add braindump of random notes about project context, to hopefully reconcile with others' thoughts

Afaict there is no source document and only this pdf

architecture-docs/2025-03-31-ssh-strategy.md

@@ -0,0 +1,76 @@
+# ssh access strategy
+
+some notes on our current status, challenges and ways to address these
+
+## questions
+
+- [x] which keys do we accept on which users on which machines (infra/test)?
+- [x] when deploying (by nixops/tf, machines infra/test, separate/local/deployed), which user and key do we pass?
+
+## background
+
+<!-- - manual setup kevin -->
+  <!-- - `nixos-24.05-minimal-x86_64.iso` -->
+  <!-- - `users.users.procolix.openssh.authorizedKeys.keys` (procolix SSH jump nodes) -->
+- manual setup @niols
+  - sync machines' `/etc/ssh/ssh_host_ed25519_key.pub` to:
+    - `infra/test-machines/testxx/ssh_host_ed25519_key` (test machines)
+    - `keys/systems/fedixxx.pub` (infra)
+
+## challenges
+
+- TF messing up non-root SSH access (`/etc/ssh/authorized_keys.d` absent)
+- TF not having a clear SSH strategy for production
+  - machine key? how to select the right user/key? how does nixops handle this?
+- testing the panel locally not having a clear SSH strategy with password-protected SSH keys
+
+## strategy
+
+### which keys to accept on which users on which machines
+
+- fedixxx/test0x
+  <!-- - procolix -->
+    <!-- - procolix jump nodes -->
+  - root
+    - fediversity team's individual keys
+  - personal
+    - personal (protected)
+- test0x: a passwordless wheel account (personal accounts? root too?) should allow also an unprotected ssh key (personal?)
+
+### how to use SSH on deployment
+
+#### user
+
+(note that `desired` columns are focused on the scope of #76, so keeping e.g. security considerations out of scope.)
+
+| context | current | desired |
+|-|-|-|
+| nixops infra | root | root |
+| nixops local | root | root |
+| protected? nixops panel local | root | root |
+| nixops panel deployed | root | root |
+| tf local | personal (hard-coded) | root |
+| protected? tf panel local | personal (hard-coded) | root |
+| tf panel deployed | personal (hard-coded) | root |
+| tf infra | root | root |
+
+#### key
+
+| context | current | desired |
+|-|-|-|
+| nixops infra | personal (thru ssh agent) | (protected) personal key |
+| nixops local | personal (thru ssh agent) | personal |
+| nixops panel local | personal (thru ssh agent, failed to handle password protection) | (unprotected) personal key |
+| nixops panel deployed | machine key (thru ssh agent) | machine key |
+| tf local | personal (thru ssh agent, password can be passed explicitly) | personal (unprotected, or if protected by passing it explicitly) |
+| tf panel local | personal (thru ssh agent, password can be passed explicitly) | personal (unprotected, or if protected by passing it explicitly) |
+| tf panel deployed | machine key (thru ssh agent) | machine key |
+| tf infra | n/a | (protected) personal key (with password propagated, somehow) |
+
+## outcomes
+
+added sub-tasks to:
+
+- #272
+- #76
+ - #274

