2021-12-30 20:23:24 +00:00
# Deuxfleurs on NixOS!
2023-11-08 18:31:18 +00:00
This repository contains code to run Deuxfleurs' infrastructure on NixOS.
2021-12-30 20:23:24 +00:00
2022-12-24 21:59:37 +00:00
## Our abstraction stack
2021-12-30 20:23:24 +00:00
2022-12-24 21:59:37 +00:00
We try to build a generic abstraction stack between our different resources (CPU, RAM, disk, etc.) and our services (Chat, Storage, etc.), we develop our own tools when needed.
Our first abstraction level is the NixOS level, which installs a bunch of standard components:
* **Wireguard:** provides encrypted communication between remote nodes
* **Nomad:** schedule containers and handle their lifecycle
* **Consul:** distributed key value store + lock + service discovery
* **Docker:** package, distribute and isolate applications
Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:
2023-03-27 10:26:01 +00:00
* Data management
* **[Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/):** S3-compatible lightweight object store for self-hosted geo-distributed deployments
* **Stolon + PostgreSQL:** distributed relational database
2023-03-27 10:22:00 +00:00
* Network Control Plane
2023-03-27 10:24:12 +00:00
* **[DiploNAT](https://git.deuxfleurs.fr/Deuxfleurs/diplonat):** - network automation (firewalling, upnp igd)
* **[D53](https://git.deuxfleurs.fr/lx/d53)** - update DNS entries (A and AAAA) dynamically based on Nomad service scheduling and local node info
* **[Tricot](https://git.deuxfleurs.fr/Deuxfleurs/tricot)** - a dynamic reverse proxy for nomad+consul inspired by traefik
* **[wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh)** - a dynamic wireguard mesh configurator
2023-03-27 10:22:00 +00:00
* User Management
* **[Bottin](https://git.deuxfleurs.fr/Deuxfleurs/bottin):** authentication and authorization (LDAP protocol, consul backend)
2023-03-27 10:26:01 +00:00
* **[Guichet](https://git.deuxfleurs.fr/Deuxfleurs/guichet):** a dashboard for our users and administrators7
* Observability
* **Prometheus + Grafana:** monitoring
2022-12-24 21:59:37 +00:00
Some services we provide based on this abstraction:
* **Websites:** Garage (static) + fediverse blog (Plume)
* **Chat:** Synapse + Element Web (Matrix protocol)
* **Email:** Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail | Alps webmail (experimental)
2023-03-27 10:24:12 +00:00
- **[Aerogramme](https://git.deuxfleurs.fr/Deuxfleurs/aerogramme/):** an encrypted IMAP server
2022-12-24 21:59:37 +00:00
* **Visioconference:** Jitsi
* **Collaboration:** CryptPad
As a generic abstraction is provided, deploying new services should be easy.
2021-12-30 20:23:24 +00:00
2022-12-22 22:33:10 +00:00
## How to use this?
2022-04-20 14:13:14 +00:00
2022-12-22 22:33:10 +00:00
See the following documentation topics:
2022-04-20 14:13:14 +00:00
2022-12-22 22:44:00 +00:00
- [Quick start and onboarding for new administrators ](doc/onboarding.md )
- [How to add new nodes to a cluster (rapid overview) ](doc/adding-nodes.md )
2022-12-22 22:33:10 +00:00
- [Architecture of this repo, how the scripts work ](doc/architecture.md )
- [List of TCP and UDP ports used by services ](doc/ports )
2022-12-22 22:44:00 +00:00
- [Why not Ansible? ](doc/why-not-ansible.md )
2022-10-16 13:20:16 +00:00
2023-05-23 07:36:22 +00:00
## Got personal services in addition to Deuxfleurs at home?
2022-04-20 14:13:14 +00:00
2023-10-23 08:40:35 +00:00
Go check [`cluster/prod/register_external_services.sh` ](./cluster/prod/register_external_services.sh ). In bash, we register a redirect from Tricot to your own services or your personal reverse proxy.
