their infrastructure, we will also onboard several public organisations that want to use these services to show-case, and to gain and document experience on do's and don'ts. -After all, public communication infrastructure, even though very practical, isn't easy to do and this project is accordingly about creating a simple to use, very practical and safe environment to communicate, assembling various powerful components that NGI and others have built into unified end-to-end services. -This is where we can make a difference, especially in contrast to existing centralized solutions owned by Big Tech. +Fediversity offers portable open-source managed applications for online services, bridging gaps between their use, development, setup, integration and systems administration. +The project will lay the groundwork for this in the form of documented reproducible deployment configurations. +This way we make it easier to run public infrastructure, especially in contrast to existing centralised solutions owned by Big Tech. ## Open Source, Open Standards, Open Dependencies @@ -46,104 +41,46 @@ No software specific for or usable by any single organisation will be created or ### Objectives -*Fediversity: Privacy-friendly, sustainable, transparent fair.* The Open Internet Discourse Foundation project Fediversity is an effort to bring easy-to-use, hosted cloud services with personal freedom at their core to individuals and institutions. +*Fediversity: Privacy-friendly, sustainable, transparent fair.* + +The Open Internet Discourse Foundation project Fediversity is an effort to bring individuals and institutions easy-to-use, portable digital services with personal freedom at their core. We want to provide everyone with high-quality, secure IT systems for everyday use. Without tracking, without exploitation, in a way that makes sustainable use of the world. -The goal of this project is to have a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative: +The goal of this project is to have a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative, +offering an **alternative to big tech services and companies that operate closed ecosystems**. +This objective aligns with the work programme topic by advancing the development of alternative digital solutions that are more user-centric and transparent. -The proposed work aims to generate new business opportunities by **hosting open social platforms for public organizations and educational institutions. -By offering a package of ActivityPub services** that emphasize on user control and privacy. -The project aims to provide hosting organizations with a clear roadmap to implement and monetize those offerings and aims to attract both public and educational institutions as potential users. -The main objective is to offer an **alternative to big tech services and companies that operate closed ecosystems**[^2], thereby creating a safe social network (open internet discourse) where end-users have control over the content they share. +Concretely, we aim to achieve this using the following sub-goals: -ActivityPub is a protocol that enables interoperability between different social media platforms, allowing users to connect and communicate across different networks. -It is the de-facto standard for interoperable social media and even some of the big social media platforms are starting to adopt it as well[^3]. -By building services based on this protocol, our project aims to promote decentralization and data portability, which are key principles of the NGI programme. +1. Implement a way to run online services in a way that emphasises user autonomy and portability; +1. Disseminate our results by engaging the open-source community to further expand on work in this direction. +1. Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services; -This objective aligns with the work programme topic by promoting innovation in the area of open social platforms and advancing the development of alternative digital solutions that are more user-centric and transparent. - -To achieve this objective, our project will need to work on several fronts. -First,we will need to develop a way to deliver the software that implements the ActivityPub protocol and provides users with a social media platform that is easy to use and accessible. -We need to do this in a predictable and sustainable way. -This will require expertise in software development and system administration, user experience design, and user engagement. -Second, we will need to build partnerships with organizations and institutions that can help promote the use of those services. -This will require outreach and engagement strategies that are tailored to different sectors and demographics. - -Another objective of the proposed work is to offer a **federated approach to social media and communication**. -This increases privacy because we prioritize user privacy by giving users control over their own data. -Users can choose to use different servers based on their own privacy preferences, and can even run their own servers if they wish to. -This means that the proposed Activity-Pub services will be designed to allow users to interact with each other across different platforms and services, creating a more **decentralized and connected online environment**. -This objective is important as it promotes a more open and democratic approach to social media and communication that is not reliant on a few dominant platforms. - -In addition, the team will have to find ways to ensure that all parts of our services use** open-source software (and hardware where possible)**. +In addition, the team will have to find ways to ensure that all parts of our services use **open-source software**. This will promote transparency and enable end-users to verify that their data is being handled ethically and in compliance with data privacy regulations. -It also contains Freedom. -Open source software is by definition accompanied by open source licenses, which give users the freedom to use, modify, and distribute the software as they see fit, without restrictions or limitations. +Use of open-source software also gives users the freedom to use, modify, and distribute the software as they see fit, without restrictions or limitations. -On the point of **open hardware: **even though we would love to do further research on the possibilities of the use of open hardware we already know from our experience in trying to use open hardware in the past that this is a hugely expensive thing to do. -One of the main problems here is that initiatives like NixOS currenly only support x64 based architectures. -The use of (for example) OpenPower or RiscV would require a massive investment in basic operating system principles. +The proposed services will also be designed to be **fully portable** (something we like to call **'service portability'**). +This means that users will be able to (easily and fully) switch between different hosting providers (as well as bare metal) without losing their data. +This objective is important as it promotes user control and choice, allowing users to choose a way of offering services that best meets their needs without being locked into a particular platform or service, and gives users the flexibility between hosted versus self-hosted options. -The proposed ActivityPub services will also be designed to be **fully portable** (something we like to call **'service portability'**). -This means that users will be able to (easily and fully) switch between different hosting providers and platforms without losing their data or online presence. -This objective is important as it promotes user control and choice, allowing users to choose a way of offering services that best meets their needs without being locked into a particular platform or service and it gives users more flexibility, it being hosted or selfhosted. +#### Relevance -The use of service portability also enhances the security of the data and reducesthe risk of data loss or corruption during a transition from one provider to another. - -Just providing the service won't be enough. -We need to make sure our proposed services will successfully be adopted via outreach, marketing, partnerships and support. -A list of objectives related to this topic: - -**Raising awareness about the benefits of decentralized, federated -social media and communication.** -The first objective of outreach and marketing efforts should be to educate potential customers about the benefits of decentralized, federated social media and communication. -This may involve creating marketing materials that explain the advantages of ActivityPub services, such as greater user control, increased privacy, and more diverse online communities. - -**Engaging with potential customers through targeted marketing and -outreach campaigns.** -In order to reach potential customers, outreach and marketing efforts should be targeted towards public organizations and educational institutions. -This may involve creating specific campaigns that address the unique needs and concerns of each group, as well as utilizing social media, email marketing, and other digital marketing channels to reach a wider audience. - -**Developing partnerships and collaborations with relevant organizations -and influencers.** -Another objective of outreach and marketing efforts should be to develop partnerships and collaborations with relevant organizations and influencers. -This may involve partnering with other open-source software providers or industry associations to promote the benefits of federated social media and communication, as well as collaborating with influencers or through leaders in the industry to raise awareness of the proposed ActivityPub services. - -**Providing customer support and training to ensure successful adoption.** -Once potential customers have expressed interest in the proposed ActivityPub services, it will be important to provide them with customer support and training to ensure successful adoption. -This may involve offering onboarding sessions, providing technical support, and creating training materials that help users understand how to use the ActivityPub services effectively. - -**Monitoring and evaluating adoption rates and customer satisfaction.** -Finally, it will be important to monitor and evaluate adoption rates and customer satisfaction with the proposed ActivityPub services. -This may involve tracking user engagement, conducting customer satisfaction surveys, and analyzing feedback to identify areas for improvement and ensure ongoing success. - -**Relevancy** Overall, this proposal is highly relevant to the HORIZON EU Programme, specifically to the Human-centric Internet topic. The objective of this topic is to support research and innovation in creating a more human-centric internet that prioritises user privacy, security, and control, while also promoting the ethical use of technology. -The proposed work aligns with this objective by promoting a federated approach to social media that prioritizes user control and privacy, and by using open-source software and hardware to promote transparency and ethical use. +The proposed work aligns with this objective by show-casing a way to run digital services that prioritises user control and privacy, and by using open-source software and hardware to promote transparency and ethical use. #### Measurability +Measuring the success of this objective will depend on several metrics, such as the number of organisations and institutions that adopt our work directly or indirectly, and its impact within the open-source community. +Verifying the success of this objective will require user/developer feedback, engagement metrics, and independent audits to ensure that our services are meeting the highest standards of privacy and security. + The proposed work is realistically achievable. -The use of open-source software and hardware, along with the focus on portability, will enable the proposed ActivityPub services to be easily adopted by our target audiences. -The proposed federated approach to social media and communication aligns with the growing demand for decentralized and user-controlled alternatives to traditional social media platforms. +The use of open-source software, along with the focus on portability, will enable the proposed services to be easily adopted by our target audiences. ### Ambition -**Decentralized, federated social media and communication:** -Our proposed project focuses on developing ActivityPub services for decentralized, federated social media and communication. -Although some decentralized social media platforms already exist, they are often not interoperable and not widely deployed. -Our project aims to provide a comprehensive set of ActivityPub services that makes it easy for hosting companies and public organizations to adopt and use decentralized social media and communication tools. -This is a new concept that goes beyond the state-of-the-art in terms of offering a complete and easy-to-use package of services for decentralized, federated social media and communication. -The proposed project aims to provide open social platforms that are an alternative to closed ecosystems (such as Twitter and Facebook) offered by large tech companies. -This is an ambitious goal because it requires a significant shift in how people use and access social media. - -**Use of open-source software and hardware:** -Another innovative aspect of our proposed project is the extensive use of open-source software and hardware. -While open-source software is becoming more common, the use of open-source hardware is less common in the tech industry. -(Our project aims to promote the use of open-source hardware and provide a model for others to follow in this regard.) This is an ambitious goal that demonstrates a commitment to the principles of openness and transparency. - #### Portability of services The project plans to offer portability of services, allowing users to easily export their data from the platform and import it to another platform. @@ -151,35 +88,34 @@ This is a unique feature beyond what is currently available on the market. ## Methodology -For the software development side of things (developing the ActivityPub packages to provide the corresponding services like Mastodon in an easy fashion), we will use the Agile methodology. - -The main takeaway here is 'iterative development', which means the development process is a cycle, where we go back through the steps based on feedback and challenges that present themselves along the way. +For the software development side of things, the project will use 'iterative development', which means the development process is a cycle, where we go back through the steps based on feedback and challenges that present themselves along the way. 1. **Planning:** - During the planning phase, the team will identify the key features and requirements of the ActivityPub service packages. + During the planning phase, the team will identify the key features and requirements of the service packages. This will involve collaborating with stakeholders and users to understand their needs and expectations. The team will then create a prioritised list of features and user stories, which will form the basis of the development plan. 1. **Designing:** In the designing phase, the team will create the overall architecture and design of the software. - This will involve defining the various components of the ActivityPub service packages, such as the user interface, database schema, and application programming interfaces (APIs). The team will also identify any third-party libraries or tools that would be needed to implement the software. + This will involve identifying strategically relevant service packages, including relevant settings, database schemas, and application programming interfaces (APIs). + The team will also identify any third-party libraries or tools that would be needed to implement the software. 1. **Coding:** During the coding phase, the team will start implementing the software. - The Agile methodology emphasizes on working in short, focused iterations, so the team will break down the development work into small, manageable tasks. - Each task would be assigned to a team member, who would work on it until it is completed. + Once the software has reached its MVP stage, the development process will involve an initial user to facilitate working in short, user-feedback-driven iterations. 1. **Testing:** The testing phase involves verifying that the software works as expected. - The team will develop a suite of automated tests that cover all the key features and scenarios of the ActivityPub service packages. - This will include unit tests, integration tests, and end-to-end tests. The team will also perform manual testing to ensure that the user experience is smooth and error-free. + The team will develop a suite of automated tests that cover all the key features and scenarios of the software. + This will include unit tests, integration tests, and end-to-end tests. + The team will also perform manual testing to ensure that the user experience is smooth and error-free. 1. **Releasing:** - The final phase of the Agile methodology is releasing the software to users. - The team will deploy the ActivityPub service packages to a production environment, and monitor its performance and user feedback. - The team will then use this feedback to inform further iterations of the software, and prioritize the next set of features and improvements. + The final phase is the release to users. + The team will work on documenting usage of the software, and facilitate initial users to maintain a feedback loop. + The team will then use this feedback to inform further iterations of the software, and prioritise the next set of features and improvements. -In the context of building partnerships, mainly with public organisations and NRENs, we will apply Design Thinking as a methodology. +In the context of building partnerships with hosting organisations, we will apply Design Thinking as a methodology. Design Thinking is a user-centered, iterative methodology that is used to solve complex problems and create innovative solutions. It involves a five-step process that includes empathy, definition, ideation, prototyping, and testing. -The following is an overview of how Design Thinking can be applied to build partnerships with public organizations and research and educational institutions: +The following is an overview of how Design Thinking can be applied to build partnerships: 1. **Empathy:** The first step in the Design Thinking process is to understand the needs, goals, and challenges of the target partners. @@ -199,27 +135,27 @@ The following is an overview of how Design Thinking can be applied to build part The final phase of the Design Thinking process involves testing the prototypes with the target partners and gathering feedback. This feedback can be used to refine the prototypes and develop a more detailed plan for collaboration. -To apply Design Thinking to our project, we would start by conducting research and gathering data on the needs, goals, and challenges of public organizations and educational and research institutions that could be potential partners. +To apply Design Thinking to our project, we would start by conducting research and gathering data on the needs, goals, and challenges of end-users through our potential partners. This can involve interviews with key stakeholders, surveys of potential partners, and analysis of existing data sources. Using this research, we will then define the problem space and identify areas of mutual interest. -This will involve creating a problem statement that focuses on meeting the needs of public organizations and educational and research institutions in the area of federated social networking. +This will involve creating a problem statement that focuses on meeting the needs of users in the area of software services. Next, we will generate a wide range of ideas for how we can address the problem statement and meet the needs of potential partners. This will involve brainstorming sessions, workshops, and other forms of collaborative ideation with key stakeholders. -Using the ideas generated in the ideation phase, we will then create low-fidelity prototypes of the most promising ideas. +Using the ideas generated in the ideation phase, we will then prototype the most promising ideas. Finally, we will test the prototypes (alphas, betas of our services) with potential partners and gather feedback. This feedback will then be used to refine the prototypes and develop a more detailed plan for collaboration. -Through this process, we can build strong partnerships with public organizations and research and educational institutions that are based on mutual benefit and shared decision-making. +Through this process, we can build strong partnerships with hosting organisations based on mutual benefit and shared decision-making. Our project is designed to comply with the 'do no significant harm' principle as per Article 17 of Regulation (EU) No 2020/852. We are committed to ensuring that our methodology is environmentally-friendly and does not significantly harm any of the six environmental objectives of the EU Taxonomy Regulation. Regarding the use of artificial intelligence (AI) based systems, we do not plan to use AI in our project. However, if we were to use AI, we would ensure that our systems are technically robust, socially robust, reliable, and able to provide suitable explanations of their decision-making processes. -We would also follow industry-standard practices and regulations to minimize any unintended harm and safeguard the physical and mental integrity of humans. +We would also follow industry-standard practices and regulations to minimise any unintended harm and safeguard the physical and mental integrity of humans. To make sure we can achieve our project objectives, we have outlined a project management strategy: @@ -238,192 +174,158 @@ To make sure we can achieve our project objectives, we have outlined a project m - Stay flexible: We are prepared to adjust the project plan and approach as needed to ensure that objectives are met. -Integrating NGI technologies, projects and tools into our proposed work can help to leverage existing expertise and resources in the field and build upon the work of other researchers and innovators. -Some examples of NGI technologies and other technologies that will be evaluated to be integrated into our project are the following: +### Technologies used -![](Pictures/mastodon.svg){width="1.2165in" height="1.4055in"} +#### [NixOS](https://nixos.org/) -[**Mastodon**](https://joinmastodon.org/): -This federated microblogging platform is already getting tractionas the alternative to the Twitter platform and will most certainly be included in our business development. -We aim however to not make this a 'single offering'. -We want to also include other ActivityPub projects and even other NGI technologies. -We believe bundling projects as a combined offering is the way to create a solid business case. +NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. +As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. -[**Peertube**](https://joinpeertube.org/): -This alternative to Big Tech's video platforms is already getting known, but there is not too much content to be found. -We aim to include Peertube in combination with other ActivityPub projects in such a way that makes it easy to start using it. -Peertube could be a separate 'single offering'. +Considered alternatives include: +- containers: do not by themselves offer the needed reproducibility -![](Pictures/pixelfed.svg){width="1.2071in" height="1.3937in"} +#### [OpenTofu](https://opentofu.org/) -[**Pixelfed**](https://pixelfed.org/): -This service to quickly and easily share pictures with other people, which could be seen as an alternative to Instagram, needs a good reason to be included in serious environments like research projects. -We will have to find out if there are good use cases for this tool in the public sector. +OpenTofu is the leading open-source framework for infrastructure-as-code. +This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. +As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. -[**IRMA/Yivi**](https://nlnet.nl/project/IRMA-made-easy): -We will most certainly use IRMA (soon to be Yivi) as a strong and privacy friendly way to log in to services. +Considered alternatives include: +- Terraform: not open-source -[**Hubzilla**](https://nlnet.nl/project/Hubzilla): -We expect Hubzilla to be a better choice than Mastodon in some use cases. +#### [Proxmox](https://proxmox.com/) -![](Pictures/lets-connect.svg){width="1.1909in" height="1.3756in"} +Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. +In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. -[**Let's Connect! VPN**](https://nlnet.nl/project/LetsConnect-P2P): -This open and easy-to-use VPN solution might just provide the fully private environment and extra security for use cases where secrecy is needed that projects designed to be open to the world cannot provide. +Considered alternatives include: +- OpenNebula: seemed less mature -[**Matrix**](https://matrix.org/): -The Matrix protocol and corresponding servers will most certainly be part of the suite of products that will be offered. +#### [Garage](https://garagehq.deuxfleurs.fr/) -[**Owncast**](https://nlnet.nl/project/Owncast): -As a companion to Peertube, Owncast might prove very interesting as alternative to Big Tech's streaming solutions, such as Twitch. +Garage is a distributed object storage service. +For compatibility with existing clients, it reuses the protocol of Amazon S3. -[**NixOS**](https://nixos.org/): -We will certainly use NixOS as a basis for all our services. -We see NixOS as the only way to reliably create a reproducible outcome for all the work we create. +Considered alternatives include: +- file storage: less centralized for backups -![](Pictures/scion.svg){width="1.2055in" -height="1.3925in"} +#### [PostgreSQL](https://www.postgresql.org/) -[**SCION**](https://nlnet.nl/project/SCION-Swarm/): -We will try to include the SCION networking features in our offerings, especially since they are in many places already used by universities and research institutions. +PostgreSQL is a relational database. +It is used by most of our applications. -The list above are just examples, we will evaluate more options and try to find added value in the combination of different technologies. +Considered alternatives include: +- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups -Which NGI technologies will eventually be chosen to use, is very much dependant on the value for actual use they provide based on the outcome of our research with the stakeholders. -We aim for maximum value to the stakeholders based on the technologies available. +#### [Valkey](https://valkey.io/) -In **any case we will implement** the following technologies in our offerings: -**NixOS** as a foundation, and 'fediverse packages': -**Mastodon**, **Peertube**, **Pixelfed** and **Matrix**. +Valkey is a key-value store. +It is an open-source fork of Redis. -Which other packages we will descide to support will depend in part on the outcome of the 'pilot projects' that will be requested by the NORDUnet members and in part on the packages that will be adressed in the 'subgrant projects' that will be requested in the 'open calls'. -The result of the work in both the hosting and public organisations verticals should be generic enough to support all NGI packages sufficiently documented and packaged in NixOS. +Considered alternatives include: +- Redis: not open-source -In the pursuit of our objectives to generate new business opportunities in hosting 'Open Social Platforms' and providing a safe social network alternative to large closed ecosystems social media, we recognize the importance of a multi-disciplinary approach. -We believe that integrating expertise and methods from different disciplines will be critical in achieving our goals. +#### [OpenSearch](https://opensearch.org/) -Our team consists of individuals with backgrounds in software development, system administration, data privacy, marketing, and business development. -We will also seek the input and collaboration of experts in fields such as social science, media studies, and education. +OpenSearch offers full-text search, and is used for this in many applications. +It is an open-source fork of ElasticSearch. -For instance, to make our products easily usable for end-users who typically do not have in-depth knowledge of open-source software, we will need to incorporate user experience design and human-computer interaction principles. -We will also need to work with experts in data privacy and cybersecurity to ensure that our platforms are secure and protect user data. -In addition, we will collaborate with experts in media and education to ensure that our services are accessible to these groups and meet their needs. +Considered alternatives include: +- ElasticSearch: not open-source -We will establish cross-functional teams to ensure that all expertise and methods are integrated efficiently. -We will also hold regular meetings and workshops to facilitate communication and collaboration between team members from different disciplines. +#### [PowerDNS](https://github.com/PowerDNS/pdns) -In summary, we believe that integrating expertise and methods from different disciplines will be essential in achieving our objectives of providing a safe social network alternative and generating new business opportunities. -We will work closely with experts from various fields to ensure that our platforms meet the needs of end-users and stakeholders, and we will continue to prioritize cross-disciplinary collaboration throughout the project. +PowerDNS is a mature DNS server. It further offers an admin front-end. -Integrating social sciences and humanities into our project would be essential to ensure that the development of the open social platforms is aligned with ethical and societal considerations. -Specifically, social sciences and humanities expertise could help us understand the potential social and economic impacts of our project, and how we can ensure that the benefits are widely distributed and inclusive. +Considered alternatives include: +- hickory-dns: no front-end +- core-dns: no front-end -For example, we will engage social scientists to study user behavior and preferences to ensure that the platforms are user-friendly, accessible, and engaging. -Humanities experts could help us address ethical issues related to user data privacy, content moderation, and community guidelines. -Additionally, social sciences expertise could be valuable in developing effective marketing and out-reach strategies to promote the use of our open social platforms. +#### [Authelia](https://github.com/authelia/authelia) -To integrate social sciences and humanities into our project, we will establish collaborations with academic institutions or research organizations specialized in these fields. -We will also invite social scientists and humanities scholars to participate in project meetings, workshops, and conferences to provide their feedback and insights. -Furthermore, we will prioritize conducting user studies, surveys, and focus groups to capture feedback from diverse groups of users and stakeholders. +Authelia is a single sign-on provider that integrates with LDAP. -Gender dimension and global diversity +Considered alternatives include: +- KaniDM: does not do proper LDAP +- Authentik: larger package with focus on many things we do not need +- Keycloak: larger package with focus on many things we do not need -To ensure that gender is taken into account in this project, it is important to conduct a gender analysis and to integrate a gender perspective into all aspects of the project, from the design and implementation of the ActivityPub services to the outreach and marketing efforts. -This may involve, for example, ensuring that the platform is accessible and user-friendly for all genders, conducting user research that takes into account the diverse needs and perspectives of different genders, and engaging with organizations and influencers that have a strong focus on gender equality and women's empowerment. -Some more specific ways we want to ensure that the gender dimension is taken into account for our project: +#### [lldap](https://github.com/lldap/lldap) -1. **Gender-neutral language:** - We'll ensure that language used in the project materials is gender-inclusive. - For instance, we'll use "they" instead of "he" or "she" when referring to an unknown person. - We'll also ensure that titles and descriptions are gender-inclusive. - For instance, we'll use Mx instead of "Mr" or "Ms" and director instead of "directress" or "director\". -1. **Data collection:** - We'll collect data on gender to help identify any potential gender disparities or biases in the project. - This can help ensure that the project is inclusive and equitable. -1. **Stakeholder engagement:** - We'll engage with stakeholders, including women's groups, people of color, LGBTQ+ individuals and other marginalized communities, to ensure that their perspectives and needs are considered in the project design and implementation. -1. **Impact assessment:** - We'll conduct a gender impact assessment to identify the potential gender disparities and ensure that the project has a positive impact on whichever gender or non-gender people identify as and that the information won't be use to discriminate any gender or non-gender person. +Lldap is a light LDAP server, allowing to centralize user roles across applications. -One of the nice things about using the NGI technologies that make up the Fediverse (i.e. ActivityPub protocol, Mastodon, Peertube et all) is that they have been designed by and are used by groups of people that are typically not welcome in Big Tech offerings due to there gender-diversity. -Queer and Transpeople are very well represented on Mastodon for example. -This fact makes the whole project support gender-inclusiveness and global diversity on a higher level. +Considered alternatives include: +- 389 DS: older larger package +- FreeIPA: wrapper around 389 DS -As a team, we can adopt several open science practices to ensure our project is transparent, reproducible, and accessible. -For instance, we can use open-source tools to develop and share our code, data, and research findings. -We can also document our work flow and methodology to allow others to reproduce our results. -Additionally, we can make our project more inclusive by involving a diverse set of contributors, and by considering the gender dimension when designing and implementing our project. -Overall, open science practices can enhance the quality and impact of our work while promoting collaboration and knowledge sharing with the wider scientific community. Some more specific examples: +### Identified applications -1. **Open source software:** - Using open source software for our project allows for transparency and encourages collaboration with other parties. - We can use open source tools and libraries for data analysis and other tasks and also contribute to other ongoing open source projects. -1. **Code sharing:** - Sharing our code on open source platforms like GitLab and BitBucket allows others to see and use our code, replicate our results, and build on our work. - This encourages collaboration, improved code quality, openness and transparency, and reproducibility. -1. **Data sharing:** - Sharing our data can be done through open data platforms like Kaggle or Zenodo. - This allows others to access our data and use it for their own research. - It also encourages transparency and reproducibility. -1. **Pre-registration:** - Pre-registering our study or analysis plan in a public repository, such as the Open Science Framework (OSF), can help prevent data dredging and increase the transparency and reproducibility of our work. -1. **Open peer review:** - Sharing our research and inviting feedback from peers can lead to valuable insights and collaboration and that will improve the quality of the end-product. - We can use open peer review platforms like PeerJ or F1000Research to encourage this. -1. **Licensing:** - Choosing an open source license for our project can ensure that others can use, modify, and distribute your work, while also giving credit to the original author. - Common open source licenses include the MIT License, Apache License, and GNU General Public License. +We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy, particularly to make users less dependent online on services by 'Big Tech'. +To structure our efforts, we have categorized them into three waves, as follows: -By incorporating these open science practices into our project, we can promote transparency, collaboration, and reproducibility, which can ultimately lead to more impact-full end result. +- Low-hanging fruit (courtesty of SelfHostBlocks) + - [Forgejo](https://forgejo.org/) + - [Nextcloud](https://nextcloud.com/) + - [Vaultwarden](https://github.com/dani-garcia/vaultwarden) +- Host-oriented + - [PowerDNS-Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) + - [Stalwart](https://stalw.art/) email server + - [Matrix](https://www.matrix.org/) chat server [Dendrite](https://element-hq.github.io/dendrite/) + web client [Element](https://element.io/) +- Socials + - [Mastodon](https://joinmastodon.org/) + - [Pixelfed](https://pixelfed.org/) + - [Peertube](https://joinpeertube.org/) -Research **data management and management of other research outputs:** -Applicants generating/collecting data and/or other research outputs (except for publications) during the project must provide maximum 1 page on how the data/research outputs will be managed in line with the FAIR principles (Findable, Accessible, Interoperable, Reusable), addressing the following (the description should be specific to your project): +Note that the list above are just examples, and we will evaluate further options and try to find added value in the combination of different technologies. +Considerations taking into account in the selection of applications to be implemented include their added value, maturity, security, how well they complement our other applications, support for identity management standards such as OIDC and LDAP, software license, ease of implementation, documentation, strategic relevance in protecting user privacy and autonomy, and the availability of viable alternatives. -As part of our project, we will be generating and collecting various types of data and research outputs, such as experimental data, images, and numerical data. -In order to manage these outputs effectively, we will follow the **FAIR principles**, which promote data that is **Findable, Accessible, Interoperable, and Reusable.** +Which other packages we will decide to support will depend further on the packages that will be adressed in the 'subgrant projects' that will be requested in the 'open calls'. +In finalising our initial selection, both with regard to quality-quantity trade-offs as well as relative priority among the identified applications, we will coordinate with relevant stakeholders as the project matures. -To ensure our data is **Findable**, we will assign each data set a unique and persistent identifier, such as a digital object identifier (DOI). -The data will be available and contain information about the creator, date of creation and any associated publications. -We will also use trusted repositories to store our data, making it easier for others to discover and access. +Our consideration to limit the initial list of supported applications is to keep focus on our core innovation, as properly adding support for applications involves at least: -To make our data **Accessible**, we will provide open access to our data whenever possible. -If there are restrictions on the data, we will clearly explain why and provide provisions for access to restricted data for verification purposes. +- PoC: + - compartmentalising state for backups/portability/redundancy + - migration actions such as rewrites of connections/URLs + - integration with single sign-on and LDAP for user management (or as a stop-gap, provisioning of initial user) +- MVP: + - handling application upgrades + - creating schemas of (identified relevant) settings + - documentation + - security +- post-MVP: + - handling backward-incompatible setting interface changes + - coordinate with end-users to improve the user experience + - scaling/redundancy +- if missing first-class Nix support: + - package for Nix + - create Nix service module + - integrate with identified contracts (see SelfHostBlocks) + - maintain the above on version updates + - coordinate with upstream developers on immutable-friendly development -**Interoperability** -will be ensured by adhering to standards, formats, and vocabularies for data and metadata. -This will make it easier for others to understand and clear that they are designed with reuse and interoperability in mind. +The result of the work in the hosting vertical should be generic enough to support all NGI packages sufficiently documented and packaged in NixOS. -Finally, we will ensure our data is **Reusable** -by using appropriate licenses for data sharing and re-use, such as Creative Commons or Open Data Commons licenses. -We will also make tools, software, and models available to enable others to generate, validate, and interpret our data. -The data will be well documented with clear descriptions of the data collection methods, data processing steps and any relevant assumptions or limitations. +### Methodology challenges -Throughout the project, we will assign a person or team responsible for data management and quality assurance, and we will estimate the curation and storage/preservation costs for the data. -By following these practices and developing a detailed data management plan (DMP) for making our data Findable, Accessible, Interoperable, and Reusable, we will ensure that our research outputs are of the highest quality and can be widely shared and used by others. - -Methodology challenges - -One of the challenges we have identified is ensuring the security and privacy of our users' data. +One of the challenges we have identified is ensuring the security and privacy of our users' data, even if we will not collect this directly. To overcome this challenge, we will use industry-standard open-source encryption methods and regularly update our software and hardware solutions to stay ahead of potential threats. +We will also need to work with experts in data privacy and cybersecurity to ensure that our software is secure and protect user data. A periodic (monthly or bi-monthly) check if all security measures have been taken and if any updates are needed will be held. Where and if possible we will automate these checks and integrate them in a 24/7 monitoring system. -Another challenge is that much of the software we aim to implement is still fairly new and as a result still changes frequently, we will have to keep up with the change and at the same time provide a stable and predictable platform to our users. + +Another challenge is that much of the software we aim to implement is still fairly new and as a result still changes frequently. +In order to deal with this, we will have to keep up with the change and at the same time provide a stable and predictable experience to our users. ### Work package interdependancies To give a clear view of what interdepencies we expect: -WP1 Project Management will keep an overview of all other Work Packages. - -WP2 Vertical: -hosting will have a 'feedback loop' with WP3 and feed to WP6. - -WP3 Vertical: -public organisations will have a 'feedback loop' with WP2 and feed to WP6 - -WP4 Open calls and grant management will feed back to the verticals and feed to WP6 - -WP5 Enhancement & Usability will feed back to the verticals and feed to WP6 +1. Project Management: will keep an overview of all other Work Packages. +1. Vertical partners: will offer a 'feedback loop' and feed to WP5 +1. Open calls and grant management: will feed back to the verticals and feed to WP5 +1. Enhancement & Usability: will feed back to the verticals and feed to WP5 +1. Outreach & Dissemination This diagram graphically represents the relations: @@ -433,173 +335,103 @@ This diagram graphically represents the relations: ## Project's pathways towards impact -Describe the unique contribution your project results would make towards (1) the **outcomes** -specified in this topic, and (2) the **wider impacts**, in the longer term, specified in the respective destinations in the work programme. - Outcomes: -- freedom of choice in the tools to use and (possibly) even alter to your own likings, especially in digital human interaction -- more and better general availability of non-centrally managed social public domain -- a more secure take on open and federated networks by institutions State the target groups that would benefit. - Even if target groups are mentioned in general terms in the work programme, you should be specific here, breaking target groups into particular interest groups or segments of society relevant to this project. +- Freedom of choice in the tools to use and (possibly) even alter to your own liking. +- The democratic process (politics in general) not being manipulated by Big Tech (foreign) companies. Target groups: -- education institutes keeping control over their own data -- students given the chance to use open federated communication means and being able to maintain their privacy -- research organisations keeping control over their own data -- public/governmental bodies not being tied in to Big Tech -- the democratic process (politics in general) not being manipulated by Big Tech (foreign) companies +- Hosting companies looking to offer open-source applications amid the rising interest in alternatives to Big Tech. +- Developers looking to expand on the available applications respecting user autonomy. General outcomes The outcomes and impacts of your project may: -- Give a better understanding of how to run, implement and manage federated social networks also in a more formalised structure. -- Give companies and organizations that specialize in running decentralized internet infrastructure a better starting point. -- Safer social networks help prevent mental distress, take away the paranoia that comes with the panopticum feeling you get with centrally managed Big Tech infrastructure. - These effects lower the risk of assault due to minority targeting and prevent suicide and mental health problems. +- Give a better understanding of how to implement, maintain and run open-source managed applications respecting user autonomy. +- Give companies and organizations that specialize in web hosting a better starting point in offering such applications. Technological outcomes -- Development of a user-friendly, open source social media platform based on the ActivityPub protocol, with features that prioritize user control, privacy, and data portability. -- Creation of tools and plugins that enable seamless integration with existing social media platforms and applications, facilitating the adoption of the federated approach. +- An increase in solutions around autonomous managed applications as well as in number of software packages supported by such solutions. +- Increased engagement with and innovation around open-source software, stemming from lowered barriers toward their adoption. Economic outcomes -- The proposed social media platform could offer a more cost-effective alternative to existing closed ecosystems, providing public organizations and educational institutions with a viable option for their social media needs. -- The platform's decentralized nature could encourage the development of new, innovative business models that prioritize user privacy and data ownership, potentially disrupting the existing market dominated by big tech companies. -- The project could lead to the creation of new jobs in the tech industry, particularly in the area of decentralized technologies. +- An uptake in the number of open-source managed applications offered by web hosts, as it becomes easier to offer these. +- Increased adoption of privacy-respecting software, as it becomes easier to consume these through the above-mentioned hosts. Societal outcomes - The proposed platform could contribute to the creation of a more open and democratic digital landscape, where users have more control over their data and online interactions. -- The platform's focus on privacy and data portability could lead to greater trust in social media platforms, which in turn could lead to increased participation and engagement online. -- The project's promotion of a federated approach to social media and communication could contribute to the development of a more diverse and decentralized online ecosystem, which could have positive implications for free speech, community building, and information sharing. +- The platform's focus on privacy and data portability could lead to greater trust in open-source digital platforms, which in turn could lead to increased participation and innovation. -### Target groups further categorised (and how we can impact them) - -Public organizations and NRENs (National Research and Education Networks) are broad target groups. -We'll break them down in target groups relevant for our project. - -Public organisations can include government agencies, non-profit organisations, and public utilities. -Some specific segments of public organisations include: - -1. **Government organisations:** - Municipalities, counties, and regional governments can benefit from an open and decentralized social media platform that allows them to communicate with their constituents in a secure and transparent manner. - Government agencies often need to communicate with the public, but may not want to rely on commercial social media platforms that collect and sell user data. - Our platform could provide a secure and privacy-respecting alternative for these agencies to share information and engage with their constituents. -1. **Public health organizations:** - In light of the ongoing COVID-19 pandemic, public health organizations are under increasing pressure to communicate information effectively and efficiently. - An open and decentralized social media platform could be used to share important public health information, provide updates on the status of the pandemic, and communicate with healthcare providers and other stakeholders. - Healthcare providers may need to communicate sensitive information with patients and other providers, but must also comply with strict privacy regulations. - Our platform could provide a secure and private way for these providers to share information and collaborate on patient care. -1. **Non-profit organizations:** - Non-profit organizations often have limited resources and may not have the technical expertise to build and maintain their own communication platforms. - Our platform could provide a low-cost and easy-to-use solution for these organizations to engage with their supporters and spread their message, in an open and transparent fashion. -1. **Educational institutions:** - Schools, universities, and other educational institutions can benefit from an open and decentralized social media platform that allows them to communicate with students, parents, and other stakeholders. - Our project can help these institutions to improve collaboration, knowledge sharing, and engagement, and to provide a secure and private platform for communication. - Our platform could also provide an easy-to-use and customizable tool for these institutions to facilitate discussion and collaboration. - -National Research and Education Networks (NRENs) are high-speed networks dedicated to research and education, connecting universities, research institutions and other organizations. -Some specific segments of NRENs include: - -1. Universities and Research Institutions: - These organizations need to collaborate and share research data with other institutions across the country or around the world. - An open and decentralized social media platform like the one proposed in your project could provide a secure and standardized way for researchers to share data and communicate with each other, while also maintaining control over their own data and ensuring compliance with data protection regulations. -1. Libraries and Archives: - These organizations often manage large collections of data and historical materials, including both physical and digital assets. - An open and decentralized platform could provide a way for them to share and distribute this content, making it more accessible to researchers and the public while also preserving its authenticity and integrity. -1. Museums and cultural institutions: - Museums and cultural institutions can benefit from an open and decentralized social media platform that allows them to engage with visitors and share information about their collections and exhibits. - Our project can help these institutions to improve engagement and to reach new audiences. -1. Education and Training Providers: - NRENs often provide access to online learning resources and tools for students and educators. - An open and decentralized platform could provide a more flexible and customizable way for these providers to deliver content, while also ensuring privacy and security for their users. - -Based on the project objectives and potential impact on target groups, the scale and significance of the project's contribution to the expected outcomes and impacts can be estimated as follows: - -- Scale: - The project's focus on developing an open and decentralized social media platform can potentially benefit a large number of users who are seeking alternatives to big tech companies that operate closed ecosystems. - The specific focus on public organizations and NRENs can target a niche market but with significant potential impact given the specific needs and requirements of these groups. -- Significance: - The significance of the project's contribution can be evaluated based on several factors. - For example, the platform's ability to provide users with more control, privacy, and data portability can have a significant impact on the way people interact with social media, potentially leading to more trust and engagement. - The platform's focus on open source and federated approaches can also foster innovation and collaboration, leading to a more diverse and competitive social media landscape.\ - In addition, the project's potential economic impact can be evaluated in terms of potential cost savings for public organizations and NRENs who may be currently paying for closed-source social media solutions. - Finally, the project's potential impact on digital rights and online privacy can have significant societal implications, contributing to a more democratic and transparent online environment. - -Quantitative estimates for these impacts will depend on the specific implementation and adoption of the platform, but it is possible to make some broad estimates based on existing data. For example, according to a 2020 survey by Pew Research Center, around 69% of US adults use social media, indicating a large potential user base for an alternative platform. -In addition, a report by Research and Markets estimates that the global social media management software market will reach \$17.7 billion by 2026, indicating the potential economic impact of the project's focus on open-source and cost-effective solutions. -Some other specific possible quantitative estimates: +Some specific possible quantitative estimates include: +1. Developer engagement: + Given that making portable services the default will need more of the open-source community to engage on this issue, we may measure for example developer engagement in social channels, support channels, issue trackers, as well as code forge metrics such as bookmarks, forks, merge requests, and third-party projects building upon our work or citing us as a source of inspiration. 1. User adoption: - If our project is successful in providing a user-friendly and privacy-focused social media platform, it could attract a significant number of users. - For example, if the platform gains a 5% share of the global social media market by 2026, which is currently estimated at 3.6 billion users, that would translate to 180 million users. + If our project is successful in providing a user-friendly and privacy-focused platform for digital autonomy, it could attract a significant number of users. 1. Cost savings: - By promoting the use of open-source software and decentralized infrastructure, our project could lead to cost savings for public organizations and NRENs. - For example, if a large public organization is currently spending \$1 million per year on a closed-source social media platform, switching to your open-source platform could result in cost savings of up to 50%. + By promoting the use of open-source software and decentralised infrastructure, our project could lead to cost savings for public organisations. 1. Data portability: - Your project's focus on data portability could have significant benefits for users, allowing them to easily switch between social media platforms and take their data with them. - For example, if 10% of users on a major social media platform decided to switch to your platform, and were able to easily transfer their data, that would equate to millions of users being able to regain control over their data. + The focus on data portability could have significant benefits for users, allowing them to easily switch between online platforms and take their data with them. 1. Market disruption: - If our project is successful in disrupting the market dominance of big tech companies in the social media space, it could have far-reaching impacts. - For example, if our platform gains a significant share of the market, it could lead to a decrease in the power of big tech companies and more competition in the social media space, potentially leading to improved user privacy and better options for data management. + If our project is successful in disrupting the market dominance of big tech companies, it could have far-reaching impacts. + For example, if our platform gains a significant share of the market, it could lead to a decrease in the power of big tech companies and more competition among software services, potentially leading to improved user privacy and better options for data management. There are several requirements and potential barriers that may determine whether the desired outcomes and impacts of the project are achieved. Some of them are: 1. Technical challenges: - Developing an open and decentralized social media platform based on the ActivityPub protocol can be technically challenging. - The project will need to address issues related to scalability, performance, security, and interoperability with other systems. - Failure to overcome these technical challenges may hinder the project's ability to achieve its desired outcomes and impacts. -1. Adoption by target groups: - The success of the project will depend on the adoption of the platform by its target groups, such as public organizations and NRENs. - The project will need to demonstrate the benefits of the platform and convince potential users to switch from their current social media platforms to the new one. - Failure to achieve significant adoption may limit the project's ability to achieve its desired outcomes and impacts. -1. Regulatory and legal requirements: - The project will need to comply with regulatory and legal requirements related to data privacy, security, and intellectual property. - Failure to comply with these requirements may lead to legal issues and hinder the project's ability to achieve its desired outcomes and impacts. + As seen in our technology section, our project encompasses bridging numerous existing software packages, meaning project success depends on successfully integrating these. 1. Funding and resources: The project will require adequate funding and resources to achieve its desired outcomes and impacts. The project team will need to secure sufficient funding and resources to cover the costs of software development, partnerships, and promotion. Failure to secure adequate funding and resources may limit the project's ability to achieve its desired outcomes and impacts. 1. Competition: - The project will face competition from other social media platforms, including big tech companies and other open-source projects. + The project will face competition from other digital service offerings, including properietary ones from big tech companies and offerings oriented at self-hosting open-source projects. The project team will need to differentiate the platform and demonstrate its unique features and benefits. Failure to differentiate the platform from its competitors may limit the project's ability to achieve its desired outcomes and impacts. ## Measures to maximise impact - Dissemination, exploitation and communication -Communication and dissemination measures + -We've identified multiple dissemination measure we can apply to our project in our plan: +### Dissemination + + + +We've identified multiple dissemination measures we can apply to our project in our plan: 1. Developing key messages: - We'll develop clear, concise, and compelling messaging that highlight the benefits and unique features of our project, such as the focus on **user control, privacy,** and **data & service portability**. + We'll develop clear, concise, and compelling messaging that highlight the benefits and unique features of our project, such as the focus on **user control**, **privacy**, and **data & service portability**. 1. Using multiple channels: - We will be utilizing a variety of channels to reach our target audiences outlined above, in particular through the **Fediverse** itself, webinars, blog posts, and press releases. + We will be utilising a variety of channels to reach our target audiences outlined above, among which through online communities, social media, webinars, blog posts, tech conferences and press releases. 1. Building partnerships: - We have identified a number of partners already like [SDEPS](https://www.sdeps.eu/) and [PublicSpaces](https://publicspaces.net/), [Internet Society](https://www.internetsociety.org/), [EDRi](https://edri.org/), [GÉANT](https://geant.org/), [RIPE](https://www.ripe.net/), [ECO](https://www.eco.de/), [APELL](https://www.apell.info/) and [CENTR](https://www.centr.org/) to help us reach out to our target audiences. + We have identified a number of partners already to help us reach out to our target audiences. These organisations share our **values and mission**. -1. Present the project at conferences and events: - We'll participate in relevant conferences and events to raise awareness of our project and engage with potential users and partners. - These will include hosting events (e.g. [Cloud Expo Europe](https://www.cloudexpoeurope.com/), [Cloudfest](https://www.cloudfest.com/), [Web Summit](https://websummit.com/)) and developer events like [FOSDEM](https://fosdem.org/), [OW2Con](https://www.ow2con.org/) and [CCC Congress](https://events.ccc.de/) to inform a diverse audience of the benefits of our stack and the other NGI technology solutions we are promoting. 1. Monitoring and evaluation: - We will monitor the success of our dissemination activities and evaluate their effectiveness in reaching and engaging ourtarget audiences. + We will monitor the success of our dissemination activities and evaluate their effectiveness in reaching and engaging our target audiences. We will then use this information to adjust and improve our strategies over time. Concrete examples of dissemination activities for our project will include: -- Creating a series of blog posts that explain the benefits of open and decentralized social media, and how our platform addresses common challenges faced by public organizations and NRENs. -- Hosting a webinar series that showcases the features and functionalities of our platform, and provides tips and best practices for using it effectively. -- Developing case studies that highlight how our platform has helped public organizations and NRENs improve their communication and collaboration, and sharing these case studies on social media and in email newsletters. -- Partnering with industry associations (e.g. [DINL](https://www.dinl.nl/), [ECO](https://www.eco.de/) and [EuroISPA](https://www.euroispa.org/)) and advocacy groups like [EDRi](https://edri.org/), [EFF](https://eff.org/) and [SDEPS](https://www.sdeps.eu/) that promote open-source software and digital rights, and working with them to promote our platform to their members and followers. -- Participating in relevant conferences and events, such as those focused on hosting, open-source software, digital rights, and public sector innovation, and showcasing our platform in demos and presentations. -- Creating a comprehensive user guide and knowledge base that provides detailed instructions and answers to common questions about the platform, and making this guide available on the platform's website and Fediverse channels. +- Properly document our work, so that potentials users may more easily understand when and how they might use it, whether directly or tweaked to their particular use-case. +- Maintain and highlight instant messaging channels where developers might ask questions and discuss potential improvements to the software. +- Creating a comprehensive user guide and knowledge base that provides detailed instructions and answers to common questions about the software, and making this guide available on the platform's website and social media channels. +- Hosting a webinar series that showcases the features and functionalities of our deployment module, and provides tips and best practices for using it effectively. +- Partnering with industry associations and advocacy groups that promote open-source software and digital rights, and working with them to promote our platform to their members and followers. + Such organizations include [SDEPS](https://www.sdeps.eu/), [PublicSpaces](https://publicspaces.net/), [Internet Society](https://www.internetsociety.org/), [EDRi](https://edri.org/), [GÉANT](https://geant.org/), [RIPE](https://www.ripe.net/), [ECO](https://www.eco.de/), [APELL](https://www.apell.info/) [CENTR](https://www.centr.org/), [DINL](https://www.dinl.nl/), [EuroISPA](https://www.euroispa.org/) and [EFF](https://eff.org/). +- Participating in relevant conferences and events to raise awareness of our project and engage with potential users and partners, such as those focused on hosting, open-source software, digital rights, and public sector innovation, and showcasing our software in demos and presentations. + These will include hosting events (e.g. [Cloud Expo Europe](https://www.cloudexpoeurope.com/), [Cloudfest](https://www.cloudfest.com/), [Web Summit](https://websummit.com/)) and developer events like [NixCon](https://nixcon.org), [FOSDEM](https://fosdem.org/), [OW2Con](https://www.ow2con.org/) and [CCC Congress](https://events.ccc.de/) to inform a diverse audience of the benefits of our stack and the other NGI technology solutions we are promoting. -Our communication strategies are already partially integrated in the dissemination measure above, but we'll outline them more in depth: +### Communication + + + +Our communication strategies are already partially integrated in the dissemination measure above, but we'll outline them more in depth. There are several communication strategies and measures that we will utilise during the whole lifespan of the project: @@ -608,9 +440,9 @@ There are several communication strategies and measures that we will utilise dur It will be used to share updates, news, publications, and other project-related information. The website will be designed to be accessible and user-friendly. 1. Using social media: - We will reach out to Fediverse channels (e.g. Mastodon, Pixelfed, Peertube and Owncast) as well as legacy social media platforms such as Twitter, LinkedIn, and Facebook will be used to reach a wider audience and share project-related news and updates. + We will reach out to Fediverse channels (e.g. Mastodon, Pixelfed, Peertube and Owncast) as well as commercial social media platforms such as X, LinkedIn, and Facebook to reach a wider audience and share project-related news and updates. Social media are used to engage with stakeholders and respond to their queries and feedback. - While we want to draw people away from these closed social media environments, we'll still need to utilise these platform for spreading our message initially. + While our values may be closer aligned with the open-source social media, we will also still have use for the commercial ones to spread our message initially. 1. Organising workshops and events: Workshops and events will be used to engage with stakeholders and share project-related information. Workshops will be used to share technical knowledge, while events will be used to showcase the project's outputs and outcomes. @@ -624,44 +456,17 @@ There are several communication strategies and measures that we will utilise dur Engaging with the traditional media will help to promote the project and its outcomes. Partners like [SDEPS](https://www.sdeps.eu/) consist of mainstream media actors across Europe who are aligned with our mission and are themselves potential users and ambassadors of the tools we build. -Exploitation measures per target audience: +### Exploitation -1. Public Organisations: - - Develop and offer training sessions and workshops for public organisations, showcasing the features and benefits of the platform and how it can be used to increase public engagement and participation. - - Develop case studies or success stories featuring public organisations that have successfully implemented the platform, highlighting the benefits they have experienced in terms of increased citizen engagement and improved communication. - - Partner with industry associations and conferences to increase visibility and reach among public sector decision-makers and influencers. -1. NRENs: - - Partner with NRENs to offer the platform as a service to their clients, either as a value-added service or as part of their existing offerings. - - Develop and offer training sessions and workshops for NRENs, showcasing the features and benefits of the platform and how it can be integrated into their existing services and offerings. - - Develop case studies or success stories featuring NRENs that have successfully integrated the platform into their services, highlighting the benefits they have experienced in terms of increased customer satisfaction and improved service offerings. -1. Educational Institutions: - - Develop and offer training sessions and workshops for educational institutions, showcasing the features and benefits of the platform and how it can be used to increase student engagement and collaboration. - - Develop case studies or success stories featuring educational institutions that have successfully implemented the platform, highlighting the benefits they have experienced in terms of increased student engagement and improved communication. - - Partner with educational conferences and associations to increase visibility and reach among educational decision-makers and influencers. + -Feedback for policy measures +Planned exploitation measures, primarily aimed at hosting organisations, include: -As an open and decentralized social media platform, the project has the potential to generate feedback to policy measures related to digital communication, privacy, and data protection. -By promoting a federated approach to social media and communication, the project will offer an alternative to closed ecosystems controlled by big tech companies. -The following are some ways in which the project will contribute to designing, monitoring, reviewing, and rectifying existing policy measures or shaping and supporting the implementation of new policy initiatives and decisions: +1. Develop and offer training sessions and workshops, showcasing the features and benefits of the software and how it can be used to offer portable services. +1. Develop case studies or success stories featuring hosting organisations that have successfully implemented the platform, highlighting public reception to their offering. +1. Partner with industry associations and conferences to increase visibility and reach among hosting organisations, public sector decision-makers and influencers. -1. Providing a platform for public dialogue and participation: - The project will serve as a platform for public dialogue and participation, allowing citizens to voice their opinions and concerns on policy measures related to digital communication, privacy, and data protection. - This feedback will inform the design, monitoring, and review of existing policy measures or shape the implementation of new policy initiatives and decisions. -2. Demonstrating the feasibility of an open and decentralized approach: - The project will demonstrate the feasibility of an open and decentralized approach to social media and communication, providing evidence for the effectiveness of such an approach in promoting user control, privacy, and data portability. - This evidence will be used to inform policy measures related to digital communication and encourage the adoption of a federated approach. -3. Highlighting the limitations of current policy measures: - The project will highlight the limitations of current policy measures related to digital communication, privacy, and data protection. - By showcasing the benefits of an open and decentralized approach, the project will draw attention to the shortcomings of existing policies and stimulate discussions on potential improvements. -4. Providing data and analysis for policy evaluation: - The project will provide data and analysis on the use and impact of the platform, including user engagement, user satisfaction, and data portability. - This data will be used to evaluate the effectiveness of existing policy measures or inform the design of new policies. -5. Engaging with policymakers and stakeholders: - The project will engage with policymakers and stakeholders, including public organizations, NRENs, and educational institutions, to raise awareness of the platform and its potential impact on policy measures related to digital communication, privacy, and data protection. - This engagement will facilitate collaboration and information sharing between the project and relevant policy stakeholders, promoting mutual learning and understanding. - -Project content and handling of intellectual property risks +## Project content and handling of intellectual property risks NGI as a whole operates according to open source principles and unencumbered (royalty-free) licensing, to ensure **broad and lasting impact**. The societal benefit of the initiative lies in the collaborative development of technology as **commons**. @@ -683,7 +488,7 @@ Through the NGI0 review project (also ran by NLnet Foundation) we will advise an Work in most **standards setting** organisations is automatically covered by a **strict IPR policy**, requiring full declaration — which is typically followed by an effort to work around any patents in order to create a FOSS-friendly, unencumbered standard. -Handling the threat of software patents +### Handling the threat of software patents The fact that patented technologies are out of scope for our research, does not mean that patents have ceased to be, and no longer pose a threat. Our projects work out in the open, and so groundbreaking ideas can be appropriated easily. @@ -703,11 +508,9 @@ We will integrate that aspect into the high level process on a best effort basis | **Specific needs**: What are the specific needs that triggered this project? | **Expected results**: What does Fediversity expect to generate by the end of the project? | **Communication and dissemination measures**: What dissemination, exploitation and communication measures will Fediversity apply to the results? | |-|-|-| -| **Availability of content in the Fediverse**: Even though the fediverse is now used by a lot of 'normal users' most public organizations are lacking from providing content to the Fediverse. | **Easier and predictable use of NGI-supported open source software**: We aim to provide hosting providers and public organizations with a cookbook/script that will allow them to implement, and maintain NGI-supported open source software in such a way that it feels comfortable for IT staff to do. | **Outreach towards main stream consumers**: Press and guerrilla marketing, tech talks and webinars, decentralised social media, project speaker bureau. | -| **Use of open source software is hard**: The general misconception is that the use of open source software is hard and it is difficult for large organizations (both public and private) to run, and maintain open source software. | **Better and more content in the Fediverse**: by getting better support of IT staff in running NGI-supported fediverse platforms we expect NRENs and other public organizations to move to an ‘open first’ approach for sharing their content, moving away from Big Tech. A secondary effect of this could be that due to the availability of that content more people would start using the Fediverse giving meaning to the term ‘network effect’. | **Engage with technical, operational -community and decision makers**: Webinars for ‘families’ of projects to showcase progress to internet service providers, research networks, operator groups, hosters, CERTs, etc. | -| **Service portability is lacking**: Even though there are now regulations that state that you can get all your personal data from service providers. It is still quite hard to move from one platform to another. With the event of federated networks you can export your data from one instance and move to another. This is not easy and requires quite some work. | -| **Basic level of service portability**: We expect to get several projects to create a way to actually export both data and settings so you can not only move to another service provider, but also do so transparantly. | **Make project results discoverable**: One stop shop portal to browse through different categories of projects and discover new technologies of interest. | +| **Gap between supply and demand of software**: whereas a lot of open-source server-based software exists, adoption of open-source options appears to be lagging behind, in part due to the maintenance overhead that comes with traditional self-hosting and requires more technical know-how. | **Easier and predictable use of NGI-supported open source software**: We aim to provide hosting providers with a cookbook/script that will allow them to implement, and maintain NGI-supported open source software in such a way that it feels comfortable for IT staff to do. | **Outreach towards main-stream consumers**: Press and guerrilla marketing, tech talks and webinars, social media, project speaker bureau. | +| **Use of open-source software is hard**: The general misconception is that the use of open source software is hard and it is difficult for large organisations (both public and private) to run, and maintain open source software. | **Rise in adoption of open-source given low-maintenance options**: Given our initial offering of easily set up open-source server applications in our pilot with hosting organizations, we expect to see adoption of this software among end-users, hopefully creating a 'network effect' in these ecosystems. | **Engage with technical, operational community and decision makers**: Webinars for 'families' of projects to showcase progress to internet service providers, research networks, operator groups, hosters, CERTs, etc. | +| **Service portability is lacking**: Even though there are now regulations that state that you can get all your personal data from service providers. It is still quite hard to move from one platform to another. With the event of federated networks you can export your data from one instance and move to another. This is not easy and requires quite some work. | **Basic level of service portability**: We expect to get several projects to create a way to actually export both data and settings so you can not only move to another service provider, but also do so transparantly. | **Make project results discoverable**: One stop shop portal to browse through different categories of projects and discover new technologies of interest. | |   |   | **Engage European SMEs and investors**: Create a competitive alternative economy based on open source with convenience and value-add services. | | **Target groups**: Who will use or further up-take the results of the project? Who will benefit from the results of the project? | **Outcomes**: What change does Fediversity expect to see after successful dissemination and exploitation of project results to the target groups? | **Impacts**: What are the expected wider scientific, economic and societal effects of the projects contributing to the expected impacts outlined in the respective destination in the work programme? | @@ -719,17 +522,67 @@ community and decision makers**: Webinars for ‘families’ of projects to show # Quality and efficiency of the implementation +## Architecture + +![](/home/kiara/code/meta/architecture-docs/architecture.png) + +## Break-down of project milestones + +Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: + +- Initial internal user to kick-start feedback process: + - automate provisioning of: + - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) + - [immutable storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) + - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) + - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) + - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) + - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + - [publish specification](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) using e.g. JSON Schema / OpenAPI + - [facilitate multi-tenancy](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + - [provision admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) + - [ensure users can update their configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) +- Software ready for web hosts to take into production: + - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) + - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) + - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) + - [decoupled versioning of deployment module versus front-end](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + - [automate dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) +- Features to improve user experience and increase host adoption: + - [enqueue deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) + - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) + - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) + - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) + - [expand exposed configuration settings](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) + - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) + - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) + - [scaling application resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) + - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) + - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) +- Facilitate engagement from external developers: + - [create integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [add continuous integration builds to a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) + - [reproduce required infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) + - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + - [facilitate user signup](https://git.fediversity.eu/Fediversity/Fediversity/issues/335) + - [facilitate code reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) + - [upstream deployment module to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) + ## Work plan and resources Table 3.1g: Subcontracting costs -Not applicable. +Not applicable? Table 3.1h: Purchase costs | Description | Category | Cost (€) | Justification | |-|-|-|-| -| Test hardware | Other goods, works and services | 200.000 |