meeting-notes/2025-03-31 demo rehearsel.md

@@ -0,0 +1,31 @@
+**Demo rehearsel:** 2025-03-31 @10:00     
+**Present:** Kiara, Koen, Ronny, Kevin, Gheorghe, Robert, Bjorn, Valentin, Nicolas, Hans  
+**Absent:** Eric (known)  
+
+__Agenda__  
+* Koen starts with presenting
+* Kevin will present the demo  
+
+__Presentation & Demo notes__   
+* Financed by EC, not "being" from EC. 
+* I suggest to say Prototype and not Product for now.
+* I thought we were going to use the coloured EU flag(@Ronnynote: Koen is using an older version of the pdf.../ auch, okay)
+* We need a bit more 'what is the mvp about'/'what is the demo about'
+* s/Hello world/Welcome
+* First show that the apps are not deployed yet. Let people visit the urls themselves 
+* Can we make the split screen in demo wide, instead of long? (@kevinnote: yes but this was only normal sized monitor i have at the moment)
+* Because of the elementary graphical interface, maybe a lower resolution of display will make the command text greater.
+* When speak about the interface would be nice to have it visible on the screen.
+* The argument for having ops done by professionals needs some polish => we are targeted at organisations (if you can run your own hardware, go!)
+* Why skip slides? Will not skip.
+* benefits providers: these are the benefits FOR providers
+* Maybe don't switch between the presentation & demo. It's a bit distracting. (hans: I think that's a good thing, it breaks it up in different bits that makes it a bit more lively)
+* I would suggest to add in the benefits and the other images also the Services offered to the Users to give the whole image of the prototype.
+* The architecture diagram is an old one. The NixPanel is no more there.
+* Nix is not an operating system ;..)
+	* roberth: One term keeps it simple and is good enough
+	* Nix is a system for building software more reproducibly
+* The old NixPanel in the architecture is not mapped by the Django(Python) description.
+* People can't write comments on Forgejo without an account, and there's no way to register
+* Why not Develop & contribute Django (Python) in How to participate?
+* Incantation -> Incarnation

meeting-notes/2025-03-31 standup notes.md

@@ -0,0 +1,33 @@
+​**Standup:** 2025-03-31 @09:30  
+**Present:** Kiara, Koen, Ronny, Kevin, Gheorghe, Robert, Bjorn, Valentin, Nicolas   
+**Absent:** Hans (known), Eric (known)   
+
+* Kiara
+	* Past day(s): continue on deploy button online
+	* Today: investigate SSH strategy for above and to deal with password-protected SSH keys
+* Koen
+	* now have some experience with pixelfed
+	* want ​to upgrade the pixelfed cluster this afternoon and bring it live this evening so we can announce it tomorrow before the conference
+* Kevin
+	* Worked on the panel friday, it shows now if the deploy was a succes and which services have been deployed
+	* today can work more on the panel but dont know what yet will discuss with kiara
+* Bjorn
+	* Friday: Partnermeeting 
+	* Today: demo & prep for Fediforum
+* Valentin
+	* Wrote up design discussion on configuration data model versioning and format conversion
+	* Internal meetings
+* Nicolas
+	* Last week disabling the machine
+	* Working on reproducing the NixOps4 upstream deployment test
+		* Got stuck with providing DNS within the sandbox
+			* Robert: there's some code I can give you for that
+* Gheorghe
+	* No blockers
+	* Friday: Internal PM activities
+	* Today: Internal PM activities
+* Ronny
+	* Good partnermeeting on Friday
+* Robert
+	* Finishing up flake input override support (needed for ad hoc testing, generally useful)
+	* Next: stateful resources

