# TODO

- [ ] migrate this repo to fossil
- [ ] fossil2cgit export scripts

## system

> i am working on very smol deployments, where a server may use two or so
> replicated sqlite databases instead of a db server like postgres to seamlessly
> move from single to multi-node arrangements as needed. there is a clear
> performance limit here, but the goal is not to serve a huge number of clients.
> just to do as much as possible with a small number of useful components that
> can be upgraded to handle up to medium size workloads, without difficult data
> conversions or migrations. scaling beyond that point should be done via federation.
>
> for example, ejabberd, redka, and litefs. all using sqlite+litefs for their
> database needs allows agents to communicate over xmpp, matrix, mqtt, and sip.
> other applications can use sqlite for storage or speak the redis protocol to
> redka. ejabberd can also handle file uploads, static file publishing, identity,
> and various other web application services. when scaling, litefs integrates
> with consul to manage replication which grants the network access to service
> disco, encrypted mesh networking, and various other features that can be used
> to build secure service grids. ejabberd and redka can be scaled to multiple nodes
> that coordinate over the litefs replication protocol without any changes to the
> db storage config. other components can be configured to plug into this framework
> fairly easily as well.
>
> we keep the network config fairly simple by linking nodes together with yggdrasil
> to flatten the address space and then linking app nodes together using consul to
> provide secure routing for the local grid service. yggdrasil also offers utility
> for buliding federated networks in a similarly flat address space, for more secure
> communications i2p is also available in yggdrasil mode. minibase is wonderful, and
> we have not even started to talk about secure IoT.

- [ ] tech tree (expansion paths and limits)

### level 1

most things end up authenticating against ejabberd, but apps generally have
their own auth.

- [ ] haproxy+nginx edge gateway
- [ ] yggdrasil with allowlist federation
- [ ] LEGO ACME
- [ ] ejabberd (xmpp, matrix, mqtt)
    - vpn egress
    - yggdrasil+gatewayproxyv2 ingress
    - multi host setup with separate internal and public domains
      (coms.sunshinegardens.org, sunshinegardens.org)
- [ ] litefs
- [ ] redka
- [ ] general container apps
- [ ] terranix (opentofu) + nixos-anywhere
- [ ] oathkeeper

### level 2

- [ ] OIDC https://www.ory.sh/docs/hydra/reference/configuration
    - assuming ejabberd can be used as an auth service
- [ ] ejabberd oauth https://docs.ejabberd.im/developer/ejabberd-api/oauth/?h=oauth
- [ ] multi-node support (ejabberd, redka, litefs)
- [ ] consul + service mesh
- [ ] physically segmented user and system networks
- [ ] i2p+yggdrasil

## components

- [ ] mesh networking admin
- [ ] home assistant
- [ ] hledger web
- [ ] cryptpad
- [ ] movim
- [ ] slidge (discord)
- [ ] syncthing
- [ ] attic+minio
- [ ] local search
- [ ] federated search
- [ ] gitea

## terminal

not your corporate desktop.

- [ ] greetd
- [ ] hayward? https://github.com/bwhmather/hayward
- [ ] nix module
- [ ] home-manager module
- [ ] inferno? (tomo el fuego)