New explanations, new pages (some projects, contact).

master
Karchnu 2020-05-01 03:32:28 +02:00
parent 87c1ddcb8c
commit b9fbe3c780
11 changed files with 308 additions and 47 deletions

View File

@ -9,6 +9,10 @@
--- ---
[Blog](/blog/) [Blog](/fr/blog/)
---
[Contact](/fr/contact/)

View File

@ -11,3 +11,7 @@
[Blog](/blog/) [Blog](/blog/)
---
[Contact](/contact/)

View File

@ -4,10 +4,12 @@ title = "Baguette - OS, tools and stuff"
paginate_by = 5 paginate_by = 5
+++ +++
Hello! Here a quick links to our <red>currently expanding</red> documentation. Hello! Here a few links to our <red>currently expanding</red> documentation.
- [BaguetteOS: the French operating system.][baguetteos] - [BaguetteOS: the French operating system.][baguetteos]
- [Our projects, beyond the OS.][projects] - [Our projects, beyond the OS.][projects]
- [Rant 'bout software.][rant]
[baguetteos]: /baguette [baguetteos]: /baguette
[projects]: /projects [projects]: /projects
[rant]: /handbook/rant

View File

@ -248,7 +248,7 @@ There is a strict separation between core system and third party software.<br />
[See slotting.](#slotting) [See slotting.](#slotting)
- `/usr/baguette` for core system programs - `/usr/baguette` for core system programs
- `/usr/bad` for non slot-able software - `/usr/bad` for non slot-able software
- `/usr/third-party` for other software - `/usr/<third-party>` for other software
## Languages ## Languages
@ -261,7 +261,7 @@ Now, more than ever, we have better alternatives for all non kernel-related tool
That being said: we do not want dynamic languages. That being said: we do not want dynamic languages.
We need: We need:
- simple, small and efficient binaries - simple, small and efficient binaries
- less possible dependencies (not to download half `cpan` or `pypi` for any freaking software) - the fewest dependencies possible (not to download half `cpan` or `pypi` for any freaking software)
**Crystal language for system tools.** *syntax and productivity of Ruby, the speed of C*<br /> **Crystal language for system tools.** *syntax and productivity of Ruby, the speed of C*<br />
@ -626,7 +626,8 @@ Service management often comes with:
These shortcomings imply manual configuration, scripting to manage databases and users, specific tooling for each database and service: this is heavy machinery. These shortcomings imply manual configuration, scripting to manage databases and users, specific tooling for each database and service: this is heavy machinery.
To overcome drawbacks of having simplistic tools, sys-admins developed all kind of monstrous architectures. To overcome drawbacks of having simplistic tools, sys-admins developed all kind of monstrous architectures.
- **LXC** *chroot + network + software limits* - **LXC** *it's basically a chroot with network and software limits*<br />
LXC is *kinda* reasonable, and may be useful in som cases, but it provides no simple way of configuring our services.
- **Qemu + KVM, Xen** *let's add software mimicking hardware's complexity to the mix, telling everyone it's for security and simplicity* - **Qemu + KVM, Xen** *let's add software mimicking hardware's complexity to the mix, telling everyone it's for security and simplicity*
- **docker** *I don't know how to do simple applications nor packages, so I give to you my whole dev environment*<br /> - **docker** *I don't know how to do simple applications nor packages, so I give to you my whole dev environment*<br />
Note: we have to admit, packaging on most OS is painful for absolutely no good reason. Note: we have to admit, packaging on most OS is painful for absolutely no good reason.
@ -652,6 +653,7 @@ And advanced users should have an uncomplicated CLI tool to do that.
```sh ```sh
# We want a wordpress service, proxied by an nginx and using postgresql as DBMS # We want a wordpress service, proxied by an nginx and using postgresql as DBMS
# THIS IS THE "VERBOSE" VERSION
# 1. we add an nginx # 1. we add an nginx
$ service add nginx $ service add nginx
@ -664,7 +666,7 @@ $ service add postgresql
```sh ```sh
# 3. we add the wordpress # 3. we add the wordpress
# by default, it uses available http proxy and database, but let's be "verbose" # by default, it uses available http proxy and database
$ service add wordpress domain=example.com http=nginx database=postgresql $ service add wordpress domain=example.com http=nginx database=postgresql
``` ```
@ -690,6 +692,25 @@ A bit of explanation:
Stopping a service also stops its dependencies, unless specified otherwise. Stopping a service also stops its dependencies, unless specified otherwise.
Of course, a service is not stopped if it is required elsewhere. Of course, a service is not stopped if it is required elsewhere.
Wanna see the less verbose version?
```zsh