For our UX research we need to acquire a reasonable diverse set of tablets, PC's and mobile phones so that we can support actually used devices. This is essential to deliver the kind of support people expect from software in general, but cloud services (like our social networking products from the NGI technologies we choose). We want to create a test lab that is also accessible to the chosen technology developers at request. We will at least need to acquire the latest new models of popular phones and tablets other devices every 3 months (estimated total of 60 devices by the end of the project) and new models of laptops, chromebooks and the likes every 6 months (estimated total of 30 devices by the end of the project) and a few PC’s with various form-factors and operating systems (estimated total of 24 devices by the end of the project). We expect to be using about 50.000 of the budget for this.

Another substantial part will be used for a test-setup 'at scale' for running the actual services: server-hardware, networking-hardware, storage-systems. Also we need to account for hosting and networking-costs in dual locations.

We will acquire about 80 server-systems, 12 storage-systems, and some networking equipment housed in two locations. All hardware will be second-hand as to keep cost low.

For this we expect to be using about 130.000 of the budget.

The remaining 20.000 euro we want to spend on two or four openhardware servers based on OpenPower to run a small pilot as part of the test/development setup to see where it makes sense to use OpenHardware in the setup for running Fediverse software.

| +| Test hardware | Other goods, works and services | 200.000 |

For our UX research we need to acquire a reasonable diverse set of tablets, PC's and mobile phones so that we can support actually used devices. This is essential to deliver the kind of support people expect from software in general, but cloud services (like our products from the NGI technologies we choose). We want to create a test lab that is also accessible to the chosen technology developers at request. We will at least need to acquire the latest new models of popular phones and tablets other devices every 3 months (estimated total of 60 devices by the end of the project) and new models of laptops, chromebooks and the likes every 6 months (estimated total of 30 devices by the end of the project) and a few PC's with various form-factors and operating systems (estimated total of 24 devices by the end of the project). We expect to be using about 50.000 of the budget for this.

Another substantial part will be used for a test-setup 'at scale' for running the actual services: server-hardware, networking-hardware, storage-systems. Also we need to account for hosting and networking-costs in dual locations.

We will acquire about 80 server-systems, 12 storage-systems, and some networking equipment housed in two locations. All hardware will be second-hand as to keep cost low.

For this we expect to be using about 130.000 of the budget.

The remaining 20.000 euro we want to spend on two or four openhardware servers based on OpenPower to run a small pilot as part of the test/development setup to see where it makes sense to use OpenHardware in the setup for running Fediversity software.

