nixcfg/README.md

# Deuxfleurs on NixOS!

This repository contains code to run Deuxfleur's infrastructure on NixOS.

## Our abstraction stack

We try to build a generic abstraction stack between our different resources (CPU, RAM, disk, etc.) and our services (Chat, Storage, etc.), we develop our own tools when needed.

Our first abstraction level is the NixOS level, which installs a bunch of standard components:

  * **Wireguard:** provides encrypted communication between remote nodes
  * **Nomad:** schedule containers and handle their lifecycle
  * **Consul:** distributed key value store + lock + service discovery
  * **Docker:** package, distribute and isolate applications
  
Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:

  * **[Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/):** S3-compatible lightweight object store for self-hosted geo-distributed deployments (we also have a legacy glusterfs cluster)
  * **[DiploNAT](https://git.deuxfleurs.fr/Deuxfleurs/diplonat):** network automation (firewalling, upnp igd)
  * **[Bottin](https://git.deuxfleurs.fr/Deuxfleurs/bottin):** authentication and authorization (LDAP protocol, consul backend)
  * **[Guichet](https://git.deuxfleurs.fr/Deuxfleurs/guichet):** a dashboard for our users and administrators
  * **Stolon + PostgreSQL:** distributed relational database
  * **Prometheus + Grafana:** monitoring

Some services we provide based on this abstraction:

  * **Websites:** Garage (static) + fediverse blog (Plume)
  * **Chat:** Synapse + Element Web (Matrix protocol)
  * **Email:** Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail  | Alps webmail (experimental)
  * **Visioconference:** Jitsi
  * **Collaboration:** CryptPad

As a generic abstraction is provided, deploying new services should be easy.

## How to use this?

See the following documentation topics:

- [Quick start and onboarding for new administrators](doc/onboarding.md)
- [How to add new nodes to a cluster (rapid overview)](doc/adding-nodes.md)
- [Architecture of this repo, how the scripts work](doc/architecture.md)
- [List of TCP and UDP ports used by services](doc/ports)
- [Why not Ansible?](doc/why-not-ansible.md)
Add readme and cleanup a bit 2021-12-30 20:23:24 +00:00			`# Deuxfleurs on NixOS!`

			`This repository contains code to run Deuxfleur's infrastructure on NixOS.`

reorganize some things 2022-12-24 21:59:37 +00:00			`## Our abstraction stack`
Add readme and cleanup a bit 2021-12-30 20:23:24 +00:00
reorganize some things 2022-12-24 21:59:37 +00:00			`We try to build a generic abstraction stack between our different resources (CPU, RAM, disk, etc.) and our services (Chat, Storage, etc.), we develop our own tools when needed.`

			`Our first abstraction level is the NixOS level, which installs a bunch of standard components:`

			`* Wireguard: provides encrypted communication between remote nodes`
			`* Nomad: schedule containers and handle their lifecycle`
			`* Consul: distributed key value store + lock + service discovery`
			`* Docker: package, distribute and isolate applications`

			`Then, inside our Nomad+Consul orchestrator, we deploy a number of base services:`

			`* [Garage](https://git.deuxfleurs.fr/Deuxfleurs/garage/): S3-compatible lightweight object store for self-hosted geo-distributed deployments (we also have a legacy glusterfs cluster)`
			`* [DiploNAT](https://git.deuxfleurs.fr/Deuxfleurs/diplonat): network automation (firewalling, upnp igd)`
			`* [Bottin](https://git.deuxfleurs.fr/Deuxfleurs/bottin): authentication and authorization (LDAP protocol, consul backend)`
			`* [Guichet](https://git.deuxfleurs.fr/Deuxfleurs/guichet): a dashboard for our users and administrators`
			`* Stolon + PostgreSQL: distributed relational database`
			`* Prometheus + Grafana: monitoring`

			`Some services we provide based on this abstraction:`

			`* Websites: Garage (static) + fediverse blog (Plume)`
			`* Chat: Synapse + Element Web (Matrix protocol)`
			`* Email: Postfix SMTP + Dovecot IMAP + opendkim DKIM + Sogo webmail \| Alps webmail (experimental)`
			`* Visioconference: Jitsi`
			`* Collaboration: CryptPad`

			`As a generic abstraction is provided, deploying new services should be easy.`
Add readme and cleanup a bit 2021-12-30 20:23:24 +00:00
reorganize documentation 2022-12-22 22:33:10 +00:00			`## How to use this?`
Add some readme 2022-04-20 14:13:14 +00:00
reorganize documentation 2022-12-22 22:33:10 +00:00			`See the following documentation topics:`
Add some readme 2022-04-20 14:13:14 +00:00
More doc reorganization 2022-12-22 22:44:00 +00:00			`- [Quick start and onboarding for new administrators](doc/onboarding.md)`
			`- [How to add new nodes to a cluster (rapid overview)](doc/adding-nodes.md)`
reorganize documentation 2022-12-22 22:33:10 +00:00			`- [Architecture of this repo, how the scripts work](doc/architecture.md)`
			`- [List of TCP and UDP ports used by services](doc/ports)`
More doc reorganization 2022-12-22 22:44:00 +00:00			`- [Why not Ansible?](doc/why-not-ansible.md)`
How to bind your consul and nomad on your machine 2022-10-16 13:20:16 +00:00
Add some readme 2022-04-20 14:13:14 +00:00
reorganize some things 2022-12-24 21:59:37 +00:00