python-support-infra/DEPLOYING.md

68 lines
1.6 KiB
Markdown
Raw Normal View History

# Prerequisites
## Wireguard Key Generation
*TODO: Automate?*
Generate wg keys for all hosts:
```bash
wg genkey
pass insert path/to/private
pass /path/to/private | wg pubkey
pass insert /path/to/public
```
Save each in `password-store` under `<host>_<private|public>_key`.
Then, generate a "Pre-Shared Key" for each Peer-Peer:
```
wg genpsk > psk_peer_peer
```
# Persistence
This deployment has the following requirements in terms of persistence:
## auth
`authentik-postgres`:
1. **Low-Latency FS**: Storage for `postgres` database.
2. **FS**: Storage for `postgres` backups.
`authentik-redis`:
1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
## chat
`zulip-postgres`
1. **Low-Latency**: Storage for `postgres` database.
2. **FS**: Storage for `postgres` backups.
`zulip-redis`:
1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
`zulip`:
1. **FS/S3**: Storage for file uploads.
## git
`gitea`:
1. **FS/S3**: Attachments, lfs, avatars, repo-avatars, repo-archive, packages, actions_log, actions_artifact
2. **FS**: Repository Storage.
3. **Low-Latency FS**: Postgres Storage.
4. **Low-Latency FS**: Indexer (mellisearch) storage.
5. **FS**: Storage for `SQLite` backups.
`gitea-redis`:
1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
## mesh
`traefik`:
1. **FS** (*sensitive*): Storage for SSL Certificates.
## updater
`diun`:
1. **Low-Latency FS** (*non-critical*): Cache for Previous Image Updates.
## uptime
`uptime-kuma`:
1. **Low-Latency FS**: Storage for SQLite DB.
- **NOTE: We might be able to remove this by configuring it on startup.**