| | Remaining purchase costs |   | 10.000 | Is for promotion and marketing material like stickers, banners, and other promotional material to hand out on each and every event we will visit. | | Travel and subsistence |   | 15.000 | Will be used for traveling between the Netherlands, the Nordics, France and the rest of Europe for attending conferences and other meetups. | | Total |   | 225.000 |   | @@ -751,14 +604,10 @@ Widely recognised as one of the leading grantmakers in the realm of internet and Introduced the internet in Europe in the eighties, and led the project that defined the vision of the NGI initiative. Now is the driving force behind NGI Zero, and responsible for over half of the active projects inside NGI. -[Tweag](https://tweag.io/) \~ Tweag is a software innovation lab that helps deep tech startups quickly scale their engineering performance and execute on high-risk, high-reward projects with confidence. -Tweag's team of engineers are behind today's boldest innovations in machine learning, distributed computing and biotech. -Applying mathematics, computer science and the methods of open source to software engineering, Tweag stretches what's possible for clients. - -[NORDUnet](https://nordu.net/) \~ NORDUnet is an international collaboration between the National research and education networks in the Nordic countries. -NORDUnet interconnects the Nordic national research and education networks and connects them to the worldwide network for research and education and to the general purpose Internet. -NORDUnet provides its services by a combination of leased lines and Internet services provided by other international operators. -NORDUnet has peering in multiple important internet exchange sites outside the Nordics, such as Amsterdam, Chicago, Frankfurt, London, Miami and New York. +[ProcoliX](https://www.procolix.eu/) \~ +Web host dating back to the early stages of the internet. +Today hosting public services like the NLUUG FTP server, one of the largest repositories of Open Source software in Europe and sites like [Mastodon.nl](https://mastodon.nl/) and [Petities.nl](https://petities.nl/) for the public good. +Has a 'open source only' approach to running Internet IT Infrastructure. # Ethics self-assessment @@ -826,7 +675,7 @@ Other ethics issues ## Financial support in the form of a grant awarded after a call for proposals -As detailed in Part B, Fediversity in addition to its research goals and support for verticals will contribute 15% of its budget to the development of related digital commons through financial support in the form of grants awarded to third parties through bi-monthly open calls for proposals. +As detailed in Part B, Fediversity in addition to pursuing its goals directly, will further contribute 15% of its budget to the development of related digital commons through financial support in the form of grants awarded to third parties through bi-monthly open calls for proposals. In this annexe we describe the following aspects of this financial support by detailing our approach to managing a dedicated fund supporting a series of open calls related to Fediversity: @@ -1016,7 +865,7 @@ In our privacy policy we inform potential applicants that they can use an alias As long as a project is not accepted, the applicants real identity is not relevant to us. If the proposal never goes beyond that phase they can remain anonymous. -In order to review and process project proposals we need to grant access to the professional staff of NLnet foundation responsible for reviewing and running the open calls associated with Fediversity (WP4). +In order to review and process project proposals we need to grant access to the professional staff of NLnet foundation responsible for reviewing and running the open calls associated with Fediversity (WP3). Since confidentiality is a critical aspect of the trust relationship we have with projects, at no point in time will proposals be shared with third parties without explicity permission, not even partners within Fediversity. Sometimes opportunities will arise outside of the context of this fund, or there is a potential to support the project in some other way. At the time of submitting the proposal applicants either grant NLnet Foundation the right to keep any information submitted on record — should future funding opportunities arise — or not. @@ -1100,7 +949,3 @@ Consortium members have been instructed to stay clear from project proposals fro # Overview of project displayed in a Gantt chart ![](Pictures/gantt-chart.png) - -[^2]: services like Facebook, Instagram or Twitter - -[^3]: Meta have been reported to work on an ActivityPub based app, Medium has adopted ActivityPub and Tumblr as well. -- 2.48.1 From a901bac86e32af50a713eb3fe9b5edba1ee669f9 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 21 May 2025 16:05:17 +0200 Subject: [PATCH 03/93] rm methodology --- fediversity.md | 88 -------------------------------------------------- 1 file changed, 88 deletions(-) diff --git a/fediversity.md b/fediversity.md index 56c786b..efdaccd 100644 --- a/fediversity.md +++ b/fediversity.md @@ -86,94 +86,6 @@ The use of open-source software, along with the focus on portability, will enabl The project plans to offer portability of services, allowing users to easily export their data from the platform and import it to another platform. This is a unique feature beyond what is currently available on the market. -## Methodology - -For the software development side of things, the project will use 'iterative development', which means the development process is a cycle, where we go back through the steps based on feedback and challenges that present themselves along the way. - -1. **Planning:** - During the planning phase, the team will identify the key features and requirements of the service packages. - This will involve collaborating with stakeholders and users to understand their needs and expectations. - The team will then create a prioritised list of features and user stories, which will form the basis of the development plan. -1. **Designing:** - In the designing phase, the team will create the overall architecture and design of the software. - This will involve identifying strategically relevant service packages, including relevant settings, database schemas, and application programming interfaces (APIs). - The team will also identify any third-party libraries or tools that would be needed to implement the software. -1. **Coding:** - During the coding phase, the team will start implementing the software. - Once the software has reached its MVP stage, the development process will involve an initial user to facilitate working in short, user-feedback-driven iterations. -1. **Testing:** - The testing phase involves verifying that the software works as expected. - The team will develop a suite of automated tests that cover all the key features and scenarios of the software. - This will include unit tests, integration tests, and end-to-end tests. - The team will also perform manual testing to ensure that the user experience is smooth and error-free. -1. **Releasing:** - The final phase is the release to users. - The team will work on documenting usage of the software, and facilitate initial users to maintain a feedback loop. - The team will then use this feedback to inform further iterations of the software, and prioritise the next set of features and improvements. - -In the context of building partnerships with hosting organisations, we will apply Design Thinking as a methodology. - -Design Thinking is a user-centered, iterative methodology that is used to solve complex problems and create innovative solutions. -It involves a five-step process that includes empathy, definition, ideation, prototyping, and testing. -The following is an overview of how Design Thinking can be applied to build partnerships: - -1. **Empathy:** - The first step in the Design Thinking process is to understand the needs, goals, and challenges of the target partners. - This can be done through research, interviews, surveys, and other forms of data collection. - By empathising with the target partners, we can gain a deeper understanding of their perspectives and identify opportunities for collaboration. -1. **Definition:** - Once we have a clear understanding of the target partners' needs, goals, and challenges, we can define the problem space and identify areas of mutual interest. - This involves synthesising the research data and creating a problem statement that is focused on meeting the target partners' needs. -1. **Ideation:** - The ideation phase involves generating a wide range of ideas for how we can address the problem statement and meet the target partners' needs. - This can be done through brainstorming sessions, workshops, and other forms of collaborative ideation. - The goal is to generate a diverse set of ideas that can be evaluated and refined in the next phase. -1. **Prototyping:** - In the prototyping phase, we create low-fidelity prototypes of the most promising ideas generated in the ideation phase. - These prototypes can take the form of mockups, wireframes, or other simple prototypes that can be tested and evaluated with the target partners. -1. **Testing:** - The final phase of the Design Thinking process involves testing the prototypes with the target partners and gathering feedback. - This feedback can be used to refine the prototypes and develop a more detailed plan for collaboration. - -To apply Design Thinking to our project, we would start by conducting research and gathering data on the needs, goals, and challenges of end-users through our potential partners. -This can involve interviews with key stakeholders, surveys of potential partners, and analysis of existing data sources. - -Using this research, we will then define the problem space and identify areas of mutual interest. -This will involve creating a problem statement that focuses on meeting the needs of users in the area of software services. - -Next, we will generate a wide range of ideas for how we can address the problem statement and meet the needs of potential partners. -This will involve brainstorming sessions, workshops, and other forms of collaborative ideation with key stakeholders. - -Using the ideas generated in the ideation phase, we will then prototype the most promising ideas. - -Finally, we will test the prototypes (alphas, betas of our services) with potential partners and gather feedback. -This feedback will then be used to refine the prototypes and develop a more detailed plan for collaboration. -Through this process, we can build strong partnerships with hosting organisations based on mutual benefit and shared decision-making. - -Our project is designed to comply with the 'do no significant harm' principle as per Article 17 of Regulation (EU) No 2020/852. -We are committed to ensuring that our methodology is environmentally-friendly and does not significantly harm any of the six environmental objectives of the EU Taxonomy Regulation. - -Regarding the use of artificial intelligence (AI) based systems, we do not plan to use AI in our project. -However, if we were to use AI, we would ensure that our systems are technically robust, socially robust, reliable, and able to provide suitable explanations of their decision-making processes. -We would also follow industry-standard practices and regulations to minimise any unintended harm and safeguard the physical and mental integrity of humans. - -To make sure we can achieve our project objectives, we have outlined a project management strategy: - -- We will develop a clear and detailed project plan: - This will outline the tasks that need to be completed, who is responsible for each task, timelines, and dependencies. -- Establish effective communication: - Regular communication with all stakeholders is crucial for keeping everyone informed about progress, identifying and addressing issues, and ensuring that everyone is on the same page. - To this end we will also outline a communication plan to make sure all relevant stakeholders (European Commission, team members, both internal as external contractors) are well-informed throughout the process. -- Monitor progress: - Regular monitoring of project progress against the plan can help identify any potential delays or issues and allow for adjustments to be made to keep the project on track. -- Mitigate risks: - Identify potential risks and develop strategies for mitigating them. - This can help reduce the likelihood of delays or failures. -- Ensure proper resource allocation: - Make sure that resources, including staff, budget, and technology, are allocated appropriately to support the project objectives. -- Stay flexible: - We are prepared to adjust the project plan and approach as needed to ensure that objectives are met. - ### Technologies used #### [NixOS](https://nixos.org/) -- 2.48.1 From e8e72c8ed7b07957d7b66d1851610278212077fc Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 22 May 2025 10:32:22 +0200 Subject: [PATCH 04/93] gantt todo --- fediversity.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index efdaccd..38aca3b 100644 --- a/fediversity.md +++ b/fediversity.md @@ -860,4 +860,5 @@ Consortium members have been instructed to stay clear from project proposals fro # Overview of project displayed in a Gantt chart -![](Pictures/gantt-chart.png) + +TODO -- 2.48.1 From b9df7e9b963438723b368d844a0e6988e4923337 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 23 May 2025 08:51:49 +0200 Subject: [PATCH 05/93] add architecture diagram --- Pictures/architecture.png | Bin 0 -> 24329 bytes fediversity.md | 7 ++++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 Pictures/architecture.png diff --git a/Pictures/architecture.png b/Pictures/architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..7410d137df3ddd873e72aa121abcb7c312ee7bac GIT binary patch literal 24329 zcmbrmc{rAB`!;%+G8K{{nUiErLYX3>lBq};GDV3Z^DI(^GNeMLh|oyJ%wr{ErMk(O zjFBla`}X_!eQRysUu#=yTi*BGp6BHruIs#x^Emcn-}mDT)6>!1!obNu5X6?_TIvP_ zLGcp*J3&W@-|)M|oyR{mS)J5WCpO6cd0dedOAvg-adp)*o=Fou9!Itv|3OT5%J5M~ zn^RM(9|@-vcpQ5BK{{QKF$?1khu1U@wmDcF@;Rh5R2`nQ*Xj@(4P$ut33j%9BEsRq z8r14^;*I_R6aR*14b)D)p-N3Hsk zX;>A%<8BUSp$=1sr{$+(^^js#V-fsg!E=*OtGh;#PBpqD*o!5I&zbiB`3+i1UCSS0 zcJJG_&zFHFh%fZ)EAxu3wYxsl7X;?-LQh9Y{&BOda9d z+CJ#tp|?@wI`+A=w6wjw-Lmf105>BwJ)I)Y&GoPC?bBml_Oi3bX+-QeckbLwxi2?& za%d=B3Ol2!AN3sH-`DTn9V3Xl#|AYAGBYz%mHmEdHnMbRVvRPg{rl7N@#9A#aC+K_ zTJ_sYlVZCz9%|L_@bILhr0g^H1_rFeQ~llDF&P^uYD&*QKSUhlhvv z>Lm4R?otzAFz3Cwp8ERr6rNFXQqoi1)b-!5tDZf7ZoSQ(nwBtwiR#`8pPifE-Jqh~A!aOP z^C5a^ZX~wx*WF!mS9?m`KHlH=^y$+{szqGx=%**opFb~l=(Mu6H9B+V?~iL$on2j( zzDowDPTf5@@Z{KC@3rOmj-1nmhK6;uwfFDe|2a75=jYeCXR4>nqv@gem2WS0s`x90 zr_apHJU{#T>6fvp_2uUlT{~E>|Mw{Rt8cKfvJwO?-o(U&ARc-v2dpREyBAc!L`Nqq zDq7|;5*Zu2Z9zgop=_Y;_Ecy7UI770RThGXZM+i|_5Pdv<;$m%? z1l9!8T89*S{Q3~{Z>n#vprCe={8mEBYu0Ahu3e&{&yU__;y&ye`rpMLcAqdld9n#N zE+#HcL7dLgF?)M`==b;6dE$dVfByaZH;2ZGq1Ag>C?gD^qV)=Gl}!lRV&iD z9Y1?EZmqPS;LORBj0!T=UphKgXNMS9+VJ?^T!?M7A&7_u`wK4~J>s0bVEjjP-@c{w zHHF!#-l~8L1_qxm4h#(qjgOBf4Y^$Pnjq!TZxeFpF3~@Jyz%2l`?=wkYrW-Tmlckz zaVSdOD&^a=r(wy?#l~6Z^zoy792+}(apya1`}TGx zL>TU2@ZDXLDt{#;yiFAU?eBoX}LBYLytgWKAl53cTzs+nkBfQH@qzDy^_X8=s9JwrwSGR=LeEr47cX96M8XGd6_Yr;l z{f7>9*3}JSi4mwh`F2qe5hsy@JX#~f#l&_`?jz={~JjITmJ9Ae_5X{8INdA*bmSD{{H=yna}*V z;k9emczILfJvC z@=ejjB{={0bL!NosHb;BkV=0I4V}`~W@BTUj?5I_6s&J-Y<&KFmn82E^-O~Y_wQ?K zYhRM#?9D6q+TEQL7kBpDIpjLsa_g}@J9q9xqYBl0muOe~U?Yu9pPrtM1w4ED z^zIMOR(PqXsLq}}d*Q-`ZQHi_?!IhqA08Q5={-M=Z9eLHxUyz?R}kOBhY!CzJ!MjG zDdy=@p~@OWlKQb@@9OInk;s~Y2@Se1^*8zXiFgL9OLGWh8l%_!tr7U*yLaw%_wkDZ6_^~!}W+fHLkDNZL{Cm2(4$H`#(bTl-d~*@^SW=*vtiw!CkIzME zNGvK^2w`MrU|>L2n7*3Piv%w!EKCk$`~{aHbMW9%H8tvg`CU(p?V98FTfe)L;*W5y zZH(Q!o9^f2q?xfX=}Ym^WXn8bWOdXEWbhj|Zrr_lH|T{DViYT_Ep&~Pn^sh0S@0s>aZ^s}?GD0X&v#z8OEQUlgMef#$C!2>0y{y?pf%GQprU%BO-ju;sknV78L zuVZ6Bo;-Qt^Qdz%g%*2=Pg3&Q)vN1&$G-4XY#o34?b|n%^+oIIKnm2LXW7{-+L;LS zOg-V)y}JH$!*?z0+0^Fe=dpTE^@Q_nThhObQD(<9SkchX@YDVL{rksMfX~OKCX}kJ z)bv=2Pm*`rhib5|Vj6!Pav7#u)YI6!osDf2sc&@j*YNOcp}>xa?JO*Td>^pKX?(c^ zlUTQH!z&yd92S$~M_o&^vi63kg@uOpU(rz8BOnl@mged0?YtElv{Wf9X?fXO*|5e&T1iO> z-vW%ZcqXL%#EBCIdV14;|4s}~QuBWdMhu@3ajUzvMM;Er{7Gr);R6Q_xVX%vsszkF zSsfj{M6HU)wy0mCB`P6dq_3Z#>~}cz>KfJncUfPr?$0K%nxgC{!q1}hYW_B)XFAsDqmkaes!gi%Rk=g*f& zosZ(<3yO+npH(A8Zlk+dP#|Nzog{fsPHq<`r?;2aOm6e!kK(2eAAHxAAKbneo*f>} zaOlw6{(g%;iS!ygNwSWQ3JVXG%LTpmnCgvbv@!2#vB)z%dTaB!Tnh@_6Tkbe_El~n zK79Q6^Y~?~!x@qJ>Kjyw`(E+xfUqpCV*v|b{)PJZFG(w`H z+5lLL#f<*@wX=suTujWEkN#TlojZ5R%2rf1R_lIPc_q>EDtXIX?UrW$Vl_Who{dle2Hnh|{FU-#(~$_>^& z;r7K@dFJ6?zmQm`i?p*nvd=tAOB=wGUoqCfEm>Ofcfahhv$sEyrnlTXi`aVk@@4MO zkKBR+2S-Q0x#2C$O~0IZR+s0WKYY03TGLJMQ>Rbozj*N?D&&ljk#vG~iAhngJif^3q`1WsjsD4mUE9(oeyO)Vj#}ygQmz9;3Q6VxiG6d0ob#g1`-EaT) z>035=&?VBw6(4BDMWzcgOtCRCQ>(Ts>;Aj@fN!zqyqOs{E9-234Ha?3z`y`-&CBa; zp!FrdNIQOh{tH$9LzM|EMR+K`D*aYG4cInJ%RQajQk1%jYdABeTAJuny_WWi?GVMj z0(2}bJ#TJquB)qS@y~d6Ztk_|+uDm%?Ck7UuKaHO=I!I7siATC$`whoQdc0G3cA1s ztIVt{J3G7Y-@b|L+qaXGv+Ku?{Hht$082|tWH1Q{3GPbn#9)`kdwVLfAL-`CE0~ly z557y$vAbYqR$=`<@>HTM(Cz+x`!2tae)Bmnyj#C(4iiFt*X%-Mu1m4sd*;O-Cp;kKNnb8|_w|?1$FY zO~i}yh0pSV_GM*d&5TgFzy8bHf*2zLC9>vft%PD5KXZ>Y)Q1915rMe%G~x3oy+%g2 zwnWv4+`E7O%&O!>*bZt+OJKo@l{-Df9#iJTkz>a;{cE{%_ih>2LVM=b1zKhAzrqXK zy>XR^h5@THv_wBpjc~Zp*|Q#Yk`|ebA3o$J#%T#!os_sx*?=S zwe|N!l_mlLJk?J44CD#i`0Uv;G-GHc#S|P!xvE6Pv7Vlu--kAHA3g)v<`R~gdckfA zA@Atucu-dMPY?Y`ZS6bx`7Vx*lVe}95Y|9wl>r<6%YVm^4z&}chp?D_i^hv{b92w9 zLO}vt2!HVKp%DN_%({}_ImF-B0DKa@w5zidoysV>E5CIXf#ZgTZm8!#KFN+KhJ9-l zPU!Ahhbug$QpnpWO4r<+C+g>R3Hc=UvqnY|W~FD&ojW8h?uf!mQUl&U9xJpq+a#%@ zqm!kReBI40`LLS^(f{d*rf!Pj%)fuHpFfX?hZ|%aKCY7}`!bQaetCMJ4tX7GwrMkm1t6rY z?IuF�e|rBnEo=yuv~h=;OzaZ!EP105p?$rDS9}(6-goq@79t8aD=p0?UwZ*LG|3 z&LHtKdV0ohY#OumpB%fxk>@>c-|J4tBAYxZMi2|}H@dq`QU0*IT0QpQM@R^d)AZD- zmwpL!L4d7Dv0k|Ity{NF^yT7-W@Kc1{CMKv!NNT2_v2$@mQ7`I4gIWHPF-alQ|THJ z?ti*FJLd~OeE9JCLKR~DX+}nOna8!Rg3Ew+B#|8vZlmq|tYN>Vrux?J+DLoN{%XW3 z{9RaBM=Q}el$DWD?z=QQ(v}*$X$z9JRqDYD*ib+_&y8M+2n!?gSV$+JP$x=RQrabS zc6K7kJb(TA`{&Q(S8q)9Kh@NXQamL2u2oF!=urjJhHQbhm92cqCI@Emw#F0l|6 zqwQ&vdu#Xa-yegWZu-V+&X)298BJMR2d_A=KH z_yi@hPjwYC64A-YEfoR>4<2-LbDMC}(_^`DM9 zLl(;Mv7QSPor0|U_U^r15k6P$S$mV76t{{MJbd^tpe^D)DbaGy+cMLv!n^R4IH~P` zZ0fFLomA8{!eY9=X2*^lKuNgd3EFEVrKR>)uB0AzJAn?EMB-?2b{T1H_$DhS*OqXA zmU#U9`4wyH-J+tR;^KajT?ZY+%|{yKf2mGnRic&5-?Dl0X2Css^1hS4>l{5w^&?I= z-0I(+B8SePbYb@c&VRb!l6Wpkae&&OAS~M4YZkIoQg~KO%KTQ`iE03pt`3qAGa3Mb zux)u1vc1VFFSoA|WqF&%r)zzc6a={ybL@Vi80tqwO3gg5Ce3`k?;PkJg21k_*cAYF z3C~RFWANrp!D?xU<;TL0(6_C9k>=RUrZMKaOvwrR#i?@y%k3{RyKTo*3&x-j*r_bC@6?L2;W1!zf{@S$mp0r49Tv3 za%_BD_TWLkjrHV;`nI;Vjt({-ZZ0k{QBg20j0D}5EqhqQ_Ufk8w_XZW{|UMxBQvut z=}?{j)X#>9moHxAemCayURe*x$7 ztq-Y*0t#m&_XTWlyB6lJFOBdrgaDHUJ$Ul+Wd({RkD(vv4PcB3CWQqKGTxiutU{4% zPB;K&$>sWW(hrY?hSAoz6Y@FP*Jrf}U)dgDO_frwm z!0&7tV8W1*jb5G)aoi^?z69-KZx_~THf3A)S=@Q~QheoL zm^zAcZRFcGZ{DC?UGd)uUUYb0l>aJe6{%nq3FGFX`>31DDz#yZ!#=+;`xRfh@=&Q&4^%^yo%z3 z7j^R;$*0^f zC!h12dnbe!frOGaZmu=X4mIT+=w2w9dV$_*V*1A2mB^;1Ch%o7=G(&5(XOCvK-a2j zWVC~r25)!v?04*sw4=8{F@mivnp)~Ux74#_KrfEAst)j;w-T{3k(6@)^#D&-)aZqj zloW^DRnx>ma0;X_DdLElnwqX|TVG$m%+ChWJtR34)Q#087ZAN5U)UHjOG_WkO{xp% z8yLLt%OvqdqeYf&X{uz1V&|Ie&o~}yWo7m1LRIfTn69d-s=j{A?c1~?wV?W1RnVE@ z_P0_atH(x1Yn?hZ$jOZtE-gUw%x_&rgaCP!dM3&DX$wXh!kmUF%F$@Q7Ty){XR>nwDm%r>Cc- z^`Y>}cX{1sUD?^$Brpld$!0*B*seb|)5`lT%eYJbFh~1Y?lt%8*Dv!*-$tGlkRYp3 zyejTHcex)qU|D;!YGb`@B~^=XDp8id@=XlPdY}KwW#IzZD&t1%mBp7 zjYHv0&%c+qbu0F2TXVBR{x~p9N=gdCc1Y}*%0OlQ-}!mK4YU`X&w>2B&48C4hK14F zRb}F-&I;nIBjYQs`h|mmyA0r zxzj<`_UL_{nHl01KUgkv=JaWop^w{pBiaA#fnJS;+H2+~ zO>hlCbbSAgjLx!)^;`0=8EPpW30S7wliHw-fRP>@uwz;g0d{xwNVq*Xj!K>zxs@Og zqRH0)CyREr-*P)${b#F*u`xIqDgrCs+4chIS0zFF>8DFzjY!NLpEFP9^|F#Oueuit zv1#P}D4Z-aEtpc_U}aSkWCec)j1EeWg&Ju0y;0$q+|jHrd4uZW;xGBp{&PqXWfJ+0 zKZ;tFeeCT;zKQN~y7T;iv@{lde-TC8etY97DZZdJTfJ8bWaf8Q`%CNs$O374xrr$x zy|-5vcx}quCpp8^@1cqm7Gfi!DRa=*-x{L!slA<4aQSrHh0PMq3@%j(vQ3>TKOC1^ z*tT!~bV-JpnR($M>hxX~I?~zFeE$PUpqOZh_KuE%yu7qem)6(UNz|W^!r3KEom^aY zvxX)8K&zS8<^Tdv%?yoMsgkuuekB((Rn8) zr`uBv-uGx}Xu-(hs8-#_RkkIF`zmN?rPrIm)0ekFTJZ3zK{&gV#5uhF1Q;6L?n(4kN zuf$!IL?9I{(`GJt77cv|`5th!d97_;US7Lo9gOp=XndN`DQT*!`z}tW6&39eZ6T53 zPu@kQbaQd>L5zo~b1Jxt$)27-iiGrX&BjK?XThO0v4J2?pFZuL0H}guj6|iIs{9hb zAKj(1b4}$}f&k5qo@Dm1zV|cDbNNk!s;ps1bD2C38qMSa{L`3D0m}gz`-xHS(wZLs zDw=XrPzVUseX{H8do>gXCZam>D8KB4{q{K8(!su{^Ex`Os?3MkHL!pCC;U4UNb@I3 zOnj(|6gMokeEuJ11qFWPPme1_NkyBM>&IhtQdBJ%RtM8N zO`0Jyqc#!UEeQv*%F7icBwkHv%=?h;Q;_Pn_{re~s0i%ax6fo0_&?6gokm2I+ndYs zjHu%3!GVF*zs}1>Gh?EyP1avF=2ADNGi3by*7lu#dh_PZ>Z7$1+)Cc}Yb#3JSP2UX+5j&mD-~z`LpFQcA&``^90-nV(f z%XmL-g+E41(!6|Be}Lt+Lr>|0V^92+W`f}M7nhK>Yve3($K@&d$bAK!}Vd?(5HE=zov5=8~^&8nvx>%aAGmy0IkrA zmoLX$54SN+(V|B_E)WCS+spjAr6t(?Riq2*X<^NQdaJzQ=7il~CHxmHeDIn2Y%f71 zNJ|6HK7(|vzg_PFsHoF99UzkDa#q2-?h_VnPC68;G^cPgEIeF|QdNFFYMQC?FFO{dBgT6jbJm7cZKbnl2t@{f&)@-9-x4T{;_a ziGItL2A+j?-_PqL9}eOB0F|r3K7%{B#u(aR5Z@%PXvfZhkHNy>JGO5J%m;+8y%ORZ za!Oo7kQM2b)ZN`YHJ+m6^Yq0Fhs&4G85q<~mEJUk@+xaR3}i&(^x1pt^By!(sFw?E zrW0}gtBV8Uq&rnDU(EcIO@>H;oM@~#kV3V`b-Gs)+@ZvLC zX!LdMmkRKIXIF~?vrDif=;(9Ki~~ng8(qGB{SC@qX{oomy1GiG=?AMk0RaItLZ~Xp zoj!lfEt_!@2%H0Ut*Ap#%E4*U_B#D~02UbX4r^FFmc`E2mZ4YW$wpMo&;pP z9TF1OxRoJ1U0aAu(w%;)O+lcXTSO)8$N+W+Q+Q8H5Wob{!q~t0Nc5w`#JtO4Vd_6Y zDpUn*^nPLWj-lOJu$P$!NR^T>MK8|Iy**%cF%LKJB}*4nC*B>!dC(qYI9_7PlSUMN zCy|T|4Id;XuE0+KWP@yf70e16>2hw{4nM$HJZ*h_eX$))y}i93KQipv9&u92*AV2N zzWxjX5~$37Wuc|FS6N=3!$(?D0zkLu8j$0HqsW89{;Qtoe?bsT>^Dr$e)Z}VIt2xV zU5N*;k9XuKc>Li)2A2#ky*~8u#kqX%`<>KrwEKZNaKYftdePcIct@8vz!Jg(R`h;c zoZSBX;Hp4d3@LNxRAaYxm%54a^A8|+ajk3DWx!GufKy6H=tL{t)7_mrvcI4Ft>87m zv+UiAb>^YHz3SdsL$nDX@I5f%?sse zpBy>z*9X-aj0adl(%|QYo$GVCYGeV3jhmayR2(>vfAc1FdEE_l0~?!+ii(O?udW_D zcI(Csir#@xo_N}sk)a{1vx55s3CRs@b$-k4JpRxKh;(~SJ`^)8acX&V5X}i<%TrVE zo&^sZ1FCOKOic0B9`E(lw>dduEs1h7k#wvSAYpMka#y=UBO*{Dc*}=KSEQI3VnA>V z4-LJADW|LqUoZzC=c!3e{~F9Oo_wrU#+^Hx!OE4_ZFR)U<0z;$-MoGKeM3WLMn?Rj zM^;fGA$&TUH|>^^azZzW=+)NIdBGJ+VUL`g2Vw&)dHf+4TSLR`y<1gl ze~UxD0E1ddlk#@4AhPH$WUf4TTDslanJPBn0icPCFD@4(!$yD-9ghg(nql^g>;eth!ay%uG-q(@=#wp0c|Ja z=~IZTvyyz-M}ZuXX)UBUu!`k=*Pm+v<~;)C3%R%V#`IZ)j;-zR_tzH?fgv_r5mKmT z_}58&+uifoK_D;Zr36FefRnhnxk37(Xu;tCzX=v(nu&q+CcftWeYPDDL;d}av$I1z zu3J^&)E%`D*E0%PPCd{UWa<~{@P71 zKMqAjC0DIDPMij^ps2mXdmIvx+0ZJSyua^f0dD7$W zQuzB2Yq{817@ple)i$##X_${Iky;PpD7~by9%*0m1*c>d- z_U)UjsAyAPp9&veH5lF8T$ZWO$Gw468cx)676E(^Kv-Gtp`pKU0YWaB68E$aKHq<2 zt8a}WDPS|NvLZmh$^y9w=SBR2mYt5I8|P%84X2}sr(M}Dolt)H%TsJ9Ec-+?i}Jcg zJmfjBF4j;3@M^Li5gUugzn^B#LPZ8-JvJ_2Du^H-pB1@lz5U!--0s!6!*xhnRFrWlw03lFYnwurLE;2$0!zgE zFN@3TsS8#s3O{vqbAy)d1TYL^&DPz=P?QI`^#iDA!$Vo(X&cyAs`bpwdT`s5U4^cP zx$#zdytM#t{R74DPhV94kSH33D?ofGg2*AWxVD%t`6FLd*WhaF1jz!9v%;qF9&A8b zCr{$j$tJVv&M_!Q79iw-2uP_m(uX7@bddJ4MuD89rLQl|4&jDT0&=4YK2*<-2}ifX zh!qb0B_+k&%1WR&&(#8qxoKrH_8?_wT3+4^dVg*SknH<|_!4Cut)w_8L#cmm_cY(U z#w;oMy1cv`$p2KllqF~@7y-DiF3b*{q@cYuv#@ZCC8N#|oJ~y-4P~e$gtf`3)!G{Z z>074MH`C{co_!@OB4Sni;Kz%PZEbPU(V<~sHG6W=?YhS^Y^7dWT{=*81+;=73mp+S z_&zG1y|=`fY(xNZ1G&}jL9nQhZClUE%e%jP*;e+_^z7N&;xP(YsX{5CjI=|8 zCaf7CDG(zMAOvw{{VM%MpK`v?}* zxViwu*D6>O!JS&n0MwvrGoJj2jSA2t!+BTN4T(JA(Ia=+T{Jh2M90K5Ha5b7GJKj~ zsj3-N&AuWW-kPdXmA^MhisKFl2+*&L(i!M3tY%=Hgebqh2gEwu845l;GGXd!`UNny zh=_#iQXB~i9BF`Scy;YxA3=Z{udHK$F^ICny6GE;;=8LyS$<)uSDy>Z$gq{Ew1#O5 z?WR*p(*uJf0hW7UnpNv&^_*3<2>>oY!Ncfi7GBoj91joAssd98H8M~3dq5m; zO-TTq(b0PP`l+;DiHqFq}MjG6-t!xFBnA z&0~Wc=+AJ{JW}*}laV2qYJby-0=~Yzz~v~*{(nb5;ib?!3F7M2t3W}?cPWSYg<=mm z^;e&alei1X8h+PEOwin3dO}fRwRmu?5Vvzd`eba}Gap zR`sDUAWiQsmjx5r-QC@Fq3U-Ts1WQ@povEb3C?dtx=x`5#RdcU-nKv4nC8{j?}AS5X{H99&vIXU_BC*?@SR-W9xJ0%cKuDiG#ICv14(9Of6%4I|c zCXCakx4kN!THYlTyM&SiSO{jw@XVPKB-EWd8{WP9SuvNkQMa^PuR9wbveHMLr_ zb;`;q4ORo(F(txcV)a4>Ns3-*mH2xHj*!3U*^3vh9v+gy!X%Ic$doJo^qa?Xu-jjn zS1bcOgAPfCJ_smx5Xo5I+`Jb%>bT%%P#&mz(@dJa=+eZ`7mUJ(jrwI;>beiFmGore zbBAkI@$%;k^hw~x8f(%xQP zUWN;`=CAv$Qfsu@X=!QTIAN%&RoLN7je3J*=?@+K{P{eeTj1dK6V`FIU zr}@mLEvk0zpGCev3j$uTPEgo^j=HuXf}Nha7L|M^QiBUS%Nd;<3K{JdPU^Ck^e-9N zCB)3j7x5}^={yWo6nl`0 z$bmr~d@OQjUzy?p*B57=kdatk=vGfZJu$#{h_TZv{5*PnZ_CO~=bZ7JRI5gDWJHt- zv4%Od2TecG6Gr0J)z+?8U?G3I@rTC7{W3Bc205Ozlx{7xwLjq)@YLitC%+ASCcwC- zCWRYNv@KfeUj6?rhB8^_eTqFby$a{ucm4tlf*exJ;WTU-12P}dDOD{bnN(rEUp@;q zHAD>(4000s2_?U>s3_(jK2m<~alw0KWeU7j6ZiYC++5xw-?#biYnU;izQIz2jgb?j zfrehATKC}37c;=*h+wngtI2#+f$HpJ2RsNhdO~XdemH*s<|$L!Zsos2XybXCMHe0w z*uq0Lx{tIb0~iy5sKqEe)zwE(vv)+y!$ArJvm@dnd@rM;AH43LH88l2T>|<6-sq0b z&bOy7LjwmptmHZxjamy0?a=pQnwsqJyLFeu9DCxNV+E{@idVHd+XQzTWTf1&B|JT- zI>4Auv$N%4tzJ-kV|*8CJ`@6^6<5%&T3Vscp4lU1tPt4G<`v#UQ&WrlO*f+F&*I`!~EvdDo7(aftuhbn_;SIWu)2HMk}GM6Afd zO9LQH1VRafF!k;GcL)z&Kq4}NE!qaVSZIO+kz?$iwJQ;yz56M0}z599e{rjc`mp+v^4-y2tF2dojjPodo z$C;TI9Ub8fVI>5x{N@Bu7kXR<5 zU+ohWr6S0J;Y$dja5^d9I3fi_P);sO4`2lB!oFmUrnN6_LWd7?u3Iy3I9$zZPgV>~ zAAM%{oFEXQq|}9l1#ohB+@#c{r6m{uu%VCY7hn&8i-RvBJDbj=41*36s`njd`=Q1X z1k%0T_v^4w6V+2y8?6-#Y#Im&F!&SXo@($t5-d^@1pyeATPU{U3T7V2-em1oPJK4$ z`1OxfgLA*b%0vW$fp90#bx{yphpuPT9m~zj(}&~zqm6U|D9?#v2+UtD6=dnAzIlQz z{pIs#Xlj>v9ph489YB-FL%y8|#rW7*DuPtvynAF5IxI>8;B@bvJs34{=&UtwfQnw% zDC;$i76<7bj;RT8^uN%-FJ9d9PehOHL2NAcHA+3{8M*;V!hNc@rMCqA`kObbK0W7n zUOa#PK|t6a==O(ei3r3e6-5;_ z>3-iCPfNp$NsPmAtkMuj?wjf9EhT-SUK9NQ3Z&E|k25UPJC%Js@x&9aBTETs$4|GZ zY}~wc>t3S`^k0NF7(*a)7_wY)tjIoZ0xb5zYBPE%7=EDY{6-E z8)nZGd=@6KZZKHXTS&b!E0YCRfAQiFVj7K7elcQE-`!o72%HPzyL)V9{`&>F^MVB+Kz6u{uanhDw9WjuSJ#64{5d2X%n5+~D}6!v#g+rL zQ5*84o?bhYs6V|GW#}#8JwnNWYe6El0sHv#XY3|vdHF?DT|_lZ!kY-RO89ZUig5`a zq8e}QVh_?VF*Iy=%ktY%LR9pJa@QZ%n^O|C*{vP$}Rw!BYF}QJR}md|GWub7$V1sxcC+ym>v|N%E!lZ{H^-F zvkykVu9*BuqnlK3{IDt)(QYU(u|X;!~=8{z(*xC@CeotYF(s_vH`DdM}Uh zDGvByYUXBdk0j3l+s$wtM?}=E;|dQ#*8ld6jD{T?V4i~8hU~v2bA2x8=hzr%3d(eY zj%#TVgxG~jE@B!T(ZY2J!^grRd-uvghFo}ueJ8*|H*r^=?QUo&L98x~q&nKeAAu#_ zyn}vInTfRPs2;T{l5$(-*4(*o0Ox7KAFc8h{`4@e`*{3-3U&VcGRSJuLnJ>049bYM zP`+P*nSW_(^@?B+ZK8?TUkPT|4H}!9HxrMuvH_txAeR$XC4=-zdsCqVDy$&(_sYkgfQF0Q(HEn^!@$+$ zOP7$kuRA-#Gk}DQPSrhr98qm)Coupm z@*wv9w{J$}R9kmXD~B1w4YM*cNZYI5zfVzd_1)cFCdF5`&tmK;`{m0?r;Y>lDrCrm z>hgm2HAffx0GNNm{!&s@GMEw|}h`TnW`7CvPB{xvHKOto0qY^<;0NmQ*Z?CQO7gd3J{hAmq# zcf+h56hs?E+i((d5U9WDPo7{*;)aJ$l^l*R32I@5lHnpqQu0|q zq&kV{@skC}{(ij+7gF!t6X?Ias>%Um%M{xPV|o`d0ojx~%}Rldy|(}6G?5!TE7+d9SRLtC4gMMpc{iUofx@$ zgpwRt?vv+t?Mj57rB*N$6Qd1hEi5b`#)0sHaz8)c@YLwm;>+@KU(n+4+kpmTVq`2s z0xA~@RRFT?P7_|nw8_+uVo6C!T@06CO93QdkLO15Gw)AmMgs?!giZ#?w<=LN&s&2#rm}@l1>3~i{ zrZ!U>8E0-*R<1*yfv3V1Is;HkNr^o8&~+NLE7npR;EjM5FxrP|>T6|{4*y86>bwd0 z5ef^(OJDqm-VIl}w6@}bcM*YJdd*}CJTZ}W(}jifUz?Mexo7w8C+X?6_4V~=VFXhKL{kuAa2Q7?C9Pt) z&@K4Sxip9(wtPi)ZuD^l1OyE5vhOK{-5pN=^hNBwd&_;H64a{8eg8%PAko>hw6<2l zCKrlS$D|oLJ@t31IqyWV9-9)H0wf9yi7q3Tt;bQXJO@?=$3+62TvJ2QduZ!s(9wGj zCoAK#VN%EH{zk70zzrE>J}@Z>tPUp4z5}q}qNka%HtIIYIexxHEr1~$(*k{OUF<*s zd)}s+-vk@1&%%rJ^q*MSD!-K?+ZN99-Q#UwlCL2g#)pP7pFMjN6GNe(6(K{d%EY6X zjp;)S>4E_X3?%T`VB^A2ZF`$>WHfGgm^qPa*Ix1w&p6ozz8mL8Eiix)6 z#l?Pnt`FdxZJsecaW@Mc%9rQuFMXhgXVKhbol0DQriiRh_L<}UW}2`+$6QORs#G4F z2q`}03H14C0jdntMSA)$2xef@AZ9II!6E`6VQL~aE-qE>8c*-QUtXlnT!h#E$m|>o zENr~EZe$M3fnY6>1M$_m)&3pnB8Yq}C<-V*ys~zX)kRRncop_P%oYs_5B({JRb$w; zZ99M|9O$--i=Nr5y(9nIpB!jLHLJN749P`$|rlfMqq_%T^%rqz+6nl@b2#Sd{BORgu;CbLi zB_Eei66%_ogS&!19C90HyK#gpXh$@#`c9%jpdbKrKEuo?A~Fu23mRd%AVtq3r~vW=B^Zlo1#@%M4xJ~TVATu&KLArXkPqiw@?&AsfJ0#uArBY1(IS|$t<-Nl zrg*~Bv2`g3?ME_~Kc#DcqlY5~CbdI{po=*6lpYijv4>bi1VVqZn3{Cc5O@Z>0#iE3 zC3It+?*;fEOj%4_?G5tMt51@5rc{lFF{*z%c?z9^0HB%J1Id7ffN2{Rx4)zML|{dQ zA3P{U?of7!Kq$Dm#R2o<+X)LW_M}uy6@!cf)sC42xL}R*ZMPJ0iP{5zO~^$8?;VH( zVNL|%B6vkv&Cu+B`SK;dxEP|-JB1ypNcn2|Y)ZJrAU=F@{r*j2%~tb;{GvJ0hHHq4M9($H!{QwLp0y8a>?Ok{4~L3n+L zBhJqIedvimGo9C>te26a5j_Y)Pg()G)u!NS|GW>hr z)hxyHw>q}~838^!zAL_DZx2F`%SU|o?rktBT)U>r$6{XY$-i%3b{gu|~3 zJ(i6khRPp&8dw1Q!Qg-~VB-r}lOkTe4;MdJTo7S3!&AXF-aG9R1>JFr?euAZfq~FMV1Gixx@DK_<|!w2WUEMn(&0-@wc%xlhD{B)NCb;P`R+ z@O0yA^>8d$?XtFWC-qD(Xjtl+43}3?kR5#!)*5S@+*ioc4d@!Dj29_;C3k3|o51iB zxRwTm=#3jgHOS85m}b$?0CyOlkkC`&Ol9&z*$W5^trfD+vz(k5EkW!qEFMUlC&H)^ zp!AXD-@TndDLF1^fI!lnvv@7~^V}D@8~9}8FdACgL2kMW$ky(%*Lt-DS^uj~8RBBh zwl+2Z(c!gIx|$FckMpspmqvKnEymFf%&S`d#e@q^bC3h)@q0h5YELoL;cM5XAWRj$ zjiYg3U3PXdw)2^feyit(zU1#u7Ybz@)!OzfLX0~X@o0WU! z*)?LS9+KfrMtn z&>KygqYhHcKL^1iW#|c$e#4H5vLThwjHZHx&MC^(60B)b+{S(z>CP`-PQ&gH7k#q@ z)B!XO9NSR~RjmL7U=Kjg41@NinvKI;a3Yvh`B%WHTye9(YCp$j$m7U_{T%UHPVVkk zRcJh54n`0;hiQ^vLbC;^1hV3eTUVp0&Ou9E^ho|Lxn(uU`-1 z9F(|hb(#>hnb}!;7ke?V3eG>(%hgy#Kz~Dl2RA=8Jx&o^1GiI3{}b{NAPk)0>0~KB zz?PN(GQm~^vxn*&#H@YO)5iy*=$j3EFKj{F>pvp0pnUIOW4ptxP_%Y&2c}$90($*} zr1wJ`f2;(y3C+@EoVDCM7Z=x?{QNxn(X>{1d3kVd`5O>Gli@LroT1}KiU7j}PMjr7 zy*2CuL7*2wkL5`tlmysafJvSFmKeq$9C|Z4HrDX|Jq8*;*YdH@Cz)~@>fQv8rljy#Bq1A}%w!SV0WRs8(0Wgr9n=_lB!CHlC0V;e2>ur6a)hBO~S2GD` z?BHY`G}o9dHaT~0fIIR7+NL+~Sa^i{sN+xz35h>2z9BsUDX1?u&W&?yK87X(i5-$P zbpJa#SvZ~m?BeYPD`(|j*$2*u7@}pYufKWh2|Zsq&(@T0?rv_-O7>JzHQe;l#UMCL zP_PxlD;(?c7H1mV*?9m>T>X?z-2bT)n(~x{D|~7V2BidJE;6Lw-_fnmbQF?aVVM2z zB_C>4P-?)mMWCR%b<;Io71A8fUO0o-gKL396y2M`M4qH403_-UA`}vYn&(NqGi?zt zuzGryKvzgj^@KxPLFR1PC8U-Z<674f_l!2g`%@6Un^h+YVW^!Ys@) zKqdiSfwLG;RN{+E}5m$(DXLwH9pUBlhuppC#l$4Y#)SVb&2n@I!qKVcSrStCHEmc*2 zatl|qEPTRsvV6R~4TSIGJf}*d`lA3^*e!4lAa{?ims#+r>$BmUBGC}FC7j)|$a!zt z=ReV;5+V$k!VUWyFMB*FNvE}ifc#FYssc8J=^9ScM>H@nF&$(1g{Gv(7hUZoS67)J zKE&E8({Vu@IP*L^TRT-bxzT3!i7%*}@5F-*8t=@opg&UqMI?Ua(yfU|AW1$0eYAf~Dv@Zh-@!C&u$_A7#Jmom@ zn_Y3DOkv^B7s+R%hdrks!_!7*hJs^X$W71y=+0N>OZEk*vzJwXS1dr5R?&z;@tQk{EvluEATn<+k-H zqC1DW`o^M$QdL9H>i;{?#&#CY_P&hGY^r^dF6x5Pw;d96Q2#{*;4Z4HU2`@0NO@@uv zEw0S%dcDAAq_*+nG``R8T2k-UaYa&lJ3&O_&<6z;OU);ry0i;A8FLG1h(G%zF3Frn z=t&qdx{;%k;A{RuVxXs1%`F;dBy~{||Jc|SFaP%$!Xh9GZu4ouYSwmA;(s4_7Co|u zao2jG<-ai9D@Prx6+fJUf2XpolEoxAbCL`KR-B9g$r+jP@0l2?lnDjnfSo z?VsOtdKoHySjtsTJtO@3Rw~M4)zNeQB#+j|wZ|FW#!O6|Znd48NU@7k8JSQni%^Q% zFBQ9zB&2@vVy3pxk4nEXgB&qoVbA5iIeNmrQx*TvJA62PD#<=A|adDxiw@eSI55V08*p`RH;{N}!K*pRq^h1XWM)ar6)38H2XWbkG!v`}`F! zRGF4`gAXSRsbzgR#1$DA#~#rD=^^Lk%RO{fps$H(94y1XJJoMtXR^-7jAu(LTCykyVO#_ z)=6<}=DbVhRz64Kj1pwvoRcazPlZT2?8b0P5`@a-zp@&|pGZUR)b@%$NKL)=x60J- z@l2(dYbuSnn-q+agu1}i9QFUmj)I|LZ6T^ajPygi3E~4F0PZD{Ft5lL`s$Sgtgk4m zh38)yih2jFnR5iDGAEm6j%ZfB0B7Z`lHm{T2e# z5r!h$Ras7CN{flzX|RHaW$XFhd^68RVotr;4!2kJfD?v7F}xFE0B=17pQva=scVKQ zcmfz2&kD0)V|4UB{Uh697D@Rcn2kf9w#ClZ30gi1>!=H?kOVdnErCh9cNS8SJWAoc z=QuXMlk4-X8-S7TIuY15GBP}jm`Ra${s{pEakGratZ7z+5h$2HU>R++k)}8z%!Uyu zvICaJB?i-)u)F~fKmK`1rVA|9A+A=~yk&aHLyIH_cbu?Mict?TAbB^nRjJxG9|yjH zet-@dY5>92WGTcwETtSuhk1Mz z1$lX*y1JSmy34&{n}*T@`UL^7eo6VBIn#kA&ttMH(;(;bmoJzqJXT0P7cNat-ar6q zOkXojl=}VWj}Frfia_W&aNzu}My@>^$~}+2Pc$MLw%RR+CPk}cVgy;6)=&r#X*C0iUiaL?`a5bgQ!iwa0los6k4Gz!l*YmcofWYjVDb#rL!fw z>6NyLhiy#JY-LlBobQ?KZ3R!FPK6YImg1R1aV5j${h&D+XrW#P#0()uj?-+C!~SkvkK8V7SrZ~%|j(t&%766{bYV2Mjg z{wSRbAS5MTs|oDcEQdl&tvLG)m$3}dsIFfx&nHc)cF#G*fgCO^4Msg-8LWn0q@s^d z)zw84sh9NvS3@jkarw-)eA&X_n{H|2C}8~Ct7^;R8F{>OQhf@T5X41ifgc=b@E+lp zGRg~?E8s0)uN0MA&yZ|q7op%YUr22_4^ry@n~h~X*I&@OB{wSGi5ZKjh)^bzgZu7} zpcG=r{SWa?TyZEg49BNpoNjs7)Z9!~QJENgbYtmSRJR$`R<8>{m@LHz&;mHGIOh3R zAbA1UfE*{7_YP4Qr&dwDoSn(sU+1pYeKzPuezsI}?X8 z1OkBXaFi}DEdjR!p6ue3u-g=TF^BUGConFF$4%l7kB_HZrrS^P0ghk{GuBG&7|qJe zR11D81GZ3kY;w11rDAw+5Ov8?JnGp-nPZJ10IktD1Civ)4Q{QUNAfM6CUzKwn2)MQ zK2Sv;R?y1x(0%TYeC!=c*T)j#lC%<3^j_xdeBoyXgax7`MExKc3u@6D?SKZQ04>Fn z(FNppGuGR8cpf~M(7HSB0wIe`3Ur9ANaxPXy1z~Ay!GNz!gzCg-sd9BTYsOTqOc$P0%EaPzdZH0@RLcn^ffgtxEn^k{A@ zCIRGq4#4rjVD!Iz`>3LV4s$QFr2A(`iD5exI^9mYY0jw$JLct;jeo@`6K5SJ1Z9#) z1~nJAL9!>#uJHNX#uJU$K-{5a-M+ zwqQILvJC71({HV1GpD!gnY94OYxn9>qJl zxDOzHp{EW3?Jq4Uv6T1}6qWEH$Hg+kUNSpv$I>ihqcKg=T5#U@DR4P|`kE0OGd$j_ z6pI6!!Ow!6{5Uj*&_M`DA>$iL%Gi&LSGL%d61!CHRO}P{k^HvO6?G~pDG7T##X|HN zBNqyyKwu_mYC306N$*6r8cI)2OeCRE$j%NF8tv1QiJgW+5RQ_!=f;}>DU)LI6)C{5 zt!qC2TOUk?&_f|lDgWj1{KYZ>oTvvktLCX#n67&0@d!2~grz;$e`ihOpu|KPfVF5C z8~Y9C-k78~4xpls*>xPvI^iC_u9=;g0p5r0#}T{gLO~fVe8USa6f1 zopFzLhAO{i1E?(M;z9+J?fLx#KsMO&fK+2Xe6XY_Y5WE&I#qQQ&<$PdpYj?!t{d;! zvj;Gixz5Dh(t5MUcdsNwM(VArF2ssNzL+|NQabh6S|h)xsHvw17++t1>gKqJ5PeJ+ zs3OB*HRzpt7amtoWkC|?IuWWPcIB1rHjxZyG#Z*jzzzs35zTIHjP!X%((1KJc4&js zpFKBwpLgR08&CQsWuuZ$v#*tV8Bd}%2O5;|13i5^Jb{>&X3Lt{uhd#@Mqu{f6>uled$e{dw3CCt|8-`u=)LXo#4m(hK2@o9r%#y>Uo$F(ej{2%-#{C**1Wyc6(pn?du1?K=Qfe>=P5#8Fl*u@Zc7@G{`Z+K`3zBfTmj!k{^F`M}zIl?OZ z!^M)jis|kOYIu~G{ZZu6bIaU$XUn>*hC-~OY+_NzfbyWTvgz+0924HH+7j?2FgNX2WdUW+W{ z^p)lAbwFpL-7UXNZ^m`jZL+rcQ&;$tU*v!OY=N?W>&nD%He;E<>+g0>wk5m0 Date: Tue, 27 May 2025 10:09:50 +0200 Subject: [PATCH 06/93] add interactions and glossary --- fediversity.md | 135 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 134 insertions(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 4536e3c..3ce983a 100644 --- a/fediversity.md +++ b/fediversity.md @@ -434,6 +434,139 @@ We will integrate that aspect into the high level process on a best effort basis # Quality and efficiency of the implementation +## Interactions + +To reach these goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). + +```mermaid +flowchart + + user(user) --> |use| deployment + + configuration -->|deploy| deployed + devs(developers) --> |maintain| fediversity + + fediversity --> |update| provider1 + subgraph provider1["fediversity setup A"] + subgraph panel1[panel] + configuration[staged configuration] + configuration --> |update| configuration + deployed[deployed configuration] + end + deployed --> |describe| deployment + provider-config[runtime config] --> |describe| host + provider-config --> |implement runtime interfaces| panel1 + subgraph host[runtime environment] + deployment[applications] + state + end + end + + deployment --> |store| state + + operator(operator) --> |change| configuration + + subgraph provider2["fediversity setup B"] + subgraph panel2[panel] + configuration2[staged configuration] + deployed2[deployed configuration] + end + subgraph host2[runtime environment] + deployment2[applications] + state2[state] + end + end + + operator --> |trigger| migration + configuration & deployed & state --> migration + migration --> configuration2 & deployed2 & state2 + provider(hosting provider) --> |maintain| provider1 + subgraph fediversity[fediversity source code] + applications[application modules] + backends[runtime backends] + config[runtime options] + end +``` + +## Actors + +- Developers + + The group working on this repository. + We are creating the deployment workflows and service configurations. + +- Hosting provider + + They provide and maintain the physical infrastructure, and run the software in this repository, through which operators interact with their deployments. + Hosting providers are technical administrators for these deployments, ensuring availability and appropriate performance. + + We target small- to medium-scale hosting providers with 20+ physical machines. + +- Operator + + They select the applications they want to run. + They don't need to own hardware or deal with operations. + Operators administer their applications in a non-technical fashion, e.g. as moderators. + They pay the hosting provider for registering a domain name, maintaining physical resources, and monitoring deployments. + +- User + + They are individuals using applications run by the operators, and e.g. post content. + +## Glossary + +- [Fediverse](https://en.wikipedia.org/wiki/Fediverse) + + A collection of social networking applications that can communicate with each other using a common protocol. + +- Application + + User-facing software (e.g. from Fediverse) run by the hosting provider for an operator. + +- Configuration + + A collection of settings for a machine running NixOS. + + > Example: Configurations are deployed to VMs. + +- Provision + + Make a resource, such as a virtual machine, available for use. + +- Deploy + + Put software, such as applications, onto computers. + The software includes technical configuration that links software components. + In our context, this a Configuration deployed to a runtime environment. + Most user-facing configuration remains untouched by the deployment process. + +- Migrate + + Move service configurations and deployment (including user data) from one hosting provider to another. + +- Resource + + A [resource for NixOps4](https://nixops.dev/manual/development/concept/resource.html) is any external entity that can be declared with NixOps4 expressions and manipulated with NixOps4, such as a virtual machine, an active NixOS configuration, a DNS entry, or customer database. + +- Resource provider + + A resource provider for NixOps4 is an executable that communicates between a resource and NixOps4 using a standardised protocol, allowing [CRUD operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) on the resources to be performed by NixOps4. + Refer to the [NixOps4 manual](https://nixops.dev/manual/development/resource-provider/index.html) for details. + + > Example: We need a resource provider for obtaining deployment secrets from a database. + +- Runtime backend + + A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container runtime. + +- Runtime environment + + The thing a deployment runs on, an interface against which the deployment is working. See runtime backend. + +- Runtime config + + Configuration logic specific to a runtime backend, e.g. how to deploy, how to access object storage. + ## Architecture At the core of Fediversity lies a Terraform module for setting up NixOS instances on a hypervisor, so far targeting ProxmoX. @@ -450,7 +583,7 @@ Whereas details of the implementation may need to be decided as the technical ch - Initial internal user to kick-start feedback process: - automate provisioning of: - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - - [immutable storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) -- 2.48.1 From 1778f8716afaf3e994a2effe8c32559412cb8236 Mon Sep 17 00:00:00 2001 From: cinereal Date: Tue, 27 May 2025 16:11:15 +0200 Subject: [PATCH 07/93] update rewrite to reflect 339 --- Pictures/architecture.png | Bin 24329 -> 0 bytes fediversity.md | 29 ++++++++++++----------------- 2 files changed, 12 insertions(+), 17 deletions(-) delete mode 100644 Pictures/architecture.png diff --git a/Pictures/architecture.png b/Pictures/architecture.png deleted file mode 100644 index 7410d137df3ddd873e72aa121abcb7c312ee7bac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24329 zcmbrmc{rAB`!;%+G8K{{nUiErLYX3>lBq};GDV3Z^DI(^GNeMLh|oyJ%wr{ErMk(O zjFBla`}X_!eQRysUu#=yTi*BGp6BHruIs#x^Emcn-}mDT)6>!1!obNu5X6?_TIvP_ zLGcp*J3&W@-|)M|oyR{mS)J5WCpO6cd0dedOAvg-adp)*o=Fou9!Itv|3OT5%J5M~ zn^RM(9|@-vcpQ5BK{{QKF$?1khu1U@wmDcF@;Rh5R2`nQ*Xj@(4P$ut33j%9BEsRq z8r14^;*I_R6aR*14b)D)p-N3Hsk zX;>A%<8BUSp$=1sr{$+(^^js#V-fsg!E=*OtGh;#PBpqD*o!5I&zbiB`3+i1UCSS0 zcJJG_&zFHFh%fZ)EAxu3wYxsl7X;?-LQh9Y{&BOda9d z+CJ#tp|?@wI`+A=w6wjw-Lmf105>BwJ)I)Y&GoPC?bBml_Oi3bX+-QeckbLwxi2?& za%d=B3Ol2!AN3sH-`DTn9V3Xl#|AYAGBYz%mHmEdHnMbRVvRPg{rl7N@#9A#aC+K_ zTJ_sYlVZCz9%|L_@bILhr0g^H1_rFeQ~llDF&P^uYD&*QKSUhlhvv z>Lm4R?otzAFz3Cwp8ERr6rNFXQqoi1)b-!5tDZf7ZoSQ(nwBtwiR#`8pPifE-Jqh~A!aOP z^C5a^ZX~wx*WF!mS9?m`KHlH=^y$+{szqGx=%**opFb~l=(Mu6H9B+V?~iL$on2j( zzDowDPTf5@@Z{KC@3rOmj-1nmhK6;uwfFDe|2a75=jYeCXR4>nqv@gem2WS0s`x90 zr_apHJU{#T>6fvp_2uUlT{~E>|Mw{Rt8cKfvJwO?-o(U&ARc-v2dpREyBAc!L`Nqq zDq7|;5*Zu2Z9zgop=_Y;_Ecy7UI770RThGXZM+i|_5Pdv<;$m%? z1l9!8T89*S{Q3~{Z>n#vprCe={8mEBYu0Ahu3e&{&yU__;y&ye`rpMLcAqdld9n#N zE+#HcL7dLgF?)M`==b;6dE$dVfByaZH;2ZGq1Ag>C?gD^qV)=Gl}!lRV&iD z9Y1?EZmqPS;LORBj0!T=UphKgXNMS9+VJ?^T!?M7A&7_u`wK4~J>s0bVEjjP-@c{w zHHF!#-l~8L1_qxm4h#(qjgOBf4Y^$Pnjq!TZxeFpF3~@Jyz%2l`?=wkYrW-Tmlckz zaVSdOD&^a=r(wy?#l~6Z^zoy792+}(apya1`}TGx zL>TU2@ZDXLDt{#;yiFAU?eBoX}LBYLytgWKAl53cTzs+nkBfQH@qzDy^_X8=s9JwrwSGR=LeEr47cX96M8XGd6_Yr;l z{f7>9*3}JSi4mwh`F2qe5hsy@JX#~f#l&_`?jz={~JjITmJ9Ae_5X{8INdA*bmSD{{H=yna}*V z;k9emczILfJvC z@=ejjB{={0bL!NosHb;BkV=0I4V}`~W@BTUj?5I_6s&J-Y<&KFmn82E^-O~Y_wQ?K zYhRM#?9D6q+TEQL7kBpDIpjLsa_g}@J9q9xqYBl0muOe~U?Yu9pPrtM1w4ED z^zIMOR(PqXsLq}}d*Q-`ZQHi_?!IhqA08Q5={-M=Z9eLHxUyz?R}kOBhY!CzJ!MjG zDdy=@p~@OWlKQb@@9OInk;s~Y2@Se1^*8zXiFgL9OLGWh8l%_!tr7U*yLaw%_wkDZ6_^~!}W+fHLkDNZL{Cm2(4$H`#(bTl-d~*@^SW=*vtiw!CkIzME zNGvK^2w`MrU|>L2n7*3Piv%w!EKCk$`~{aHbMW9%H8tvg`CU(p?V98FTfe)L;*W5y zZH(Q!o9^f2q?xfX=}Ym^WXn8bWOdXEWbhj|Zrr_lH|T{DViYT_Ep&~Pn^sh0S@0s>aZ^s}?GD0X&v#z8OEQUlgMef#$C!2>0y{y?pf%GQprU%BO-ju;sknV78L zuVZ6Bo;-Qt^Qdz%g%*2=Pg3&Q)vN1&$G-4XY#o34?b|n%^+oIIKnm2LXW7{-+L;LS zOg-V)y}JH$!*?z0+0^Fe=dpTE^@Q_nThhObQD(<9SkchX@YDVL{rksMfX~OKCX}kJ z)bv=2Pm*`rhib5|Vj6!Pav7#u)YI6!osDf2sc&@j*YNOcp}>xa?JO*Td>^pKX?(c^ zlUTQH!z&yd92S$~M_o&^vi63kg@uOpU(rz8BOnl@mged0?YtElv{Wf9X?fXO*|5e&T1iO> z-vW%ZcqXL%#EBCIdV14;|4s}~QuBWdMhu@3ajUzvMM;Er{7Gr);R6Q_xVX%vsszkF zSsfj{M6HU)wy0mCB`P6dq_3Z#>~}cz>KfJncUfPr?$0K%nxgC{!q1}hYW_B)XFAsDqmkaes!gi%Rk=g*f& zosZ(<3yO+npH(A8Zlk+dP#|Nzog{fsPHq<`r?;2aOm6e!kK(2eAAHxAAKbneo*f>} zaOlw6{(g%;iS!ygNwSWQ3JVXG%LTpmnCgvbv@!2#vB)z%dTaB!Tnh@_6Tkbe_El~n zK79Q6^Y~?~!x@qJ>Kjyw`(E+xfUqpCV*v|b{)PJZFG(w`H z+5lLL#f<*@wX=suTujWEkN#TlojZ5R%2rf1R_lIPc_q>EDtXIX?UrW$Vl_Who{dle2Hnh|{FU-#(~$_>^& z;r7K@dFJ6?zmQm`i?p*nvd=tAOB=wGUoqCfEm>Ofcfahhv$sEyrnlTXi`aVk@@4MO zkKBR+2S-Q0x#2C$O~0IZR+s0WKYY03TGLJMQ>Rbozj*N?D&&ljk#vG~iAhngJif^3q`1WsjsD4mUE9(oeyO)Vj#}ygQmz9;3Q6VxiG6d0ob#g1`-EaT) z>035=&?VBw6(4BDMWzcgOtCRCQ>(Ts>;Aj@fN!zqyqOs{E9-234Ha?3z`y`-&CBa; zp!FrdNIQOh{tH$9LzM|EMR+K`D*aYG4cInJ%RQajQk1%jYdABeTAJuny_WWi?GVMj z0(2}bJ#TJquB)qS@y~d6Ztk_|+uDm%?Ck7UuKaHO=I!I7siATC$`whoQdc0G3cA1s ztIVt{J3G7Y-@b|L+qaXGv+Ku?{Hht$082|tWH1Q{3GPbn#9)`kdwVLfAL-`CE0~ly z557y$vAbYqR$=`<@>HTM(Cz+x`!2tae)Bmnyj#C(4iiFt*X%-Mu1m4sd*;O-Cp;kKNnb8|_w|?1$FY zO~i}yh0pSV_GM*d&5TgFzy8bHf*2zLC9>vft%PD5KXZ>Y)Q1915rMe%G~x3oy+%g2 zwnWv4+`E7O%&O!>*bZt+OJKo@l{-Df9#iJTkz>a;{cE{%_ih>2LVM=b1zKhAzrqXK zy>XR^h5@THv_wBpjc~Zp*|Q#Yk`|ebA3o$J#%T#!os_sx*?=S zwe|N!l_mlLJk?J44CD#i`0Uv;G-GHc#S|P!xvE6Pv7Vlu--kAHA3g)v<`R~gdckfA zA@Atucu-dMPY?Y`ZS6bx`7Vx*lVe}95Y|9wl>r<6%YVm^4z&}chp?D_i^hv{b92w9 zLO}vt2!HVKp%DN_%({}_ImF-B0DKa@w5zidoysV>E5CIXf#ZgTZm8!#KFN+KhJ9-l zPU!Ahhbug$QpnpWO4r<+C+g>R3Hc=UvqnY|W~FD&ojW8h?uf!mQUl&U9xJpq+a#%@ zqm!kReBI40`LLS^(f{d*rf!Pj%)fuHpFfX?hZ|%aKCY7}`!bQaetCMJ4tX7GwrMkm1t6rY z?IuF�e|rBnEo=yuv~h=;OzaZ!EP105p?$rDS9}(6-goq@79t8aD=p0?UwZ*LG|3 z&LHtKdV0ohY#OumpB%fxk>@>c-|J4tBAYxZMi2|}H@dq`QU0*IT0QpQM@R^d)AZD- zmwpL!L4d7Dv0k|Ity{NF^yT7-W@Kc1{CMKv!NNT2_v2$@mQ7`I4gIWHPF-alQ|THJ z?ti*FJLd~OeE9JCLKR~DX+}nOna8!Rg3Ew+B#|8vZlmq|tYN>Vrux?J+DLoN{%XW3 z{9RaBM=Q}el$DWD?z=QQ(v}*$X$z9JRqDYD*ib+_&y8M+2n!?gSV$+JP$x=RQrabS zc6K7kJb(TA`{&Q(S8q)9Kh@NXQamL2u2oF!=urjJhHQbhm92cqCI@Emw#F0l|6 zqwQ&vdu#Xa-yegWZu-V+&X)298BJMR2d_A=KH z_yi@hPjwYC64A-YEfoR>4<2-LbDMC}(_^`DM9 zLl(;Mv7QSPor0|U_U^r15k6P$S$mV76t{{MJbd^tpe^D)DbaGy+cMLv!n^R4IH~P` zZ0fFLomA8{!eY9=X2*^lKuNgd3EFEVrKR>)uB0AzJAn?EMB-?2b{T1H_$DhS*OqXA zmU#U9`4wyH-J+tR;^KajT?ZY+%|{yKf2mGnRic&5-?Dl0X2Css^1hS4>l{5w^&?I= z-0I(+B8SePbYb@c&VRb!l6Wpkae&&OAS~M4YZkIoQg~KO%KTQ`iE03pt`3qAGa3Mb zux)u1vc1VFFSoA|WqF&%r)zzc6a={ybL@Vi80tqwO3gg5Ce3`k?;PkJg21k_*cAYF z3C~RFWANrp!D?xU<;TL0(6_C9k>=RUrZMKaOvwrR#i?@y%k3{RyKTo*3&x-j*r_bC@6?L2;W1!zf{@S$mp0r49Tv3 za%_BD_TWLkjrHV;`nI;Vjt({-ZZ0k{QBg20j0D}5EqhqQ_Ufk8w_XZW{|UMxBQvut z=}?{j)X#>9moHxAemCayURe*x$7 ztq-Y*0t#m&_XTWlyB6lJFOBdrgaDHUJ$Ul+Wd({RkD(vv4PcB3CWQqKGTxiutU{4% zPB;K&$>sWW(hrY?hSAoz6Y@FP*Jrf}U)dgDO_frwm z!0&7tV8W1*jb5G)aoi^?z69-KZx_~THf3A)S=@Q~QheoL zm^zAcZRFcGZ{DC?UGd)uUUYb0l>aJe6{%nq3FGFX`>31DDz#yZ!#=+;`xRfh@=&Q&4^%^yo%z3 z7j^R;$*0^f zC!h12dnbe!frOGaZmu=X4mIT+=w2w9dV$_*V*1A2mB^;1Ch%o7=G(&5(XOCvK-a2j zWVC~r25)!v?04*sw4=8{F@mivnp)~Ux74#_KrfEAst)j;w-T{3k(6@)^#D&-)aZqj zloW^DRnx>ma0;X_DdLElnwqX|TVG$m%+ChWJtR34)Q#087ZAN5U)UHjOG_WkO{xp% z8yLLt%OvqdqeYf&X{uz1V&|Ie&o~}yWo7m1LRIfTn69d-s=j{A?c1~?wV?W1RnVE@ z_P0_atH(x1Yn?hZ$jOZtE-gUw%x_&rgaCP!dM3&DX$wXh!kmUF%F$@Q7Ty){XR>nwDm%r>Cc- z^`Y>}cX{1sUD?^$Brpld$!0*B*seb|)5`lT%eYJbFh~1Y?lt%8*Dv!*-$tGlkRYp3 zyejTHcex)qU|D;!YGb`@B~^=XDp8id@=XlPdY}KwW#IzZD&t1%mBp7 zjYHv0&%c+qbu0F2TXVBR{x~p9N=gdCc1Y}*%0OlQ-}!mK4YU`X&w>2B&48C4hK14F zRb}F-&I;nIBjYQs`h|mmyA0r zxzj<`_UL_{nHl01KUgkv=JaWop^w{pBiaA#fnJS;+H2+~ zO>hlCbbSAgjLx!)^;`0=8EPpW30S7wliHw-fRP>@uwz;g0d{xwNVq*Xj!K>zxs@Og zqRH0)CyREr-*P)${b#F*u`xIqDgrCs+4chIS0zFF>8DFzjY!NLpEFP9^|F#Oueuit zv1#P}D4Z-aEtpc_U}aSkWCec)j1EeWg&Ju0y;0$q+|jHrd4uZW;xGBp{&PqXWfJ+0 zKZ;tFeeCT;zKQN~y7T;iv@{lde-TC8etY97DZZdJTfJ8bWaf8Q`%CNs$O374xrr$x zy|-5vcx}quCpp8^@1cqm7Gfi!DRa=*-x{L!slA<4aQSrHh0PMq3@%j(vQ3>TKOC1^ z*tT!~bV-JpnR($M>hxX~I?