configuration diagrams

2023-08-23 02:39:22 +04:00 · 2023-08-23 02:39:22 +04:00 · 45faf8e15b
parent 5fc4648b46
commit 45faf8e15b
4 changed files with 508 additions and 0 deletions
--- a/NixOS-configuration-restructuring/configuration-diagram-2023-08.pum
+++ b/NixOS-configuration-restructuring/configuration-diagram-2023-08.pum
@ -0,0 +1,204 @@
+@startuml
+
+/'
+ ' left to right direction
+ '/
+/'
+ ' skin rose
+ '/
+
+<style>
+cloud {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+folder {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+</style>
+
+cloud "overlay\n<i>commit @ git.selfprivacy.org" as overlay {
+    node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\n<i>commit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+    component "python app" as selfprivacy_api_app
+}
+control "client app" as client_app
+:user: .. client_app
+selfprivacy_api_app . client_app
+selfprivacy_graphql_api <<-- selfprivacy_rest_api_commit
+
+
+file "hardware-configuration.nix" as hardware_configuration #lightcyan
+card "grub.device" as hw_grub_device
+card "initrd.kernelModules" as hw_kernelModules
+card "fileSystems" as hw_fileSystems
+
+hardware_configuration <-- hw_grub_device
+hardware_configuration <-- hw_kernelModules
+hardware_configuration <-- hw_fileSystems
+note top of hardware_configuration : generated by\nnixos-infect
+
+note bottom of hw_fileSystems : always the same?
+
+note "hosting dependant" as note_hosting
+
+hw_grub_device <<.. note_hosting
+hw_kernelModules <<.. note_hosting
+
+file "api.nix\napi-module.nix" as api
+file files [
+    files.nix
+    ---
+    ""systemd.tmpfiles.rules""
+    ""systemd.activationScripts""
+        ""/var/lib/nextcloud""
+        ""/var/lib/cloudflare""
+        ""/var/lib/pleroma""
+        ""/var/lib/bitwarden""
+        ""/root/.config/rclone""
+]
+file "volumes.nix" as volumes {
+    card "fileSystems" as fileSystems_from_userdata
+}
+file "users.nix" as users {
+    card "users.users" as users_from_userdata
+}
+file "variables.nix\nvariables-module.nix" as variables
+file "letsencrypt/acme.nix\nletsencrypt/resolve.nix" as acme
+/'
+ ' file "backup/restic.nix" as restic
+ ' file "gitea.nix" as gitea
+ ' file "mailserver/system/mailserver.nix" as mailserver
+ ' file "nextcloud.nix" as nextcloud
+ ' file "passmgr/bitwarden.nix" as bitwarden
+ ' file "limits.nix" as limits
+ ' file "pleroma.nix" as pleroma
+ ' file "jitsi.nix" as jitsi
+ ' file "vpn/ocserv.nix" as ocserv
+ ' file "webserver/nginx.nix" as nginx
+ ' file "webserver/memcached.nix" as memcached
+ '/
+collections "<<some service X.nix>>" as some_service
+cloud "             <b>nixpkgs\n<i>commit @ github.com (?)" as nixpkgs
+
+
+folder """/etc/nixos/userdata/""" as userdata_folder {
+    /'
+     ' file "schema.json\n<i>(who uses?)" as schema
+     ' file "tokens_schema.json\n<i>(who uses?)" as tokens_schema
+     '/
+    file "tokens.json" as tokens
+    file "<b>userdata.json" as userdata
+}
+    /'
+     ' note left of userdata : first generated by\nnixos-infect
+     '/
+selfprivacy_api_app <|.... tokens
+selfprivacy_api_app ....|> userdata_folder : writes
+
+file "<b><u>configuration.nix" as configuration
+nixpkgs -->> configuration
+configuration <<-l- hardware_configuration
+/'
+ ' configuration <<-- overlay
+ '/
+overlay -->> configuration
+configuration <<-- variables : ...\nstateVersion\n...