$ service add wordpress domain=example.com
```
```zsh
$ service start wordpress
```
<red>TODO</red>
And <u>that's it</u>.
1. Services have tokens.
2. Tokens are used by default.
3. BaguetteOS provides **default** services for each token.
4. If a service is added and its dependencies aren't satisfied, we add other services.
5. (Bonus) If a service isn't installed, we ask nicely if the user wants to install it.<br />
This is in discussion.
Here are a few functionalities `service` brings. Here are a few functionalities `service` brings.
1. **uncomplicated service configuration with shared information**<br /> 1. **uncomplicated service configuration with shared information**<br />
@ -1044,20 +1065,24 @@ So, we need a language for both administration dashboard and online services, he
- seems to be a very young tech, with no real good language or documentation - seems to be a very young tech, with no real good language or documentation
- Zig has wasm as a Tier 1 support, we should investigate - Zig has wasm as a Tier 1 support, we should investigate
- Let's rewrite things... QML was the way all along
<a name="slotting"></a> <a name="slotting"></a>
# 4. Slotting: providing software the right way # 4. Slotting: providing software the right way
The usual way to provide software is to maintain a version of a software or a library, package it into a distribution, then provide it as *the* OS version of the software. The usual way to provide software is to package it into a distribution, then provide it as *the* OS version of the software.
In the long run, software and libraries change, which is no big deal since maintainers verify the consistency of the different versions provided by the OS. In the long run, software and libraries change, which is no big deal since maintainers verify the consistency of the different versions provided by the OS.
Maintainers' job is to verify that all programs have the right library versions under their OS.
### Current set of problems ### Current set of problems
- what happens when two programs need a different version of a library?<br /> - what happens when two programs need a different version of a library?<br />
The installation of both may no be possible. The installation of both may no be possible.
See python from version 2 to 3 as an example: developers knew it will break OS systems. See python from version 2 to 3 as an example: developers knew it will break OSs.
So, they provided by themselves new names for their binaries (`python-2.7`), and libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.8/` and this is a form of slotting. So, they provided by themselves new names for their binaries (`python-2.7`), and libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.8/`.
This is mostly done for languages, by what about other packaged applications and libraries? This is mostly done for languages, but what about other packaged applications and libraries?
- what happens when two libraries are compatible but you want both on your system (see libressl and openssl)?<br /> - what happens when two libraries are compatible but you want both on your system (see libressl and openssl)?<br />
One of them could be provided in another path, such as `/usr/lib/libressl`.
- what happens when you want to provide a **very** long term support for your users? - what happens when you want to provide a **very** long term support for your users?
*see companies running decade-old OSs and databases* *see companies running decade-old OSs and databases*
@ -1067,7 +1092,7 @@ BaguetteOS has a simple and safe way to let users and maintainers provide packag
Slotting is a lot like repositories, except that repositories provide packages in the same prefixes than your base system. Slotting is a lot like repositories, except that repositories provide packages in the same prefixes than your base system.
**Without slotting**<br /> **Without slotting** <side-note>*basically, your life sucks*</side-note><br />
Let's take an example with simple repositories. Let's take an example with simple repositories.
You add a non-official repository for <blue>my-overly-awesome-game</blue> to your Debian system. You add a non-official repository for <blue>my-overly-awesome-game</blue> to your Debian system.
This newly installed program will be in `/usr/bin`, as every other program. This newly installed program will be in `/usr/bin`, as every other program.
@ -1078,7 +1103,7 @@ This newly installed program will be in `/usr/bin`, as every other program.
In <u>both cases</u> these libraries will end-up in `/usr/lib`. In <u>both cases</u> these libraries will end-up in `/usr/lib`.