~zFeE$PUpqOZh_KuE%yu7qem)6(UNz|W^!r3KEom^aY zvxX)8K&zS8<^Tdv%?yoMsgkuuekB((Rn8) zr`uBv-uGx}Xu-(hs8-#_RkkIF`zmN?rPrIm)0ekFTJZ3zK{&gV#5uhF1Q;6L?n(4kN zuf$!IL?9I{(`GJt77cv|`5th!d97_;US7Lo9gOp=XndN`DQT*!`z}tW6&39eZ6T53 zPu@kQbaQd>L5zo~b1Jxt$)27-iiGrX&BjK?XThO0v4J2?pFZuL0H}guj6|iIs{9hb zAKj(1b4}$}f&k5qo@Dm1zV|cDbNNk!s;ps1bD2C38qMSa{L`3D0m}gz`-xHS(wZLs zDw=XrPzVUseX{H8do>gXCZam>D8KB4{q{K8(!su{^Ex`Os?3MkHL!pCC;U4UNb@I3 zOnj(|6gMokeEuJ11qFWPPme1_NkyBM>&IhtQdBJ%RtM8N zO`0Jyqc#!UEeQv*%F7icBwkHv%=?h;Q;_Pn_{re~s0i%ax6fo0_&?6gokm2I+ndYs zjHu%3!GVF*zs}1>Gh?EyP1avF=2ADNGi3by*7lu#dh_PZ>Z7$1+)Cc}Yb#3JSP2UX+5j&mD-~z`LpFQcA&``^90-nV(f z%XmL-g+E41(!6|Be}Lt+Lr>|0V^92+W`f}M7nhK>Yve3($K@&d$bAK!}Vd?(5HE=zov5=8~^&8nvx>%aAGmy0IkrA zmoLX$54SN+(V|B_E)WCS+spjAr6t(?Riq2*X<^NQdaJzQ=7il~CHxmHeDIn2Y%f71 zNJ|6HK7(|vzg_PFsHoF99UzkDa#q2-?h_VnPC68;G^cPgEIeF|QdNFFYMQC?FFO{dBgT6jbJm7cZKbnl2t@{f&)@-9-x4T{;_a ziGItL2A+j?-_PqL9}eOB0F|r3K7%{B#u(aR5Z@%PXvfZhkHNy>JGO5J%m;+8y%ORZ za!Oo7kQM2b)ZN`YHJ+m6^Yq0Fhs&4G85q<~mEJUk@+xaR3}i&(^x1pt^By!(sFw?E zrW0}gtBV8Uq&rnDU(EcIO@>H;oM@~#kV3V`b-Gs)+@ZvLC zX!LdMmkRKIXIF~?vrDif=;(9Ki~~ng8(qGB{SC@qX{oomy1GiG=?AMk0RaItLZ~Xp zoj!lfEt_!@2%H0Ut*Ap#%E4*U_B#D~02UbX4r^FFmc`E2mZ4YW$wpMo&;pP z9TF1OxRoJ1U0aAu(w%;)O+lcXTSO)8$N+W+Q+Q8H5Wob{!q~t0Nc5w`#JtO4Vd_6Y zDpUn*^nPLWj-lOJu$P$!NR^T>MK8|Iy**%cF%LKJB}*4nC*B>!dC(qYI9_7PlSUMN zCy|T|4Id;XuE0+KWP@yf70e16>2hw{4nM$HJZ*h_eX$))y}i93KQipv9&u92*AV2N zzWxjX5~$37Wuc|FS6N=3!$(?D0zkLu8j$0HqsW89{;Qtoe?bsT>^Dr$e)Z}VIt2xV zU5N*;k9XuKc>Li)2A2#ky*~8u#kqX%`<>KrwEKZNaKYftdePcIct@8vz!Jg(R`h;c zoZSBX;Hp4d3@LNxRAaYxm%54a^A8|+ajk3DWx!GufKy6H=tL{t)7_mrvcI4Ft>87m zv+UiAb>^YHz3SdsL$nDX@I5f%?sse zpBy>z*9X-aj0adl(%|QYo$GVCYGeV3jhmayR2(>vfAc1FdEE_l0~?!+ii(O?udW_D zcI(Csir#@xo_N}sk)a{1vx55s3CRs@b$-k4JpRxKh;(~SJ`^)8acX&V5X}i<%TrVE zo&^sZ1FCOKOic0B9`E(lw>dduEs1h7k#wvSAYpMka#y=UBO*{Dc*}=KSEQI3VnA>V z4-LJADW|LqUoZzC=c!3e{~F9Oo_wrU#+^Hx!OE4_ZFR)U<0z;$-MoGKeM3WLMn?Rj zM^;fGA$&TUH|>^^azZzW=+)NIdBGJ+VUL`g2Vw&)dHf+4TSLR`y<1gl ze~UxD0E1ddlk#@4AhPH$WUf4TTDslanJPBn0icPCFD@4(!$yD-9ghg(nql^g>;eth!ay%uG-q(@=#wp0c|Ja z=~IZTvyyz-M}ZuXX)UBUu!`k=*Pm+v<~;)C3%R%V#`IZ)j;-zR_tzH?fgv_r5mKmT z_}58&+uifoK_D;Zr36FefRnhnxk37(Xu;tCzX=v(nu&q+CcftWeYPDDL;d}av$I1z zu3J^&)E%`D*E0%PPCd{UWa<~{@P71 zKMqAjC0DIDPMij^ps2mXdmIvx+0ZJSyua^f0dD7$W zQuzB2Yq{817@ple)i$##X_${Iky;PpD7~by9%*0m1*c>d- z_U)UjsAyAPp9&veH5lF8T$ZWO$Gw468cx)676E(^Kv-Gtp`pKU0YWaB68E$aKHq<2 zt8a}WDPS|NvLZmh$^y9w=SBR2mYt5I8|P%84X2}sr(M}Dolt)H%TsJ9Ec-+?i}Jcg zJmfjBF4j;3@M^Li5gUugzn^B#LPZ8-JvJ_2Du^H-pB1@lz5U!--0s!6!*xhnRFrWlw03lFYnwurLE;2$0!zgE zFN@3TsS8#s3O{vqbAy)d1TYL^&DPz=P?QI`^#iDA!$Vo(X&cyAs`bpwdT`s5U4^cP zx$#zdytM#t{R74DPhV94kSH33D?ofGg2*AWxVD%t`6FLd*WhaF1jz!9v%;qF9&A8b zCr{$j$tJVv&M_!Q79iw-2uP_m(uX7@bddJ4MuD89rLQl|4&jDT0&=4YK2*<-2}ifX zh!qb0B_+k&%1WR&&(#8qxoKrH_8?_wT3+4^dVg*SknH<|_!4Cut)w_8L#cmm_cY(U z#w;oMy1cv`$p2KllqF~@7y-DiF3b*{q@cYuv#@ZCC8N#|oJ~y-4P~e$gtf`3)!G{Z z>074MH`C{co_!@OB4Sni;Kz%PZEbPU(V<~sHG6W=?YhS^Y^7dWT{=*81+;=73mp+S z_&zG1y|=`fY(xNZ1G&}jL9nQhZClUE%e%jP*;e+_^z7N&;xP(YsX{5CjI=|8 zCaf7CDG(zMAOvw{{VM%MpK`v?}* zxViwu*D6>O!JS&n0MwvrGoJj2jSA2t!+BTN4T(JA(Ia=+T{Jh2M90K5Ha5b7GJKj~ zsj3-N&AuWW-kPdXmA^MhisKFl2+*&L(i!M3tY%=Hgebqh2gEwu845l;GGXd!`UNny zh=_#iQXB~i9BF`Scy;YxA3=Z{udHK$F^ICny6GE;;=8LyS$<)uSDy>Z$gq{Ew1#O5 z?WR*p(*uJf0hW7UnpNv&^_*3<2>>oY!Ncfi7GBoj91joAssd98H8M~3dq5m; zO-TTq(b0PP`l+;DiHqFq}MjG6-t!xFBnA z&0~Wc=+AJ{JW}*}laV2qYJby-0=~Yzz~v~*{(nb5;ib?!3F7M2t3W}?cPWSYg<=mm z^;e&alei1X8h+PEOwin3dO}fRwRmu?5Vvzd`eba}Gap zR`sDUAWiQsmjx5r-QC@Fq3U-Ts1WQ@povEb3C?dtx=x`5#RdcU-nKv4nC8{j?}AS5X{H99&vIXU_BC*?@SR-W9xJ0%cKuDiG#ICv14(9Of6%4I|c zCXCakx4kN!THYlTyM&SiSO{jw@XVPKB-EWd8{WP9SuvNkQMa^PuR9wbveHMLr_ zb;`;q4ORo(F(txcV)a4>Ns3-*mH2xHj*!3U*^3vh9v+gy!X%Ic$doJo^qa?Xu-jjn zS1bcOgAPfCJ_smx5Xo5I+`Jb%>bT%%P#&mz(@dJa=+eZ`7mUJ(jrwI;>beiFmGore zbBAkI@$%;k^hw~x8f(%xQP zUWN;`=CAv$Qfsu@X=!QTIAN%&RoLN7je3J*=?@+K{P{eeTj1dK6V`FIU zr}@mLEvk0zpGCev3j$uTPEgo^j=HuXf}Nha7L|M^QiBUS%Nd;<3K{JdPU^Ck^e-9N zCB)3j7x5}^={yWo6nl`0 z$bmr~d@OQjUzy?p*B57=kdatk=vGfZJu$#{h_TZv{5*PnZ_CO~=bZ7JRI5gDWJHt- zv4%Od2TecG6Gr0J)z+?8U?G3I@rTC7{W3Bc205Ozlx{7xwLjq)@YLitC%+ASCcwC- zCWRYNv@KfeUj6?rhB8^_eTqFby$a{ucm4tlf*exJ;WTU-12P}dDOD{bnN(rEUp@;q zHAD>(4000s2_?U>s3_(jK2m<~alw0KWeU7j6ZiYC++5xw-?#biYnU;izQIz2jgb?j zfrehATKC}37c;=*h+wngtI2#+f$HpJ2RsNhdO~XdemH*s<|$L!Zsos2XybXCMHe0w z*uq0Lx{tIb0~iy5sKqEe)zwE(vv)+y!$ArJvm@dnd@rM;AH43LH88l2T>|<6-sq0b z&bOy7LjwmptmHZxjamy0?a=pQnwsqJyLFeu9DCxNV+E{@idVHd+XQzTWTf1&B|JT- zI>4Auv$N%4tzJ-kV|*8CJ`@6^6<5%&T3Vscp4lU1tPt4G<`v#UQ&WrlO*f+F&*I`!~EvdDo7(aftuhbn_;SIWu)2HMk}GM6Afd zO9LQH1VRafF!k;GcL)z&Kq4}NE!qaVSZIO+kz?$iwJQ;yz56M0}z599e{rjc`mp+v^4-y2tF2dojjPodo z$C;TI9Ub8fVI>5x{N@Bu7kXR<5 zU+ohWr6S0J;Y$dja5^d9I3fi_P);sO4`2lB!oFmUrnN6_LWd7?u3Iy3I9$zZPgV>~ zAAM%{oFEXQq|}9l1#ohB+@#c{r6m{uu%VCY7hn&8i-RvBJDbj=41*36s`njd`=Q1X z1k%0T_v^4w6V+2y8?6-#Y#Im&F!&SXo@($t5-d^@1pyeATPU{U3T7V2-em1oPJK4$ z`1OxfgLA*b%0vW$fp90#bx{yphpuPT9m~zj(}&~zqm6U|D9?#v2+UtD6=dnAzIlQz z{pIs#Xlj>v9ph489YB-FL%y8|#rW7*DuPtvynAF5IxI>8;B@bvJs34{=&UtwfQnw% zDC;$i76<7bj;RT8^uN%-FJ9d9PehOHL2NAcHA+3{8M*;V!hNc@rMCqA`kObbK0W7n zUOa#PK|t6a==O(ei3r3e6-5;_ z>3-iCPfNp$NsPmAtkMuj?wjf9EhT-SUK9NQ3Z&E|k25UPJC%Js@x&9aBTETs$4|GZ zY}~wc>t3S`^k0NF7(*a)7_wY)tjIoZ0xb5zYBPE%7=EDY{6-E z8)nZGd=@6KZZKHXTS&b!E0YCRfAQiFVj7K7elcQE-`!o72%HPzyL)V9{`&>F^MVB+Kz6u{uanhDw9WjuSJ#64{5d2X%n5+~D}6!v#g+rL zQ5*84o?bhYs6V|GW#}#8JwnNWYe6El0sHv#XY3|vdHF?DT|_lZ!kY-RO89ZUig5`a zq8e}QVh_?VF*Iy=%ktY%LR9pJa@QZ%n^O|C*{vP$}Rw!BYF}QJR}md|GWub7$V1sxcC+ym>v|N%E!lZ{H^-F zvkykVu9*BuqnlK3{IDt)(QYU(u|X;!~=8{z(*xC@CeotYF(s_vH`DdM}Uh zDGvByYUXBdk0j3l+s$wtM?}=E;|dQ#*8ld6jD{T?V4i~8hU~v2bA2x8=hzr%3d(eY zj%#TVgxG~jE@B!T(ZY2J!^grRd-uvghFo}ueJ8*|H*r^=?QUo&L98x~q&nKeAAu#_ zyn}vInTfRPs2;T{l5$(-*4(*o0Ox7KAFc8h{`4@e`*{3-3U&VcGRSJuLnJ>049bYM zP`+P*nSW_(^@?B+ZK8?TUkPT|4H}!9HxrMuvH_txAeR$XC4=-zdsCqVDy$&(_sYkgfQF0Q(HEn^!@$+$ zOP7$kuRA-#Gk}DQPSrhr98qm)Coupm z@*wv9w{J$}R9kmXD~B1w4YM*cNZYI5zfVzd_1)cFCdF5`&tmK;`{m0?r;Y>lDrCrm z>hgm2HAffx0GNNm{!&s@GMEw|}h`TnW`7CvPB{xvHKOto0qY^<;0NmQ*Z?CQO7gd3J{hAmq# zcf+h56hs?E+i((d5U9WDPo7{*;)aJ$l^l*R32I@5lHnpqQu0|q zq&kV{@skC}{(ij+7gF!t6X?Ias>%Um%M{xPV|o`d0ojx~%}Rldy|(}6G?5!TE7+d9SRLtC4gMMpc{iUofx@$ zgpwRt?vv+t?Mj57rB*N$6Qd1hEi5b`#)0sHaz8)c@YLwm;>+@KU(n+4+kpmTVq`2s z0xA~@RRFT?P7_|nw8_+uVo6C!T@06CO93QdkLO15Gw)AmMgs?!giZ#?w<=LN&s&2#rm}@l1>3~i{ zrZ!U>8E0-*R<1*yfv3V1Is;HkNr^o8&~+NLE7npR;EjM5FxrP|>T6|{4*y86>bwd0 z5ef^(OJDqm-VIl}w6@}bcM*YJdd*}CJTZ}W(}jifUz?Mexo7w8C+X?6_4V~=VFXhKL{kuAa2Q7?C9Pt) z&@K4Sxip9(wtPi)ZuD^l1OyE5vhOK{-5pN=^hNBwd&_;H64a{8eg8%PAko>hw6<2l zCKrlS$D|oLJ@t31IqyWV9-9)H0wf9yi7q3Tt;bQXJO@?=$3+62TvJ2QduZ!s(9wGj zCoAK#VN%EH{zk70zzrE>J}@Z>tPUp4z5}q}qNka%HtIIYIexxHEr1~$(*k{OUF<*s zd)}s+-vk@1&%%rJ^q*MSD!-K?+ZN99-Q#UwlCL2g#)pP7pFMjN6GNe(6(K{d%EY6X zjp;)S>4E_X3?%T`VB^A2ZF`$>WHfGgm^qPa*Ix1w&p6ozz8mL8Eiix)6 z#l?Pnt`FdxZJsecaW@Mc%9rQuFMXhgXVKhbol0DQriiRh_L<}UW}2`+$6QORs#G4F z2q`}03H14C0jdntMSA)$2xef@AZ9II!6E`6VQL~aE-qE>8c*-QUtXlnT!h#E$m|>o zENr~EZe$M3fnY6>1M$_m)&3pnB8Yq}C<-V*ys~zX)kRRncop_P%oYs_5B({JRb$w; zZ99M|9O$--i=Nr5y(9nIpB!jLHLJN749P`$|rlfMqq_%T^%rqz+6nl@b2#Sd{BORgu;CbLi zB_Eei66%_ogS&!19C90HyK#gpXh$@#`c9%jpdbKrKEuo?A~Fu23mRd%AVtq3r~vW=B^Zlo1#@%M4xJ~TVATu&KLArXkPqiw@?&AsfJ0#uArBY1(IS|$t<-Nl zrg*~Bv2`g3?ME_~Kc#DcqlY5~CbdI{po=*6lpYijv4>bi1VVqZn3{Cc5O@Z>0#iE3 zC3It+?*;fEOj%4_?G5tMt51@5rc{lFF{*z%c?z9^0HB%J1Id7ffN2{Rx4)zML|{dQ zA3P{U?of7!Kq$Dm#R2o<+X)LW_M}uy6@!cf)sC42xL}R*ZMPJ0iP{5zO~^$8?;VH( zVNL|%B6vkv&Cu+B`SK;dxEP|-JB1ypNcn2|Y)ZJrAU=F@{r*j2%~tb;{GvJ0hHHq4M9($H!{QwLp0y8a>?Ok{4~L3n+L zBhJqIedvimGo9C>te26a5j_Y)Pg()G)u!NS|GW>hr z)hxyHw>q}~838^!zAL_DZx2F`%SU|o?rktBT)U>r$6{XY$-i%3b{gu|~3 zJ(i6khRPp&8dw1Q!Qg-~VB-r}lOkTe4;MdJTo7S3!&AXF-aG9R1>JFr?euAZfq~FMV1Gixx@DK_<|!w2WUEMn(&0-@wc%xlhD{B)NCb;P`R+ z@O0yA^>8d$?XtFWC-qD(Xjtl+43}3?kR5#!)*5S@+*ioc4d@!Dj29_;C3k3|o51iB zxRwTm=#3jgHOS85m}b$?0CyOlkkC`&Ol9&z*$W5^trfD+vz(k5EkW!qEFMUlC&H)^ zp!AXD-@TndDLF1^fI!lnvv@7~^V}D@8~9}8FdACgL2kMW$ky(%*Lt-DS^uj~8RBBh zwl+2Z(c!gIx|$FckMpspmqvKnEymFf%&S`d#e@q^bC3h)@q0h5YELoL;cM5XAWRj$ zjiYg3U3PXdw)2^feyit(zU1#u7Ybz@)!OzfLX0~X@o0WU! z*)?LS9+KfrMtn z&>KygqYhHcKL^1iW#|c$e#4H5vLThwjHZHx&MC^(60B)b+{S(z>CP`-PQ&gH7k#q@ z)B!XO9NSR~RjmL7U=Kjg41@NinvKI;a3Yvh`B%WHTye9(YCp$j$m7U_{T%UHPVVkk zRcJh54n`0;hiQ^vLbC;^1hV3eTUVp0&Ou9E^ho|Lxn(uU`-1 z9F(|hb(#>hnb}!;7ke?V3eG>(%hgy#Kz~Dl2RA=8Jx&o^1GiI3{}b{NAPk)0>0~KB zz?PN(GQm~^vxn*&#H@YO)5iy*=$j3EFKj{F>pvp0pnUIOW4ptxP_%Y&2c}$90($*} zr1wJ`f2;(y3C+@EoVDCM7Z=x?{QNxn(X>{1d3kVd`5O>Gli@LroT1}KiU7j}PMjr7 zy*2CuL7*2wkL5`tlmysafJvSFmKeq$9C|Z4HrDX|Jq8*;*YdH@Cz)~@>fQv8rljy#Bq1A}%w!SV0WRs8(0Wgr9n=_lB!CHlC0V;e2>ur6a)hBO~S2GD` z?BHY`G}o9dHaT~0fIIR7+NL+~Sa^i{sN+xz35h>2z9BsUDX1?u&W&?yK87X(i5-$P zbpJa#SvZ~m?BeYPD`(|j*$2*u7@}pYufKWh2|Zsq&(@T0?rv_-O7>JzHQe;l#UMCL zP_PxlD;(?c7H1mV*?9m>T>X?z-2bT)n(~x{D|~7V2BidJE;6Lw-_fnmbQF?aVVM2z zB_C>4P-?)mMWCR%b<;Io71A8fUO0o-gKL396y2M`M4qH403_-UA`}vYn&(NqGi?zt zuzGryKvzgj^@KxPLFR1PC8U-Z<674f_l!2g`%@6Un^h+YVW^!Ys@) zKqdiSfwLG;RN{+E}5m$(DXLwH9pUBlhuppC#l$4Y#)SVb&2n@I!qKVcSrStCHEmc*2 zatl|qEPTRsvV6R~4TSIGJf}*d`lA3^*e!4lAa{?ims#+r>$BmUBGC}FC7j)|$a!zt z=ReV;5+V$k!VUWyFMB*FNvE}ifc#FYssc8J=^9ScM>H@nF&$(1g{Gv(7hUZoS67)J zKE&E8({Vu@IP*L^TRT-bxzT3!i7%*}@5F-*8t=@opg&UqMI?Ua(yfU|AW1$0eYAf~Dv@Zh-@!C&u$_A7#Jmom@ zn_Y3DOkv^B7s+R%hdrks!_!7*hJs^X$W71y=+0N>OZEk*vzJwXS1dr5R?&z;@tQk{EvluEATn<+k-H zqC1DW`o^M$QdL9H>i;{?#&#CY_P&hGY^r^dF6x5Pw;d96Q2#{*;4Z4HU2`@0NO@@uv zEw0S%dcDAAq_*+nG``R8T2k-UaYa&lJ3&O_&<6z;OU);ry0i;A8FLG1h(G%zF3Frn z=t&qdx{;%k;A{RuVxXs1%`F;dBy~{||Jc|SFaP%$!Xh9GZu4ouYSwmA;(s4_7Co|u zao2jG<-ai9D@Prx6+fJUf2XpolEoxAbCL`KR-B9g$r+jP@0l2?lnDjnfSo z?VsOtdKoHySjtsTJtO@3Rw~M4)zNeQB#+j|wZ|FW#!O6|Znd48NU@7k8JSQni%^Q% zFBQ9zB&2@vVy3pxk4nEXgB&qoVbA5iIeNmrQx*TvJA62PD#<=A|adDxiw@eSI55V08*p`RH;{N}!K*pRq^h1XWM)ar6)38H2XWbkG!v`}`F! zRGF4`gAXSRsbzgR#1$DA#~#rD=^^Lk%RO{fps$H(94y1XJJoMtXR^-7jAu(LTCykyVO#_ z)=6<}=DbVhRz64Kj1pwvoRcazPlZT2?8b0P5`@a-zp@&|pGZUR)b@%$NKL)=x60J- z@l2(dYbuSnn-q+agu1}i9QFUmj)I|LZ6T^ajPygi3E~4F0PZD{Ft5lL`s$Sgtgk4m zh38)yih2jFnR5iDGAEm6j%ZfB0B7Z`lHm{T2e# z5r!h$Ras7CN{flzX|RHaW$XFhd^68RVotr;4!2kJfD?v7F}xFE0B=17pQva=scVKQ zcmfz2&kD0)V|4UB{Uh697D@Rcn2kf9w#ClZ30gi1>!=H?kOVdnErCh9cNS8SJWAoc z=QuXMlk4-X8-S7TIuY15GBP}jm`Ra${s{pEakGratZ7z+5h$2HU>R++k)}8z%!Uyu zvICaJB?i-)u)F~fKmK`1rVA|9A+A=~yk&aHLyIH_cbu?Mict?TAbB^nRjJxG9|yjH zet-@dY5>92WGTcwETtSuhk1Mz z1$lX*y1JSmy34&{n}*T@`UL^7eo6VBIn#kA&ttMH(;(;bmoJzqJXT0P7cNat-ar6q zOkXojl=}VWj}Frfia_W&aNzu}My@>^$~}+2Pc$MLw%RR+CPk}cVgy;6)=&r#X*C0iUiaL?`a5bgQ!iwa0los6k4Gz!l*YmcofWYjVDb#rL!fw z>6NyLhiy#JY-LlBobQ?KZ3R!FPK6YImg1R1aV5j${h&D+XrW#P#0()uj?-+C!~SkvkK8V7SrZ~%|j(t&%766{bYV2Mjg z{wSRbAS5MTs|oDcEQdl&tvLG)m$3}dsIFfx&nHc)cF#G*fgCO^4Msg-8LWn0q@s^d z)zw84sh9NvS3@jkarw-)eA&X_n{H|2C}8~Ct7^;R8F{>OQhf@T5X41ifgc=b@E+lp zGRg~?E8s0)uN0MA&yZ|q7op%YUr22_4^ry@n~h~X*I&@OB{wSGi5ZKjh)^bzgZu7} zpcG=r{SWa?TyZEg49BNpoNjs7)Z9!~QJENgbYtmSRJR$`R<8>{m@LHz&;mHGIOh3R zAbA1UfE*{7_YP4Qr&dwDoSn(sU+1pYeKzPuezsI}?X8 z1OkBXaFi}DEdjR!p6ue3u-g=TF^BUGConFF$4%l7kB_HZrrS^P0ghk{GuBG&7|qJe zR11D81GZ3kY;w11rDAw+5Ov8?JnGp-nPZJ10IktD1Civ)4Q{QUNAfM6CUzKwn2)MQ zK2Sv;R?y1x(0%TYeC!=c*T)j#lC%<3^j_xdeBoyXgax7`MExKc3u@6D?SKZQ04>Fn z(FNppGuGR8cpf~M(7HSB0wIe`3Ur9ANaxPXy1z~Ay!GNz!gzCg-sd9BTYsOTqOc$P0%EaPzdZH0@RLcn^ffgtxEn^k{A@ zCIRGq4#4rjVD!Iz`>3LV4s$QFr2A(`iD5exI^9mYY0jw$JLct;jeo@`6K5SJ1Z9#) z1~nJAL9!>#uJHNX#uJU$K-{5a-M+ zwqQILvJC71({HV1GpD!gnY94OYxn9>qJl zxDOzHp{EW3?Jq4Uv6T1}6qWEH$Hg+kUNSpv$I>ihqcKg=T5#U@DR4P|`kE0OGd$j_ z6pI6!!Ow!6{5Uj*&_M`DA>$iL%Gi&LSGL%d61!CHRO}P{k^HvO6?G~pDG7T##X|HN zBNqyyKwu_mYC306N$*6r8cI)2OeCRE$j%NF8tv1QiJgW+5RQ_!=f;}>DU)LI6)C{5 zt!qC2TOUk?&_f|lDgWj1{KYZ>oTvvktLCX#n67&0@d!2~grz;$e`ihOpu|KPfVF5C z8~Y9C-k78~4xpls*>xPvI^iC_u9=;g0p5r0#}T{gLO~fVe8USa6f1 zopFzLhAO{i1E?(M;z9+J?fLx#KsMO&fK+2Xe6XY_Y5WE&I#qQQ&<$PdpYj?!t{d;! zvj;Gixz5Dh(t5MUcdsNwM(VArF2ssNzL+|NQabh6S|h)xsHvw17++t1>gKqJ5PeJ+ zs3OB*HRzpt7amtoWkC|?IuWWPcIB1rHjxZyG#Z*jzzzs35zTIHjP!X%((1KJc4&js zpFKBwpLgR08&CQsWuuZ$v#*tV8Bd}%2O5;|13i5^Jb{>&X3Lt{uhd#@Mqu{f6>uled$e{dw3CCt|8-`u=)LXo#4m(hK2@o9r%#y>Uo$F(ej{2%-#{C**1Wyc6(pn?du1?K=Qfe>=P5#8Fl*u@Zc7@G{`Z+K`3zBfTmj!k{^F`M}zIl?OZ z!^M)jis|kOYIu~G{ZZu6bIaU$XUn>*hC-~OY+_NzfbyWTvgz+0924HH+7j?2FgNX2WdUW+W{ z^p)lAbwFpL-7UXNZ^m`jZL+rcQ&;$tU*v!OY=N?W>&nD%He;E<>+g0>wk5m0 Date: Tue, 27 May 2025 16:29:49 +0200 Subject: [PATCH 08/93] process mermaid diagram --- .gitignore | 1 + README.md | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 README.md diff --git a/.gitignore b/.gitignore index 1f36ab9..032ae82 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +*.err *.odt *.html .~lock* diff --git a/README.md b/README.md new file mode 100644 index 0000000..8049c2f --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# fediversity proposal + +## usage + +```sh +nix-shell -p pandoc mermaid-filter --command 'pandoc fediversity.md -o fediversity.html -F mermaid-filter' +``` -- 2.48.1 From 09f2565fea351d351ba1d0b7fbf1843eba876f2e Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 13:34:45 +0200 Subject: [PATCH 09/93] promote subsection --- fediversity.md | 42 ++++++++++++++++++++---------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/fediversity.md b/fediversity.md index 31ed297..40a9692 100644 --- a/fediversity.md +++ b/fediversity.md @@ -35,11 +35,9 @@ The only exception is for the UX design test-lab environment that will be used t No software specific for or usable by any single organisation will be created or produced under this grant. -# Excellence +# Objectives and ambition -## Objectives and ambition - -### Objectives +## Objectives *Fediversity: Privacy-friendly, sustainable, transparent fair.* @@ -65,13 +63,13 @@ The proposed services will also be designed to be **fully portable** (something This means that users will be able to (easily and fully) switch between different hosting providers (as well as bare metal) without losing their data. This objective is important as it promotes user control and choice, allowing users to choose a way of offering services that best meets their needs without being locked into a particular platform or service, and gives users the flexibility between hosted versus self-hosted options. -#### Relevance +### Relevance Overall, this proposal is highly relevant to the HORIZON EU Programme, specifically to the Human-centric Internet topic. The objective of this topic is to support research and innovation in creating a more human-centric internet that prioritises user privacy, security, and control, while also promoting the ethical use of technology. The proposed work aligns with this objective by show-casing a way to run digital services that prioritises user control and privacy, and by using open-source software and hardware to promote transparency and ethical use. -#### Measurability +### Measurability Measuring the success of this objective will depend on several metrics, such as the number of organisations and institutions that adopt our work directly or indirectly, and its impact within the open-source community. Verifying the success of this objective will require user/developer feedback, engagement metrics, and independent audits to ensure that our services are meeting the highest standards of privacy and security. @@ -79,16 +77,16 @@ Verifying the success of this objective will require user/developer feedback, en The proposed work is realistically achievable. The use of open-source software, along with the focus on portability, will enable the proposed services to be easily adopted by our target audiences. -### Ambition +## Ambition -#### Portability of services +### Portability of services The project plans to offer portability of services, allowing users to easily export their data from the platform and import it to another platform. This is a unique feature beyond what is currently available on the market. -### Technologies used +## Technologies used -#### [NixOS](https://nixos.org/) +### [NixOS](https://nixos.org/) NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. @@ -96,7 +94,7 @@ As such, we see NixOS as the only viable way to reliably create a reproducible o Considered alternatives include: - containers: do not by themselves offer the needed reproducibility -#### [OpenTofu](https://opentofu.org/) +### [OpenTofu](https://opentofu.org/) OpenTofu is the leading open-source framework for infrastructure-as-code. This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. @@ -105,7 +103,7 @@ As such, it can facilitate automated deployment pipelines, including with — re Considered alternatives include: - Terraform: not open-source -#### [Proxmox](https://proxmox.com/) +### [Proxmox](https://proxmox.com/) Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. @@ -113,7 +111,7 @@ In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox Considered alternatives include: - OpenNebula: seemed less mature -#### [Garage](https://garagehq.deuxfleurs.fr/) +### [Garage](https://garagehq.deuxfleurs.fr/) Garage is a distributed object storage service. For compatibility with existing clients, it reuses the protocol of Amazon S3. @@ -121,7 +119,7 @@ For compatibility with existing clients, it reuses the protocol of Amazon S3. Considered alternatives include: - file storage: less centralized for backups -#### [PostgreSQL](https://www.postgresql.org/) +### [PostgreSQL](https://www.postgresql.org/) PostgreSQL is a relational database. It is used by most of our applications. @@ -129,7 +127,7 @@ It is used by most of our applications. Considered alternatives include: - Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups -#### [Valkey](https://valkey.io/) +### [Valkey](https://valkey.io/) Valkey is a key-value store. It is an open-source fork of Redis. @@ -137,7 +135,7 @@ It is an open-source fork of Redis. Considered alternatives include: - Redis: not open-source -#### [OpenSearch](https://opensearch.org/) +### [OpenSearch](https://opensearch.org/) OpenSearch offers full-text search, and is used for this in many applications. It is an open-source fork of ElasticSearch. @@ -145,7 +143,7 @@ It is an open-source fork of ElasticSearch. Considered alternatives include: - ElasticSearch: not open-source -#### [PowerDNS](https://github.com/PowerDNS/pdns) +### [PowerDNS](https://github.com/PowerDNS/pdns) PowerDNS is a mature DNS server. It further offers an admin front-end. @@ -153,7 +151,7 @@ Considered alternatives include: - hickory-dns: no front-end - core-dns: no front-end -#### [Authelia](https://github.com/authelia/authelia) +### [Authelia](https://github.com/authelia/authelia) Authelia is a single sign-on provider that integrates with LDAP. @@ -162,7 +160,7 @@ Considered alternatives include: - Authentik: larger package with focus on many things we do not need - Keycloak: larger package with focus on many things we do not need -#### [lldap](https://github.com/lldap/lldap) +### [lldap](https://github.com/lldap/lldap) Lldap is a light LDAP server, allowing to centralize user roles across applications. @@ -170,7 +168,7 @@ Considered alternatives include: - 389 DS: older larger package - FreeIPA: wrapper around 389 DS -### Identified applications +## Identified applications We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy, particularly to make users less dependent online on services by 'Big Tech'. To structure our efforts, we have categorized them into three waves, as follows: @@ -217,7 +215,7 @@ Our consideration to limit the initial list of supported applications is to keep The result of the work in the hosting vertical should be generic enough to support all NGI packages sufficiently documented and packaged in NixOS. -### Methodology challenges +## Methodology challenges One of the challenges we have identified is ensuring the security and privacy of our users' data, even if we will not collect this directly. To overcome this challenge, we will use industry-standard open-source encryption methods and regularly update our software and hardware solutions to stay ahead of potential threats. @@ -228,7 +226,7 @@ Where and if possible we will automate these checks and integrate them in a 24/7 Another challenge is that much of the software we aim to implement is still fairly new and as a result still changes frequently. In order to deal with this, we will have to keep up with the change and at the same time provide a stable and predictable experience to our users. -### Work package interdependancies +## Work package interdependancies To give a clear view of what interdepencies we expect: -- 2.48.1 From 48a56ef151d9275ff89ff48d797f9f0d0968b3bf Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 17:46:06 +0200 Subject: [PATCH 10/93] ignore pdf --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 032ae82..5594b31 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.err *.odt *.html +*.pdf .~lock* -- 2.48.1 From 124473fc786d240f9aa539ce70e1913f7d0b567f Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 18:32:25 +0200 Subject: [PATCH 11/93] reorder sections --- fediversity.md | 287 +++++++++++++++++++++++++------------------------ 1 file changed, 144 insertions(+), 143 deletions(-) diff --git a/fediversity.md b/fediversity.md index 40a9692..880d1a5 100644 --- a/fediversity.md +++ b/fediversity.md @@ -84,90 +84,6 @@ The use of open-source software, along with the focus on portability, will enabl The project plans to offer portability of services, allowing users to easily export their data from the platform and import it to another platform. This is a unique feature beyond what is currently available on the market. -## Technologies used - -### [NixOS](https://nixos.org/) - -NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. -As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. - -Considered alternatives include: -- containers: do not by themselves offer the needed reproducibility - -### [OpenTofu](https://opentofu.org/) - -OpenTofu is the leading open-source framework for infrastructure-as-code. -This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. -As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. - -Considered alternatives include: -- Terraform: not open-source - -### [Proxmox](https://proxmox.com/) - -Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. -In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. - -Considered alternatives include: -- OpenNebula: seemed less mature - -### [Garage](https://garagehq.deuxfleurs.fr/) - -Garage is a distributed object storage service. -For compatibility with existing clients, it reuses the protocol of Amazon S3. - -Considered alternatives include: -- file storage: less centralized for backups - -### [PostgreSQL](https://www.postgresql.org/) - -PostgreSQL is a relational database. -It is used by most of our applications. - -Considered alternatives include: -- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups - -### [Valkey](https://valkey.io/) - -Valkey is a key-value store. -It is an open-source fork of Redis. - -Considered alternatives include: -- Redis: not open-source - -### [OpenSearch](https://opensearch.org/) - -OpenSearch offers full-text search, and is used for this in many applications. -It is an open-source fork of ElasticSearch. - -Considered alternatives include: -- ElasticSearch: not open-source - -### [PowerDNS](https://github.com/PowerDNS/pdns) - -PowerDNS is a mature DNS server. It further offers an admin front-end. - -Considered alternatives include: -- hickory-dns: no front-end -- core-dns: no front-end - -### [Authelia](https://github.com/authelia/authelia) - -Authelia is a single sign-on provider that integrates with LDAP. - -Considered alternatives include: -- KaniDM: does not do proper LDAP -- Authentik: larger package with focus on many things we do not need -- Keycloak: larger package with focus on many things we do not need - -### [lldap](https://github.com/lldap/lldap) - -Lldap is a light LDAP server, allowing to centralize user roles across applications. - -Considered alternatives include: -- 389 DS: older larger package -- FreeIPA: wrapper around 389 DS - ## Identified applications We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy, particularly to make users less dependent online on services by 'Big Tech'. @@ -429,66 +345,8 @@ We will integrate that aspect into the high level process on a best effort basis | **Enterprises and public sector**: Organisations can replace proprietary, possibly unethical business software with open source, user-respecting solutions. | **Integration of project output into major open source solutions**: Superior solutions tend to gradually replace legacy technologies and improving standards has a strong effect on the overall marketplace. | **Economic**: ISPs, hosters, network operators, companies and civil society (re)use project output to deliver services that grant users more autonomy and privacy. | | **Academia and research**: Unlike proprietary ("black box") tools and services, open source solutions are well-suited for academics and private and public sector research as a subject and to experiment with new ideas. | **Usage and (paid) services for enterprises and organisations**: On top of state of the art FOSS solutions everyone can build competitive business and services. | **Economic**: We expect a new economy will start to evolve based on value added support and services for e.g. end-to-end communication, private data storage, federated and decentralised identity management. | -# Quality and efficiency of the implementation +# Implementation and planning -## Architecture - -At the core of Fediversity lies a NixOS configuration template containing selected applications. -We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. -We further provide a reference front-end to configure our template. -To ensure reproducibility, we also offer Nix packaging for our software. - -To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). - -```mermaid -flowchart - - user(user) --> |use| deployment - - configuration -->|deploy| deployed - devs(developers) --> |maintain| fediversity - - fediversity --> |update| provider1 - subgraph provider1["fediversity setup A"] - subgraph panel1[panel] - configuration[staged configuration] - configuration --> |update| configuration - deployed[deployed configuration] - end - deployed --> |describe| deployment - provider-config[runtime config] --> |describe| host - provider-config --> |implement runtime interfaces| panel1 - subgraph host[runtime environment] - deployment[applications] - state - end - end - - deployment --> |store| state - - operator(operator) --> |change| configuration - - subgraph provider2["fediversity setup B"] - subgraph panel2[panel] - configuration2[staged configuration] - deployed2[deployed configuration] - end - subgraph host2[runtime environment] - deployment2[applications] - state2[state] - end - end - - operator --> |trigger| migration - configuration & deployed & state --> migration - migration --> configuration2 & deployed2 & state2 - provider(hosting provider) --> |maintain| provider1 - subgraph fediversity[fediversity source code] - applications[application modules] - backends[runtime backends] - config[runtime options] - end -``` ## Actors @@ -569,6 +427,65 @@ flowchart Configuration logic specific to a runtime backend, e.g. how to deploy, how to access object storage. +## Architecture + +At the core of Fediversity lies a NixOS configuration template containing selected applications. +We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. +We further provide a reference front-end to configure our template. +To ensure reproducibility, we also offer Nix packaging for our software. + +To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). + +```mermaid +flowchart + + user(user) --> |use| deployment + + configuration -->|deploy| deployed + devs(developers) --> |maintain| fediversity + + fediversity --> |update| provider1 + subgraph provider1["fediversity setup A"] + subgraph panel1[panel] + configuration[staged configuration] + configuration --> |update| configuration + deployed[deployed configuration] + end + deployed --> |describe| deployment + provider-config[runtime config] --> |describe| host + provider-config --> |implement runtime interfaces| panel1 + subgraph host[runtime environment] + deployment[applications] + state + end + end + + deployment --> |store| state + + operator(operator) --> |change| configuration + + subgraph provider2["fediversity setup B"] + subgraph panel2[panel] + configuration2[staged configuration] + deployed2[deployed configuration] + end + subgraph host2[runtime environment] + deployment2[applications] + state2[state] + end + end + + operator --> |trigger| migration + configuration & deployed & state --> migration + migration --> configuration2 & deployed2 & state2 + provider(hosting provider) --> |maintain| provider1 + subgraph fediversity[fediversity source code] + applications[application modules] + backends[runtime backends] + config[runtime options] + end +``` + ## Break-down of project milestones Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: @@ -615,6 +532,90 @@ Whereas details of the implementation may need to be decided as the technical ch - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - [upstream to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) +## Technologies used + +### [NixOS](https://nixos.org/) + +NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. +As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. + +Considered alternatives include: +- containers: do not by themselves offer the needed reproducibility + +### [OpenTofu](https://opentofu.org/) + +OpenTofu is the leading open-source framework for infrastructure-as-code. +This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. +As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. + +Considered alternatives include: +- Terraform: not open-source + +### [Proxmox](https://proxmox.com/) + +Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. +In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. + +Considered alternatives include: +- OpenNebula: seemed less mature + +### [Garage](https://garagehq.deuxfleurs.fr/) + +Garage is a distributed object storage service. +For compatibility with existing clients, it reuses the protocol of Amazon S3. + +Considered alternatives include: +- file storage: less centralized for backups + +### [PostgreSQL](https://www.postgresql.org/) + +PostgreSQL is a relational database. +It is used by most of our applications. + +Considered alternatives include: +- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups + +### [Valkey](https://valkey.io/) + +Valkey is a key-value store. +It is an open-source fork of Redis. + +Considered alternatives include: +- Redis: not open-source + +### [OpenSearch](https://opensearch.org/) + +OpenSearch offers full-text search, and is used for this in many applications. +It is an open-source fork of ElasticSearch. + +Considered alternatives include: +- ElasticSearch: not open-source + +### [PowerDNS](https://github.com/PowerDNS/pdns) + +PowerDNS is a mature DNS server. It further offers an admin front-end. + +Considered alternatives include: +- hickory-dns: no front-end +- core-dns: no front-end + +### [Authelia](https://github.com/authelia/authelia) + +Authelia is a single sign-on provider that integrates with LDAP. + +Considered alternatives include: +- KaniDM: does not do proper LDAP +- Authentik: larger package with focus on many things we do not need +- Keycloak: larger package with focus on many things we do not need + +### [lldap](https://github.com/lldap/lldap) + +Lldap is a light LDAP server, allowing to centralize user roles across applications. + +Considered alternatives include: +- 389 DS: older larger package +- FreeIPA: wrapper around 389 DS + ## Work plan and resources Table 3.1g: Subcontracting costs -- 2.48.1 From 33f2eaaeff6bdb5318b03c1d25a93cf9da899927 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 20:53:54 +0200 Subject: [PATCH 12/93] reproduce --- README.md | 4 +++- shell.nix | 12 ++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 shell.nix diff --git a/README.md b/README.md index 8049c2f..18ca913 100644 --- a/README.md +++ b/README.md @@ -3,5 +3,7 @@ ## usage ```sh -nix-shell -p pandoc mermaid-filter --command 'pandoc fediversity.md -o fediversity.html -F mermaid-filter' +nix-shell +pandoc fediversity.md -o fediversity.html +pandoc fediversity.html -o fediversity.pdf ``` diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..031e504 --- /dev/null +++ b/shell.nix @@ -0,0 +1,12 @@ +{ + pkgs ? import { }, +}: +{ + shell = pkgs.mkShellNoCC { + packages = with pkgs; [ + pandoc + texliveMedium + librsvg + ]; + }; +} -- 2.48.1 From 07aa7c871f7ef597a2f4ee148d7fc151e63c81a3 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 22:54:53 +0200 Subject: [PATCH 13/93] deduplicate diagrams --- fediversity.md | 50 ++++---------------------------------------------- 1 file changed, 4 insertions(+), 46 deletions(-) diff --git a/fediversity.md b/fediversity.md index 880d1a5..fb40007 100644 --- a/fediversity.md +++ b/fediversity.md @@ -436,55 +436,13 @@ To ensure reproducibility, we also offer Nix packaging for our software. To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). -```mermaid -flowchart +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) - user(user) --> |use| deployment +### Data model - configuration -->|deploy| deployed - devs(developers) --> |maintain| fediversity +The data model used for migrations is as follows: - fediversity --> |update| provider1 - subgraph provider1["fediversity setup A"] - subgraph panel1[panel] - configuration[staged configuration] - configuration --> |update| configuration - deployed[deployed configuration] - end - deployed --> |describe| deployment - provider-config[runtime config] --> |describe| host - provider-config --> |implement runtime interfaces| panel1 - subgraph host[runtime environment] - deployment[applications] - state - end - end - - deployment --> |store| state - - operator(operator) --> |change| configuration - - subgraph provider2["fediversity setup B"] - subgraph panel2[panel] - configuration2[staged configuration] - deployed2[deployed configuration] - end - subgraph host2[runtime environment] - deployment2[applications] - state2[state] - end - end - - operator --> |trigger| migration - configuration & deployed & state --> migration - migration --> configuration2 & deployed2 & state2 - provider(hosting provider) --> |maintain| provider1 - subgraph fediversity[fediversity source code] - applications[application modules] - backends[runtime backends] - config[runtime options] - end -``` +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/data-model.svg) ## Break-down of project milestones -- 2.48.1 From 88290222428893a561ea3fba3887419957875219 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 23:19:12 +0200 Subject: [PATCH 14/93] distinguish relations vs model --- fediversity.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/fediversity.md b/fediversity.md index fb40007..7fc4c0c 100644 --- a/fediversity.md +++ b/fediversity.md @@ -438,11 +438,14 @@ To reach our goals, we aim to implement the following interactions between [acto ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) +### Entity relationships + +Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/entity-relations.svg) + ### Data model -The data model used for migrations is as follows: - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/data-model.svg) ## Break-down of project milestones -- 2.48.1 From 4549fcaeef2cff2d491efe66f05b4240b313dd82 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sat, 31 May 2025 23:42:06 +0200 Subject: [PATCH 15/93] split out architecture document --- README.md | 4 +- architecture.md | 236 ++++++++++++++++++++++++++++++++++++++++++++++++ fediversity.md | 232 +---------------------------------------------- shell.nix | 1 + 4 files changed, 243 insertions(+), 230 deletions(-) create mode 100644 architecture.md diff --git a/README.md b/README.md index 18ca913..66d0271 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ ```sh nix-shell -pandoc fediversity.md -o fediversity.html +pandoc architecture.md -o architecture.html +pandoc architecture.html -o architecture.pdf +pandoc --filter pandoc-include fediversity.md -o fediversity.html pandoc fediversity.html -o fediversity.pdf ``` diff --git a/architecture.md b/architecture.md new file mode 100644 index 0000000..2aeade3 --- /dev/null +++ b/architecture.md @@ -0,0 +1,236 @@ + + +## Actors + +- Developers + + The group working on this repository. + We are creating the deployment workflows and service configurations. + +- Hosting provider + + They provide and maintain the physical infrastructure, and run the software in this repository, through which operators interact with their deployments. + Hosting providers are technical administrators for these deployments, ensuring availability and appropriate performance. + + We target small- to medium-scale hosting providers with 20+ physical machines. + +- Operator + + They select the applications they want to run. + They don't need to own hardware or deal with operations. + Operators administer their applications in a non-technical fashion, e.g. as moderators. + They pay the hosting provider for registering a domain name, maintaining physical resources, and monitoring deployments. + +- User + + They are individuals using applications run by the operators, and e.g. post content. + +## Glossary + +- [Fediverse](https://en.wikipedia.org/wiki/Fediverse) + + A collection of social networking applications that can communicate with each other using a common protocol. + +- Application + + User-facing software (e.g. from Fediverse) run by the hosting provider for an operator. + +- Configuration + + A collection of settings for a machine running NixOS. + + > Example: Configurations are deployed to VMs. + +- Provision + + Make a resource, such as a virtual machine, available for use. + +- Deploy + + Put software, such as applications, onto computers. + The software includes technical configuration that links software components. + In our context, this a Configuration deployed to a runtime environment. + Most user-facing configuration remains untouched by the deployment process. + +- Migrate + + Move service configurations and deployment (including user data) from one hosting provider to another. + +- Resource + + A [resource for NixOps4](https://nixops.dev/manual/development/concept/resource.html) is any external entity that can be declared with NixOps4 expressions and manipulated with NixOps4, such as a virtual machine, an active NixOS configuration, a DNS entry, or customer database. + +- Resource provider + + A resource provider for NixOps4 is an executable that communicates between a resource and NixOps4 using a standardised protocol, allowing [CRUD operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) on the resources to be performed by NixOps4. + Refer to the [NixOps4 manual](https://nixops.dev/manual/development/resource-provider/index.html) for details. + + > Example: We need a resource provider for obtaining deployment secrets from a database. + +- Runtime backend + + A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container runtime. + +- Runtime environment + + The thing a deployment runs on, an interface against which the deployment is working. See runtime backend. + +- Runtime config + + Configuration logic specific to a runtime backend, e.g. how to deploy, how to access object storage. + +## Architecture + +At the core of Fediversity lies a NixOS configuration template containing selected applications. +We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. +We further provide a reference front-end to configure our template. +To ensure reproducibility, we also offer Nix packaging for our software. + +To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) + +### Entity relationships + +Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/entity-relations.svg) + +### Data model + +### Host architecture + +Whereas the core abstraction in Fediversity is a NixOS configuration template, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/host-architecture.png) + +## Break-down of project milestones + +Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: + +- Initial internal user to kick-start feedback process: + - automate provisioning of: + - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) + - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) + - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) + - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) + - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) + - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + - [publish specification](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) using e.g. JSON Schema / OpenAPI + - [facilitate multi-tenancy](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + - [provision admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) + - [ensure users can update their configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) +- Software ready for web hosts to take into production: + - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) + - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) + - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) + - [allow control over version of module deployed](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + - [automate dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) +- Features to improve user experience and increase host adoption: + - [enqueue deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) + - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) + - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) + - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) + - [expand exposed configuration settings](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) + - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) + - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) + - [scaling application resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) + - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) + - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) + - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) +- Facilitate engagement from external developers: + - [create integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [add continuous integration builds to a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) + - [reproduce required infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) + - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + - [facilitate user signup](https://git.fediversity.eu/Fediversity/Fediversity/issues/335) + - [facilitate code reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) + - [upstream to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) + +## Technologies used + +### [NixOS](https://nixos.org/) + +NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. +As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. + +Considered alternatives include: +- containers: do not by themselves offer the needed reproducibility + +### [OpenTofu](https://opentofu.org/) + +OpenTofu is the leading open-source framework for infrastructure-as-code. +This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. +As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. + +Considered alternatives include: +- Terraform: not open-source + +### [Proxmox](https://proxmox.com/) + +Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. +In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. + +Considered alternatives include: +- OpenNebula: seemed less mature + +### [Garage](https://garagehq.deuxfleurs.fr/) + +Garage is a distributed object storage service. +For compatibility with existing clients, it reuses the protocol of Amazon S3. + +Considered alternatives include: +- file storage: less centralized for backups + +### [PostgreSQL](https://www.postgresql.org/) + +PostgreSQL