+
+configuration <<-- files
+userdata -[dotted]->> files
+files <|-- userdata : <b>secrets\nby ""jq"" and ""sed"" in\n""activationScripts""\n!!!
+variables <<-- userdata : values extraction\nfrom JSON
+
+configuration <<-- volumes
+userdata -[dotted]->> fileSystems_from_userdata : volumes
+
+configuration <<-- users
+userdata -[dotted]->> users_from_userdata : users
+
+configuration <<-- api
+api <<-[dotted]- userdata : Swagger,\nb2Bucket
+api <-[dotted]- selfprivacy_graphql_api
+
+configuration <<-- acme
+userdata -[dotted]->> acme : username,\ndomain
+
+configuration <<-- some_service
+userdata -[dotted]->> some_service : enable,\nsettings
+
+/'
+ ' configuration <<-- mailserver
+ ' userdata -[dotted]->> mailserver
+ '
+ ' configuration <<-- ocserv
+ ' userdata -[dotted]->> ocserv
+
+ ' configuration <<-- pleroma
+ ' userdata -[dotted]->> pleroma
+ '
+ ' configuration <<-- restic
+ ' userdata -[dotted]-->> restic
+ '
+ ' configuration <<-- bitwarden
+ ' userdata -[dotted]-->> bitwarden
+ '
+ ' configuration <<-- nginx
+ ' userdata -[dotted]->> nginx : domain
+ '
+ ' configuration <<-- memcached
+ '
+ ' configuration <<-- nextcloud
+ ' userdata -[dotted]-->> nextcloud : enable,\ndomain
+ '
+ ' configuration <<-- jitsi
+ ' userdata -[dotted]-->> jitsi : enable,\ndomain
+ '
+ ' configuration <<-- gitea
+ ' userdata -[dotted]-->> gitea : enable,\ndomain
+ '/
+
+/'
+ ' memcached --->> configuration
+ '/
+
+/'
+ ' folder api as api_folder
+ ' folder backup as backup_folder
+ ' folder git as git_folder
+ ' folder letsencrypt as letsencrypt_folder
+ ' folder "mailserver/system" as mailserver_folder
+ ' folder nextcloud as nextcloud_folder
+ ' folder passmgr as passmgr_folder
+ ' folder resources as resources_folder
+ ' folder social as social_folder
+ ' folder videomeet as videomeet_folder
+ ' folder vpn as vpn_folder
+ ' folder webserver as webserver_folder
+ '/
+
+/'
+ ' api_folder -- api_module
+ ' api_folder -- api
+ ' backup_folder -- restic
+ ' git_folder -- gitea
+ ' letsencrypt_folder -- acme
+ ' letsencrypt_folder -- resolve
+ ' mailserver_folder -- mailserver
+ ' nextcloud_folder -- nextcloud
+ ' passmgr_folder -- bitwarden
+ ' resources_folder -- limits
+ ' social_folder -- pleroma
+ ' videomeet_folder -- jitsi
+ ' vpn_folder -- ocserv
+ ' webserver_folder -- memcached
+ ' webserver_folder -- nginx
+ '/
+
+
+
+@enduml
--- a/NixOS-configuration-restructuring/configuration-inputs-outputs-impure.pum
+++ b/NixOS-configuration-restructuring/configuration-inputs-outputs-impure.pum
@ -0,0 +1,95 @@
+@startuml
+
+left to right direction
+
+<style>
+cloud {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+folder {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+</style>
+
+
+node "NixOS machine" as machine {
+    file "hardware-configuration.nix" as hardware_configuration #lightcyan
+    folder """userdata/""" as userdata_folder {
+        /'
+         ' file "schema.json\n<i>(who uses?)" as schema
+         ' file "tokens_schema.json\n<i>(who uses?)" as tokens_schema
+         '/
+        file "tokens.json" as tokens
+        file "<b>userdata.json" as userdata
+    }
+    collections "/nix/store/*" as nix_store
+    /'
+     ' file local_flake [
+     '     <b>flake.nix
+     '     ===
+     '     inputs = {
+     '         selfprivacy-nixos-config.url = ...;
+     '     };
+     '     outputs = {
+     '         nixosConfigurations =
+     '           selfprivacy-nixos-config.outputs.nixosConfigurations-fun userdata;
