aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md38
1 files changed, 29 insertions, 9 deletions
diff --git a/README.md b/README.md
index c86a067..3527dbb 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,35 @@
This repository contains code to run Deuxfleur's infrastructure on NixOS.
-It sets up the following:
+## Our abstraction stack
-- A Wireguard mesh between all nodes
-- Consul, with TLS
-- Nomad, with TLS
+We try to build a generic abstraction stack between our different resources (CPU, RAM, disk, etc.) and our services (Chat, Storage, etc.), we develop our own tools when needed.
+
+Our first abstraction level is the NixOS level, which installs a bunch of standard components:
+
+ * **Wireguard:** provides encrypted communication between remote nodes
+ * **Nomad:** schedule containers and handle their lifecycle
+ * **Consul:** distributed key value store + lock + service discovery
+ * **Docker:** package, distribute and isolate applications
+
+Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:
+
+ * **[Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/):** S3-compatible lightweight object store for self-hosted geo-distributed deployments (we also have a legacy glusterfs cluster)
+ * **[DiploNAT](https://git.deuxfleurs.fr/Deuxfleurs/diplonat):** network automation (firewalling, upnp igd)
+ * **[Bottin](https://git.deuxfleurs.fr/Deuxfleurs/bottin):** authentication and authorization (LDAP protocol, consul backend)
+ * **[Guichet](https://git.deuxfleurs.fr/Deuxfleurs/guichet):** a dashboard for our users and administrators
+ * **Stolon + PostgreSQL:** distributed relational database
+ * **Prometheus + Grafana:** monitoring
+
+Some services we provide based on this abstraction:
+
+ * **Websites:** Garage (static) + fediverse blog (Plume)
+ * **Chat:** Synapse + Element Web (Matrix protocol)
+ * **Email:** Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail | Alps webmail (experimental)
+ * **Visioconference:** Jitsi
+ * **Collaboration:** CryptPad
+
+As a generic abstraction is provided, deploying new services should be easy.
## How to use this?
@@ -16,11 +40,7 @@ See the following documentation topics:
- [How to add new nodes to a cluster (rapid overview)](doc/adding-nodes.md)
- [Architecture of this repo, how the scripts work](doc/architecture.md)
- [List of TCP and UDP ports used by services](doc/ports)
-
-Additionnal documentation topics:
-
-- [Succint guide for NixOS installation with LUKX full disk encryption](doc/nixos-install-luks.md) (we don't do that in practice on our servers)
-- [Example `hardware-config.nix` for a full disk encryption scenario](doc/example-hardware-configuration.nix)
- [Why not Ansible?](doc/why-not-ansible.md)
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 17:27:44 +0000