is a relational database. +It is used by most of our applications. + +Considered alternatives include: +- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups + +### [Valkey](https://valkey.io/) + +Valkey is a key-value store. +It is an open-source fork of Redis. + +Considered alternatives include: +- Redis: not open-source + +### [OpenSearch](https://opensearch.org/) + +OpenSearch offers full-text search, and is used for this in many applications. +It is an open-source fork of ElasticSearch. + +Considered alternatives include: +- ElasticSearch: not open-source + +### [PowerDNS](https://github.com/PowerDNS/pdns) + +PowerDNS is a mature DNS server. It further offers an admin front-end. + +Considered alternatives include: +- hickory-dns: no front-end +- core-dns: no front-end + +### [Authelia](https://github.com/authelia/authelia) + +Authelia is a single sign-on provider that integrates with LDAP. + +Considered alternatives include: +- KaniDM: does not do proper LDAP +- Authentik: larger package with focus on many things we do not need +- Keycloak: larger package with focus on many things we do not need + +### [lldap](https://github.com/lldap/lldap) + +Lldap is a light LDAP server, allowing to centralize user roles across applications. + +Considered alternatives include: +- 389 DS: older larger package +- FreeIPA: wrapper around 389 DS diff --git a/fediversity.md b/fediversity.md index 7fc4c0c..ad3e101 100644 --- a/fediversity.md +++ b/fediversity.md @@ -347,235 +347,9 @@ We will integrate that aspect into the high level process on a best effort basis # Implementation and planning - -## Actors - -- Developers - - The group working on this repository. - We are creating the deployment workflows and service configurations. - -- Hosting provider - - They provide and maintain the physical infrastructure, and run the software in this repository, through which operators interact with their deployments. - Hosting providers are technical administrators for these deployments, ensuring availability and appropriate performance. - - We target small- to medium-scale hosting providers with 20+ physical machines. - -- Operator - - They select the applications they want to run. - They don't need to own hardware or deal with operations. - Operators administer their applications in a non-technical fashion, e.g. as moderators. - They pay the hosting provider for registering a domain name, maintaining physical resources, and monitoring deployments. - -- User - - They are individuals using applications run by the operators, and e.g. post content. - -## Glossary - -- [Fediverse](https://en.wikipedia.org/wiki/Fediverse) - - A collection of social networking applications that can communicate with each other using a common protocol. - -- Application - - User-facing software (e.g. from Fediverse) run by the hosting provider for an operator. - -- Configuration - - A collection of settings for a machine running NixOS. - - > Example: Configurations are deployed to VMs. - -- Provision - - Make a resource, such as a virtual machine, available for use. - -- Deploy - - Put software, such as applications, onto computers. - The software includes technical configuration that links software components. - In our context, this a Configuration deployed to a runtime environment. - Most user-facing configuration remains untouched by the deployment process. - -- Migrate - - Move service configurations and deployment (including user data) from one hosting provider to another. - -- Resource - - A [resource for NixOps4](https://nixops.dev/manual/development/concept/resource.html) is any external entity that can be declared with NixOps4 expressions and manipulated with NixOps4, such as a virtual machine, an active NixOS configuration, a DNS entry, or customer database. - -- Resource provider - - A resource provider for NixOps4 is an executable that communicates between a resource and NixOps4 using a standardised protocol, allowing [CRUD operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) on the resources to be performed by NixOps4. - Refer to the [NixOps4 manual](https://nixops.dev/manual/development/resource-provider/index.html) for details. - - > Example: We need a resource provider for obtaining deployment secrets from a database. - -- Runtime backend - - A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container runtime. - -- Runtime environment - - The thing a deployment runs on, an interface against which the deployment is working. See runtime backend. - -- Runtime config - - Configuration logic specific to a runtime backend, e.g. how to deploy, how to access object storage. - -## Architecture - -At the core of Fediversity lies a NixOS configuration template containing selected applications. -We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. -We further provide a reference front-end to configure our template. -To ensure reproducibility, we also offer Nix packaging for our software. - -To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) - -### Entity relationships - -Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/entity-relations.svg) - -### Data model - - -## Break-down of project milestones - -Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: - -- Initial internal user to kick-start feedback process: - - automate provisioning of: - - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) - - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) - - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - - [publish specification](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) using e.g. JSON Schema / OpenAPI - - [facilitate multi-tenancy](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - - [provision admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - - [ensure users can update their configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) -- Software ready for web hosts to take into production: - - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - - [allow control over version of module deployed](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - - [automate dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) -- Features to improve user experience and increase host adoption: - - [enqueue deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) - - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) - - [expand exposed configuration settings](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) - - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) - - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - - [scaling application resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) -- Facilitate engagement from external developers: - - [create integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [add continuous integration builds to a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) - - [reproduce required infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) - - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [facilitate user signup](https://git.fediversity.eu/Fediversity/Fediversity/issues/335) - - [facilitate code reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - - [upstream to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) - -## Technologies used - -### [NixOS](https://nixos.org/) - -NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. -As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. - -Considered alternatives include: -- containers: do not by themselves offer the needed reproducibility - -### [OpenTofu](https://opentofu.org/) - -OpenTofu is the leading open-source framework for infrastructure-as-code. -This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. -As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. - -Considered alternatives include: -- Terraform: not open-source - -### [Proxmox](https://proxmox.com/) - -Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. -In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. - -Considered alternatives include: -- OpenNebula: seemed less mature - -### [Garage](https://garagehq.deuxfleurs.fr/) - -Garage is a distributed object storage service. -For compatibility with existing clients, it reuses the protocol of Amazon S3. - -Considered alternatives include: -- file storage: less centralized for backups - -### [PostgreSQL](https://www.postgresql.org/) - -PostgreSQL is a relational database. -It is used by most of our applications. - -Considered alternatives include: -- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups - -### [Valkey](https://valkey.io/) - -Valkey is a key-value store. -It is an open-source fork of Redis. - -Considered alternatives include: -- Redis: not open-source - -### [OpenSearch](https://opensearch.org/) - -OpenSearch offers full-text search, and is used for this in many applications. -It is an open-source fork of ElasticSearch. - -Considered alternatives include: -- ElasticSearch: not open-source - -### [PowerDNS](https://github.com/PowerDNS/pdns) - -PowerDNS is a mature DNS server. It further offers an admin front-end. - -Considered alternatives include: -- hickory-dns: no front-end -- core-dns: no front-end - -### [Authelia](https://github.com/authelia/authelia) - -Authelia is a single sign-on provider that integrates with LDAP. - -Considered alternatives include: -- KaniDM: does not do proper LDAP -- Authentik: larger package with focus on many things we do not need -- Keycloak: larger package with focus on many things we do not need - -### [lldap](https://github.com/lldap/lldap) - -Lldap is a light LDAP server, allowing to centralize user roles across applications. - -Considered alternatives include: -- 389 DS: older larger package -- FreeIPA: wrapper around 389 DS +```include +architecture.md +``` ## Work plan and resources diff --git a/shell.nix b/shell.nix index 031e504..bf1305a 100644 --- a/shell.nix +++ b/shell.nix @@ -5,6 +5,7 @@ shell = pkgs.mkShellNoCC { packages = with pkgs; [ pandoc + pandoc-include texliveMedium librsvg ]; -- 2.48.1 From cad4f2a904a5c782050f7b2ed298c7e8d018f81c Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 09:50:38 +0200 Subject: [PATCH 16/93] npins --- architecture.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/architecture.md b/architecture.md index 2aeade3..e131c39 100644 --- a/architecture.md +++ b/architecture.md @@ -161,6 +161,13 @@ As such, we see NixOS as the only viable way to reliably create a reproducible o Considered alternatives include: - containers: do not by themselves offer the needed reproducibility +#### [npins](https://github.com/andir/npins) + +Npins is a dependency pinning tool for Nix which leaves recursive dependencies explicit, keeping the consumer in control. + +Considered alternatives include: +- Flakes: defaults to implicitly following recursive dependencies, leaving control with the publisher. + ### [OpenTofu](https://opentofu.org/) OpenTofu is the leading open-source framework for infrastructure-as-code. -- 2.48.1 From 25c378b5a65aa79d96c177408b3bcf42d02dbff3 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 10:13:53 +0200 Subject: [PATCH 17/93] formatting --- fediversity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fediversity.md b/fediversity.md index ad3e101..54aab5e 100644 --- a/fediversity.md +++ b/fediversity.md @@ -52,8 +52,8 @@ This objective aligns with the work programme topic by advancing the development Concretely, we aim to achieve this using the following sub-goals: 1. Implement a way to run online services in a way that emphasises user autonomy and portability; -1. Disseminate our results by engaging the open-source community to further expand on work in this direction. -1. Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services; +1. Disseminate our results by engaging the open-source community to further expand on work in this direction; +1. Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services. In addition, the team will have to find ways to ensure that all parts of our services use **open-source software**. This will promote transparency and enable end-users to verify that their data is being handled ethically and in compliance with data privacy regulations. -- 2.48.1 From c9d461577be5367b378f4b1968d6fd9fea834463 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 14:00:36 +0200 Subject: [PATCH 18/93] match roadmap to objective hierarchy --- architecture.md | 97 ++++++++++++++++++++++++++++--------------------- 1 file changed, 55 insertions(+), 42 deletions(-) diff --git a/architecture.md b/architecture.md index e131c39..ec5f1ca 100644 --- a/architecture.md +++ b/architecture.md @@ -108,48 +108,61 @@ Whereas the core abstraction in Fediversity is a NixOS configuration template, a Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: -- Initial internal user to kick-start feedback process: - - automate provisioning of: - - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) - - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) - - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - - [publish specification](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) using e.g. JSON Schema / OpenAPI - - [facilitate multi-tenancy](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - - [provision admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - - [ensure users can update their configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) -- Software ready for web hosts to take into production: - - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - - [allow control over version of module deployed](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - - [automate dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) -- Features to improve user experience and increase host adoption: - - [enqueue deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) - - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) - - [expand exposed configuration settings](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) - - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) - - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - - [scaling application resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) - - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) -- Facilitate engagement from external developers: - - [create integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [add continuous integration builds to a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) - - [reproduce required infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) - - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [facilitate user signup](https://git.fediversity.eu/Fediversity/Fediversity/issues/335) - - [facilitate code reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - - [upstream to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) +1. [Implement a way to run online services in a way that emphasises user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) + - ['one-click' deployment of Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) + - ['one-click' portability between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) +1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) + - [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224): + - [separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + - [CI rejects failing deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/102) + - [Nix package overlays upstreamed](https://git.fediversity.eu/Fediversity/Fediversity/issues/248) + - [facilitate suggestions in PR reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288): + - [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) + - [create integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [add continuous integration builds to a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) + - [reproduce required infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) + - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + - [facilitate user signup](https://git.fediversity.eu/Fediversity/Fediversity/issues/335) + - [facilitate code reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) + - [upstream to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) +1. [Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) + - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): + - automated provisioning of: + - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) + - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) + - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) + - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) + - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) + - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + - [publish specification](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) using e.g. JSON Schema / OpenAPI + - [facilitate multi-tenancy](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + - [provision admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) + - [ensure users can update their configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) + - [Software ready for web hosts to take into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228): + - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) + - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) + - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) + - [allow control over version of module deployed](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + - [automate dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) + - [Implemented key features to improve user experience](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): + - [enqueue deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) + - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) + - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) + - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) + - [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) + - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) + - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) + - [scaling application resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) + - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) + - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) + - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) ## Technologies used -- 2.48.1 From f1b0fa38a1aa9407ef572fe9eb76019f5e4850e7 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 15:02:46 +0200 Subject: [PATCH 19/93] reword goal --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 54aab5e..5dbd6ef 100644 --- a/fediversity.md +++ b/fediversity.md @@ -51,7 +51,7 @@ This objective aligns with the work programme topic by advancing the development Concretely, we aim to achieve this using the following sub-goals: -1. Implement a way to run online services in a way that emphasises user autonomy and portability; +1. Implement a way to run online services emphasising user autonomy and portability; 1. Disseminate our results by engaging the open-source community to further expand on work in this direction; 1. Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services. -- 2.48.1 From 45e65b606b031a7df0b922a8c6e95be1b7367632 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 17:00:35 +0200 Subject: [PATCH 20/93] word stories declaratively --- architecture.md | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/architecture.md b/architecture.md index ec5f1ca..d9f0d13 100644 --- a/architecture.md +++ b/architecture.md @@ -108,9 +108,10 @@ Whereas the core abstraction in Fediversity is a NixOS configuration template, a Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: -1. [Implement a way to run online services in a way that emphasises user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) - - ['one-click' deployment of Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) - - ['one-click' portability between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) +1. [Implement a way to run online services emphasising user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) + - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) + - [deploying Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) + - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) 1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) - [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224): - [separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) @@ -121,45 +122,43 @@ Whereas details of the implementation may need to be decided as the technical ch - [integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288): - [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) - - [create integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [add continuous integration builds to a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) - - [reproduce required infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) + - [integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [Continuous Integration builds available in a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) + - [reproducible project infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [facilitate user signup](https://git.fediversity.eu/Fediversity/Fediversity/issues/335) - - [facilitate code reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [get documentation ready](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - - [upstream to NixOS](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) + - [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) + - [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) 1. [Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): - automated provisioning of: - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) (and related resources) + - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) + - [admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - - [publish specification](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) using e.g. JSON Schema / OpenAPI - - [facilitate multi-tenancy](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - - [provision admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - - [ensure users can update their configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) + - [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) + - [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) + - [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + - [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) - [Software ready for web hosts to take into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228): - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - - [allow control over version of module deployed](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + - [reference front-end decoupled from template version](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - - [automate dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) - - [Implemented key features to improve user experience](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): - - [enqueue deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) + - [Key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): + - [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) - [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) + - [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - - [scaling application resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) + - [completed initial application offering](https://git.fediversity.eu/Fediversity/Fediversity/issues/350) - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) -- 2.48.1 From bce45629b9d7a94fc06afe6eb566520d9da5dbc3 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 19:42:45 +0200 Subject: [PATCH 21/93] initial application: forgejo see https://git.fediversity.eu/Fediversity/Fediversity/issues/327 --- fediversity.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 5dbd6ef..fc71b11 100644 --- a/fediversity.md +++ b/fediversity.md @@ -102,9 +102,16 @@ To structure our efforts, we have categorized them into three waves, as follows: - [Pixelfed](https://pixelfed.org/) - [Peertube](https://joinpeertube.org/) -Note that the list above are just examples, and we will evaluate further options and try to find added value in the combination of different technologies. Considerations taking into account in the selection of applications to be implemented include their added value, maturity, security, how well they complement our other applications, support for identity management standards such as OIDC and LDAP, software license, ease of implementation, documentation, strategic relevance in protecting user privacy and autonomy, and the availability of viable alternatives. +As the initial application to be supported, we have selected [Forgejo](https://forgejo.org/), given it: + +1. is supported in [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks) +1. relevant features are merged upstream (c.f. Vaultwarden, where support for single sign-on is still outstanding) +1. uses a language featuring static typing, offering it a baseline level of robustness +1. is part of our own infrastructure, allowing us to bootstrap +1. given the above, makes our development team self-sufficient for the purpose of its initial user feedback cycle + Which other packages we will decide to support will depend further on the packages that will be adressed in the 'subgrant projects' that will be requested in the 'open calls'. In finalising our initial selection, both with regard to quality-quantity trade-offs as well as relative priority among the identified applications, we will coordinate with relevant stakeholders as the project matures. -- 2.48.1 From 107fd151e6b39617eac07fc6c7fba7a035b77e1e Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 20:19:56 +0200 Subject: [PATCH 22/93] spacing --- architecture.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/architecture.md b/architecture.md index d9f0d13..978faa4 100644 --- a/architecture.md +++ b/architecture.md @@ -171,6 +171,7 @@ NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. Considered alternatives include: + - containers: do not by themselves offer the needed reproducibility #### [npins](https://github.com/andir/npins) @@ -178,6 +179,7 @@ Considered alternatives include: Npins is a dependency pinning tool for Nix which leaves recursive dependencies explicit, keeping the consumer in control. Considered alternatives include: + - Flakes: defaults to implicitly following recursive dependencies, leaving control with the publisher. ### [OpenTofu](https://opentofu.org/) @@ -187,6 +189,7 @@ This has led it to offer a vibrant ecosystem of 'provider' plugins integrating v As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. Considered alternatives include: + - Terraform: not open-source ### [Proxmox](https://proxmox.com/) @@ -195,6 +198,7 @@ Proxmox is a hypervisor, allowing us to create VMs for our applications while ad In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. Considered alternatives include: + - OpenNebula: seemed less mature ### [Garage](https://garagehq.deuxfleurs.fr/) @@ -203,6 +207,7 @@ Garage is a distributed object storage service. For compatibility with existing clients, it reuses the protocol of Amazon S3. Considered alternatives include: + - file storage: less centralized for backups ### [PostgreSQL](https://www.postgresql.org/) @@ -211,6 +216,7 @@ PostgreSQL is a relational database. It is used by most of our applications. Considered alternatives include: + - Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups ### [Valkey](https://valkey.io/) @@ -219,6 +225,7 @@ Valkey is a key-value store. It is an open-source fork of Redis. Considered alternatives include: + - Redis: not open-source ### [OpenSearch](https://opensearch.org/) @@ -227,6 +234,7 @@ OpenSearch offers full-text search, and is used for this in many applications. It is an open-source fork of ElasticSearch. Considered alternatives include: + - ElasticSearch: not open-source ### [PowerDNS](https://github.com/PowerDNS/pdns) @@ -234,6 +242,7 @@ Considered alternatives include: PowerDNS is a mature DNS server. It further offers an admin front-end. Considered alternatives include: + - hickory-dns: no front-end - core-dns: no front-end @@ -242,6 +251,7 @@ Considered alternatives include: Authelia is a single sign-on provider that integrates with LDAP. Considered alternatives include: + - KaniDM: does not do proper LDAP - Authentik: larger package with focus on many things we do not need - Keycloak: larger package with focus on many things we do not need @@ -251,5 +261,6 @@ Considered alternatives include: Lldap is a light LDAP server, allowing to centralize user roles across applications. Considered alternatives include: + - 389 DS: older larger package - FreeIPA: wrapper around 389 DS -- 2.48.1 From 7b6ab144c896d6b5d891bd368ed636d35f2b4218 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 20:20:28 +0200 Subject: [PATCH 23/93] add selfhostblocks --- architecture.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/architecture.md b/architecture.md index 978faa4..6396c5d 100644 --- a/architecture.md +++ b/architecture.md @@ -182,6 +182,15 @@ Considered alternatives include: - Flakes: defaults to implicitly following recursive dependencies, leaving control with the publisher. +### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/) + +SelfHostBlocks offers Nix module contracts to decouple applications from service providers, empowering user choice. + +Considered alternatives include: + +- nixpkgs-provided NixOS service modules: support far more applications, but tightly coupled with service providers, whereas we expect them to [sooner or later](https://discourse.nixos.org/t/pre-rfc-decouple-services-using-structured-typing/58257) follow suit. +- NixOS service modules curated from scratch: would support any setup imaginable, but does not seem to align as well with our research-oriented goals. + ### [OpenTofu](https://opentofu.org/) OpenTofu is the leading open-source framework for infrastructure-as-code. -- 2.48.1 From 93a9eecd2bb66dd3a0adec2117fda63b15118138 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 20:25:25 +0200 Subject: [PATCH 24/93] move architecture to after we explain the needed technologies --- architecture.md | 168 ++++++++++++++++++++++++------------------------ 1 file changed, 84 insertions(+), 84 deletions(-) diff --git a/architecture.md b/architecture.md index 6396c5d..202d5ea 100644 --- a/architecture.md +++ b/architecture.md @@ -79,90 +79,6 @@ Configuration logic specific to a runtime backend, e.g. how to deploy, how to access object storage. -## Architecture - -At the core of Fediversity lies a NixOS configuration template containing selected applications. -We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. -We further provide a reference front-end to configure our template. -To ensure reproducibility, we also offer Nix packaging for our software. - -To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) - -### Entity relationships - -Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/entity-relations.svg) - -### Data model - -### Host architecture - -Whereas the core abstraction in Fediversity is a NixOS configuration template, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/host-architecture.png) - -## Break-down of project milestones - -Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: - -1. [Implement a way to run online services emphasising user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) - - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - - [deploying Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) - - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) -1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) - - [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224): - - [separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - - [CI rejects failing deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/102) - - [Nix package overlays upstreamed](https://git.fediversity.eu/Fediversity/Fediversity/issues/248) - - [facilitate suggestions in PR reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288): - - [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) - - [integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [Continuous Integration builds available in a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) - - [reproducible project infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) - - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - - [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) -1. [Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) - - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): - - automated provisioning of: - - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) - - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) - - [admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - - [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) - - [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) - - [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - - [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) - - [Software ready for web hosts to take into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228): - - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - - [reference front-end decoupled from template version](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - - [Key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): - - [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) - - [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) - - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) - - [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - - [completed initial application offering](https://git.fediversity.eu/Fediversity/Fediversity/issues/350) - - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) - - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) - ## Technologies used ### [NixOS](https://nixos.org/) @@ -273,3 +189,87 @@ Considered alternatives include: - 389 DS: older larger package - FreeIPA: wrapper around 389 DS + +## Architecture + +At the core of Fediversity lies a NixOS configuration template containing selected applications. +We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. +We further provide a reference front-end to configure our template. +To ensure reproducibility, we also offer Nix packaging for our software. + +To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) + +### Entity relationships + +Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/entity-relations.svg) + +### Data model + +### Host architecture + +Whereas the core abstraction in Fediversity is a NixOS configuration template, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/host-architecture.png) + +## Break-down of project milestones + +Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: + +1. [Implement a way to run online services emphasising user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) + - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) + - [deploying Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) + - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) +1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) + - [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224): + - [separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + - [CI rejects failing deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/102) + - [Nix package overlays upstreamed](https://git.fediversity.eu/Fediversity/Fediversity/issues/248) + - [facilitate suggestions in PR reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288): + - [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) + - [integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + - [Continuous Integration builds available in a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) + - [reproducible project infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) + - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + - [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + - [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) + - [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) +1. [Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) + - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): + - automated provisioning of: + - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) + - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) + - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) + - [admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) + - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) + - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) + - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + - [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) + - [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) + - [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + - [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) + - [Software ready for web hosts to take into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228): + - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) + - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) + - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) + - [reference front-end decoupled from template version](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + - [Key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): + - [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) + - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) + - [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) + - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) + - [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) + - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) + - [completed initial application offering](https://git.fediversity.eu/Fediversity/Fediversity/issues/350) + - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) + - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) + - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) -- 2.48.1 From 8977cd7cf1ccbe2b5632d5227667e586af445e07 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 20:29:08 +0200 Subject: [PATCH 25/93] link to panel --- architecture.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/architecture.md b/architecture.md index 202d5ea..1c820a3 100644 --- a/architecture.md +++ b/architecture.md @@ -193,8 +193,8 @@ Considered alternatives include: ## Architecture At the core of Fediversity lies a NixOS configuration template containing selected applications. -We use this to deploy to selected run-time environments, so far targeting hypervisor ProxmoX. -We further provide a reference front-end to configure our template. +We use this to deploy to selected run-time environments, with targets including NixOS itself and hypervisor ProxmoX. +We further provide a [reference front-end](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/panel) to configure our template. To ensure reproducibility, we also offer Nix packaging for our software. To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). -- 2.48.1 From 603111051a91dbcdcaa585d81894937ef11f959d Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 20:33:41 +0200 Subject: [PATCH 26/93] shb --- architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index 1c820a3..c42bbeb 100644 --- a/architecture.md +++ b/architecture.md @@ -100,7 +100,7 @@ Considered alternatives include: ### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/) -SelfHostBlocks offers Nix module contracts to decouple applications from service providers, empowering user choice. +SelfHostBlocks offers Nix module contracts to decouple applications from service providers, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/). Considered alternatives include: -- 2.48.1 From b1c494006677095d6b591c80afad45b15fcea1d7 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 1 Jun 2025 20:41:55 +0200 Subject: [PATCH 27/93] expand on summary --- architecture.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index c42bbeb..10d7e46 100644 --- a/architecture.md +++ b/architecture.md @@ -193,7 +193,8 @@ Considered alternatives include: ## Architecture At the core of Fediversity lies a NixOS configuration template containing selected applications. -We use this to deploy to selected run-time environments, with targets including NixOS itself and hypervisor ProxmoX. +We support using this with different run-time environments, with targets deemed in scope including NixOS itself and hypervisor ProxmoX. +Depending on the targeted run-time environment, deployment will further involve orchestrator OpenTofu. We further provide a [reference front-end](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/panel) to configure our template. To ensure reproducibility, we also offer Nix packaging for our software. -- 2.48.1 From dbd51391dfb8df4e961ed06e13f8f3c9d6152bc7 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 11:10:05 +0200 Subject: [PATCH 28/93] remove negative formulations --- fediversity.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/fediversity.md b/fediversity.md index fc71b11..6088529 100644 --- a/fediversity.md +++ b/fediversity.md @@ -26,7 +26,7 @@ Let's make the internet once again a place where innovation empowers people and Fediversity offers portable open-source managed applications for online services, bridging gaps between their use, development, setup, integration and systems administration. The project will lay the groundwork for this in the form of documented reproducible deployment configurations. -This way we make it easier to run public infrastructure, especially in contrast to existing centralised solutions owned by Big Tech. +This way we make it easier to run public infrastructure. ## Open Source, Open Standards, Open Dependencies @@ -45,8 +45,7 @@ The Open Internet Discourse Foundation project Fediversity is an effort to bring We want to provide everyone with high-quality, secure IT systems for everyday use. Without tracking, without exploitation, in a way that makes sustainable use of the world. -The goal of this project is to have a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative, -offering an **alternative to big tech services and companies that operate closed ecosystems**. +The goal of this project is offer an **alternative to centralised online services and companies that operate closed ecosystems**, thus creating a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative. This objective aligns with the work programme topic by advancing the development of alternative digital solutions that are more user-centric and transparent. Concretely, we aim to achieve this using the following sub-goals: @@ -86,7 +85,7 @@ This is a unique feature beyond what is currently available on the market. ## Identified applications -We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy, particularly to make users less dependent online on services by 'Big Tech'. +We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy. To structure our efforts, we have categorized them into three waves, as follows: - Low-hanging fruit (courtesty of SelfHostBlocks) @@ -170,11 +169,11 @@ This diagram graphically represents the relations: Outcomes: - Freedom of choice in the tools to use and (possibly) even alter to your own liking. -- The democratic process (politics in general) not being manipulated by Big Tech (foreign) companies. +- The democratic process will be safeguarded. Target groups: -- Hosting companies looking to offer open-source applications amid the rising interest in alternatives to Big Tech. +- Hosting companies looking to offer open-source applications. - Developers looking to expand on the available applications respecting user autonomy. General outcomes @@ -210,8 +209,8 @@ Some specific possible quantitative estimates include: 1. Data portability: The focus on data portability could have significant benefits for users, allowing them to easily switch between online platforms and take their data with them. 1. Market disruption: - If our project is successful in disrupting the market dominance of big tech companies, it could have far-reaching impacts. - For example, if our platform gains a significant share of the market, it could lead to a decrease in the power of big tech companies and more competition among software services, potentially leading to improved user privacy and better options for data management. + If our project is successful, it could have far-reaching impacts. + For example, if our platform gains a significant share of the market, it could lead to more competition among software services, potentially leading to improved user privacy and better options for data management. There are several requirements and potential barriers that may determine whether the desired outcomes and impacts of the project are achieved. Some of them are: @@ -223,7 +222,7 @@ Some of them are: The project team will need to secure sufficient funding and resources to cover the costs of software development, partnerships, and promotion. Failure to secure adequate funding and resources may limit the project's ability to achieve its desired outcomes and impacts. 