+     '     };
+     ' ]
+     '/
+}
+
+folder "configuration repo" as config_repo {
+    /'
+     ' file "flake.nix" as flake_nix {
+     '     card "input: nixpkgs.url"
+     '     card "input: selfprivacy-overlay.url"
+     ' }
+     '/
+    file flake_nix [
+        <b>flake.nix
+        ===
+        inputs = {
+            nixpkgs.url = ...;
+            selfprivacy-overlay.url = ...;
+        };
+    ]
+    file flake_lock [
+        <b>flake.lock
+    ]
+    flake_lock - flake_nix
+    note top of flake_lock : pinning with hashes
+
+    file "<b><u>configuration.nix" as configuration
+
+    collections "pure imports" as pure_imports
+}
+
+cloud "overlay\n<i>commit @ git.selfprivacy.org" as overlay {
+    node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\n<i>commit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+    component "python app" as selfprivacy_api_app
+}
+
+cloud "             <b>nixpkgs\n<i>commit @ github.com (?)" as nixpkgs
+nixpkgs --> flake_lock
+overlay --> flake_lock
+
+configuration <-- userdata : <b>impure!
+configuration <-- hardware_configuration : <b>impure!
+
+
+selfprivacy_rest_api_commit -->> selfprivacy_graphql_api
+flake_nix --> configuration
+flake_lock --> configuration
+
+configuration -[bold]-|> nix_store : nixos-rebuild
+configuration <-l- pure_imports
+
+
+@enduml
--- a/NixOS-configuration-restructuring/configuration-inputs-outputs-override.pum
+++ b/NixOS-configuration-restructuring/configuration-inputs-outputs-override.pum
@ -0,0 +1,102 @@
+@startuml
+
+left to right direction
+
+<style>
+cloud {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+folder {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+control {
+    BackGroundColor lightpink
+}
+</style>
+
+
+folder "configuration repo" as config_repo {
+    /'
+     ' file "flake.nix" as flake_nix {
+     '     card "input: nixpkgs.url"
+     '     card "input: selfprivacy-overlay.url"
+     ' }
+     '/
+    file flake_nix [
+        <b>flake.nix
+        ===
+        inputs = {
+          nixpkgs.url = ...;
+          selfprivacy-overlay.url = ...;
+          userdata-json.flake = false;
+          hardware-configuration-nix.flake = false;
+        };
+        outputs = { ... }: {
+          nixosConfigurations = ... {
+            specialArgs = { ... userdata; };
+            modules = [
+              { nixpkgs.overlays = [ selfprivacy-overlay ]; }
+              hardware-configuration
+              ./configuration.nix
+            ];
+          };
+        };
+    ]
+    file flake_lock [
+        <b>flake.lock
+    ]
+    flake_lock - flake_nix
+    note top of flake_lock : pinning with hashes
+
+    file "<b><u>configuration.nix" as configuration
+
+    collections "nix modules" as pure_imports
+}
+
+node "NixOS machine" as machine {
+    file "hardware-configuration.nix" as hardware_configuration #lightcyan
+    folder """userdata/""" as userdata_folder {
+        /'
+         ' file "schema.json\n<i>(who uses?)" as schema
+         ' file "tokens_schema.json\n<i>(who uses?)" as tokens_schema
+         '/
+        file "tokens.json" as tokens
+        file "<b>userdata.json" as userdata
+        tokens -l[hidden]- userdata
+    }
+    collections "/nix/store/*" as nix_store
+    control "<font:monospaced><size:15>nixos-rebuild" as nixos_rebuild
+}
+
+cloud "overlay\n<i>commit @ git.selfprivacy.org" as overlay {
+    node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\n<i>commit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+    component "python app" as selfprivacy_api_app
