python-support-infra/DEPLOYING.md

# Prerequisites

## Wireguard Key Generation
*TODO: Automate?*

Generate wg keys for all hosts:
```bash
wg genkey
pass insert path/to/private
pass /path/to/private | wg pubkey
pass insert /path/to/public
```

Save each in `password-store` under `<host>_<private|public>_key`.

Then, generate a "Pre-Shared Key" for each Peer-Peer:
```
wg genpsk > psk_peer_peer
```


# Persistence
This deployment has the following requirements in terms of persistence:

## auth
`authentik-postgres`:
	1. **Low-Latency FS**: Storage for `postgres` database.
	2. **FS**: Storage for `postgres` backups.
	
`authentik-redis`:
	1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
	
## chat
`zulip-postgres`
	1. **Low-Latency**: Storage for `postgres` database.
	2. **FS**: Storage for `postgres` backups.

`zulip-redis`:
	1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.

`zulip`:
	1. **FS/S3**: Storage for file uploads.

## git
`gitea`:
	1. **FS/S3**: Attachments, lfs, avatars, repo-avatars, repo-archive, packages, actions_log, actions_artifact
	2. **FS**: Repository Storage.
	3. **Low-Latency FS**: Postgres Storage.
	4. **Low-Latency FS**: Indexer (mellisearch) storage.
	5. **FS**: Storage for `SQLite` backups.

`gitea-redis`:
	1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
	
## mesh
`traefik`:
	1. **FS** (*sensitive*): Storage for SSL Certificates.

## updater
`diun`:
	1. **Low-Latency FS** (*non-critical*): Cache for Previous Image Updates.

## uptime
`uptime-kuma`:
	1. **Low-Latency FS**: Storage for SQLite DB.
	- **NOTE: We might be able to remove this by configuring it on startup.**
feat: Working minimal, reproducible infrastructure. 2023-08-13 04:49:19 +02:00			`# Prerequisites`

			`## Wireguard Key Generation`
			`TODO: Automate?`

			`Generate wg keys for all hosts:`
			```bash
			`wg genkey`
			`pass insert path/to/private`
			`pass /path/to/private \| wg pubkey`
			`pass insert /path/to/public`
			```

			Save each in `password-store` under `<host>_<private\|public>_key`.

			`Then, generate a "Pre-Shared Key" for each Peer-Peer:`
			```
			`wg genpsk > psk_peer_peer`
			```



			`# Persistence`
			`This deployment has the following requirements in terms of persistence:`

			`## auth`
			`authentik-postgres`:
			1. Low-Latency FS: Storage for `postgres` database.
			2. FS: Storage for `postgres` backups.

			`authentik-redis`:
			`1. FS (non-critical): Storage for RDB + AOF Redis persistence.`

			`## chat`
			`zulip-postgres`
			1. Low-Latency: Storage for `postgres` database.
			2. FS: Storage for `postgres` backups.

			`zulip-redis`:
			`1. FS (non-critical): Storage for RDB + AOF Redis persistence.`

			`zulip`:
			`1. FS/S3: Storage for file uploads.`

			`## git`
			`gitea`:
			`1. FS/S3: Attachments, lfs, avatars, repo-avatars, repo-archive, packages, actions_log, actions_artifact`
			`2. FS: Repository Storage.`
			`3. Low-Latency FS: Postgres Storage.`
			`4. Low-Latency FS: Indexer (mellisearch) storage.`
			5. FS: Storage for `SQLite` backups.

			`gitea-redis`:
			`1. FS (non-critical): Storage for RDB + AOF Redis persistence.`

			`## mesh`
			`traefik`:
			`1. FS (sensitive): Storage for SSL Certificates.`

			`## updater`
			`diun`:
			`1. Low-Latency FS (non-critical): Cache for Previous Image Updates.`

			`## uptime`
			`uptime-kuma`:
			`1. Low-Latency FS: Storage for SQLite DB.`
			`- NOTE: We might be able to remove this by configuring it on startup.`