meeting-notes/2025-03-31-design-meeting.md

@@ -0,0 +1,47 @@
+# Visual design meeting 2025-03-31
+
+Present: {thijs,timon}@slik, {koen,kevin,kiara}@procolix
+
+- thijs: updated the designs as per the last meeting, supporting workspaces, dark/light themes, (implied) usage graphs, future fediverse services, updated theme
+- koen: maybe categorize services using tags, e.g. fediverse, productivity, chat, video, microblogging
+- thijs: so allow filtering by this too?
+- koen: yes
+- kiara: i like the new design
+- koen: KDE's designs looks pretty, maybe also look at that
+- timon: *clicks mastodon install, leading to detail page*
+- koen: maybe allow batch selecting to install, as in current barebones technical implementation
+- koen: please add icons for more applications
+- timon: *showing preview page for mastodon*
+- koen: again, minimize needed clicks, e.g. using basic vs advanced install rather than 'install' vs 'manage', then allow users to maybe tweak after
+- thijs: then just do 'install' vs 'manage' as you probably don't want non-basic installs, so people can tweak after
+- koen: you should be able to just use them when installed, afterwards change 'install' button to like 'go to your instance'
+- koen: i like the detail page's log view, may end up long tho, so maybe add a 'show more' ellsion
+- timon: fleshed out the settings view, as well as a users list
+- thijs: the users list is more an example of a CRUD page, as you mentioned wanting to do SSO/LDAP before
+- koen: again, distinguish stuff everyone should see vs advanced settings we by default should not bother busy non-technical users with
+- thijs: you have not configured a domain yet, so cannot deploy mastodon yet - we should probably nag people on mandatory settings they have yet to set, also show progress bar for this
+- koen: start simple, then show everything when desired
+- thijs: different ways to not scare people off, not sure scaring people with advanced settings is the way, you could instead just show optional settings
+- koen: still sounds scary
+- thijs: otherwise may not notice what you can do with it
+- thijs: you may not know a user's role up-front
+- koen: start as basic user
+- thijs: sysadmins will feel confused tho
+- koen: maybe ask in the onboarding / sign-up what role you want
+- thijs: onboarding, what else?
+- thijs: we made sure to use only open-source fonts and icons
+- koen: i see some details we will not use: e.g. pricing plans ending in 99, pricing plans worded to sell rather than offer transparency (wording shown in design: 'perfect' without elaboration as to why), pricing that needs explaining so people can understand why they should not feel ripped off
+- kiara: isn't usage much more fungible?
+- koen: we should show those from the panel, but there are different ways to approach this as per an operator's business model
+- thijs: maybe hosts should get to choose how to approach this
+- koen: agree, companies will have limited resources and may prefer to not make things too granular, tho in larger set-ups one may need to be able to better justify how pricing scales
+- thijs: do we always want to add a link to the price/value breakdown for every plan?
+- koen: by default yes, if you don't want that, it's open-source so you can fork if you like
+- thijs: thanks - what else should we change for tomorrow?
+- koen: maybe add graphs over time on disk space and number of applications deployed
+- kiara: actually whether the background looks grey or white-ish for me depends on which monitor i view it on
+- thijs: ok let's make it a bit lighter still
+- koen: maybe also add user settings like advanced/novice, allow scrolling thru the app list, add an icon as per fediversity.eu (NGI - fediversity)
+- koen: from pic 'many branches of the fediverse' use: lemmy, bookwyrm, funkwhale, friendica, castopod, writefreely, matrix, owncast, peertube, forgejo, passbolt
+- kiara: this image already shows potential tags too
+- thijs: we'll try and add the configurable color themes too