+}
+
+cloud "             <b>nixpkgs\n<i>commit @ github.com (?)" as nixpkgs
+nixpkgs --> flake_lock
+overlay --> flake_lock
+
+
+nixos_rebuild <- userdata : <font:monospaced>--override-input
+nixos_rebuild <-l- hardware_configuration : <font:monospaced>--override-input
+
+selfprivacy_rest_api_commit ->> selfprivacy_graphql_api
+flake_nix --> configuration
+flake_lock --> configuration
+
+configuration -d-> nixos_rebuild
+nixos_rebuild -[bold]-|> nix_store
+configuration <-l- pure_imports
+
+
+footer %date("yyyy-MM-dd'T'HH:mmZ")
+
+@enduml
--- a/NixOS-configuration-restructuring/configuration-inputs-outputs.pum
+++ b/NixOS-configuration-restructuring/configuration-inputs-outputs.pum
@ -0,0 +1,107 @@
+@startuml
+
+left to right direction
+
+<style>
+cloud {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+folder {
+    LineThickness 3
+    LineColor lightblue
+    BackGroundColor lightcyan
+}
+</style>
+
+
+node "NixOS machine" as machine {
+    file "hardware-configuration.nix" as hardware_configuration #lightcyan
+    folder """userdata/""" as userdata_folder {
+        /'
+         ' file "schema.json\n<i>(who uses?)" as schema
+         ' file "tokens_schema.json\n<i>(who uses?)" as tokens_schema
+         '/
+        file "tokens.json" as tokens
+        file "<b>userdata.json" as userdata
+        tokens -l[hidden]- userdata
+    }
+    collections "/nix/store/*" as nix_store
+    file local_flake_nix [
+        <b>flake.nix
+        ===
+        inputs = {
+            selfprivacy-nixos-config.url = ...;
+        };
+        outputs = {
+            nixosConfigurations =
+              selfprivacy-nixos-config.outputs.nixosConfigurations-fun
+                hardware-configuration userdata;
+        };
+    ]
+    /'
+     ' file local_flake_lock as "flake.lock"
+     '  local_flake_nix -l- local_flake_lock
+     '/
+}
+
+folder "configuration repo" as config_repo {
+    /'
+     ' file "flake.nix" as flake_nix {
+     '     card "input: nixpkgs.url"
+     '     card "input: selfprivacy-overlay.url"
+     ' }
+     '/
+    file flake_nix [
+        <b>flake.nix
+        ===
+        inputs = {
+            nixpkgs.url = ...;
+            selfprivacy-overlay.url = ...;
+        };
+        outputs = {
+            nixosConfigurations-fun =
+              hardware-configuration: userdata:
+                ...;
+        };
+    ]
+    file flake_lock [
+        <b>flake.lock
+    ]
+    flake_lock - flake_nix
+    note top of flake_lock : pinning with hashes
+
+    file "<b><u>configuration.nix" as configuration
+
+    collections "pure imports" as pure_imports
+}
+
+cloud "overlay\n<i>commit @ git.selfprivacy.org" as overlay {
+    node "selfprivacy-graphql-api" as selfprivacy_graphql_api
+}
+
+cloud "selfprivacy-rest-api\n<i>commit @ git.selfprivacy.org" as selfprivacy_rest_api_commit {
+    component "python app" as selfprivacy_api_app
+}
+
+cloud "             <b>nixpkgs\n<i>commit @ github.com (?)" as nixpkgs
+nixpkgs --> flake_lock
+overlay --> flake_lock
+
+local_flake_nix <-r- userdata
+local_flake_nix <-l- hardware_configuration
+
+
+selfprivacy_rest_api_commit -->> selfprivacy_graphql_api
+flake_nix --> configuration
+flake_lock --> configuration
+configuration --> local_flake_nix
+
+local_flake_nix -[bold]-|> nix_store : nixos-rebuild
+configuration <-l- pure_imports
+
+
+footer %date("yyyy-MM-dd'T'HH:mmZ")
+
+@enduml