infranet/README.md

69 lines
3 KiB
Markdown
Raw Normal View History

2022-04-11 09:57:18 +01:00
# DAEMON InfraNet
**D**istributed, **A**gile, **E**ncrypted, **M**esh **O**f **N**odes.
2022-03-24 08:54:37 +00:00
2022-03-28 10:06:21 +01:00
Distributed & E2EE self-hosting. The goal is to have nodes voluntarily join the mesh and participate in the network providing compute and storage.
2022-03-24 08:54:37 +00:00
2022-03-28 10:06:21 +01:00
## Tenets
2022-03-24 13:57:38 +00:00
2022-03-24 09:11:25 +00:00
* End-to-end encrypted
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
E2EE is a requirement for privacy.
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
* Collabrative
2022-03-24 09:19:22 +00:00
2022-03-24 09:28:32 +00:00
Members of the network are expected to cooperate to the best of their abilities, whether it's technical, financial or resources.
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
* Distributed, resilient, reliable and dynamic
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
Nodes should be able to join and leave without too much disruption. Bootstrapping, joining and autodiscovery should be as easy as possible, allowing for easy scaling across all members of the network.
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
* Free and open
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
All components should be free and open.
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
* Shared responsibility
2022-03-24 09:19:22 +00:00
2022-03-24 13:57:38 +00:00
Knowledge of components will be documented and shared and responsibility for the uptime and maintainence should be shared where possible.
2022-03-24 09:11:25 +00:00
## Design principles
2022-03-24 13:57:38 +00:00
2022-03-24 09:11:25 +00:00
* Tested
2022-03-24 09:19:22 +00:00
2022-03-24 09:44:06 +00:00
All components and goals should be testable to ensure changes don't impact existing functionality or reliabilty.
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
* Monitored
2022-03-24 09:19:22 +00:00
2022-03-24 09:11:25 +00:00
All components should be monitored and raise appropriate alerts to ensure good health and early detection of potential problems.
2022-03-24 09:44:06 +00:00
* Containerised
Simple, versioned components that can be resource constrained, when required, would be of great benefit.
* IPv6
Avoiding issues with IPv4 NAT, etc. would be desirable.
2022-03-24 09:46:47 +00:00
* Multi-architecture
The underlaying hardware type shouldn't be a constraint, within reason.
## Installation
1. Clone the repo.
2. Create two directories; one to hold the Nebula config and certificates and the other for the SeaweedFS config and certificates.
3. Create `config.yaml` in the Nebula config directory.
1. Use `config-node.yaml` as the template for a normal cluster node.
2. Use `config-lighthouse.yaml` as the template for a Lighthouse.
4. Update the `docker-compose.yaml` volume values for the bind mount directories for both the Nebula and SeaweedFS config directories; check and set a value for the `/storage` bind mount.
5. Decrypt and un-tar the contents of the `seaweed-conf.enc` file into the SeaweedFS config directory.
```shell
openssl enc -aes-256-cbc -iter 30 -d -salt -in seaweed-conf.enc | (cd /path/to/infranet/config/seaweedfs && tar xvz)
```
Ask a cluster admin or member for the password.
6. Run the container with `docker-compose up -d`. This will create two files in the Nebula config directory, `host.key` and `host.csr`.
7. Send the contents of the `host.csr` file to a cluster admin to sign.
8. The returned, signed certificate should go alongside the `host.csr` file and be called, `host.crt`.
9. Start the container again and it should find the config and certificates and then connect to the existing cluster.
1. For a Lighthouse: create a pull request to update the `static_host_map` entry in the repo's `node-config.yaml` amended with the Lighthouse's Nebula mesh and public IP addresses and encourage node admins to update their nodes' config files from the repo.