1. Competition: - The project will face competition from other digital service offerings, including properietary ones from big tech companies and offerings oriented at self-hosting open-source projects. + The project will face competition from other digital service offerings, including properietary ones and offerings oriented at self-hosting open-source projects. The project team will need to differentiate the platform and demonstrate its unique features and benefits. Failure to differentiate the platform from its competitors may limit the project's ability to achieve its desired outcomes and impacts. -- 2.48.1 From d9e4bfe7e86a7015f764175fc8e8cdd9c55f32b8 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 11:19:17 +0200 Subject: [PATCH 29/93] soften wording --- fediversity.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fediversity.md b/fediversity.md index 6088529..bdf0e55 100644 --- a/fediversity.md +++ b/fediversity.md @@ -42,12 +42,15 @@ No software specific for or usable by any single organisation will be created or *Fediversity: Privacy-friendly, sustainable, transparent fair.* The Open Internet Discourse Foundation project Fediversity is an effort to bring individuals and institutions easy-to-use, portable digital services with personal freedom at their core. -We want to provide everyone with high-quality, secure IT systems for everyday use. +We want to help provide everyone with high-quality, secure IT systems for everyday use. Without tracking, without exploitation, in a way that makes sustainable use of the world. The goal of this project is offer an **alternative to centralised online services and companies that operate closed ecosystems**, thus creating a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative. This objective aligns with the work programme topic by advancing the development of alternative digital solutions that are more user-centric and transparent. +The key technical aspect of Fediversity is to provide the means for easily switching between different hosting providers, or to their own infrastructure, without losing their data. +This objective is important as it promotes user control and choice, without being locked into a particular platform or service. + Concretely, we aim to achieve this using the following sub-goals: 1. Implement a way to run online services emphasising user autonomy and portability; @@ -58,9 +61,6 @@ In addition, the team will have to find ways to ensure that all parts of our ser This will promote transparency and enable end-users to verify that their data is being handled ethically and in compliance with data privacy regulations. Use of open-source software also gives users the freedom to use, modify, and distribute the software as they see fit, without restrictions or limitations. -The proposed services will also be designed to be **fully portable** (something we like to call **'service portability'**). -This means that users will be able to (easily and fully) switch between different hosting providers (as well as bare metal) without losing their data. -This objective is important as it promotes user control and choice, allowing users to choose a way of offering services that best meets their needs without being locked into a particular platform or service, and gives users the flexibility between hosted versus self-hosted options. ### Relevance @@ -78,9 +78,9 @@ The use of open-source software, along with the focus on portability, will enabl ## Ambition -### Portability of services +### Service portability -The project plans to offer portability of services, allowing users to easily export their data from the platform and import it to another platform. +The project plans to offer service portability: allowing users to easily export their data and application state from one hosting provider's environment and import it to another. This is a unique feature beyond what is currently available on the market. ## Identified applications -- 2.48.1 From 262ac9069fb6456893e9718fd390d8a2fa079d26 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 11:19:36 +0200 Subject: [PATCH 30/93] clarify wording --- fediversity.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fediversity.md b/fediversity.md index bdf0e55..f56f141 100644 --- a/fediversity.md +++ b/fediversity.md @@ -53,9 +53,9 @@ This objective is important as it promotes user control and choice, without bein Concretely, we aim to achieve this using the following sub-goals: -1. Implement a way to run online services emphasising user autonomy and portability; +1. Implement a way to run online services emphasising user autonomy and data portability; 1. Disseminate our results by engaging the open-source community to further expand on work in this direction; -1. Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services. +1. Exploit our work by enabling reproducible deployments of an initial set of portable applications. In addition, the team will have to find ways to ensure that all parts of our services use **open-source software**. This will promote transparency and enable end-users to verify that their data is being handled ethically and in compliance with data privacy regulations. @@ -88,7 +88,7 @@ This is a unique feature beyond what is currently available on the market. We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy. To structure our efforts, we have categorized them into three waves, as follows: -- Low-hanging fruit (courtesty of SelfHostBlocks) +- Low-hanging fruit (courtesy of SelfHostBlocks) - [Forgejo](https://forgejo.org/) - [Nextcloud](https://nextcloud.com/) - [Vaultwarden](https://github.com/dani-garcia/vaultwarden) -- 2.48.1 From ecf66a537dbd2a5183b83db352c4d757cf085c1a Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 11:37:59 +0200 Subject: [PATCH 31/93] tweak architecture wording --- architecture.md | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/architecture.md b/architecture.md index 10d7e46..6523ed2 100644 --- a/architecture.md +++ b/architecture.md @@ -4,8 +4,12 @@ - Developers - The group working on this repository. - We are creating the deployment workflows and service configurations. + The group maintaining this repository. + We are creating the deployment workflows and service configurations, and curate changes proposed by contributors. + +- Contributors + + People proposing changes to this repository. - Hosting provider @@ -33,11 +37,11 @@ - Application - User-facing software (e.g. from Fediverse) run by the hosting provider for an operator. + User-facing software (e.g. from Fediverse) configured by operators and used by users. - Configuration - A collection of settings for a machine running NixOS. + A collection of settings for a piece of software. > Example: Configurations are deployed to VMs. @@ -47,10 +51,8 @@ - Deploy - Put software, such as applications, onto computers. + Put software onto computers. The software includes technical configuration that links software components. - In our context, this a Configuration deployed to a runtime environment. - Most user-facing configuration remains untouched by the deployment process. - Migrate @@ -100,7 +102,7 @@ Considered alternatives include: ### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/) -SelfHostBlocks offers Nix module contracts to decouple applications from service providers, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/). +SelfHostBlocks offers Nix module contracts to decouple application configuration from implementation details, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/). Considered alternatives include: @@ -192,10 +194,10 @@ Considered alternatives include: ## Architecture -At the core of Fediversity lies a NixOS configuration template containing selected applications. -We support using this with different run-time environments, with targets deemed in scope including NixOS itself and hypervisor ProxmoX. -Depending on the targeted run-time environment, deployment will further involve orchestrator OpenTofu. -We further provide a [reference front-end](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/panel) to configure our template. +At the core of Fediversity lies a NixOS configuration module for a set of selected applications. +We will support using it with different run-time environments, such as a single NixOS machine or a ProxmoX hypervisor. +Depending on the targeted run-time environment, deployment will further involve OpenTofu as an orchestrator. +We further provide a [reference front-end](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/panel) to configure applications. To ensure reproducibility, we also offer Nix packaging for our software. To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). @@ -212,7 +214,7 @@ Relationships among the entities used to model migrations are as follows, using ### Host architecture -Whereas the core abstraction in Fediversity is a NixOS configuration template, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: +Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/host-architecture.png) @@ -261,7 +263,7 @@ Whereas details of the implementation may need to be decided as the technical ch - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - - [reference front-end decoupled from template version](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + - [reference front-end decoupled from version of configuration module](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - [Key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): - [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) -- 2.48.1 From d76c3f126427f97436029a217009dc86d16b43fa Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 11:54:53 +0200 Subject: [PATCH 32/93] trunk images --- architecture.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/architecture.md b/architecture.md index 6523ed2..171be77 100644 --- a/architecture.md +++ b/architecture.md @@ -202,13 +202,13 @@ To ensure reproducibility, we also offer Nix packaging for our software. To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/interactions.svg) +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions.svg) ### Entity relationships Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/entity-relations.svg) +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/entity-relations.svg) ### Data model @@ -216,7 +216,7 @@ Relationships among the entities used to model migrations are as follows, using Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/entity-relations/architecture-docs/host-architecture.png) +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) ## Break-down of project milestones -- 2.48.1 From b644967bf8182579a61ca190635138c7997606d1 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 13:11:21 +0200 Subject: [PATCH 33/93] expand on shb --- architecture.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/architecture.md b/architecture.md index 171be77..be7bb13 100644 --- a/architecture.md +++ b/architecture.md @@ -103,6 +103,8 @@ Considered alternatives include: ### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/) SelfHostBlocks offers Nix module contracts to decouple application configuration from implementation details, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/). +Offered contracts include back-ups, reverse proxies, single sign-on and LDAP. +In addition, we have been in contact with its creator. Considered alternatives include: -- 2.48.1 From 341c96ce060fe9e57200c41923b268e3aee0547f Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 14:45:57 +0200 Subject: [PATCH 34/93] reorder stories --- architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index be7bb13..893120d 100644 --- a/architecture.md +++ b/architecture.md @@ -225,8 +225,8 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: 1. [Implement a way to run online services emphasising user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) - - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - [deploying Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) + - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) 1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) - [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224): -- 2.48.1 From 6e385a527db6088bb6365d8682156600563edec7 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 15:44:53 +0200 Subject: [PATCH 35/93] add sample configuration schema --- architecture.md | 154 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) diff --git a/architecture.md b/architecture.md index 893120d..b622c00 100644 --- a/architecture.md +++ b/architecture.md @@ -220,6 +220,160 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) + +### Sample configuration schema + +Whereas Nix(OS) option modules use Nix to specify types, in order to communicate the expected schema to other tools such as web applications, we use [JSON Schema](https://json-schema.org/) as an intermediate format, building upon [earlier work converting between such schemas by Nix collective Clan](https://clan.lol/blog/json-schema-converter/). +An example of such a schema might looks as follows: + +```json +{ + "$exportedModuleInfo": { + "path": [] + }, + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": false, + "properties": { + "domain": { + "$exportedModuleInfo": { + "path": [ + "domain" + ] + }, + "default": "fediversity.net", + "description": "Apex domain under which the services will be deployed.\n", + "enum": [ + "fediversity.net" + ] + }, + "enable": { + "$exportedModuleInfo": { + "path": [ + "enable" + ] + }, + "default": false, + "description": "Whether to enable Fediversity configuration.", + "examples": [ + true + ], + "type": "boolean" + }, + "initialUser": { + "$exportedModuleInfo": { + "path": [ + "initialUser" + ] + }, + "default": null, + "description": "Some services require an initial user to access them.\nThis option sets the credentials for such an initial user.\n", + "oneOf": [ + { + "type": "null" + }, + { + "$exportedModuleInfo": { + "path": [ + "initialUser" + ] + }, + "additionalProperties": false, + "properties": { + "displayName": { + "$exportedModuleInfo": { + "path": [ + "initialUser", + "displayName" + ] + }, + "description": "Display name of the user", + "type": "string" + }, + "email": { + "$exportedModuleInfo": { + "path": [ + "initialUser", + "email" + ] + }, + "description": "User's email address", + "type": "string" + }, + "password": { + "$exportedModuleInfo": { + "path": [ + "initialUser", + "password" + ] + }, + "description": "Password for login", + "type": "string" + }, + "username": { + "$exportedModuleInfo": { + "path": [ + "initialUser", + "username" + ] + }, + "description": "Username for login", + "type": "string" + } + }, + "required": [ + "displayName", + "email", + "password", + "username" + ], + "type": "object" + } + ] + }, + "forgejo": { + "$exportedModuleInfo": { + "path": [ + "forgejo" + ] + }, + "default": null, + "description": "Configuration for the Forgejo service\n", + "oneOf": [ + { + "type": "null" + }, + { + "$exportedModuleInfo": { + "path": [ + "forgejo" + ] + }, + "additionalProperties": false, + "properties": { + "enable": { + "$exportedModuleInfo": { + "path": [ + "forgejo", + "enable" + ] + }, + "default": false, + "description": "Whether to enable Forgejo.", + "examples": [ + true + ], + "type": "boolean" + } + }, + "type": "object" + } + ] + } + }, + "type": "object" +} +``` + ## Break-down of project milestones Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: -- 2.48.1 From 4dd87091aff399a9e992eb9b559204ac731259a0 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 2 Jun 2025 17:31:40 +0200 Subject: [PATCH 36/93] expand on service portability --- architecture.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/architecture.md b/architecture.md index b622c00..9fb033c 100644 --- a/architecture.md +++ b/architecture.md @@ -206,7 +206,15 @@ To reach our goals, we aim to implement the following interactions between [acto ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions.svg) -### Entity relationships +### Service portability + +The process of migrating one's applications to a different host encompasses: + +1. domain registration: using dynamic DNS +1. deployed applications: using the reproducible configuration module +1. application data: + - back-up/restore scripts [using SelfHostBlocks](https://shb.skarabox.com/contracts.html) + - application-specific migration scripts, to e.g. reconfigure of connections/URLs Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: @@ -220,7 +228,6 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) - ### Sample configuration schema Whereas Nix(OS) option modules use Nix to specify types, in order to communicate the expected schema to other tools such as web applications, we use [JSON Schema](https://json-schema.org/) as an intermediate format, building upon [earlier work converting between such schemas by Nix collective Clan](https://clan.lol/blog/json-schema-converter/). -- 2.48.1 From 3390d5c82e270a9be4c03bc58615437eae36da5e Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 4 Jun 2025 15:35:18 +0200 Subject: [PATCH 37/93] update DNS migration to mention registrar SOA/NS update --- architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index 9fb033c..63dd5e1 100644 --- a/architecture.md +++ b/architecture.md @@ -210,7 +210,7 @@ To reach our goals, we aim to implement the following interactions between [acto The process of migrating one's applications to a different host encompasses: -1. domain registration: using dynamic DNS +1. domain registration: involves a (manual) update of DNS records at the registrar 1. deployed applications: using the reproducible configuration module 1. application data: - back-up/restore scripts [using SelfHostBlocks](https://shb.skarabox.com/contracts.html) -- 2.48.1 From 7f42f8e70325d560d3bb91ad7a1c912c151282b9 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 4 Jun 2025 16:11:15 +0200 Subject: [PATCH 38/93] reword technical goal to better set expectations on not directly offering all applications we will ultimately want --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index f56f141..886c569 100644 --- a/fediversity.md +++ b/fediversity.md @@ -48,7 +48,7 @@ Without tracking, without exploitation, in a way that makes sustainable use of t The goal of this project is offer an **alternative to centralised online services and companies that operate closed ecosystems**, thus creating a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative. This objective aligns with the work programme topic by advancing the development of alternative digital solutions that are more user-centric and transparent. -The key technical aspect of Fediversity is to provide the means for easily switching between different hosting providers, or to their own infrastructure, without losing their data. +The key technical aspect of Fediversity is to provide the framework for applications to easily switch between different hosting providers, or to their own infrastructure, without losing their data. This objective is important as it promotes user control and choice, without being locked into a particular platform or service. Concretely, we aim to achieve this using the following sub-goals: -- 2.48.1 From da900c3969d6806eec7e6a22361772e32f871e7e Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 4 Jun 2025 22:31:17 +0200 Subject: [PATCH 39/93] add data model as per https://git.fediversity.eu/Fediversity/meta/pulls/31 --- architecture.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/architecture.md b/architecture.md index 63dd5e1..8ff8e7b 100644 --- a/architecture.md +++ b/architecture.md @@ -222,6 +222,11 @@ Relationships among the entities used to model migrations are as follows, using ### Data model +Whereas the bulk of our configuration logic is covered in the [configuration schema](#sample-configuration-schema), our reference front-end application does in fact store data. +The design for its data model to support the desired functionality is as follows: + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/panel-data-model/architecture-docs/panel-data-model.svg) + ### Host architecture Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: -- 2.48.1 From 8764276d3904c007f719df709be1581d36b5dc6d Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 4 Jun 2025 22:52:46 +0200 Subject: [PATCH 40/93] rephrase developers/contributors to the broader maintainers vs developers --- architecture.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/architecture.md b/architecture.md index 8ff8e7b..f362ab4 100644 --- a/architecture.md +++ b/architecture.md @@ -2,14 +2,14 @@ ## Actors -- Developers +- Maintainers The group maintaining this repository. - We are creating the deployment workflows and service configurations, and curate changes proposed by contributors. - -- Contributors + We are creating the deployment workflows and service configurations, and curate changes proposed by contributing developers. - People proposing changes to this repository. +- Developers + + People with the technical background to engage with our work, and may contribute back, build on top of, remix, or feel inspired by our work to create something better. - Hosting provider -- 2.48.1 From 4c9b2ca876fe6e7b69079d6f324f5e172f7c5367 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 4 Jun 2025 23:07:05 +0200 Subject: [PATCH 41/93] dns: powerdns -> octodns --- architecture.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/architecture.md b/architecture.md index f362ab4..942e162 100644 --- a/architecture.md +++ b/architecture.md @@ -166,14 +166,13 @@ Considered alternatives include: - ElasticSearch: not open-source -### [PowerDNS](https://github.com/PowerDNS/pdns) +### [OctoDNS](https://github.com/octodns/octodns) -PowerDNS is a mature DNS server. It further offers an admin front-end. +OctoDNS is a DNS server that may be configured using the Nix-native [NixOS-DNS](https://janik-haag.github.io/NixOS-DNS/). Considered alternatives include: -- hickory-dns: no front-end -- core-dns: no front-end +- PowerDNS: offers a front-end option, but less geared toward the use-case of configuring by Nix ### [Authelia](https://github.com/authelia/authelia) -- 2.48.1 From 0b43de1ef5b7aa9670fe33a7e0cc5e54d114ef90 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 09:06:06 +0200 Subject: [PATCH 42/93] ditch entity relations diagram over redundancy with data model and interactions --- architecture.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/architecture.md b/architecture.md index 942e162..bcf3ae4 100644 --- a/architecture.md +++ b/architecture.md @@ -215,14 +215,10 @@ The process of migrating one's applications to a different host encompasses: - back-up/restore scripts [using SelfHostBlocks](https://shb.skarabox.com/contracts.html) - application-specific migration scripts, to e.g. reconfigure of connections/URLs -Relationships among the entities used to model migrations are as follows, using the crow's foot notation to denote cardinality: - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/entity-relations.svg) - ### Data model Whereas the bulk of our configuration logic is covered in the [configuration schema](#sample-configuration-schema), our reference front-end application does in fact store data. -The design for its data model to support the desired functionality is as follows: +The design for its data model to support the desired functionality is as follows, using the crow's foot notation to denote cardinality: ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/panel-data-model/architecture-docs/panel-data-model.svg) -- 2.48.1 From 5048933f6d7c4b4c36c8ce3c87ccd51854af0325 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 10:44:02 +0200 Subject: [PATCH 43/93] add revised project planning --- architecture.md | 28 ++++++++++++++-------------- fediversity.md | 7 +++---- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/architecture.md b/architecture.md index bcf3ae4..8da7baa 100644 --- a/architecture.md +++ b/architecture.md @@ -387,6 +387,20 @@ Whereas details of the implementation may need to be decided as the technical ch 1. [Implement a way to run online services emphasising user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) - [deploying Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) + - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): + - automated provisioning of: + - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) + - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) + - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) + - [admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) + - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) + - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) + - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + - [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) + - [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) + - [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + - [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) 1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) @@ -408,20 +422,6 @@ Whereas details of the implementation may need to be decided as the technical ch - [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) 1. [Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) - - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): - - automated provisioning of: - - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) - - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) - - [admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - - [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) - - [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) - - [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - - [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) - [Software ready for web hosts to take into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228): - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) diff --git a/fediversity.md b/fediversity.md index 886c569..256f6c1 100644 --- a/fediversity.md +++ b/fediversity.md @@ -153,10 +153,10 @@ In order to deal with this, we will have to keep up with the change and at the s To give a clear view of what interdepencies we expect: 1. Project Management: will keep an overview of all other Work Packages. -1. Vertical partners: will offer a 'feedback loop' and feed to WP5 +1. Vertical Hosting: will offer a 'feedback loop' and feed to WP5 1. Open calls and grant management: will feed back to the verticals and feed to WP5 1. Enhancement & Usability: will feed back to the verticals and feed to WP5 -1. Outreach & Dissemination +1. Dissemination & Outreach This diagram graphically represents the relations: @@ -733,5 +733,4 @@ Consortium members have been instructed to stay clear from project proposals fro # Overview of project displayed in a Gantt chart - -TODO +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/proposal-gantt/planning/gantt.svg) -- 2.48.1 From 1a40a82e86e713244db5357ef70138581e0952ef Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 10:50:42 +0200 Subject: [PATCH 44/93] update interdependencies --- fediversity.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fediversity.md b/fediversity.md index 256f6c1..1476481 100644 --- a/fediversity.md +++ b/fediversity.md @@ -148,15 +148,16 @@ Where and if possible we will automate these checks and integrate them in a 24/7 Another challenge is that much of the software we aim to implement is still fairly new and as a result still changes frequently. In order to deal with this, we will have to keep up with the change and at the same time provide a stable and predictable experience to our users. -## Work package interdependancies +## Work package interdependencies To give a clear view of what interdepencies we expect: 1. Project Management: will keep an overview of all other Work Packages. +1. Implementation: will make for the core software needed for further Work Packages. 1. Vertical Hosting: will offer a 'feedback loop' and feed to WP5 -1. Open calls and grant management: will feed back to the verticals and feed to WP5 1. Enhancement & Usability: will feed back to the verticals and feed to WP5 1. Dissemination & Outreach +1. Open calls and grant management: will feed back to the vertical and feed to WP5 This diagram graphically represents the relations: -- 2.48.1 From f826a9f64ec0d6f54c73f1c0373b61a8d3fc135a Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 11:18:33 +0200 Subject: [PATCH 45/93] add diagram work package interdependencies --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 1476481..ea66dfd 100644 --- a/fediversity.md +++ b/fediversity.md @@ -161,7 +161,7 @@ To give a clear view of what interdepencies we expect: This diagram graphically represents the relations: - +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/proposal-gantt/planning/work-packages.png) # Impact -- 2.48.1 From 3a786fda3267816c1e962620a9dd0d0f92e80042 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 12:24:44 +0200 Subject: [PATCH 46/93] tweak proposal --- fediversity.md | 63 ++++++++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 35 deletions(-) diff --git a/fediversity.md b/fediversity.md index ea66dfd..ef2e1d1 100644 --- a/fediversity.md +++ b/fediversity.md @@ -31,7 +31,6 @@ This way we make it easier to run public infrastructure. ## Open Source, Open Standards, Open Dependencies All software used, produced or needed by our project and it's outcomes will be licensed under a valid Open Source Software license, will not be encumbered by patents unless covered under the Open Invention Network and will not use API's or services that are not reproducible in a fully free manner. -The only exception is for the UX design test-lab environment that will be used to ensure maximum interoperability with closed source but widely used systems and software (like operating systems and web-browsers). No software specific for or usable by any single organisation will be created or produced under this grant. @@ -57,21 +56,19 @@ Concretely, we aim to achieve this using the following sub-goals: 1. Disseminate our results by engaging the open-source community to further expand on work in this direction; 1. Exploit our work by enabling reproducible deployments of an initial set of portable applications. -In addition, the team will have to find ways to ensure that all parts of our services use **open-source software**. -This will promote transparency and enable end-users to verify that their data is being handled ethically and in compliance with data privacy regulations. -Use of open-source software also gives users the freedom to use, modify, and distribute the software as they see fit, without restrictions or limitations. - +In addition, the team will ensure that all parts of our services use **open-source software**. +This will promote transparency and gives users the freedom to use, modify, and distribute the software as they see fit, without restrictions or limitations. ### Relevance -Overall, this proposal is highly relevant to the HORIZON EU Programme, specifically to the Human-centric Internet topic. +This proposal is highly relevant to the HORIZON EU Programme, specifically to the Human-centric Internet topic. The objective of this topic is to support research and innovation in creating a more human-centric internet that prioritises user privacy, security, and control, while also promoting the ethical use of technology. -The proposed work aligns with this objective by show-casing a way to run digital services that prioritises user control and privacy, and by using open-source software and hardware to promote transparency and ethical use. +The proposed work aligns with this objective by show-casing a way to run digital services that prioritises user control and privacy, and by using open-source software to promote transparency and ethical use. ### Measurability -Measuring the success of this objective will depend on several metrics, such as the number of organisations and institutions that adopt our work directly or indirectly, and its impact within the open-source community. -Verifying the success of this objective will require user/developer feedback, engagement metrics, and independent audits to ensure that our services are meeting the highest standards of privacy and security. +The success of this objective will depend on several metrics, such as the number of organisations and institutions that adopt our work directly or indirectly, and its impact within the open-source community. +This will require user/developer feedback and engagement metrics to ensure that our services are meeting the highest standards of quality. The proposed work is realistically achievable. The use of open-source software, along with the focus on portability, will enable the proposed services to be easily adopted by our target audiences. @@ -85,7 +82,7 @@ This is a unique feature beyond what is currently available on the market. ## Identified applications -We have identified a number of applications as potentially relevant targets to offer as part of our project, emphasising the value to users' digital autonomy. +We have identified a number of applications as relevant targets to offer as part of our project, emphasising the value to users' digital autonomy. To structure our efforts, we have categorized them into three waves, as follows: - Low-hanging fruit (courtesy of SelfHostBlocks) @@ -105,16 +102,16 @@ Considerations taking into account in the selection of applications to be implem As the initial application to be supported, we have selected [Forgejo](https://forgejo.org/), given it: -1. is supported in [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks) -1. relevant features are merged upstream (c.f. Vaultwarden, where support for single sign-on is still outstanding) -1. uses a language featuring static typing, offering it a baseline level of robustness +1. is supported in [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks), facilitating implementation 1. is part of our own infrastructure, allowing us to bootstrap 1. given the above, makes our development team self-sufficient for the purpose of its initial user feedback cycle +1. relevant features are merged upstream (c.f. Vaultwarden, where support for single sign-on is still outstanding) +1. uses a language featuring static typing, offering it a baseline level of robustness Which other packages we will decide to support will depend further on the packages that will be adressed in the 'subgrant projects' that will be requested in the 'open calls'. In finalising our initial selection, both with regard to quality-quantity trade-offs as well as relative priority among the identified applications, we will coordinate with relevant stakeholders as the project matures. -Our consideration to limit the initial list of supported applications is to keep focus on our core innovation, as properly adding support for applications involves at least: +Our consideration to limit the initial list of supported applications is to keep focus on our core innovation, as properly adding support for applications may involve: - PoC: - compartmentalising state for backups/portability/redundancy @@ -127,13 +124,13 @@ Our consideration to limit the initial list of supported applications is to keep - hardening - post-MVP: - handling backward-incompatible setting interface changes - - coordinate with end-users to improve the user experience + - coordinating with end-users to improve the user experience - if missing first-class Nix support: - - package for Nix - - create NixOS service module - - integrate with identified contracts (see SelfHostBlocks) - - maintain the above on version updates - - coordinate with upstream developers on immutable-friendly development + - packaging for Nix + - creating NixOS service module + - integrating with identified contracts (see SelfHostBlocks) + - maintaining the above on version updates + - coordinating with upstream developers on immutable-friendly development The result of the work in the hosting vertical should be generic enough to support all NGI packages sufficiently documented and packaged in NixOS. @@ -142,11 +139,11 @@ The result of the work in the hosting vertical should be generic enough to suppo One of the challenges we have identified is ensuring the security and privacy of our users' data, even if we will not collect this directly. To overcome this challenge, we will use industry-standard open-source encryption methods and regularly update our software and hardware solutions to stay ahead of potential threats. We will also need to work with experts in data privacy and cybersecurity to ensure that our software is secure and protect user data. -A periodic (monthly or bi-monthly) check if all security measures have been taken and if any updates are needed will be held. -Where and if possible we will automate these checks and integrate them in a 24/7 monitoring system. +Before having the software enter production, a periodic security check (monthly or bi-monthly) will be held to verify required security measures have been taken and to check if any updates are needed. +Where and if possible, we will automate these checks and integrate them in a 24/7 monitoring system. -Another challenge is that much of the software we aim to implement is still fairly new and as a result still changes frequently. -In order to deal with this, we will have to keep up with the change and at the same time provide a stable and predictable experience to our users. +Another challenge is that some of the software we aim to build upon is still somewhat new and as a result may still change more frequently. +In order to deal with this, we will have to keep up with potential changes and at the same time provide a stable and predictable experience to our users. ## Work package interdependencies @@ -170,31 +167,31 @@ This diagram graphically represents the relations: Outcomes: - Freedom of choice in the tools to use and (possibly) even alter to your own liking. -- The democratic process will be safeguarded. +- The democratic process may be safeguarded. Target groups: - Hosting companies looking to offer open-source applications. - Developers looking to expand on the available applications respecting user autonomy. -General outcomes +General outcomes: The outcomes and impacts of your project may: - Give a better understanding of how to implement, maintain and run open-source managed applications respecting user autonomy. - Give companies and organizations that specialize in web hosting a better starting point in offering such applications. -Technological outcomes +Technological outcomes: - An increase in solutions around autonomous managed applications as well as in number of software packages supported by such solutions. - Increased engagement with and innovation around open-source software, stemming from lowered barriers toward their adoption. -Economic outcomes +Economic outcomes: - An uptake in the number of open-source managed applications offered by web hosts, as it becomes easier to offer these. - Increased adoption of privacy-respecting software, as it becomes easier to consume these through the above-mentioned hosts. -Societal outcomes +Societal outcomes: - The proposed platform could contribute to the creation of a more open and democratic digital landscape, where users have more control over their data and online interactions. - The platform's focus on privacy and data portability could lead to greater trust in open-source digital platforms, which in turn could lead to increased participation and innovation. @@ -211,7 +208,7 @@ Some specific possible quantitative estimates include: The focus on data portability could have significant benefits for users, allowing them to easily switch between online platforms and take their data with them. 1. Market disruption: If our project is successful, it could have far-reaching impacts. - For example, if our platform gains a significant share of the market, it could lead to more competition among software services, potentially leading to improved user privacy and better options for data management. + For example, if our software gains a significant share of the market, it could lead to more competition among online software services, potentially leading to improved user privacy and better options for data management. There are several requirements and potential barriers that may determine whether the desired outcomes and impacts of the project are achieved. Some of them are: @@ -272,7 +269,7 @@ There are several communication strategies and measures that we will utilise dur It will be used to share updates, news, publications, and other project-related information. The website will be designed to be accessible and user-friendly. 1. Using social media: - We will reach out to Fediverse channels (e.g. Mastodon, Pixelfed, Peertube and Owncast) as well as commercial social media platforms such as X, LinkedIn, and Facebook to reach a wider audience and share project-related news and updates. + We will reach out to Fediverse channels (e.g. Mastodon, Pixelfed, Peertube and Owncast) as well as commercial social media platforms such as BlueSky, Threads, and LinkedIn to reach a wider audience and share project-related news and updates. Social media are used to engage with stakeholders and respond to their queries and feedback. While our values may be closer aligned with the open-source social media, we will also still have use for the commercial ones to spread our message initially. 1. Organising workshops and events: @@ -368,10 +365,6 @@ Table 3.1h: Purchase costs | Description | Category | Cost (€) | Justification | |-|-|-|-| -| Test hardware | Other goods, works and services | 200.000 |

