Distributed & E2EE self-hosting
Find a file
2022-04-06 08:53:24 +01:00
.gitlab-ci.yml Remove a bunch of template comments 2022-04-02 14:49:01 +01:00
candidates.md Add additional mail candidates 2022-04-02 15:04:40 +01:00
config-lighthouse.yaml Open firewall for SeaweedFS comms 2022-04-02 18:08:38 +01:00
config-node.yaml Mount some test SeaweedFS mount points 2022-04-05 21:17:58 +01:00
docker-compose-lighthouse.yaml Mount some test SeaweedFS mount points 2022-04-05 21:17:58 +01:00
docker-compose-node.yaml Mount some test SeaweedFS mount points 2022-04-05 21:17:58 +01:00
docker-entrypoint.sh Fix entrypoint 2022-04-02 17:34:24 +01:00
Dockerfile Add certstrap and set the PATH 2022-04-06 08:35:53 +01:00
nebula-start.sh Add execute permissions to the scripts 2022-04-02 17:15:52 +01:00
README.md Update the README 2022-04-02 17:11:35 +01:00
seaweedfs-start.sh Tidy variable name 2022-04-06 08:53:24 +01:00
TODO.md Test mesh network achieved! 2022-03-30 10:24:54 +01:00

InfraNet

Distributed & E2EE self-hosting. The goal is to have nodes voluntarily join the mesh and participate in the network providing compute and storage.

Tenets

  • End-to-end encrypted

    E2EE is a requirement for privacy.

  • Collabrative

    Members of the network are expected to cooperate to the best of their abilities, whether it's technical, financial or resources.

  • Distributed, resilient, reliable and dynamic

    Nodes should be able to join and leave without too much disruption. Bootstrapping, joining and autodiscovery should be as easy as possible, allowing for easy scaling across all members of the network.

  • Free and open

    All components should be free and open.

  • Shared responsibility

    Knowledge of components will be documented and shared and responsibility for the uptime and maintainence should be shared where possible.

Design principles

  • Tested

    All components and goals should be testable to ensure changes don't impact existing functionality or reliabilty.

  • Monitored

    All components should be monitored and raise appropriate alerts to ensure good health and early detection of potential problems.

  • Containerised

    Simple, versioned components that can be resource constrained, when required, would be of great benefit.

  • IPv6

    Avoiding issues with IPv4 NAT, etc. would be desirable.

  • Multi-architecture

    The underlaying hardware type shouldn't be a constraint, within reason.

Lighthouse installation

  1. Clone the repo.
  2. Create a directory to hold the config and certificates.
  3. Copy lighthouse-config.yaml as config.yaml in the new directory.
  4. Update the docker-compose-lighthouse.yaml to bind mount the newly created directory to /etc/nebula; check and set a value for the /storage bind mount.
  5. Run the container with docker-compose up -d. This will create two files, host.key and host.csr.
  6. Send the contents of the host.csr file to a cluster admin to sign.
  7. The returned, signed certificate should go alongside the host.csr file and be called, host.crt.
  8. Start the container again and it should find the config and certificates and then connect to the existing cluster.
  9. Update the static_host_map entry in the repo's node-config.yaml with the new Lighthouse mesh and public IP address and encourage node admins to update their nodes' config files from the repo.

Node installation

  1. Clone the repo.
  2. Create a directory to hold the config and certificates.
  3. Copy node-config.yaml as config.yaml in the new directory.
  4. Update the docker-compose-node.yaml to bind mount the newly created directory to /etc/nebula; check and set a value for the /storage bind mount.
  5. Run the container with docker-compose up -d. This will create two files, host.key and host.csr.
  6. Send the contents of the host.csr file to a cluster admin to sign.
  7. The returned, signed certificate should go alongside the host.csr file and be called, host.crt.
  8. Start the container again and it should find the config and certificates and then connect to the existing cluster.