1.6 KiB
Prerequisites
Wireguard Key Generation
TODO: Automate?
Generate wg keys for all hosts:
wg genkey
pass insert path/to/private
pass /path/to/private | wg pubkey
pass insert /path/to/public
Save each in password-store under <host>_<private|public>_key.
Then, generate a "Pre-Shared Key" for each Peer-Peer:
wg genpsk > psk_peer_peer
Persistence
This deployment has the following requirements in terms of persistence:
auth
authentik-postgres:
1. Low-Latency FS: Storage for postgres database.
2. FS: Storage for postgres backups.
authentik-redis:
1. FS (non-critical): Storage for RDB + AOF Redis persistence.
chat
zulip-postgres
1. Low-Latency: Storage for postgres database.
2. FS: Storage for postgres backups.
zulip-redis:
1. FS (non-critical): Storage for RDB + AOF Redis persistence.
zulip:
1. FS/S3: Storage for file uploads.
git
gitea:
1. FS/S3: Attachments, lfs, avatars, repo-avatars, repo-archive, packages, actions_log, actions_artifact
2. FS: Repository Storage.
3. Low-Latency FS: Postgres Storage.
4. Low-Latency FS: Indexer (mellisearch) storage.
5. FS: Storage for SQLite backups.
gitea-redis:
1. FS (non-critical): Storage for RDB + AOF Redis persistence.
mesh
traefik:
1. FS (sensitive): Storage for SSL Certificates.
updater
diun:
1. Low-Latency FS (non-critical): Cache for Previous Image Updates.
uptime
uptime-kuma:
1. Low-Latency FS: Storage for SQLite DB.
- NOTE: We might be able to remove this by configuring it on startup.