For our UX research we need to acquire a reasonable diverse set of tablets, PC's and mobile phones so that we can support actually used devices. This is essential to deliver the kind of support people expect from software in general, but cloud services (like our products from the NGI technologies we choose). We want to create a test lab that is also accessible to the chosen technology developers at request. We will at least need to acquire the latest new models of popular phones and tablets other devices every 3 months (estimated total of 60 devices by the end of the project) and new models of laptops, chromebooks and the likes every 6 months (estimated total of 30 devices by the end of the project) and a few PC's with various form-factors and operating systems (estimated total of 24 devices by the end of the project). We expect to be using about 50.000 of the budget for this.

Another substantial part will be used for a test-setup 'at scale' for running the actual services: server-hardware, networking-hardware, storage-systems. Also we need to account for hosting and networking-costs in dual locations.

We will acquire about 80 server-systems, 12 storage-systems, and some networking equipment housed in two locations. All hardware will be second-hand as to keep cost low.

For this we expect to be using about 130.000 of the budget.

The remaining 20.000 euro we want to spend on two or four openhardware servers based on OpenPower to run a small pilot as part of the test/development setup to see where it makes sense to use OpenHardware in the setup for running Fediversity software.

| -| Remaining purchase costs |   | 10.000 | Is for promotion and marketing material like stickers, banners, and other promotional material to hand out on each and every event we will visit. | -| Travel and subsistence |   | 15.000 | Will be used for traveling between the Netherlands, the Nordics, France and the rest of Europe for attending conferences and other meetups. | -| Total |   | 225.000 |   | Table 3.1.i: Other costs categories -- 2.48.1 From 985e7b5dc9e56a35dc6cfc50366dbd0bf0a3db70 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 12:30:00 +0200 Subject: [PATCH 47/93] data model max width --- architecture.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/architecture.md b/architecture.md index 8da7baa..b3225fc 100644 --- a/architecture.md +++ b/architecture.md @@ -220,7 +220,7 @@ The process of migrating one's applications to a different host encompasses: Whereas the bulk of our configuration logic is covered in the [configuration schema](#sample-configuration-schema), our reference front-end application does in fact store data. The design for its data model to support the desired functionality is as follows, using the crow's foot notation to denote cardinality: -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/panel-data-model/architecture-docs/panel-data-model.svg) + ### Host architecture @@ -427,7 +427,7 @@ Whereas details of the implementation may need to be decided as the technical ch - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - [reference front-end decoupled from version of configuration module](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - - [security audit](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + - [security check](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - [Key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): - [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) -- 2.48.1 From b028ee4a5f650792c0173db24ca57199746745c3 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 5 Jun 2025 13:14:54 +0200 Subject: [PATCH 48/93] add cache --- architecture.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/architecture.md b/architecture.md index b3225fc..5f05897 100644 --- a/architecture.md +++ b/architecture.md @@ -193,6 +193,14 @@ Considered alternatives include: - 389 DS: older larger package - FreeIPA: wrapper around 389 DS +### [Attic](https://github.com/zhaofengli/attic) + +Attic is a multi-tenant Nix cache featuring recency-based garbage collection written in Rust. + +Considered alternatives include: + +- cache-server: distributed cache written in Python that seems more of a research project than an actively maintained repository. + ## Architecture At the core of Fediversity lies a NixOS configuration module for a set of selected applications. -- 2.48.1 From edecc2bbdeaeb324cd2725c614230acc040ace51 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 6 Jun 2025 11:09:14 +0200 Subject: [PATCH 49/93] trunk data model svg --- architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index 5f05897..6f17103 100644 --- a/architecture.md +++ b/architecture.md @@ -228,7 +228,7 @@ The process of migrating one's applications to a different host encompasses: Whereas the bulk of our configuration logic is covered in the [configuration schema](#sample-configuration-schema), our reference front-end application does in fact store data. The design for its data model to support the desired functionality is as follows, using the crow's foot notation to denote cardinality: - + ### Host architecture -- 2.48.1 From 5ce5233063462cbf2b19e414df0c35e7ef211349 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 6 Jun 2025 16:27:47 +0200 Subject: [PATCH 50/93] rm sampl json schema for being technical and provisional --- architecture.md | 155 +----------------------------------------------- 1 file changed, 1 insertion(+), 154 deletions(-) diff --git a/architecture.md b/architecture.md index 6f17103..7295d4b 100644 --- a/architecture.md +++ b/architecture.md @@ -225,7 +225,7 @@ The process of migrating one's applications to a different host encompasses: ### Data model -Whereas the bulk of our configuration logic is covered in the [configuration schema](#sample-configuration-schema), our reference front-end application does in fact store data. +Whereas the bulk of our configuration logic is covered in the configuration schema, our reference front-end application does in fact store data. The design for its data model to support the desired functionality is as follows, using the crow's foot notation to denote cardinality: @@ -236,159 +236,6 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) -### Sample configuration schema - -Whereas Nix(OS) option modules use Nix to specify types, in order to communicate the expected schema to other tools such as web applications, we use [JSON Schema](https://json-schema.org/) as an intermediate format, building upon [earlier work converting between such schemas by Nix collective Clan](https://clan.lol/blog/json-schema-converter/). -An example of such a schema might looks as follows: - -```json -{ - "$exportedModuleInfo": { - "path": [] - }, - "$schema": "http://json-schema.org/draft-07/schema#", - "additionalProperties": false, - "properties": { - "domain": { - "$exportedModuleInfo": { - "path": [ - "domain" - ] - }, - "default": "fediversity.net", - "description": "Apex domain under which the services will be deployed.\n", - "enum": [ - "fediversity.net" - ] - }, - "enable": { - "$exportedModuleInfo": { - "path": [ - "enable" - ] - }, - "default": false, - "description": "Whether to enable Fediversity configuration.", - "examples": [ - true - ], - "type": "boolean" - }, - "initialUser": { - "$exportedModuleInfo": { - "path": [ - "initialUser" - ] - }, - "default": null, - "description": "Some services require an initial user to access them.\nThis option sets the credentials for such an initial user.\n", - "oneOf": [ - { - "type": "null" - }, - { - "$exportedModuleInfo": { - "path": [ - "initialUser" - ] - }, - "additionalProperties": false, - "properties": { - "displayName": { - "$exportedModuleInfo": { - "path": [ - "initialUser", - "displayName" - ] - }, - "description": "Display name of the user", - "type": "string" - }, - "email": { - "$exportedModuleInfo": { - "path": [ - "initialUser", - "email" - ] - }, - "description": "User's email address", - "type": "string" - }, - "password": { - "$exportedModuleInfo": { - "path": [ - "initialUser", - "password" - ] - }, - "description": "Password for login", - "type": "string" - }, - "username": { - "$exportedModuleInfo": { - "path": [ - "initialUser", - "username" - ] - }, - "description": "Username for login", - "type": "string" - } - }, - "required": [ - "displayName", - "email", - "password", - "username" - ], - "type": "object" - } - ] - }, - "forgejo": { - "$exportedModuleInfo": { - "path": [ - "forgejo" - ] - }, - "default": null, - "description": "Configuration for the Forgejo service\n", - "oneOf": [ - { - "type": "null" - }, - { - "$exportedModuleInfo": { - "path": [ - "forgejo" - ] - }, - "additionalProperties": false, - "properties": { - "enable": { - "$exportedModuleInfo": { - "path": [ - "forgejo", - "enable" - ] - }, - "default": false, - "description": "Whether to enable Forgejo.", - "examples": [ - true - ], - "type": "boolean" - } - }, - "type": "object" - } - ] - } - }, - "type": "object" -} -``` - ## Break-down of project milestones Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: -- 2.48.1 From 2c47d644d89ff03b86c0c125cca9014a8ef1264f Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 6 Jun 2025 16:41:09 +0200 Subject: [PATCH 51/93] update WP names --- fediversity.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fediversity.md b/fediversity.md index ef2e1d1..4dcefb2 100644 --- a/fediversity.md +++ b/fediversity.md @@ -150,11 +150,11 @@ In order to deal with this, we will have to keep up with potential changes and a To give a clear view of what interdepencies we expect: 1. Project Management: will keep an overview of all other Work Packages. -1. Implementation: will make for the core software needed for further Work Packages. 1. Vertical Hosting: will offer a 'feedback loop' and feed to WP5 -1. Enhancement & Usability: will feed back to the verticals and feed to WP5 -1. Dissemination & Outreach +1. Vertical Public Organisations: (dropped) 1. Open calls and grant management: will feed back to the vertical and feed to WP5 +1. Enhancement & Usability: will feed back to the verticals and feed to WP5 +1. Outreach & Dissemination This diagram graphically represents the relations: -- 2.48.1 From d2cf5ce601fc097427e6cdfb5fcebbe5b8c3f870 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 6 Jun 2025 16:41:39 +0200 Subject: [PATCH 52/93] minor edits from call --- fediversity.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/fediversity.md b/fediversity.md index 4dcefb2..3314698 100644 --- a/fediversity.md +++ b/fediversity.md @@ -49,6 +49,7 @@ This objective aligns with the work programme topic by advancing the development The key technical aspect of Fediversity is to provide the framework for applications to easily switch between different hosting providers, or to their own infrastructure, without losing their data. This objective is important as it promotes user control and choice, without being locked into a particular platform or service. +It would be a unique feature beyond what is currently available on the market. Concretely, we aim to achieve this using the following sub-goals: @@ -57,7 +58,7 @@ Concretely, we aim to achieve this using the following sub-goals: 1. Exploit our work by enabling reproducible deployments of an initial set of portable applications. In addition, the team will ensure that all parts of our services use **open-source software**. -This will promote transparency and gives users the freedom to use, modify, and distribute the software as they see fit, without restrictions or limitations. +This will promote transparency and gives users the freedom to use, modify, and distribute the software as they see fit, without artificial restrictions or limitations. ### Relevance @@ -75,10 +76,6 @@ The use of open-source software, along with the focus on portability, will enabl ## Ambition -### Service portability - -The project plans to offer service portability: allowing users to easily export their data and application state from one hosting provider's environment and import it to another. -This is a unique feature beyond what is currently available on the market. ## Identified applications -- 2.48.1 From 6eea5d729ada3862047f4634ef219efb8f7a7c06 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 6 Jun 2025 17:04:24 +0200 Subject: [PATCH 53/93] sharpen scope of audience and metrics who ever owns the budget needs to decide on the target audience for communication. very likely the current technical scope will be primarily interesting for developers (somewhat familiar, ideally proficient with Nix), i.e. integrators that would use Fediversity as a library for their hosting product. the UI demo would merely show the principle, but from the current state of affairs it's unlikely we'll be able to "sell" it as a turn-key solution to non-experts. --- fediversity.md | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/fediversity.md b/fediversity.md index 3314698..369d022 100644 --- a/fediversity.md +++ b/fediversity.md @@ -68,13 +68,9 @@ The proposed work aligns with this objective by show-casing a way to run digital ### Measurability -The success of this objective will depend on several metrics, such as the number of organisations and institutions that adopt our work directly or indirectly, and its impact within the open-source community. -This will require user/developer feedback and engagement metrics to ensure that our services are meeting the highest standards of quality. - +Tests will concisely describe the abilities the Fediversity system provides. +these tests can be run on any sufficiently powerful machine with Nix installed, and reliably validate that the use cases work as intended. The proposed work is realistically achievable. -The use of open-source software, along with the focus on portability, will enable the proposed services to be easily adopted by our target audiences. - -## Ambition ## Identified applications @@ -248,10 +244,8 @@ Concrete examples of dissemination activities for our project will include: - Maintain and highlight instant messaging channels where developers might ask questions and discuss potential improvements to the software. - Creating a comprehensive user guide and knowledge base that provides detailed instructions and answers to common questions about the software, and making this guide available on the platform's website and social media channels. - Hosting a webinar series that showcases the features and functionalities of our software, and provides tips and best practices for using it effectively. -- Partnering with industry associations and advocacy groups that promote open-source software and digital rights, and working with them to promote our platform to their members and followers. - Such organizations include [SDEPS](https://www.sdeps.eu/), [PublicSpaces](https://publicspaces.net/), [Internet Society](https://www.internetsociety.org/), [EDRi](https://edri.org/), [GÉANT](https://geant.org/), [RIPE](https://www.ripe.net/), [ECO](https://www.eco.de/), [APELL](https://www.apell.info/) [CENTR](https://www.centr.org/), [DINL](https://www.dinl.nl/), [EuroISPA](https://www.euroispa.org/) and [EFF](https://eff.org/). -- Participating in relevant conferences and events to raise awareness of our project and engage with potential users and partners, such as those focused on hosting, open-source software, digital rights, and public sector innovation, and showcasing our software in demos and presentations. - These will include hosting events (e.g. [Cloud Expo Europe](https://www.cloudexpoeurope.com/), [Cloudfest](https://www.cloudfest.com/), [Web Summit](https://websummit.com/)) and developer events like [NixCon](https://nixcon.org), [FOSDEM](https://fosdem.org/), [OW2Con](https://www.ow2con.org/) and [CCC Congress](https://events.ccc.de/) to inform a diverse audience of the benefits of our stack and the other NGI technology solutions we are promoting. +- Participating in relevant conferences and events to raise awareness of our project and engage with potential users and partners, such as those focused on Nix, and showcasing our software in demos and presentations. + These will include developer events like [NixCon](https://nixcon.org), [FOSDEM](https://fosdem.org/) and [CCC Congress](https://events.ccc.de/) to inform a diverse audience of the benefits of our stack and the other NGI technology solutions we are promoting. ### Communication @@ -288,9 +282,8 @@ There are several communication strategies and measures that we will utilise dur Planned exploitation measures, primarily aimed at hosting organisations, include: -1. Develop and offer training sessions and workshops, showcasing the features and benefits of the software and how it can be used to offer portable services. -1. Develop case studies or success stories featuring hosting organisations that have successfully implemented the platform, highlighting public reception to their offering. -1. Partner with industry associations and conferences to increase visibility and reach among hosting organisations, public sector decision-makers and influencers. +1. Work on integrating the software in an open-source package based around the use-case of a hosting provider. +1. Help document the integration as well as the original software to facilitate further work in this direction. ## Project content and handling of intellectual property risks -- 2.48.1 From e0bb8adabea2e22453c8dc80e2ede6981a604a2e Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 6 Jun 2025 17:08:26 +0200 Subject: [PATCH 54/93] focus on a single application following capacity --- architecture.md | 1 - fediversity.md | 26 ++------------------------ 2 files changed, 2 insertions(+), 25 deletions(-) diff --git a/architecture.md b/architecture.md index 7295d4b..e4cf8bf 100644 --- a/architecture.md +++ b/architecture.md @@ -290,7 +290,6 @@ Whereas details of the implementation may need to be decided as the technical ch - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) - [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - - [completed initial application offering](https://git.fediversity.eu/Fediversity/Fediversity/issues/350) - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) diff --git a/fediversity.md b/fediversity.md index 369d022..e5badfa 100644 --- a/fediversity.md +++ b/fediversity.md @@ -72,39 +72,17 @@ Tests will concisely describe the abilities the Fediversity system provides. these tests can be run on any sufficiently powerful machine with Nix installed, and reliably validate that the use cases work as intended. The proposed work is realistically achievable. - ## Identified applications -We have identified a number of applications as relevant targets to offer as part of our project, emphasising the value to users' digital autonomy. -To structure our efforts, we have categorized them into three waves, as follows: - -- Low-hanging fruit (courtesy of SelfHostBlocks) - - [Forgejo](https://forgejo.org/) - - [Nextcloud](https://nextcloud.com/) - - [Vaultwarden](https://github.com/dani-garcia/vaultwarden) -- Host-oriented - - [PowerDNS-Admin](https://github.com/PowerDNS-Admin/PowerDNS-Admin) - - [Stalwart](https://stalw.art/) email server - - [Matrix](https://www.matrix.org/) chat server [Dendrite](https://element-hq.github.io/dendrite/) + web client [Element](https://element.io/) -- Socials - - [Mastodon](https://joinmastodon.org/) - - [Pixelfed](https://pixelfed.org/) - - [Peertube](https://joinpeertube.org/) - -Considerations taking into account in the selection of applications to be implemented include their added value, maturity, security, how well they complement our other applications, support for identity management standards such as OIDC and LDAP, software license, ease of implementation, documentation, strategic relevance in protecting user privacy and autonomy, and the availability of viable alternatives. - As the initial application to be supported, we have selected [Forgejo](https://forgejo.org/), given it: 1. is supported in [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks), facilitating implementation 1. is part of our own infrastructure, allowing us to bootstrap 1. given the above, makes our development team self-sufficient for the purpose of its initial user feedback cycle -1. relevant features are merged upstream (c.f. Vaultwarden, where support for single sign-on is still outstanding) +1. relevant features are merged upstream 1. uses a language featuring static typing, offering it a baseline level of robustness -Which other packages we will decide to support will depend further on the packages that will be adressed in the 'subgrant projects' that will be requested in the 'open calls'. -In finalising our initial selection, both with regard to quality-quantity trade-offs as well as relative priority among the identified applications, we will coordinate with relevant stakeholders as the project matures. - -Our consideration to limit the initial list of supported applications is to keep focus on our core innovation, as properly adding support for applications may involve: +Our consideration to limit the initially supported applications is to keep focus on our core innovation, as properly adding support for applications may involve: - PoC: - compartmentalising state for backups/portability/redundancy -- 2.48.1 From 4d2d6a120561eef860aae6680cd6663e4b698c25 Mon Sep 17 00:00:00 2001 From: cinereal Date: Tue, 10 Jun 2025 17:56:38 +0200 Subject: [PATCH 55/93] update application offering following #369 c.f. https://git.fediversity.eu/Fediversity/Fediversity/issues/369 --- fediversity.md | 42 ++++++++++++++---------------------------- 1 file changed, 14 insertions(+), 28 deletions(-) diff --git a/fediversity.md b/fediversity.md index e5badfa..6df5ad2 100644 --- a/fediversity.md +++ b/fediversity.md @@ -72,38 +72,24 @@ Tests will concisely describe the abilities the Fediversity system provides. these tests can be run on any sufficiently powerful machine with Nix installed, and reliably validate that the use cases work as intended. The proposed work is realistically achievable. -## Identified applications +## Application support -As the initial application to be supported, we have selected [Forgejo](https://forgejo.org/), given it: +To demonstrate our functionality, we integrate our work with NGI Zero project [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks), which offers the interfaces for applications to indicate their needs, for our purpose of data portability notably including back-up and restore, and is in the process of [preparing an RFC](https://discourse.nixos.org/t/pre-rfc-decouple-services-using-structured-typing/58257) to get these practices upstreamed to nixpkgs. -1. is supported in [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks), facilitating implementation -1. is part of our own infrastructure, allowing us to bootstrap -1. given the above, makes our development team self-sufficient for the purpose of its initial user feedback cycle -1. relevant features are merged upstream -1. uses a language featuring static typing, offering it a baseline level of robustness +At the time of writing, applications it supports include: -Our consideration to limit the initially supported applications is to keep focus on our core innovation, as properly adding support for applications may involve: +- [Arr](https://wiki.servarr.com/) +- [Audiobookshelf](https://www.audiobookshelf.org/) +- [Deluge](https://deluge-torrent.org/) +- [Forgejo](https://forgejo.org/) +- [Grocy](https://grocy.info/) +- [Hledger](https://hledger.org/) +- [Home Assistant](https://www.home-assistant.io/) +- [Jellyfin](https://jellyfin.org/) +- [Nextcloud](https://nextcloud.com/) +- [Vaultwarden](https://github.com/dani-garcia/vaultwarden) -- PoC: - - compartmentalising state for backups/portability/redundancy - - migration actions such as rewrites of connections/URLs - - integration with single sign-on and LDAP for user management (or as a stop-gap, provisioning of initial user) -- MVP: - - handling application upgrades - - creating schemas of (identified relevant) settings - - documentation - - hardening -- post-MVP: - - handling backward-incompatible setting interface changes - - coordinating with end-users to improve the user experience -- if missing first-class Nix support: - - packaging for Nix - - creating NixOS service module - - integrating with identified contracts (see SelfHostBlocks) - - maintaining the above on version updates - - coordinating with upstream developers on immutable-friendly development - -The result of the work in the hosting vertical should be generic enough to support all NGI packages sufficiently documented and packaged in NixOS. +The result of the work should be generic enough to support any NGI packages implementing such interfaces. ## Methodology challenges -- 2.48.1 From 60ef86a8cb587cb5990478a19d24979c9e0b9b07 Mon Sep 17 00:00:00 2001 From: cinereal Date: Tue, 10 Jun 2025 18:16:41 +0200 Subject: [PATCH 56/93] better bring section on dissemination in line with shift from a socials product to a library facilitating portability --- fediversity.md | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/fediversity.md b/fediversity.md index 6df5ad2..761e38a 100644 --- a/fediversity.md +++ b/fediversity.md @@ -189,18 +189,15 @@ Some of them are: -We've identified multiple dissemination measures we can apply to our project in our plan: +We've identified multiple dissemination measures we can apply to our project in our plan to engage the open-source community to further expand on work in this direction: +1. Offering automated dev-ops workflows. +1. Ensuring external developers empowered to contribute: + We want for external developers to feel empowered similar to core developers, which we aim to achieve using accessible documentation, reproducible project infrastructure, tests doubling as live documentation of our components, a module upstreamed to nixpkgs, as well as by offering a familiar interface by making our core abstraction a NixOS configuration. 1. Developing key messages: We'll develop clear, concise, and compelling messaging that highlight the benefits and unique features of our project, such as the focus on **user control**, **privacy**, and **data & service portability**. 1. Using multiple channels: We will be utilising a variety of channels to reach our target audiences outlined above, among which through online communities, social media, webinars, blog posts, tech conferences and press releases. -1. Building partnerships: - We have identified a number of partners already to help us reach out to our target audiences. - These organisations share our **values and mission**. -1. Monitoring and evaluation: - We will monitor the success of our dissemination activities and evaluate their effectiveness in reaching and engaging our target audiences. - We will then use this information to adjust and improve our strategies over time. Concrete examples of dissemination activities for our project will include: @@ -227,18 +224,6 @@ There are several communication strategies and measures that we will utilise dur We will reach out to Fediverse channels (e.g. Mastodon, Pixelfed, Peertube and Owncast) as well as commercial social media platforms such as BlueSky, Threads, and LinkedIn to reach a wider audience and share project-related news and updates. Social media are used to engage with stakeholders and respond to their queries and feedback. While our values may be closer aligned with the open-source social media, we will also still have use for the commercial ones to spread our message initially. -1. Organising workshops and events: - Workshops and events will be used to engage with stakeholders and share project-related information. - Workshops will be used to share technical knowledge, while events will be used to showcase the project's outputs and outcomes. -1. Publishing project-related articles: - Publishing project-related articles in mainstream media publications and through the channels of our partners will help to promote the project and its outcomes. - It will also help to raise awareness among stakeholders and potential users of the project. -1. Developing communication materials: - Developing communication materials such as videos, podcasts and infographics will help to make it easy to communicate about the project and its outcomes. - We'll make sure our communication materials will be designed to be visually appealing and easy to understand. -1. Engaging with the media: - Engaging with the traditional media will help to promote the project and its outcomes. - Partners like [SDEPS](https://www.sdeps.eu/) consist of mainstream media actors across Europe who are aligned with our mission and are themselves potential users and ambassadors of the tools we build. ### Exploitation -- 2.48.1 From 0c9f13a289356471ec8172181976ec0261e4b6c5 Mon Sep 17 00:00:00 2001 From: cinereal Date: Tue, 10 Jun 2025 21:03:44 +0200 Subject: [PATCH 57/93] update roadmap --- architecture.md | 141 ++++++++++++++++++++++++++++++------------------ 1 file changed, 88 insertions(+), 53 deletions(-) diff --git a/architecture.md b/architecture.md index e4cf8bf..9f55c0d 100644 --- a/architecture.md +++ b/architecture.md @@ -240,56 +240,91 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: -1. [Implement a way to run online services emphasising user autonomy and portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) - - [deploying Fediversity applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) - - [Initial internal user to kick-start feedback process](https://git.fediversity.eu/Fediversity/Fediversity/issues/225): - - automated provisioning of: - - [databases](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - - [object storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - - [virtual machines](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) - - [DNS](https://git.fediversity.eu/Fediversity/Fediversity/issues/110) - - [admin accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - - [SMTP service](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - - [email accounts](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - - [ephemeral state](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - - [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) - - [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) - - [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - - [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) - - [application data back-ups](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - - [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) -1. [Disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) - - [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224): - - [separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - - [CI rejects failing deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/102) - - [Nix package overlays upstreamed](https://git.fediversity.eu/Fediversity/Fediversity/issues/248) - - [facilitate suggestions in PR reviews](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288): - - [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) - - [integration tests](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - - [Continuous Integration builds available in a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) - - [reproducible project infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) - - [continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - - [separate staging/testing environments](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - - [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - - [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - - [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) -1. [Exploit our work by facilitating the sample use-case of web hosting organisations using an initial set of services](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) - - [Software ready for web hosts to take into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228): - - [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - - [Nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - - [ensure hosts may update users' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - - [reference front-end decoupled from version of configuration module](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - - [security check](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) - - [Key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289): - - [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - - [provide single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) - - [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) - - [allow disabling application while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) - - [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - - [aid needed user actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - - [pooling application instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - - [allow use of external single sign-on](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) - - [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) +1. [implement a way to run online services emphasising user autonomy and data portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) + 1. [Finalize architecture doc](https://git.fediversity.eu/Fediversity/Fediversity/issues/39) + 1. [code-based migration data model](https://git.fediversity.eu/Fediversity/Fediversity/issues/103) + 1. [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) + 1. [code-based migration data model](https://git.fediversity.eu/Fediversity/Fediversity/issues/103) + 1. [enable back-ups of application](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) + 1. [Create a deployment migration string](https://git.fediversity.eu/Fediversity/Fediversity/issues/77) + 1. [Start deployment migration](https://git.fediversity.eu/Fediversity/Fediversity/issues/78) + 1. [application offering generalised](https://git.fediversity.eu/Fediversity/Fediversity/issues/369) + 1. [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) +1. [disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) + 1. [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224) + 1. [Backups for Forgejo](https://git.fediversity.eu/Fediversity/Fediversity/issues/29) + 1. [use dedicated Nix builder](https://git.fediversity.eu/Fediversity/Fediversity/issues/366) + 1. [initial focus on single application for development](https://git.fediversity.eu/Fediversity/Fediversity/issues/327) + 1. [unify versioning](https://git.fediversity.eu/Fediversity/Fediversity/issues/279) + 1. [Automated dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) + 1. [infrastructure automatically deployed using continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) + 1. [Full integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) + 1. [CI rejects failing deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/102) + 1. [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + 1. [fediversity apps reused in infra](https://git.fediversity.eu/Fediversity/Fediversity/issues/370) + 1. [derive users and their keys from the keys directory](https://git.fediversity.eu/Fediversity/Fediversity/issues/199) + 1. [Nix package overlays upstreamed](https://git.fediversity.eu/Fediversity/Fediversity/issues/248) + 1. [Separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) + 1. [support password-protected personal SSH keys for deploying services in development](https://git.fediversity.eu/Fediversity/Fediversity/issues/272) + 1. [Write all modules with destructured arguments](https://git.fediversity.eu/Fediversity/Fediversity/issues/93) + 1. [ephemeral state is automatically provisioned](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + 1. [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) + 1. [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) + 1. [Reproducible proxmox installation](https://git.fediversity.eu/Fediversity/Fediversity/issues/325) + 1. [Continuous Integration builds available in a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) + 1. [docs: document having to load nix dev shell for pre-commit hook](https://git.fediversity.eu/Fediversity/Fediversity/issues/98) + 1. [Update documentation on services](https://git.fediversity.eu/Fediversity/Fediversity/issues/86) + 1. [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/243) + 1. [Document the semantics of our various domains](https://git.fediversity.eu/Fediversity/Fediversity/issues/210) + 1. [Describe the hardware infrastructure needed to run Fediversity yourself](https://git.fediversity.eu/Fediversity/Fediversity/issues/68) + 1. [reproducible project infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) + 1. [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) + 1. [fediversity apps reused in infra](https://git.fediversity.eu/Fediversity/Fediversity/issues/370) + 1. [Generate documentation on the deployments from the code](https://git.fediversity.eu/Fediversity/Fediversity/issues/89) + 1. [Write all modules with destructured arguments](https://git.fediversity.eu/Fediversity/Fediversity/issues/93) + 1. [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) + 1. [panel bundled into Fediversity configuration](https://git.fediversity.eu/Fediversity/Fediversity/issues/342) +1. [exploit our work by enabling reproducible deployments of an initial set of portable applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) + 1. [applications deployed on command](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) + 1. [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) + 1. [Proxmox resources are provisioned to deploy services to](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) + 1. [Deployed services are accessible under the configured domain](https://git.fediversity.eu/Fediversity/Fediversity/issues/76) + 1. [kick-started initial feedback cycle](https://git.fediversity.eu/Fediversity/Fediversity/issues/225) + 1. [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) + 1. [Proxmox resources are provisioned to deploy services to](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) + 1. [Users can configure their desired sub-domains in the online panel, so that the deployed services are assigned the desired sub-domains](https://git.fediversity.eu/Fediversity/Fediversity/issues/142) + 1. [provision admin accounts for deployed services](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) + 1. [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) + 1. [use immutable buckets from VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) + 1. [Databases are provisioned so that services can use a central storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) + 1. [VMs use central file storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/138) + 1. [reproduce DNS VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/200) + 1. [SMTP service is provisioned so that applications can send emails](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) + 1. [fediversity apps reused in infra](https://git.fediversity.eu/Fediversity/Fediversity/issues/370) + 1. [ephemeral state is automatically provisioned](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) + 1. [panel staging/production configuration](https://git.fediversity.eu/Fediversity/Fediversity/issues/136) + 1. [code passes security check](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + 1. [brought into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228) + 1. [Have a DNS service running to allow users to tie services to their own domain](https://git.fediversity.eu/Fediversity/Fediversity/issues/104) + 1. [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) + 1. [Relevant email accounts are provisioned such that the operator may be contacted](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) + 1. [reference front-end is decoupled from version of configuration module](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) + 1. [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) + 1. [REST API available](https://git.fediversity.eu/Fediversity/Fediversity/issues/368) + 1. [Hosting providers can update their operators' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) + 1. [code passes security check](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) + 1. [nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) + 1. [key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289) + 1. [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) + 1. [allow disabling service while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) + 1. [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) + 1. [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) + 1. [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) + 1. [View difference between configured and deployed state](https://git.fediversity.eu/Fediversity/Fediversity/issues/143) + 1. [visualise schema changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/213) + 1. [aid needed actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) + 1. [single sign-on (SSO) for services](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) + 1. [delegating user management](https://git.fediversity.eu/Fediversity/Fediversity/issues/337) + 1. [pooling instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) + 1. [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) + 1. [connecting an existing identity management service](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) -- 2.48.1 From 2592245d8b0b186954677b29abdb136dfd4273b8 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 11 Jun 2025 14:06:50 +0200 Subject: [PATCH 58/93] hide story level --- architecture.md | 73 ------------------------------------------------- 1 file changed, 73 deletions(-) diff --git a/architecture.md b/architecture.md index 9f55c0d..3413d5c 100644 --- a/architecture.md +++ b/architecture.md @@ -244,87 +244,14 @@ Whereas details of the implementation may need to be decided as the technical ch 1. [Finalize architecture doc](https://git.fediversity.eu/Fediversity/Fediversity/issues/39) 1. [code-based migration data model](https://git.fediversity.eu/Fediversity/Fediversity/issues/103) 1. [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) - 1. [code-based migration data model](https://git.fediversity.eu/Fediversity/Fediversity/issues/103) - 1. [enable back-ups of application](https://git.fediversity.eu/Fediversity/Fediversity/issues/123) - 1. [Create a deployment migration string](https://git.fediversity.eu/Fediversity/Fediversity/issues/77) - 1. [Start deployment migration](https://git.fediversity.eu/Fediversity/Fediversity/issues/78) 1. [application offering generalised](https://git.fediversity.eu/Fediversity/Fediversity/issues/369) 1. [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) 1. [disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) 1. [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224) - 1. [Backups for Forgejo](https://git.fediversity.eu/Fediversity/Fediversity/issues/29) - 1. [use dedicated Nix builder](https://git.fediversity.eu/Fediversity/Fediversity/issues/366) - 1. [initial focus on single application for development](https://git.fediversity.eu/Fediversity/Fediversity/issues/327) - 1. [unify versioning](https://git.fediversity.eu/Fediversity/Fediversity/issues/279) - 1. [Automated dependency updates](https://git.fediversity.eu/Fediversity/Fediversity/issues/65) - 1. [infrastructure automatically deployed using continuous deployment](https://git.fediversity.eu/Fediversity/Fediversity/issues/177) - 1. [Full integration test](https://git.fediversity.eu/Fediversity/Fediversity/issues/277) - 1. [CI rejects failing deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/102) - 1. [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - 1. [fediversity apps reused in infra](https://git.fediversity.eu/Fediversity/Fediversity/issues/370) - 1. [derive users and their keys from the keys directory](https://git.fediversity.eu/Fediversity/Fediversity/issues/199) - 1. [Nix package overlays upstreamed](https://git.fediversity.eu/Fediversity/Fediversity/issues/248) - 1. [Separate test environments for staging vs. production](https://git.fediversity.eu/Fediversity/Fediversity/issues/69) - 1. [support password-protected personal SSH keys for deploying services in development](https://git.fediversity.eu/Fediversity/Fediversity/issues/272) - 1. [Write all modules with destructured arguments](https://git.fediversity.eu/Fediversity/Fediversity/issues/93) - 1. [ephemeral state is automatically provisioned](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) 1. [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) - 1. [code reviewers can suggest changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/302) - 1. [Reproducible proxmox installation](https://git.fediversity.eu/Fediversity/Fediversity/issues/325) - 1. [Continuous Integration builds available in a public cache](https://git.fediversity.eu/Fediversity/Fediversity/issues/92) - 1. [docs: document having to load nix dev shell for pre-commit hook](https://git.fediversity.eu/Fediversity/Fediversity/issues/98) - 1. [Update documentation on services](https://git.fediversity.eu/Fediversity/Fediversity/issues/86) - 1. [knowledge base](https://git.fediversity.eu/Fediversity/Fediversity/issues/243) - 1. [Document the semantics of our various domains](https://git.fediversity.eu/Fediversity/Fediversity/issues/210) - 1. [Describe the hardware infrastructure needed to run Fediversity yourself](https://git.fediversity.eu/Fediversity/Fediversity/issues/68) - 1. [reproducible project infrastructure](https://git.fediversity.eu/Fediversity/Fediversity/issues/336) - 1. [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) - 1. [fediversity apps reused in infra](https://git.fediversity.eu/Fediversity/Fediversity/issues/370) - 1. [Generate documentation on the deployments from the code](https://git.fediversity.eu/Fediversity/Fediversity/issues/89) - 1. [Write all modules with destructured arguments](https://git.fediversity.eu/Fediversity/Fediversity/issues/93) - 1. [module upstreamed to nixpkgs](https://git.fediversity.eu/Fediversity/Fediversity/issues/333) - 1. [panel bundled into Fediversity configuration](https://git.fediversity.eu/Fediversity/Fediversity/issues/342) 1. [exploit our work by enabling reproducible deployments of an initial set of portable applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) 1. [applications deployed on command](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) - 1. [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) - 1. [Proxmox resources are provisioned to deploy services to](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) - 1. [Deployed services are accessible under the configured domain](https://git.fediversity.eu/Fediversity/Fediversity/issues/76) 1. [kick-started initial feedback cycle](https://git.fediversity.eu/Fediversity/Fediversity/issues/225) - 1. [ProxmoX back-end supports multiple users](https://git.fediversity.eu/Fediversity/Fediversity/issues/313) - 1. [Proxmox resources are provisioned to deploy services to](https://git.fediversity.eu/Fediversity/Fediversity/issues/116) - 1. [Users can configure their desired sub-domains in the online panel, so that the deployed services are assigned the desired sub-domains](https://git.fediversity.eu/Fediversity/Fediversity/issues/142) - 1. [provision admin accounts for deployed services](https://git.fediversity.eu/Fediversity/Fediversity/issues/178) - 1. [users can update their deployment configurations](https://git.fediversity.eu/Fediversity/Fediversity/issues/158) - 1. [use immutable buckets from VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/185) - 1. [Databases are provisioned so that services can use a central storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/115) - 1. [VMs use central file storage](https://git.fediversity.eu/Fediversity/Fediversity/issues/138) - 1. [reproduce DNS VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/200) - 1. [SMTP service is provisioned so that applications can send emails](https://git.fediversity.eu/Fediversity/Fediversity/issues/117) - 1. [fediversity apps reused in infra](https://git.fediversity.eu/Fediversity/Fediversity/issues/370) - 1. [ephemeral state is automatically provisioned](https://git.fediversity.eu/Fediversity/Fediversity/issues/314) - 1. [panel staging/production configuration](https://git.fediversity.eu/Fediversity/Fediversity/issues/136) - 1. [code passes security check](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) 1. [brought into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228) - 1. [Have a DNS service running to allow users to tie services to their own domain](https://git.fediversity.eu/Fediversity/Fediversity/issues/104) - 1. [garbage collection of unallocated resources](https://git.fediversity.eu/Fediversity/Fediversity/issues/188) - 1. [Relevant email accounts are provisioned such that the operator may be contacted](https://git.fediversity.eu/Fediversity/Fediversity/issues/118) - 1. [reference front-end is decoupled from version of configuration module](https://git.fediversity.eu/Fediversity/Fediversity/issues/304) - 1. [specification published](https://git.fediversity.eu/Fediversity/Fediversity/issues/334) - 1. [REST API available](https://git.fediversity.eu/Fediversity/Fediversity/issues/368) - 1. [Hosting providers can update their operators' deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/159) - 1. [code passes security check](https://git.fediversity.eu/Fediversity/Fediversity/issues/291) 1. [nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) 1. [key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289) - 1. [upstream configuration options exposed](https://git.fediversity.eu/Fediversity/Fediversity/issues/195) - 1. [allow disabling service while retaining data](https://git.fediversity.eu/Fediversity/Fediversity/issues/186) - 1. [enqueuing deployment syncs](https://git.fediversity.eu/Fediversity/Fediversity/issues/242) - 1. [user can have multiple deployments](https://git.fediversity.eu/Fediversity/Fediversity/issues/241) - 1. [ProxmoX deployment allows scaling resources assigned to a VM](https://git.fediversity.eu/Fediversity/Fediversity/issues/119) - 1. [View difference between configured and deployed state](https://git.fediversity.eu/Fediversity/Fediversity/issues/143) - 1. [visualise schema changes](https://git.fediversity.eu/Fediversity/Fediversity/issues/213) - 1. [aid needed actions on schema update](https://git.fediversity.eu/Fediversity/Fediversity/issues/214) - 1. [single sign-on (SSO) for services](https://git.fediversity.eu/Fediversity/Fediversity/issues/212) - 1. [delegating user management](https://git.fediversity.eu/Fediversity/Fediversity/issues/337) - 1. [pooling instances to shared VMs](https://git.fediversity.eu/Fediversity/Fediversity/issues/322) - 1. [on migration, allow reconfiguring monolithic vs distributed](https://git.fediversity.eu/Fediversity/Fediversity/issues/341) - 1. [connecting an existing identity management service](https://git.fediversity.eu/Fediversity/Fediversity/issues/161) -- 2.48.1 From ac3b9c9c30332a71e7f9f0119bf13d6dd67412da Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:05:25 +0200 Subject: [PATCH 59/93] build PDF with Nix --- .gitignore | 1 + README.md | 16 ++++++++-------- default.nix | 28 ++++++++++++++++++++++++++++ shell.nix | 14 +------------- 4 files changed, 38 insertions(+), 21 deletions(-) create mode 100644 default.nix diff --git a/.gitignore b/.gitignore index 5594b31..3e114b0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +result *.err *.odt *.html diff --git a/README.md b/README.md index 66d0271..7e39390 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ -# fediversity proposal +# Fediversity project proposal -## usage +Build a PDF: -```sh -nix-shell -pandoc architecture.md -o architecture.html -pandoc architecture.html -o architecture.pdf -pandoc --filter pandoc-include fediversity.md -o fediversity.html -pandoc fediversity.html -o fediversity.pdf +> **Note** +> +> It will take a while to download dependencies! + +```bash +nix-build -A pdf ``` diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..93f6af6 --- /dev/null +++ b/default.nix @@ -0,0 +1,28 @@ +{ + pkgs ? import { }, +}: +{ + shell = pkgs.mkShellNoCC { + packages = with pkgs; [ + pandoc + pandoc-include + texliveMedium + librsvg + ]; + }; + pdf = + pkgs.runCommand "fediversity" + { + buildInputs = with pkgs; [ + pandoc + pandoc-include + texliveMedium + librsvg + ]; + } + '' + mkdir -p $out + pandoc ${./architecture.md} -o $out/architecture.pdf + pandoc --filter pandoc-include ${./fediversity.md} -o $out/fediversity.pdf + ''; +} diff --git a/shell.nix b/shell.nix index bf1305a..a6bdf20 100644 --- a/shell.nix +++ b/shell.nix @@ -1,13 +1 @@ -{ - pkgs ? import { }, -}: -{ - shell = pkgs.mkShellNoCC { - packages = with pkgs; [ - pandoc - pandoc-include - texliveMedium - librsvg - ]; - }; -} +(import ./. { }).shell -- 2.48.1 From 030418ed0280e04442cfefefb1bd19009698f237 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:08:09 +0200 Subject: [PATCH 60/93] fix some formatting --- fediversity.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fediversity.md b/fediversity.md index 761e38a..f9dab5c 100644 --- a/fediversity.md +++ b/fediversity.md @@ -359,7 +359,7 @@ Animals Non-EU countries -- Will some of the activities be carried out in non-EU countries? **YES (potentially) **\ +- Will some of the activities be carried out in non-EU countries? **YES (potentially)**\ **\*Specify the countries involved\***: The countries from which beneficiaries operate are not yet known (open call involving financial support to third parties). - In case non-EU countries are involved, do the activities undertaken in these countries raise potential ethics issues? **NO** @@ -374,17 +374,17 @@ Non-EU countries Environment & health and safety -- Does this activity involve the use of substances or processes (or technologies) that may cause harm to the environment, to animals or plants (during the implementation of the activity or further to the use of the results, as a possible impact)?** NO** -- Does this activity deal with endangered fauna and/or flora / protected areas?** NO** -- Does this activity involve the use of substances or processes (or technologies) that may cause harm to humans, including those performing the activity (during the implementation of the activity or further to the use of the results, or the deployment of the technology as a possible impact)? ** NO** +- Does this activity involve the use of substances or processes (or technologies) that may cause harm to the environment, to animals or plants (during the implementation of the activity or further to the use of the results, as a possible impact)? **NO** +- Does this activity deal with endangered fauna and/or flora / protected areas? **NO** +- Does this activity involve the use of substances or processes (or technologies) that may cause harm to humans, including those performing the activity (during the implementation of the activity or further to the use of the results, or the deployment of the technology as a possible impact)? **NO** Artificial intelligence -- Does this activity involve the development, deployment and/or use of Artificial Intelligence-based systems?** NO**\ +- Does this activity involve the development, deployment and/or use of Artificial Intelligence-based systems? **NO**\ Other ethics issues -- Are there any other ethics issues that should be taken into consideration?** NO**\ +- Are there any other ethics issues that should be taken into consideration? **NO**\ \ \[x\] I confirm that I have taken into account all ethics issues above and that, if any ethics issues apply, I will complete the ethics self-assessment as described in the guidance 'How to complete your Ethics Self-Assessment'. (See Guide 4 section 5) -- 2.48.1 From 8e5c5d44cb80bd07996078af108ee27ca3bf3fd8 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:36:05 +0200 Subject: [PATCH 61/93] update date of last change --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index f9dab5c..838afba 100644 --- a/fediversity.md +++ b/fediversity.md @@ -18,7 +18,7 @@ | 2023-10-12 | Page 41 | Updated Gant Chart | | 2023-10-12 | Page 3 | Added Open Source, Open Standards, Open Dependencies | | 2023-10-12 | Page 15 | Added work package interdependencies and added a new page | -| 2025-05-xx | Page x | See https://git.fediversity.eu/kiara/fedi-goals/commits/branch/main | +| 2025-06-12 | Page x | See https://git.fediversity.eu/kiara/fedi-goals/commits/branch/main | # Preamble -- 2.48.1 From 02812f012239c8311593a0e74f5d18b3b4e03124 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:36:48 +0200 Subject: [PATCH 62/93] polish phrasing and add links --- fediversity.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fediversity.md b/fediversity.md index 838afba..0f17aa9 100644 --- a/fediversity.md +++ b/fediversity.md @@ -40,36 +40,38 @@ No software specific for or usable by any single organisation will be created or *Fediversity: Privacy-friendly, sustainable, transparent fair.* -The Open Internet Discourse Foundation project Fediversity is an effort to bring individuals and institutions easy-to-use, portable digital services with personal freedom at their core. +The Open Internet Discourse Foundation's project **Fediversity** is an effort to bring individuals and institutions easy-to-use, portable digital services with personal freedom at their core. We want to help provide everyone with high-quality, secure IT systems for everyday use. Without tracking, without exploitation, in a way that makes sustainable use of the world. The goal of this project is offer an **alternative to centralised online services and companies that operate closed ecosystems**, thus creating a major impact on the future of the internet, our societies and economies — a unique and meaningful contribution to the *Next Generation Internet* initiative. This objective aligns with the work programme topic by advancing the development of alternative digital solutions that are more user-centric and transparent. -The key technical aspect of Fediversity is to provide the framework for applications to easily switch between different hosting providers, or to their own infrastructure, without losing their data. -This objective is important as it promotes user control and choice, without being locked into a particular platform or service. +The key technical aspect of Fediversity is to provide the framework for networked applications to easily migrate between different hosting providers, or to their own infrastructure, while retaining full control over user data. +This objective is important as it promotes technological sovereignity and choice, and offers an alternative to locking users into a particular platform or service. It would be a unique feature beyond what is currently available on the market. -Concretely, we aim to achieve this using the following sub-goals: +Concretely, we aim to achieve the following objectives[^1]: -1. Implement a way to run online services emphasising user autonomy and data portability; -1. Disseminate our results by engaging the open-source community to further expand on work in this direction; -1. Exploit our work by enabling reproducible deployments of an initial set of portable applications. +1. **Implement** a way to run online services emphasising user autonomy and data portability; +1. **Disseminate** our results by engaging the open-source community to further expand on work in this direction; +1. **Exploit** our work by enabling reproducible deployments of an initial set of portable applications. + +[^1]: [Disseminaton and exploitation of research results](https://research-and-innovation.ec.europa.eu/strategy/dissemination-and-exploitation-research-results) defines the terminology we use to frame our objectives. In addition, the team will ensure that all parts of our services use **open-source software**. This will promote transparency and gives users the freedom to use, modify, and distribute the software as they see fit, without artificial restrictions or limitations. ### Relevance -This proposal is highly relevant to the HORIZON EU Programme, specifically to the Human-centric Internet topic. +This proposal is highly relevant to the [Horizon Europe programme](https://commission.europa.eu/funding-tenders/find-funding/eu-funding-programmes/horizon-europe), specifically to the [Next Generation Internet](https://cordis.europa.eu/programme/id/HORIZON_HORIZON-CL4-2023-HUMAN-01-11) fund. The objective of this topic is to support research and innovation in creating a more human-centric internet that prioritises user privacy, security, and control, while also promoting the ethical use of technology. -The proposed work aligns with this objective by show-casing a way to run digital services that prioritises user control and privacy, and by using open-source software to promote transparency and ethical use. +The proposed work aligns with this objective by show-casing a way to run digital services that prioritises user control and data protection, and by using open-source software to promote transparency and ethical use. ### Measurability Tests will concisely describe the abilities the Fediversity system provides. -these tests can be run on any sufficiently powerful machine with Nix installed, and reliably validate that the use cases work as intended. +These tests can be run on any sufficiently powerful machine with [Nix](https://nixos.org) installed, and reliably validate that the use cases work as intended. The proposed work is realistically achievable. ## Application support -- 2.48.1 From 17fe081fa75cb6911284a747935508149c28a2bd Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:37:01 +0200 Subject: [PATCH 63/93] don't specify applications for use this is an implementation detail since the project scope is adjusted to provide a framework. also too early to talk about that here, there's a section in the architecture document for sample applications. --- fediversity.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/fediversity.md b/fediversity.md index 0f17aa9..236db3f 100644 --- a/fediversity.md +++ b/fediversity.md @@ -74,25 +74,6 @@ Tests will concisely describe the abilities the Fediversity system provides. These tests can be run on any sufficiently powerful machine with [Nix](https://nixos.org) installed, and reliably validate that the use cases work as intended. The proposed work is realistically achievable. -## Application support - -To demonstrate our functionality, we integrate our work with NGI Zero project [SelfHostBlocks](https://github.com/ibizaman/selfhostblocks), which offers the interfaces for applications to indicate their needs, for our purpose of data portability notably including back-up and restore, and is in the process of [preparing an RFC](https://discourse.nixos.org/t/pre-rfc-decouple-services-using-structured-typing/58257) to get these practices upstreamed to nixpkgs. - -At the time of writing, applications it supports include: - -- [Arr](https://wiki.servarr.com/) -- [Audiobookshelf](https://www.audiobookshelf.org/) -- [Deluge](https://deluge-torrent.org/) -- [Forgejo](https://forgejo.org/) -- [Grocy](https://grocy.info/) -- [Hledger](https://hledger.org/) -- [Home Assistant](https://www.home-assistant.io/) -- [Jellyfin](https://jellyfin.org/) -- [Nextcloud](https://nextcloud.com/) -- [Vaultwarden](https://github.com/dani-garcia/vaultwarden) - -The result of the work should be generic enough to support any NGI packages implementing such interfaces. - ## Methodology challenges One of the challenges we have identified is ensuring the security and privacy of our users' data, even if we will not collect this directly. -- 2.48.1 From 5034ce1265c98bf539ec542ac3e0b4b58f040649 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:38:04 +0200 Subject: [PATCH 64/93] collapse redundant outcomes --- fediversity.md | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/fediversity.md b/fediversity.md index 236db3f..6ba817f 100644 --- a/fediversity.md +++ b/fediversity.md @@ -104,38 +104,29 @@ This diagram graphically represents the relations: ## Project's pathways towards impact -Outcomes: - -- Freedom of choice in the tools to use and (possibly) even alter to your own liking. -- The democratic process may be safeguarded. - Target groups: - Hosting companies looking to offer open-source applications. - Developers looking to expand on the available applications respecting user autonomy. -General outcomes: +Societal outcomes: -The outcomes and impacts of your project may: - -- Give a better understanding of how to implement, maintain and run open-source managed applications respecting user autonomy. - Give companies and organizations that specialize in web hosting a better starting point in offering such applications. +- The proposed platform could contribute to the creation of a more open and democratic digital landscape, where users have more control over their data and online interactions. +- The platform's focus on privacy and data portability could lead to greater trust in open-source digital platforms, which in turn could lead to increased participation and innovation. Technological outcomes: +- Establish a better understanding of how to implement, maintain and run open-source managed applications respecting user autonomy. - An increase in solutions around autonomous managed applications as well as in number of software packages supported by such solutions. - Increased engagement with and innovation around open-source software, stemming from lowered barriers toward their adoption. Economic outcomes: - An uptake in the number of open-source managed applications offered by web hosts, as it becomes easier to offer these. +- Reduction in cost of running applications that preserve users' control over their data. - Increased adoption of privacy-respecting software, as it becomes easier to consume these through the above-mentioned hosts. -Societal outcomes: - -- The proposed platform could contribute to the creation of a more open and democratic digital landscape, where users have more control over their data and online interactions. -- The platform's focus on privacy and data portability could lead to greater trust in open-source digital platforms, which in turn could lead to increased participation and innovation. - Some specific possible quantitative estimates include: 1. Developer engagement: -- 2.48.1 From 76e4269a8b4245e4b3c9844401125284296cfda6 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:38:16 +0200 Subject: [PATCH 65/93] formatting nits --- fediversity.md | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/fediversity.md b/fediversity.md index 6ba817f..09cf658 100644 --- a/fediversity.md +++ b/fediversity.md @@ -130,14 +130,23 @@ Economic outcomes: Some specific possible quantitative estimates include: 1. Developer engagement: + Given that making portable services the default will need more of the open-source community to engage on this issue, we may measure for example developer engagement in social channels, support channels, issue trackers, as well as code forge metrics such as bookmarks, forks, merge requests, and third-party projects building upon our work or citing us as a source of inspiration. + 1. User adoption: + If our project is successful in providing a user-friendly and privacy-focused platform for digital autonomy, it could attract a significant number of users. + 1. Cost savings: + By promoting the use of open-source software and decentralised infrastructure, our project could lead to cost savings for public organisations. + 1. Data portability: + The focus on data portability could have significant benefits for users, allowing them to easily switch between online platforms and take their data with them. + 1. Market disruption: + If our project is successful, it could have far-reaching impacts. For example, if our software gains a significant share of the market, it could lead to more competition among online software services, potentially leading to improved user privacy and better options for data management. @@ -145,12 +154,17 @@ There are several requirements and potential barriers that may determine whether Some of them are: 1. Technical challenges: + As seen in our technology section, our project encompasses bridging numerous existing software packages, meaning project success depends on successfully integrating these. + 1. Funding and resources: + The project will require adequate funding and resources to achieve its desired outcomes and impacts. The project team will need to secure sufficient funding and resources to cover the costs of software development, partnerships, and promotion. Failure to secure adequate funding and resources may limit the project's ability to achieve its desired outcomes and impacts. + 1. Competition: + The project will face competition from other digital service offerings, including properietary ones and offerings oriented at self-hosting open-source projects. The project team will need to differentiate the platform and demonstrate its unique features and benefits. Failure to differentiate the platform from its competitors may limit the project's ability to achieve its desired outcomes and impacts. @@ -167,10 +181,15 @@ We've identified multiple dissemination measures we can apply to our project in 1. Offering automated dev-ops workflows. 1. Ensuring external developers empowered to contribute: + We want for external developers to feel empowered similar to core developers, which we aim to achieve using accessible documentation, reproducible project infrastructure, tests doubling as live documentation of our components, a module upstreamed to nixpkgs, as well as by offering a familiar interface by making our core abstraction a NixOS configuration. + 1. Developing key messages: - We'll develop clear, concise, and compelling messaging that highlight the benefits and unique features of our project, such as the focus on **user control**, **privacy**, and **data & service portability**. + + We'll develop clear, concise, and compelling messaging that highlight the benefits and unique features of our project, such as the focus on **user control**, **data protection**, and **service portability**. + 1. Using multiple channels: + We will be utilising a variety of channels to reach our target audiences outlined above, among which through online communities, social media, webinars, blog posts, tech conferences and press releases. Concrete examples of dissemination activities for our project will include: @@ -180,7 +199,7 @@ Concrete examples of dissemination activities for our project will include: - Creating a comprehensive user guide and knowledge base that provides detailed instructions and answers to common questions about the software, and making this guide available on the platform's website and social media channels. - Hosting a webinar series that showcases the features and functionalities of our software, and provides tips and best practices for using it effectively. - Participating in relevant conferences and events to raise awareness of our project and engage with potential users and partners, such as those focused on Nix, and showcasing our software in demos and presentations. - These will include developer events like [NixCon](https://nixcon.org), [FOSDEM](https://fosdem.org/) and [CCC Congress](https://events.ccc.de/) to inform a diverse audience of the benefits of our stack and the other NGI technology solutions we are promoting. + These will include developer events such as [NixCon](https://nixcon.org), [FOSDEM](https://fosdem.org/) and [CCC Congress](https://events.ccc.de/) to inform a diverse audience of the benefits of our stack and the other NGI technology solutions we are promoting. ### Communication @@ -191,10 +210,13 @@ Our communication strategies are already partially integrated in the disseminati There are several communication strategies and measures that we will utilise during the whole lifespan of the project: 1. Developing a project website: + A project website will serve as a central hub of information about our project. It will be used to share updates, news, publications, and other project-related information. The website will be designed to be accessible and user-friendly. + 1. Using social media: + We will reach out to Fediverse channels (e.g. Mastodon, Pixelfed, Peertube and Owncast) as well as commercial social media platforms such as BlueSky, Threads, and LinkedIn to reach a wider audience and share project-related news and updates. Social media are used to engage with stakeholders and respond to their queries and feedback. While our values may be closer aligned with the open-source social media, we will also still have use for the commercial ones to spread our message initially. @@ -369,7 +391,7 @@ Other ethics issues As detailed in Part B, Fediversity in addition to pursuing its goals directly, will further contribute 15% of its budget to the development of related digital commons through financial support in the form of grants awarded to third parties through bi-monthly open calls for proposals. -In this annexe we describe the following aspects of this financial support by detailing our approach to managing a dedicated fund supporting a series of open calls related to Fediversity: +In this annex we describe the following aspects of this financial support by detailing our approach to managing a dedicated fund supporting a series of open calls related to Fediversity: - Objectives and results obtained of third party financial support - Specifications of third party financial support -- 2.48.1 From c08db7d560f53255bd7d3e6060d2ccaa879b2c25 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:59:30 +0200 Subject: [PATCH 66/93] remove stray literal formatting --- architecture.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/architecture.md b/architecture.md index 3413d5c..69b45c6 100644 --- a/architecture.md +++ b/architecture.md @@ -1,5 +1,3 @@ - - ## Actors - Maintainers -- 2.48.1 From b6eccd64be7f2c921ded5566c21865774521c792 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 17:59:42 +0200 Subject: [PATCH 67/93] reword maintainers/contributors --- architecture.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/architecture.md b/architecture.md index 69b45c6..063dab6 100644 --- a/architecture.md +++ b/architecture.md @@ -2,10 +2,10 @@ - Maintainers - The group maintaining this repository. - We are creating the deployment workflows and service configurations, and curate changes proposed by contributing developers. + The group developing and maintaining this project. + We are creating the deployment workflows and service configurations, and curate changes proposed by contributors. -- Developers +- Contributors People with the technical background to engage with our work, and may contribute back, build on top of, remix, or feel inspired by our work to create something better. -- 2.48.1 From e4177b1c0fe0f63ad50241b510ed5cec4cdab645 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 18:00:39 +0200 Subject: [PATCH 68/93] reorder and polish glossary --- architecture.md | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/architecture.md b/architecture.md index 063dab6..8a373af 100644 --- a/architecture.md +++ b/architecture.md @@ -54,7 +54,23 @@ - Migrate - Move service configurations and deployment (including user data) from one hosting provider to another. + Move service configurations and deployments (including user data) from one hosting provider to another. + +- Runtime backend + + A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container runtime. + +- Runtime environment + + The thing a deployment runs on, an interface against which the deployment is working. See runtime backend. + +- Runtime configuration + + A specification for mapping components of a configuration to the runtime environment, e.g. which services to deploy to which virtual machines, or how to access object storage. + +- [NixOps4](https://nixops.dev) + + A tool to interact with mutable external resources based on declarations in the [Nix language](https://nix.dev/manual/nix/latest/language/). - Resource @@ -67,18 +83,6 @@ > Example: We need a resource provider for obtaining deployment secrets from a database. -- Runtime backend - - A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container runtime. - -- Runtime environment - - The thing a deployment runs on, an interface against which the deployment is working. See runtime backend. - -- Runtime config - - Configuration logic specific to a runtime backend, e.g. how to deploy, how to access object storage. - ## Technologies used ### [NixOS](https://nixos.org/) -- 2.48.1 From 5b07c90927b71324dabc053ba64280359154e5cc Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 18:03:26 +0200 Subject: [PATCH 69/93] boil down technology list to what we know for sure --- architecture.md | 96 +++---------------------------------------------- 1 file changed, 4 insertions(+), 92 deletions(-) diff --git a/architecture.md b/architecture.md index 8a373af..0538b32 100644 --- a/architecture.md +++ b/architecture.md @@ -85,7 +85,10 @@ ## Technologies used -### [NixOS](https://nixos.org/) +This is an incomplete and evolving list of core components planned to be used in this project. +It will grow to support more advanced use cases as the framework matures. + +### Nix and [NixOS](https://nixos.org/) NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. @@ -94,35 +97,6 @@ Considered alternatives include: - containers: do not by themselves offer the needed reproducibility -#### [npins](https://github.com/andir/npins) - -Npins is a dependency pinning tool for Nix which leaves recursive dependencies explicit, keeping the consumer in control. - -Considered alternatives include: - -- Flakes: defaults to implicitly following recursive dependencies, leaving control with the publisher. - -### [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/) - -SelfHostBlocks offers Nix module contracts to decouple application configuration from implementation details, empowering user choice by providing sane defaults yet a [unified interface](https://nlnet.nl/project/SelfHostBlocks/). -Offered contracts include back-ups, reverse proxies, single sign-on and LDAP. -In addition, we have been in contact with its creator. - -Considered alternatives include: - -- nixpkgs-provided NixOS service modules: support far more applications, but tightly coupled with service providers, whereas we expect them to [sooner or later](https://discourse.nixos.org/t/pre-rfc-decouple-services-using-structured-typing/58257) follow suit. -- NixOS service modules curated from scratch: would support any setup imaginable, but does not seem to align as well with our research-oriented goals. - -### [OpenTofu](https://opentofu.org/) - -OpenTofu is the leading open-source framework for infrastructure-as-code. -This has led it to offer a vibrant ecosystem of 'provider' plugins integrating various programs and services. -As such, it can facilitate automated deployment pipelines, including with — relevant to our project — hypervisors and DNS programs. - -Considered alternatives include: - -- Terraform: not open-source - ### [Proxmox](https://proxmox.com/) Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. @@ -141,68 +115,6 @@ Considered alternatives include: - file storage: less centralized for backups -### [PostgreSQL](https://www.postgresql.org/) - -PostgreSQL is a relational database. -It is used by most of our applications. - -Considered alternatives include: - -- Sqlite: default option for development in many applications, but less optimized for performance, and less centralized for backups - -### [Valkey](https://valkey.io/) - -Valkey is a key-value store. -It is an open-source fork of Redis. - -Considered alternatives include: - -- Redis: not open-source - -### [OpenSearch](https://opensearch.org/) - -OpenSearch offers full-text search, and is used for this in many applications. -It is an open-source fork of ElasticSearch. - -Considered alternatives include: - -- ElasticSearch: not open-source - -### [OctoDNS](https://github.com/octodns/octodns) - -OctoDNS is a DNS server that may be configured using the Nix-native [NixOS-DNS](https://janik-haag.github.io/NixOS-DNS/). - -Considered alternatives include: - -- PowerDNS: offers a front-end option, but less geared toward the use-case of configuring by Nix - -### [Authelia](https://github.com/authelia/authelia) - -Authelia is a single sign-on provider that integrates with LDAP. - -Considered alternatives include: - -- KaniDM: does not do proper LDAP -- Authentik: larger package with focus on many things we do not need -- Keycloak: larger package with focus on many things we do not need - -### [lldap](https://github.com/lldap/lldap) - -Lldap is a light LDAP server, allowing to centralize user roles across applications. - -Considered alternatives include: - -- 389 DS: older larger package -- FreeIPA: wrapper around 389 DS - -### [Attic](https://github.com/zhaofengli/attic) - -Attic is a multi-tenant Nix cache featuring recency-based garbage collection written in Rust. - -Considered alternatives include: - -- cache-server: distributed cache written in Python that seems more of a research project than an actively maintained repository. - ## Architecture At the core of Fediversity lies a NixOS configuration module for a set of selected applications. -- 2.48.1 From b63d7e39763b53653b5b4efc61b5a871fb4b62dc Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 18:03:47 +0200 Subject: [PATCH 70/93] reformat architecture outline for readability --- architecture.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/architecture.md b/architecture.md index 0538b32..d9fcac4 100644 --- a/architecture.md +++ b/architecture.md @@ -118,10 +118,12 @@ Considered alternatives include: ## Architecture At the core of Fediversity lies a NixOS configuration module for a set of selected applications. -We will support using it with different run-time environments, such as a single NixOS machine or a ProxmoX hypervisor. -Depending on the targeted run-time environment, deployment will further involve OpenTofu as an orchestrator. -We further provide a [reference front-end](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/panel) to configure applications. -To ensure reproducibility, we also offer Nix packaging for our software. + +- We will enable using it with **different run-time environments**, such as a single NixOS machine or a ProxmoX hypervisor. +- Depending on the targeted run-time environment, deployment may involve [NixOps4](https://nixops.dev) or [OpenTofu](https://opentofu.org/) as an **orchestrator**. +- We further provide demo front-end for **configuring applications** and configuring **run-time backends**. + +To ensure reproducibility, all software will be packaged with Nix. To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). -- 2.48.1 From 8499e6329c1899ed7b3feed97e4ac743294a1e2d Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 18:04:12 +0200 Subject: [PATCH 71/93] capitalisation --- architecture.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/architecture.md b/architecture.md index d9fcac4..160fd88 100644 --- a/architecture.md +++ b/architecture.md @@ -133,11 +133,11 @@ To reach our goals, we aim to implement the following interactions between [acto The process of migrating one's applications to a different host encompasses: -1. domain registration: involves a (manual) update of DNS records at the registrar -1. deployed applications: using the reproducible configuration module -1. application data: - - back-up/restore scripts [using SelfHostBlocks](https://shb.skarabox.com/contracts.html) - - application-specific migration scripts, to e.g. reconfigure of connections/URLs +1. Domain registration: involves a (manual) update of DNS records at the registrar +1. Deploy applications: using the reproducible configuration module +1. Copy application data: + - Run back-up/restore scripts + - Run application-specific migration scripts, to e.g. reconfigure connections/URLs ### Data model -- 2.48.1 From 41a7ac66efd91e3e599c8f40b86d4cb5de3d30f3 Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 18:04:41 +0200 Subject: [PATCH 72/93] polish wording on architecture --- architecture.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/architecture.md b/architecture.md index 160fd88..54c80fc 100644 --- a/architecture.md +++ b/architecture.md @@ -141,14 +141,14 @@ The process of migrating one's applications to a different host encompasses: ### Data model -Whereas the bulk of our configuration logic is covered in the configuration schema, our reference front-end application does in fact store data. -The design for its data model to support the desired functionality is as follows, using the crow's foot notation to denote cardinality: +Whereas the bulk of our configuration logic is covered in the configuration schema, our reference front-end applications will store data. +The data model design for the configuration front-end needed support the desired functionality is as follows, using the crow's foot notation to denote cardinality: ### Host architecture -Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where VMs in question run Fediversity to offer our selected applications: +Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where virtual machines in question run Fediversity to offer our selected applications: ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) -- 2.48.1 From 9e6c39eb88c28937e91fd089127030ed6da03c2b Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Wed, 11 Jun 2025 18:04:58 +0200 Subject: [PATCH 73/93] replace copypaste of issue tracker with actual key results --- architecture.md | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/architecture.md b/architecture.md index 54c80fc..fdd1028 100644 --- a/architecture.md +++ b/architecture.md @@ -152,22 +152,20 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) -## Break-down of project milestones +## Breakdown of project milestones and key results Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: -1. [implement a way to run online services emphasising user autonomy and data portability](https://git.fediversity.eu/Fediversity/Fediversity/issues/347) - 1. [Finalize architecture doc](https://git.fediversity.eu/Fediversity/Fediversity/issues/39) - 1. [code-based migration data model](https://git.fediversity.eu/Fediversity/Fediversity/issues/103) - 1. [migrating application data between hosting providers](https://git.fediversity.eu/Fediversity/Fediversity/issues/100) - 1. [application offering generalised](https://git.fediversity.eu/Fediversity/Fediversity/issues/369) - 1. [NixOS configuration as the core abstraction](https://git.fediversity.eu/Fediversity/Fediversity/issues/339) -1. [disseminate our results by engaging the open-source community to further expand on work in this direction](https://git.fediversity.eu/Fediversity/Fediversity/issues/348) - 1. [automated dev-ops workflows](https://git.fediversity.eu/Fediversity/Fediversity/issues/224) - 1. [external developers empowered to contribute](https://git.fediversity.eu/Fediversity/Fediversity/issues/288) -1. [exploit our work by enabling reproducible deployments of an initial set of portable applications](https://git.fediversity.eu/Fediversity/Fediversity/issues/349) - 1. [applications deployed on command](https://git.fediversity.eu/Fediversity/Fediversity/issues/99) - 1. [kick-started initial feedback cycle](https://git.fediversity.eu/Fediversity/Fediversity/issues/225) - 1. [brought into production](https://git.fediversity.eu/Fediversity/Fediversity/issues/228) - 1. [nix-less bootstrap](https://git.fediversity.eu/Fediversity/Fediversity/issues/332) - 1. [key features improving user experience supported](https://git.fediversity.eu/Fediversity/Fediversity/issues/289) +- Implement a way to run online services emphasizing user autonomy and data portability + - Integration tests pass for + - Setting up a fediversity hosting environment from a declarative configuration + - Configuring, deploying, and migrating a set of dummy applications + - Code passes data protection audit +- Disseminate our results by engaging the open-source community to further expand on work in this direction + - Present results on at least 3 conferences + - At least 5 applications compatible with Fediversity thanks to external contributions by 2027-03 +- Exploit our work by enabling reproducible deployments of an initial set of portable applications + - There are 3 fediverse applications available out of the box: + - Mastodon + - PeerTube + - Pixelfed -- 2.48.1 From 37ca510a62b76036a7ce06ef4c3c244000794160 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 11 Jun 2025 18:11:11 +0200 Subject: [PATCH 74/93] reinstate costs section --- fediversity.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fediversity.md b/fediversity.md index 761e38a..3384799 100644 --- a/fediversity.md +++ b/fediversity.md @@ -304,6 +304,10 @@ Table 3.1h: Purchase costs | Description | Category | Cost (€) | Justification | |-|-|-|-| +| Test hardware | Other goods, works and services | 200.000 |