meeting-notes/2025-04-07-project-context-braindump.md

@@ -0,0 +1,309 @@
+- context
+  - status quo
+    - geopolitics
+      - surveillance
+    - capital accumulation
+      - monopolistic gatekeepers
+      - big tech
+    - legislation
+      - digital markets act
+      - digital services act
+    - fediverse
+      - open-source
+      - federated
+      - various applications
+      - limited momentum
+        - self-hosting
+          - expertise
+            - containers
+            - configuration
+              - SSO
+              - LDAP
+          - sysadmin burden
+            - operating systems
+            - reproducibility
+            - network security
+            - software LCM
+            - backups
+    - state of the internet
+      - network-effect-fueled oligopolies
+      - commercial interests
+      - enshittification
+      - misinformation
+      - surveillance
+      - manipulation
+        - gamification
+      - polarization
+      - IP harvested by scrapers to spam the internet with AI slop
+      - gamification-fueled addiction
+      - lack of democratic control
+      - illegal content
+      - covert foreign/commercial online influencing campaigns
+        - cambridge analytica
+      - polarizing filter bubbles from engagement-fueled algorithms
+        - stratify society
+        - may culminate in terrorism
+          - qanon's role in Jan 6 capitol insurrection
+      - energy usage of data centers and AI
+    - open-source
+      - devops
+        - nixos
+          - developer-centric
+      - self-hosting
+        - yunohost
+      - fediverse
+    - innovation cycle
+      - research
+      - commerce
+      - dissemination
+        - commons
+        - distribution
+  - ecosystem
+    - stakeholders
+      - EU
+        - NGI
+          - [report](https://nlnet.nl/fediversity/)
+            - let users separate content and data from internet-based sofware and services
+            - re-establish boundaries between content owner and service provider
+            - allow mixing/matching alternative/complementary services
+            - service portability + data decoupling
+            - achieve openness to new entrants
+              - unlock clustered service verticals with dominant market positions
+          - presentation
+            - commons
+              - context
+                - security
+                - economy
+                - geopolitics
+              - why
+                - sovereignty
+                - trust
+                - collaboration
+                - european declaration on digital rights and principles
+                  - privacy protection
+                  - user control and choice
+                  - portability
+                  - inclusion
+                  - decentralisation
+            - NGI
+              - internet commons
+                - hardware
+                - libraries
+                - distribution
+                - server apps
+                - client apps
+      - nlnet
+      - OIDF
+        - intro
+          - fundamental right of individuals
+            - privacy
+            - self-determination
+            - freedom of expression
+          - internet is crucial infrastructure that should be maintainable long-term
+            - nixos
+          - transparency
+            - open software
+    - fediversity
+      - presentation
+        - objective
+          - bring easy-to-use, budget-conscious, _federated_ hosted cloud services to organisations and individuals
+        - goals
+          - digital autonomy
+          - innovation
+          - service/data portability
+          - federated decentralized services
+          - sustainable economic ecosystem
+          - open
+        - benefits
+          - providers
+            - ease of operations
+            - share investments
+            - lower maintenance
+            - ease of deployment
+            - part of a larger ecosystem
+          - users
+            - easy of use
+            - data portability
+            - no vendor lock-in
+            - service portability
+            - digital sovereignty
+            - independence from big tech
+        - principles + assumptions
+          - run on hardware
+          - target providers to offer federated services
+            - digital sovereignty
+            - ease dev/maintenance
+            - ease deployment/running of federated services
+          - federated decentralised OSS using open standards
+          - service portability
+        - tech stack
+          - django
+          - nixos
+          - nix packages
+          - nixops4
+          - proxmox
+          - bare-metal hardware
+          - custom code and databases
+        - services
+          - Mastodon
+          - PixelFed
+          - PeerTube
+          - Matrix
+          - Nexcloud
+          - Stalwart
+          - Owncast
+          - Lemmy
+          - EduMEET
+      - [objectives](https://nlnet.nl/fediversity/background/)
+        - primary
+          - new technical building blocks
+            - 3 partners
+        - secondary
+          - funding mechanism
+            - nlnet
+      - [NGI emphasis](https://www.ngi.eu/ngi-projects/ngi-fediversity/)
+        - replaces traditional social networking
+        - create a practical, user-friendly, and secure communication environment
