```mermaid graph TB subgraph Management A[Nix-panel] --> I Z[(central database<br/>Netbox)]--> B[Orchestrator<br/>NixOps] --> D[Proxmox] B --> E[Nix-configuration] B --> G[DNS] B --> F[Email] B --> J[Garage] B --> H[<b>IdentityManagement</b><br/><small>Authentication<br/>Authorization<br/>Accounting</small>] I[Nix-Panel API] --> Z H --> I Core[<b>Core-services</b><br/><small>DNS<br/>Email<br/>identity_management<br/>secret_management<br/>authentication<br/>SASL</small>] end subgraph Hardware Systems[<b>Systems</b><br/><small>Storage<br/>Networking<br/>Operating-system<br/>Virtualization</small>] Storage[<b>Storage</b><br/><small>exclusive_filesystem<br/>shared_blob Garage<br/>zfs</small>] end subgraph Virtualization Nixos[<b>Nixos</b><br/><small>Application</small>] LinuxOS[<b>LinuxOS</b><br/><small>Application</small>] Services[<b>Services</b><br/><small>Edumeet<br/>NextCloud<br/>secure_document_collaboration<br/>Forgejo<br/>webmail<br/>HedgeDoc<br/>project_planning</small>] FediServices[<b>FediServices</b><br/><small>Matrix<br/>Pixelfed<br/>Peertube<br/>Mastadon<br/>Owncast<br/>Castopod<br/>activityPub</small>] end Systems --> Storage Hardware --> Virtualization Virtualization --> Hardware Services --> Core FediServices --> Core Core --> Hardware Nixos --> Services Nixos --> FediServices F --> Core G --> Core J --> Storage D --> Virtualization E --> Nixos H --> Core ``` * human-centric * easy, automated, replication and migration to different datacenter provider * blob storage replicated generically * files on the exclusive filesystems replicated via application-aware process, e.g.: * asynchronous, but "live" database replication * shutdown app then rsync directories * ZFS replication and snapshot-ing * Strengths, Weaknesses, Opportunities, and Threats awareness for all apps * Not everything needs to start on Nix, NixOs, or with NixOps * Do not use "Open Core" * GitLab * Dovcot * Zimbra * LXC containers (not Docker-style) * zfs-snapshots + replicatie (send/receive) * s3 replicatie naar 3rd party * locatie-mirorring? (buiten scope?) * (maar dan Linstore op zfs) ### Working session: Architecture discussion Attendees: Robert, Valentin, Koen, Kevin - Robert: NixOps should handle backup creation and restore, since it knows all the details for that - There will be an interface to plug Nix expressions with scripts that can access all the resources - Once should be able to build domain-specific applications around that - Valentin: Backups seem to be morally equivalent to deployments "to a file" - Koen walked us through myprotagio.nl - Kevin will share source code with Valentin - It's a role-based-permission and billing UI wrapping PowerDNS, Postfix Admin, and InvoiceNinja - Written in Laravel and Tailwind - To build a UI for deployment we'd primarily need a REST API to a database - Primary work would be to do the architecture and design - Valentin: Maybe we could add just the APIs for the deployment workflows from a completely new service, and connect the front-end to that - Won't have to touch the PHP then - But for the full integration to work one will have to understand the whole system anyway - At that point one may as well keep maintaining it or rewrite it - Koen: The existing thing needs work regardless, and would like to move away from PHP to Python anyway ## Architecture meeting - Identitymanagement == AAA - Central database is two databases, one accounting and one state - Datamodel -> dns, aaa, ip, machines, etc. - Data complete first, model later - Data flows/processes - Describe casestories - Nixos -> VM - LinuxOS out of scope - Services and Fediservices one box - move secretsmanagement - move core-services to management