# Prerequisites

## Wireguard Key Generation
*TODO: Automate?*

Generate wg keys for all hosts:
```bash
wg genkey
pass insert path/to/private
pass /path/to/private | wg pubkey
pass insert /path/to/public
```

Save each in `password-store` under `<host>_<private|public>_key`.

Then, generate a "Pre-Shared Key" for each Peer-Peer:
```
wg genpsk > psk_peer_peer
```



# Persistence
This deployment has the following requirements in terms of persistence:

## auth
`authentik-postgres`:
	1. **Low-Latency FS**: Storage for `postgres` database.
	2. **FS**: Storage for `postgres` backups.
	
`authentik-redis`:
	1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
	
## chat
`zulip-postgres`
	1. **Low-Latency**: Storage for `postgres` database.
	2. **FS**: Storage for `postgres` backups.

`zulip-redis`:
	1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.

`zulip`:
	1. **FS/S3**: Storage for file uploads.

## git
`gitea`:
	1. **FS/S3**: Attachments, lfs, avatars, repo-avatars, repo-archive, packages, actions_log, actions_artifact
	2. **FS**: Repository Storage.
	3. **Low-Latency FS**: Postgres Storage.
	4. **Low-Latency FS**: Indexer (mellisearch) storage.
	5. **FS**: Storage for `SQLite` backups.

`gitea-redis`:
	1. **FS** (*non-critical*): Storage for RDB + AOF Redis persistence.
	
## mesh
`traefik`:
	1. **FS** (*sensitive*): Storage for SSL Certificates.

## updater
`diun`:
	1. **Low-Latency FS** (*non-critical*): Cache for Previous Image Updates.

## uptime
`uptime-kuma`:
	1. **Low-Latency FS**: Storage for SQLite DB.
	- **NOTE: We might be able to remove this by configuring it on startup.**