+    - NGOs
+      - waag
+        - [state of the internet](https://waag.org/en/event/state-internet-2025/)
+          - retake internet from US big tech
+          - regulate tech as we do other fields
+        - marleen stikker
+          - book: 'het internet is stuk - maar we kunnen het repareren'
+            - history of the internet explaining big tech platforms as step back in sovereignty
+            - technology is not neutral
+            - emphasizes human values over techno-optimism pushed by silicon valley
+            - role of data access
+              - understanding
+              - democracy
+              - control
+            - mentions historical role of tactical media
+      - [EuroStack](https://www.euro-stack.info/#eurostack)
+        - goals
+          - Sovereignty and Security
+          - Sustainability
+          - Decentralized Sovereign Infrastructure
+          - Strong Democracy
+          - De-Proprietarization and Interoperability
+          - Data as a Common Good
+          - Inclusive Governance
+        - 7 layers
+          - data + AI
+          - software
+          - cloud
+          - IoT
+          - networks
+          - chips
+          - raw materials, energy and water
+      - [open forum europe](https://openforumeurope.org/our-vision/)
+        - principles
+          - user centricity
+          - competition
+          - flexibility
+          - sustainability
+          - community
+    - developers
+      - want easy path to users
+      - want easy updating
+    - hosts
+      - want managed applications
+      - want off-the-shelf solutions
+    - operators
+      - want app store of sovereign services
+      - want things to just work
+    - users
+      - want easy UX
+      - want sovereign infrastructure
+      - want tools reflecting their values
+        - human-centric
+        - inclusive
+        - accessible
+- why
+  - policy-makers
+    - achieve sovereignty to deliver on digital rights
+      - sovereign managed applications
+      - catalyze dissemination to have internet commons reach critical mass
+      - starting out with social media over gatekeepers' effect amid geopolitical considerations
+    - robust technology
+      - fediversity
+        - portable
+      - fediverse
+        - sovereign
+      - nixos
+        - [reproducible](https://reproducible.nixos.org/)
+        - [vibrant](https://repology.org/repositories/graphs)
+        - [security-conscious](https://tracker.security.nixos.org/)
+  - hosts
+    - off-the-shelf
+    - easy for host and users
+    - demand due to geopolitical relevance
+  - users
+    - sovereign
+      - no lock-in
+      - private
+      - SSO/LDAP
+    - ease
+      - simple install
+      - sensible defaults
+      - update/backup policies
+    - choice
+      - open to hosts
+      - portable data/hosting
+      - different apps
+    - control
+      - open
+      - federation
+      - advanced settings
+- how
+  - design
+    - front: app store style UI not unlike [yunohost](https://apps.yunohost.org/catalog)
+  - stack
+    - user-facing
+      - fediverse
+      - ...
+    - under the hood
+      - [nix](https://nixos.org/)
+        - NixOS
+        - service contracts: [SelfHostBlocks](https://nlnet.nl/project/SelfHostBlocks/)
+        - [upstream](https://git.fediversity.eu/Fediversity/Fediversity/issues/127#issuecomment-5669) nix packages to source repos to normalize reproducibility and accelerate LCM
+      - [opentofu](https://opentofu.org/)
+      - VM hypervisor: [proxmox](https://proxmox.com/)
+      - storage: [garage](https://garagehq.deuxfleurs.fr/)
+      - backups / data portability: [borgmatic](https://github.com/borgmatic-collective/borgmatic)
+      - data interoperability: [json-schema](https://json-schema.org/)
+        - validate
+        - [visualize](https://github.com/json-schema-form-element/jsfe)
+  - component architectures
+    - traditional
+      - web panel front/back
+      - orchestration
+      - VMs
+        - hypervisor
+        - application VMs
+        - storage
+      - supporting
+        - identity management
+          - authentication
+          - authorization
+          - accounting
+        - central database
+          - nextbox
+          - accounting
+          - state
+          - secrets
+        - central services
+          - DNS
+          - email
+    - decoupled
+      - clients
+        - [monolith](https://git.fediversity.eu/Fediversity/Fediversity) (django)
+        - host all-in-one
+          - [front](https://git.fediversity.eu/Fediversity/protagio.nl-frontend)
+          - back
+            - [existing](https://git.fediversity.eu/Fediversity/myprotagio-api) (php)
+            - new (django)?
+      - orchestration module
+        - nixos
+          - selfhostblocks
+        - opentofu

notes.md

@@ -0,0 +1,17 @@
+**Standup**: 2025-04-07 @09:30​
+**Present**: Bjorn, Koen, Kiara, Nicholas, Kevin
+**Absent**: Valentin (known),  Robert (known), Eric (known), Ronny (known)
+
+* Koen
+  * update from 'project management'
+* Kiara
+  * Past days: #76
+  * Today: #76, project write-up
+* Bjorn
+  * Thursday: planningsmeeting
+  * Friday: other obligations
+  * Today:
+* Kevin
+  * Thursday: plannings meeting
+  * Friday: no update
+  * today: other obligations