For our UX research we need to acquire a reasonable diverse set of tablets, PC's and mobile phones so that we can support actually used devices. This is essential to deliver the kind of support people expect from software in general, but cloud services (like our social networking products from the NGI technologies we choose). We want to create a test lab that is also accessible to the chosen technology developers at request. We will at least need to acquire the latest new models of popular phones and tablets other devices every 3 months (estimated total of 60 devices by the end of the project) and new models of laptops, chromebooks and the likes every 6 months (estimated total of 30 devices by the end of the project) and a few PC’s with various form-factors and operating systems (estimated total of 24 devices by the end of the project). We expect to be using about 50.000 of the budget for this.

Another substantial part will be used for a test-setup 'at scale' for running the actual services: server-hardware, networking-hardware, storage-systems. Also we need to account for hosting and networking-costs in dual locations.

We will acquire about 80 server-systems, 12 storage-systems, and some networking equipment housed in two locations. All hardware will be second-hand as to keep cost low.

For this we expect to be using about 130.000 of the budget.

The remaining 20.000 euro we want to spend on two or four openhardware servers based on OpenPower to run a small pilot as part of the test/development setup to see where it makes sense to use OpenHardware in the setup for running Fediverse software.

| +| Remaining purchase costs |   | 10.000 | Is for promotion and marketing material like stickers, banners, and other promotional material to hand out on each and every event we will visit. | +| Travel and subsistence |   | 15.000 | Will be used for traveling between the Netherlands, the Nordics, France and the rest of Europe for attending conferences and other meetups. | +| Total |   | 225.000 |   | Table 3.1.i: Other costs categories -- 2.48.1 From ef0bdd59e54592bf3a6231d1cb87e3f51cfeb849 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 11 Jun 2025 22:17:51 +0200 Subject: [PATCH 75/93] gantt: svg -> png --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 915f925..25b6f98 100644 --- a/fediversity.md +++ b/fediversity.md @@ -666,4 +666,4 @@ Consortium members have been instructed to stay clear from project proposals fro # Overview of project displayed in a Gantt chart -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/proposal-gantt/planning/gantt.svg) +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/proposal-gantt/planning/gantt.png) -- 2.48.1 From a2c0b08a1389f53ab9826ca15c5411adbc9d4c22 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 11 Jun 2025 22:50:06 +0200 Subject: [PATCH 76/93] reinstate nordunet as partner --- fediversity.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fediversity.md b/fediversity.md index 25b6f98..6f9185a 100644 --- a/fediversity.md +++ b/fediversity.md @@ -327,6 +327,11 @@ Web host dating back to the early stages of the internet. Today hosting public services like the NLUUG FTP server, one of the largest repositories of Open Source software in Europe and sites like [Mastodon.nl](https://mastodon.nl/) and [Petities.nl](https://petities.nl/) for the public good. Has a 'open source only' approach to running Internet IT Infrastructure. +[NORDUnet](https://nordu.net/) \~ NORDUnet is an international collaboration between the National research and education networks in the Nordic countries. +NORDUnet interconnects the Nordic national research and education networks and connects them to the worldwide network for research and education and to the general purpose Internet. +NORDUnet provides its services by a combination of leased lines and Internet services provided by other international operators. +NORDUnet has peering in multiple important internet exchange sites outside the Nordics, such as Amsterdam, Chicago, Frankfurt, London, Miami and New York. + # Ethics self-assessment **Human embryonic stem cells and human embryos** -- 2.48.1 From 777c3ed49d2d82b181f3c4b78b43fc8162356738 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 12 Jun 2025 11:03:51 +0200 Subject: [PATCH 77/93] can't find a working markdown include, i'd have sworn this worked --- default.nix | 4 +--- fediversity.md | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/default.nix b/default.nix index 93f6af6..6f4ab32 100644 --- a/default.nix +++ b/default.nix @@ -5,7 +5,6 @@ shell = pkgs.mkShellNoCC { packages = with pkgs; [ pandoc - pandoc-include texliveMedium librsvg ]; @@ -15,7 +14,6 @@ { buildInputs = with pkgs; [ pandoc - pandoc-include texliveMedium librsvg ]; @@ -23,6 +21,6 @@ '' mkdir -p $out pandoc ${./architecture.md} -o $out/architecture.pdf - pandoc --filter pandoc-include ${./fediversity.md} -o $out/fediversity.pdf + pandoc ${./fediversity.md} -o $out/fediversity.pdf ''; } diff --git a/fediversity.md b/fediversity.md index 6f9185a..9bf331e 100644 --- a/fediversity.md +++ b/fediversity.md @@ -286,9 +286,7 @@ We will integrate that aspect into the high level process on a best effort basis # Implementation and planning -```include -architecture.md -``` +See the split-out architecture document. ## Work plan and resources -- 2.48.1 From e3b136bb7340c121879c58bce48dc605e84d8d51 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 12 Jun 2025 11:42:54 +0200 Subject: [PATCH 78/93] restore wp number --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 9bf331e..be2e913 100644 --- a/fediversity.md +++ b/fediversity.md @@ -586,7 +586,7 @@ In our privacy policy we inform potential applicants that they can use an alias As long as a project is not accepted, the applicants real identity is not relevant to us. If the proposal never goes beyond that phase they can remain anonymous. -In order to review and process project proposals we need to grant access to the professional staff of NLnet foundation responsible for reviewing and running the open calls associated with Fediversity (WP3). +In order to review and process project proposals we need to grant access to the professional staff of NLnet foundation responsible for reviewing and running the open calls associated with Fediversity (WP4). Since confidentiality is a critical aspect of the trust relationship we have with projects, at no point in time will proposals be shared with third parties without explicity permission, not even partners within Fediversity. Sometimes opportunities will arise outside of the context of this fund, or there is a potential to support the project in some other way. At the time of submitting the proposal applicants either grant NLnet Foundation the right to keep any information submitted on record — should future funding opportunities arise — or not. -- 2.48.1 From 78b12c6fb090c98e4ad43d4d9a069ff4d1411422 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 12 Jun 2025 14:10:37 +0200 Subject: [PATCH 79/93] rm comments --- fediversity.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/fediversity.md b/fediversity.md index be2e913..4743c53 100644 --- a/fediversity.md +++ b/fediversity.md @@ -171,12 +171,8 @@ Some of them are: ## Measures to maximise impact - Dissemination, exploitation and communication - - ### Dissemination - - We've identified multiple dissemination measures we can apply to our project in our plan to engage the open-source community to further expand on work in this direction: 1. Offering automated dev-ops workflows. @@ -203,8 +199,6 @@ Concrete examples of dissemination activities for our project will include: ### Communication - - Our communication strategies are already partially integrated in the dissemination measure above, but we'll outline them more in depth. There are several communication strategies and measures that we will utilise during the whole lifespan of the project: @@ -223,8 +217,6 @@ There are several communication strategies and measures that we will utilise dur ### Exploitation - - Planned exploitation measures, primarily aimed at hosting organisations, include: 1. Work on integrating the software in an open-source package based around the use-case of a hosting provider. -- 2.48.1 From 06a33fcd3d09754912dfef1df22a018ca5399b3d Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 12 Jun 2025 14:36:04 +0200 Subject: [PATCH 80/93] fill out change log (ish) --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 4743c53..c3615fa 100644 --- a/fediversity.md +++ b/fediversity.md @@ -18,7 +18,7 @@ | 2023-10-12 | Page 41 | Updated Gant Chart | | 2023-10-12 | Page 3 | Added Open Source, Open Standards, Open Dependencies | | 2023-10-12 | Page 15 | Added work package interdependencies and added a new page | -| 2025-06-12 | Page x | See https://git.fediversity.eu/kiara/fedi-goals/commits/branch/main | +| 2025-06-12 | Page 1-26 | Added architecture document, rewrote to better emphasize data portability goal, increase supported applications | # Preamble -- 2.48.1 From 575726417faa0a8e16f8a6896fbbf1b739769157 Mon Sep 17 00:00:00 2001 From: cinereal Date: Thu, 12 Jun 2025 17:27:04 +0200 Subject: [PATCH 81/93] trunk images --- fediversity.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fediversity.md b/fediversity.md index c3615fa..867ddff 100644 --- a/fediversity.md +++ b/fediversity.md @@ -98,7 +98,7 @@ To give a clear view of what interdepencies we expect: This diagram graphically represents the relations: -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/proposal-gantt/planning/work-packages.png) +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/planning/work-packages.png) # Impact @@ -661,4 +661,4 @@ Consortium members have been instructed to stay clear from project proposals fro # Overview of project displayed in a Gantt chart -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/proposal-gantt/planning/gantt.png) +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/planning/gantt.png) -- 2.48.1 From 323e5203449ae04fa69616c64c6c7d807eeaf3c7 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 13 Jun 2025 07:21:54 +0200 Subject: [PATCH 82/93] split out css, reinstate readme over network image access --- README.md | 5 ++++- default.css | 3 +++ default.nix | 4 ++-- fediversity.md | 2 -- 4 files changed, 9 insertions(+), 5 deletions(-) create mode 100644 default.css diff --git a/README.md b/README.md index 7e39390..359d210 100644 --- a/README.md +++ b/README.md @@ -7,5 +7,8 @@ Build a PDF: > It will take a while to download dependencies! ```bash -nix-build -A pdf +pandoc ./architecture.md -o ./architecture.html --css default.css +pandoc ./fediversity.md -o ./fediversity.html --css default.css +pandoc ./architecture.md -o ./architecture.pdf --css default.css +pandoc ./fediversity.md -o ./fediversity.pdf --css default.css ``` diff --git a/default.css b/default.css new file mode 100644 index 0000000..6995fb5 --- /dev/null +++ b/default.css @@ -0,0 +1,3 @@ +* { + font-family: sans-serif; +} diff --git a/default.nix b/default.nix index 6f4ab32..898834c 100644 --- a/default.nix +++ b/default.nix @@ -20,7 +20,7 @@ } '' mkdir -p $out - pandoc ${./architecture.md} -o $out/architecture.pdf - pandoc ${./fediversity.md} -o $out/fediversity.pdf + pandoc ${./architecture.md} -o $out/architecture.pdf --css default.css + pandoc ${./fediversity.md} -o $out/fediversity.pdf --css default.css ''; } diff --git a/fediversity.md b/fediversity.md index 867ddff..023217a 100644 --- a/fediversity.md +++ b/fediversity.md @@ -1,5 +1,3 @@ - - Fediversity # Index -- 2.48.1 From fa0d8b24fa0d6ee60adaadf35843dafdca40be13 Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 13 Jun 2025 08:42:22 +0200 Subject: [PATCH 83/93] final feedback --- architecture.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/architecture.md b/architecture.md index fdd1028..7b77072 100644 --- a/architecture.md +++ b/architecture.md @@ -5,7 +5,7 @@ The group developing and maintaining this project. We are creating the deployment workflows and service configurations, and curate changes proposed by contributors. -- Contributors +- Developers People with the technical background to engage with our work, and may contribute back, build on top of, remix, or feel inspired by our work to create something better. @@ -160,7 +160,6 @@ Whereas details of the implementation may need to be decided as the technical ch - Integration tests pass for - Setting up a fediversity hosting environment from a declarative configuration - Configuring, deploying, and migrating a set of dummy applications - - Code passes data protection audit - Disseminate our results by engaging the open-source community to further expand on work in this direction - Present results on at least 3 conferences - At least 5 applications compatible with Fediversity thanks to external contributions by 2027-03 -- 2.48.1 From c72df95eec4e9f938623da2d1d04ac1983081d9f Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 13 Jun 2025 08:44:49 +0200 Subject: [PATCH 84/93] update changelog --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index 023217a..f903a25 100644 --- a/fediversity.md +++ b/fediversity.md @@ -16,7 +16,7 @@ | 2023-10-12 | Page 41 | Updated Gant Chart | | 2023-10-12 | Page 3 | Added Open Source, Open Standards, Open Dependencies | | 2023-10-12 | Page 15 | Added work package interdependencies and added a new page | -| 2025-06-12 | Page 1-26 | Added architecture document, rewrote to better emphasize data portability goal, increase supported applications | +| 2025-06-13 | Page 1-26 | Added architecture document, rewrote to better emphasize data portability goal, define key results, increase supported applications | # Preamble -- 2.48.1 From a704391b3e692b61afa450d7750d9d19aa94eeee Mon Sep 17 00:00:00 2001 From: cinereal Date: Fri, 13 Jun 2025 08:47:34 +0200 Subject: [PATCH 85/93] add title --- architecture.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/architecture.md b/architecture.md index 7b77072..96b2dd8 100644 --- a/architecture.md +++ b/architecture.md @@ -1,3 +1,5 @@ +# Fediversity Implementation and planning + ## Actors - Maintainers -- 2.48.1 From 5babd83d3438adc6d2fe649665b1b78d429c9ec5 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 15 Jun 2025 14:41:44 +0200 Subject: [PATCH 86/93] add toc --- fediversity.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fediversity.md b/fediversity.md index f903a25..3dbd810 100644 --- a/fediversity.md +++ b/fediversity.md @@ -1,6 +1,7 @@ -Fediversity - -# Index +--- +title: Fediversity +toc: true +--- # History of changes @@ -657,6 +658,6 @@ In fact, the ability to reach motivated and qualified people aligned with the co Given the clear and consistent separation between the rest of the consortium and the selection process, and the strong quality guarantees from the whole procedure, NLNet and the rest of the Fediversity consortium elected to place no restrictions on proposals from the non-commercial constituencies surrounding the consortium partners in Fediversity — with of course the noted exception of the grantmaking organisation (NLnet foundation). Consortium members have been instructed to stay clear from project proposals from their constituencies, and are aware that failing to keep adequate distance to proposals from their constituencies will disqualify the proposals involved. -# Overview of project displayed in a Gantt chart +# Project planning ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/planning/gantt.png) -- 2.48.1 From 03db9044143cd4fd61e0c354a4c420760960c412 Mon Sep 17 00:00:00 2001 From: cinereal Date: Sun, 15 Jun 2025 14:54:29 +0200 Subject: [PATCH 87/93] move key results to main document --- architecture.md | 17 ----------------- fediversity.md | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/architecture.md b/architecture.md index 96b2dd8..e6ea0b1 100644 --- a/architecture.md +++ b/architecture.md @@ -153,20 +153,3 @@ The data model design for the configuration front-end needed support the desired Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where virtual machines in question run Fediversity to offer our selected applications: ![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) - -## Breakdown of project milestones and key results - -Whereas details of the implementation may need to be decided as the technical challenges involved become clear, we can already give a higher-level planning of relevant milestones and some of their salient features: - -- Implement a way to run online services emphasizing user autonomy and data portability - - Integration tests pass for - - Setting up a fediversity hosting environment from a declarative configuration - - Configuring, deploying, and migrating a set of dummy applications -- Disseminate our results by engaging the open-source community to further expand on work in this direction - - Present results on at least 3 conferences - - At least 5 applications compatible with Fediversity thanks to external contributions by 2027-03 -- Exploit our work by enabling reproducible deployments of an initial set of portable applications - - There are 3 fediverse applications available out of the box: - - Mastodon - - PeerTube - - Pixelfed diff --git a/fediversity.md b/fediversity.md index 3dbd810..ef07840 100644 --- a/fediversity.md +++ b/fediversity.md @@ -72,6 +72,20 @@ The proposed work aligns with this objective by show-casing a way to run digital Tests will concisely describe the abilities the Fediversity system provides. These tests can be run on any sufficiently powerful machine with [Nix](https://nixos.org) installed, and reliably validate that the use cases work as intended. The proposed work is realistically achievable. +To make the objectives measurable, we propose using the following key results: + +1. Implement a way to run online services emphasizing user autonomy and data portability + - Integration tests pass for + - Setting up a fediversity hosting environment from a declarative configuration + - Configuring, deploying, and migrating a set of dummy applications +1. Disseminate our results by engaging the open-source community to further expand on work in this direction + - Present results on at least 3 conferences + - At least 5 applications compatible with Fediversity thanks to external contributions by 2027-03 +1. Exploit our work by enabling reproducible deployments of an initial set of portable applications + - There are 3 fediverse applications available out of the box: + - Mastodon + - PeerTube + - Pixelfed ## Methodology challenges -- 2.48.1 From af65e0b80d8cf25b1da7e5331a1897238fb078ec Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 16 Jun 2025 09:27:44 +0200 Subject: [PATCH 88/93] add matrix as per koen's verbal promise --- fediversity.md | 1 + 1 file changed, 1 insertion(+) diff --git a/fediversity.md b/fediversity.md index ef07840..ff755be 100644 --- a/fediversity.md +++ b/fediversity.md @@ -86,6 +86,7 @@ To make the objectives measurable, we propose using the following key results: - Mastodon - PeerTube - Pixelfed + - Matrix ## Methodology challenges -- 2.48.1 From 811c4743bae664bda62ceadfca9076a3dce44fc4 Mon Sep 17 00:00:00 2001 From: cinereal Date: Mon, 16 Jun 2025 09:34:52 +0200 Subject: [PATCH 89/93] update text --- fediversity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fediversity.md b/fediversity.md index ff755be..d23a6dd 100644 --- a/fediversity.md +++ b/fediversity.md @@ -82,7 +82,7 @@ To make the objectives measurable, we propose using the following key results: - Present results on at least 3 conferences - At least 5 applications compatible with Fediversity thanks to external contributions by 2027-03 1. Exploit our work by enabling reproducible deployments of an initial set of portable applications - - There are 3 fediverse applications available out of the box: + - The following Fediverse applications are available out of the box: - Mastodon - PeerTube - Pixelfed -- 2.48.1 From 470a687110c8fb5e985f8f9b19174a8749619210 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 25 Jun 2025 10:20:25 +0200 Subject: [PATCH 90/93] update diagrams --- architecture.md | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/architecture.md b/architecture.md index e6ea0b1..5821987 100644 --- a/architecture.md +++ b/architecture.md @@ -127,9 +127,32 @@ At the core of Fediversity lies a NixOS configuration module for a set of select To ensure reproducibility, all software will be packaged with Nix. -To reach our goals, we aim to implement the following interactions between [actors](#actors) (depicted with rounded corners) and system components (see the [glossary](#glossary), depicted with rectangles). +To reach our goals, we aim to implement the following interactions. + +The used legend is as follows: + +- Circle: [actor](#actors) +- Angled box: type +- Rectangle: value +- Rounded box: function +- Diamond: state +- Arrow: points towards dependant + +For further info on components see the [glossary](#glossary). + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions-migration.svg) +### Configuration data flow + +This data flow diagram refines how a deployment is obtained from an operator's application configuration and a hosting provider's runtime setup. + +An **application module** specifies operator-facing **application options**, and a **resource mapping** which determines the application's underlying implementation. Application modules can be supplied by external developers, which would curate application modules against that interface. + +For its runtime setup, a hosting provider has to supply a **resource mapping** that would take their self-declared **provider configuration** (which determines the *available* resources) and the output of an application's resource mapping (which determine resource *requirements*) and produce a **configuration**. This configuration ships with a mechanism to be *deployed* to the infrastructure (which is described by the environment, and features the required resources), where it will accumulate **application state**. + +Applications and runtime environments thus interface through **resources**, the properties of which are curated by Fediversity maintainers. + +![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions-fediversity.svg) -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions.svg) ### Service portability -- 2.48.1 From 344dce00a31b4b064652a0b8156bfd7ce01d84d9 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 25 Jun 2025 10:51:54 +0200 Subject: [PATCH 91/93] update glossary to reflect configuration data flow --- architecture.md | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/architecture.md b/architecture.md index 5821987..fd222cb 100644 --- a/architecture.md +++ b/architecture.md @@ -58,32 +58,22 @@ Move service configurations and deployments (including user data) from one hosting provider to another. -- Runtime backend +- Run-time backend - A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container runtime. + A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container run-time. -- Runtime environment +- Provider - The thing a deployment runs on, an interface against which the deployment is working. See runtime backend. + An interface against which we deploy to a run-time backend. -- Runtime configuration +- Provider configuration - A specification for mapping components of a configuration to the runtime environment, e.g. which services to deploy to which virtual machines, or how to access object storage. - -- [NixOps4](https://nixops.dev) - - A tool to interact with mutable external resources based on declarations in the [Nix language](https://nix.dev/manual/nix/latest/language/). + A configuration that specifies resources made available to deploy to and how to access these. - Resource - A [resource for NixOps4](https://nixops.dev/manual/development/concept/resource.html) is any external entity that can be declared with NixOps4 expressions and manipulated with NixOps4, such as a virtual machine, an active NixOS configuration, a DNS entry, or customer database. - -- Resource provider - - A resource provider for NixOps4 is an executable that communicates between a resource and NixOps4 using a standardised protocol, allowing [CRUD operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) on the resources to be performed by NixOps4. - Refer to the [NixOps4 manual](https://nixops.dev/manual/development/resource-provider/index.html) for details. - - > Example: We need a resource provider for obtaining deployment secrets from a database. + A resource is any external entity that we need for our set-up + This may include e.g. hypervisors, file systems, DNS entries, VMs or object storage instances. ## Technologies used @@ -145,7 +135,7 @@ For further info on components see the [glossary](#glossary). This data flow diagram refines how a deployment is obtained from an operator's application configuration and a hosting provider's runtime setup. -An **application module** specifies operator-facing **application options**, and a **resource mapping** which determines the application's underlying implementation. Application modules can be supplied by external developers, which would curate application modules against that interface. +An **application module** specifies operator-facing **application options**, and a **configuration mapping** which determines the application's underlying implementation. Application modules can be supplied by external developers, which would curate application modules against that interface. For its runtime setup, a hosting provider has to supply a **resource mapping** that would take their self-declared **provider configuration** (which determines the *available* resources) and the output of an application's resource mapping (which determine resource *requirements*) and produce a **configuration**. This configuration ships with a mechanism to be *deployed* to the infrastructure (which is described by the environment, and features the required resources), where it will accumulate **application state**. -- 2.48.1 From bfea8fcb80f03a81f9724df229c5fef528779f23 Mon Sep 17 00:00:00 2001 From: kiara Date: Sun, 6 Jul 2025 13:07:57 +0200 Subject: [PATCH 92/93] add reference to data model --- architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture.md b/architecture.md index fd222cb..b9f541f 100644 --- a/architecture.md +++ b/architecture.md @@ -156,7 +156,7 @@ The process of migrating one's applications to a different host encompasses: ### Data model -Whereas the bulk of our configuration logic is covered in the configuration schema, our reference front-end applications will store data. +Whereas the bulk of our configuration logic is covered in the configuration schema, [implemented here](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/deployment/data-model.nix) and [tested here](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/deployment/data-model-test.nix), our reference front-end applications will store data. The data model design for the configuration front-end needed support the desired functionality is as follows, using the crow's foot notation to denote cardinality: -- 2.48.1 From b7b7a651d3066c474fc716caf5af615f2a9a8b22 Mon Sep 17 00:00:00 2001 From: cinereal Date: Wed, 9 Jul 2025 15:47:46 +0200 Subject: [PATCH 93/93] upstream architecture document --- architecture.md | 168 ------------------------------------------------ fediversity.md | 2 +- 2 files changed, 1 insertion(+), 169 deletions(-) delete mode 100644 architecture.md diff --git a/architecture.md b/architecture.md deleted file mode 100644 index b9f541f..0000000 --- a/architecture.md +++ /dev/null @@ -1,168 +0,0 @@ -# Fediversity Implementation and planning - -## Actors - -- Maintainers - - The group developing and maintaining this project. - We are creating the deployment workflows and service configurations, and curate changes proposed by contributors. - -- Developers - - People with the technical background to engage with our work, and may contribute back, build on top of, remix, or feel inspired by our work to create something better. - -- Hosting provider - - They provide and maintain the physical infrastructure, and run the software in this repository, through which operators interact with their deployments. - Hosting providers are technical administrators for these deployments, ensuring availability and appropriate performance. - - We target small- to medium-scale hosting providers with 20+ physical machines. - -- Operator - - They select the applications they want to run. - They don't need to own hardware or deal with operations. - Operators administer their applications in a non-technical fashion, e.g. as moderators. - They pay the hosting provider for registering a domain name, maintaining physical resources, and monitoring deployments. - -- User - - They are individuals using applications run by the operators, and e.g. post content. - -## Glossary - -- [Fediverse](https://en.wikipedia.org/wiki/Fediverse) - - A collection of social networking applications that can communicate with each other using a common protocol. - -- Application - - User-facing software (e.g. from Fediverse) configured by operators and used by users. - -- Configuration - - A collection of settings for a piece of software. - - > Example: Configurations are deployed to VMs. - -- Provision - - Make a resource, such as a virtual machine, available for use. - -- Deploy - - Put software onto computers. - The software includes technical configuration that links software components. - -- Migrate - - Move service configurations and deployments (including user data) from one hosting provider to another. - -- Run-time backend - - A type of digital environment one can run operating systems such as NixOS on, e.g. bare-metal, a hypervisor, or a container run-time. - -- Provider - - An interface against which we deploy to a run-time backend. - -- Provider configuration - - A configuration that specifies resources made available to deploy to and how to access these. - -- Resource - - A resource is any external entity that we need for our set-up - This may include e.g. hypervisors, file systems, DNS entries, VMs or object storage instances. - -## Technologies used - -This is an incomplete and evolving list of core components planned to be used in this project. -It will grow to support more advanced use cases as the framework matures. - -### Nix and [NixOS](https://nixos.org/) - -NixOS is a Linux distribution with a [vibrant](https://repology.org/repositories/graphs), [reproducible](https://reproducible.nixos.org/) and [security-conscious](https://tracker.security.nixos.org/) ecosystem. -As such, we see NixOS as the only viable way to reliably create a reproducible outcome for all the work we create. - -Considered alternatives include: - -- containers: do not by themselves offer the needed reproducibility - -### [Proxmox](https://proxmox.com/) - -Proxmox is a hypervisor, allowing us to create VMs for our applications while adhering to our goal of preventing lock-in. -In addition, it has been [packaged for Nix](https://github.com/SaumonNet/proxmox-nixos) as well, simplifying our requirements to users setting up our software. - -Considered alternatives include: - -- OpenNebula: seemed less mature - -### [Garage](https://garagehq.deuxfleurs.fr/) - -Garage is a distributed object storage service. -For compatibility with existing clients, it reuses the protocol of Amazon S3. - -Considered alternatives include: - -- file storage: less centralized for backups - -## Architecture - -At the core of Fediversity lies a NixOS configuration module for a set of selected applications. - -- We will enable using it with **different run-time environments**, such as a single NixOS machine or a ProxmoX hypervisor. -- Depending on the targeted run-time environment, deployment may involve [NixOps4](https://nixops.dev) or [OpenTofu](https://opentofu.org/) as an **orchestrator**. -- We further provide demo front-end for **configuring applications** and configuring **run-time backends**. - -To ensure reproducibility, all software will be packaged with Nix. - -To reach our goals, we aim to implement the following interactions. - -The used legend is as follows: - -- Circle: [actor](#actors) -- Angled box: type -- Rectangle: value -- Rounded box: function -- Diamond: state -- Arrow: points towards dependant - -For further info on components see the [glossary](#glossary). - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions-migration.svg) -### Configuration data flow - -This data flow diagram refines how a deployment is obtained from an operator's application configuration and a hosting provider's runtime setup. - -An **application module** specifies operator-facing **application options**, and a **configuration mapping** which determines the application's underlying implementation. Application modules can be supplied by external developers, which would curate application modules against that interface. - -For its runtime setup, a hosting provider has to supply a **resource mapping** that would take their self-declared **provider configuration** (which determines the *available* resources) and the output of an application's resource mapping (which determine resource *requirements*) and produce a **configuration**. This configuration ships with a mechanism to be *deployed* to the infrastructure (which is described by the environment, and features the required resources), where it will accumulate **application state**. - -Applications and runtime environments thus interface through **resources**, the properties of which are curated by Fediversity maintainers. - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/interactions-fediversity.svg) - - -### Service portability - -The process of migrating one's applications to a different host encompasses: - -1. Domain registration: involves a (manual) update of DNS records at the registrar -1. Deploy applications: using the reproducible configuration module -1. Copy application data: - - Run back-up/restore scripts - - Run application-specific migration scripts, to e.g. reconfigure connections/URLs - -### Data model - -Whereas the bulk of our configuration logic is covered in the configuration schema, [implemented here](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/deployment/data-model.nix) and [tested here](https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/deployment/data-model-test.nix), our reference front-end applications will store data. -The data model design for the configuration front-end needed support the desired functionality is as follows, using the crow's foot notation to denote cardinality: - - - -### Host architecture - -Whereas the core abstraction in Fediversity is a NixOS configuration module, a more full-fledged example architecture of the web host use-case we aim to support as part of our exploitation would be as follows, where virtual machines in question run Fediversity to offer our selected applications: - -![](https://git.fediversity.eu/Fediversity/meta/raw/branch/main/architecture-docs/host-architecture.png) diff --git a/fediversity.md b/fediversity.md index d23a6dd..2bd56c3 100644 --- a/fediversity.md +++ b/fediversity.md @@ -292,7 +292,7 @@ We will integrate that aspect into the high level process on a best effort basis # Implementation and planning -See the split-out architecture document. +See the split-out [architecture document](https://git.fediversity.eu/Fediversity/meta/src/branch/main/architecture-docs/architecture.md). ## Work plan and resources -- 2.48.1