```mermaid
graph TB

subgraph Management
    A[Nix-panel] --> I
    Z[(central database<br/>Netbox)]--> B[Orchestrator<br/>NixOps] --> D[Proxmox]
    B --> E[Nix-configuration]
    B --> G[DNS]
    B --> F[Email]
    B --> J[Garage]
    B --> H[<b>IdentityManagement</b><br/><small>Authentication<br/>Authorization<br/>Accounting</small>]
    I[Nix-Panel API] --> Z
    H --> I
    Core[<b>Core-services</b><br/><small>DNS<br/>Email<br/>identity_management<br/>secret_management<br/>authentication<br/>SASL</small>]
end


subgraph Hardware
    Systems[<b>Systems</b><br/><small>Storage<br/>Networking<br/>Operating-system<br/>Virtualization</small>]
    Storage[<b>Storage</b><br/><small>exclusive_filesystem<br/>shared_blob Garage<br/>zfs</small>]
end

subgraph Virtualization
    Nixos[<b>Nixos</b><br/><small>Application</small>]
    LinuxOS[<b>LinuxOS</b><br/><small>Application</small>]

    Services[<b>Services</b><br/><small>Edumeet<br/>NextCloud<br/>secure_document_collaboration<br/>Forgejo<br/>webmail<br/>HedgeDoc<br/>project_planning</small>]
    FediServices[<b>FediServices</b><br/><small>Matrix<br/>Pixelfed<br/>Peertube<br/>Mastadon<br/>Owncast<br/>Castopod<br/>activityPub</small>]
end


Systems --> Storage
Hardware --> Virtualization
Virtualization --> Hardware
Services --> Core
FediServices --> Core
Core --> Hardware
Nixos --> Services
Nixos --> FediServices
F --> Core
G --> Core
J --> Storage
D --> Virtualization
E --> Nixos
H --> Core
```


* human-centric
* easy, automated, replication and migration to different datacenter provider
* blob storage replicated generically
* files on the exclusive filesystems replicated via application-aware process, e.g.:
  * asynchronous, but "live" database replication
  * shutdown app then rsync directories
  * ZFS replication and snapshot-ing
* Strengths, Weaknesses, Opportunities, and Threats awareness for all apps
* Not everything needs to start on Nix, NixOs, or with NixOps
* Do not use "Open Core"
  * GitLab
  * Dovcot
  * Zimbra
* LXC containers (not Docker-style)
* zfs-snapshots + replicatie (send/receive)
* s3 replicatie naar 3rd party
* locatie-mirorring? (buiten scope?)
* (maar dan Linstore op zfs)

### Working session: Architecture discussion

Attendees: Robert, Valentin, Koen, Kevin

- Robert: NixOps should handle backup creation and restore, since it knows all the details for that
  - There will be an interface to plug Nix expressions with scripts that can access all the resources
  - Once should be able to build domain-specific applications around that
  - Valentin: Backups seem to be morally equivalent to deployments "to a file"
- Koen walked us through myprotagio.nl
  - Kevin will share source code with Valentin
  - It's a role-based-permission and billing UI wrapping PowerDNS, Postfix Admin, and InvoiceNinja
    - Written in Laravel and Tailwind
  - To build a UI for deployment we'd primarily need a REST API to a database
    - Primary work would be to do the architecture and design
  - Valentin: Maybe we could add just the APIs for the deployment workflows from a completely new service, and connect the front-end to that
    - Won't have to touch the PHP then
        - But for the full integration to work one will have to understand the whole system anyway
          - At that point one may as well keep maintaining it or rewrite it
      - Koen: The existing thing needs work regardless, and would like to move away from PHP to Python anyway

## Architecture meeting
- Identitymanagement == AAA
- Central database is two databases, one accounting and one state
- Datamodel -> dns, aaa, ip, machines, etc.
- Data complete first, model later
- Data flows/processes
- Describe casestories
- Nixos -> VM
- LinuxOS out of scope
- Services and Fediservices one box
- move secretsmanagement
- move core-services to management