**With slotting**<br /> **With slotting** <side-note>*your're awesome*</side-note><br />
With slotting, the program will be in `/usr/`<blue>my-overly-awesome-game</blue>`/bin`. With slotting, the program will be in `/usr/`<blue>my-overly-awesome-game</blue>`/bin`.
1. What if requires libraries? 1. What if requires libraries?
These libraries will be installed in your base system so any of your non-official slot can use them. These libraries will be installed in your base system so any of your non-official slot can use them.
@ -1126,6 +1151,7 @@ You have now a shit-ton of ways to get software updates, and for *almost* all of
<u>*But, BaguetteOS... I still need my last version of Blah!*</u> We gotcha buddy.<br /> <u>*But, BaguetteOS... I still need my last version of Blah!*</u> We gotcha buddy.<br />
You wanna go fast? Try sonic the good slot: `/usr/sonic`. You wanna go fast? Try sonic the good slot: `/usr/sonic`.
With this slot, the BaguetteOS maintainers provide the last versions of a variety of applications and libraries. With this slot, the BaguetteOS maintainers provide the last versions of a variety of applications and libraries.
You will have bleeding-edge technologies and bugs. You're welcome!
### How slotting works in BaguetteOS ### How slotting works in BaguetteOS

View File

@ -0,0 +1,17 @@
+++
title = "Contact"
+++
# Contact
Pour venir nous parler, n'hésitez pas à venir sur [notre Mattermost][mattermost].
Il y a également des passerelles :
- IRC (#baguetteOS sur freenode)
- XMPP (en cours)
Et bientôt une mailing-list pour suivre nos aventures dans les grandes lignes !
[mattermost]: https://team.baguette.netlib.re

16
content/contact/index.md Normal file
View File

@ -0,0 +1,16 @@
+++
title = "Contact"
+++
# Contact
Wanna talk with us? [Here's our mattermost.][mattermost].
There are bridges with IRC (#baguetteos on freenode) and XMPP (on the way).
And soon, a mailing-list so you can follow the big steps of our development!
[mattermost]: https://team.baguette.netlib.re

View File

@ -0,0 +1,43 @@
+++
title = "dnsmanager"
+++
# dnsmanager (and netlib.re)
dnsmanager is a web interface to enable users to register DNS names and manage their zone.
It is the software powering [netlib.re][netlibre] a service to provide names for everyone on the Internet.
[netlib.re][netlibre] is kindly operated by [Alsace Réseau Neutre][arn], a neutral and non-profit Internet Service Provider based in Alsace, France. Don't be shy, come and ask questions!
[netlibre]: https://netlib.re
[arn]: https://arn-fai.net
# Features
- [x] User accounts
- [x] Simple and expert modes for zone edition
- [x] DynDNS-like automatic IP updates
- [x] Multiple client and parent zones
- [ ] DNS delegation
- [ ] 3rd party authentication (LDAP, OpenID Connect)
- [ ] Documented client-side API
- [ ] CAPTCHA?
# Setup
Please refer to the [project's repository](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# How to setup dnsmanager?
See the project [README](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# Does dnsmanager support delegation?
At the moment, dnsmanager cannot delegate zones although this feature is on the roadmap.
# Does dnsmanager support 3rd party auth?
At the moment, dnsmanager does not support an external authentication service such as LDAP although this feature is on the roadmap.

View File

@ -3,6 +3,41 @@ title = "Projets"
+++ +++
1. `service` + `configure`
* des services supplémentaires à prendre en charge, au hasard :
* php-fpm
* certificates
* hackmd
* prosody
* wordpress
* ...
2. `packaging`
* pas loin d'être terminé (ou au moins utilisable)
3. `package`
* à tester
4. proot
* code à adapter aux .pkg et `package`
* à tester
6. `networkctl`
* code déjà présent, quasi utilisable tel quel
7. libipc
* code déjà présent et utilisé en pratique
* tests à faire sur les répertoires, fichiers et droits (rapide à faire)
8. plumberd + websocketd + tcpd...
* base importante
9. authd
* **de préférence**: faire une interface (actuellement spécifique à une application, on n'a rien de générique)
10. firewalld
* à écrire entièrement
* se fait en une semaine pour une première version avec iptables
5. build.zsh
* sauf si on veut le réécrire
11. ... guid? (à écrire entièrement)
12. quelques outils à base de libipc : kanban, interface de authd...
13. BaguetteOS
14. dnsmanager
# Nous contacter # Nous contacter
N'hésitez pas à venir discuter avec nous sur [notre outil de communication][mattermost]. N'hésitez pas à venir discuter avec nous sur [notre outil de communication][mattermost].

View File

@ -2,41 +2,40 @@
title = "Projects" title = "Projects"
+++ +++
# Quick overview
<red>This page isn't ready for public review.</red> Here is a list of our currently developping projects.
This list will grow up following our wildest dreams.
1. [service][local-service]: start, stop, configure services<br />
2. `packaging`
3. `package`
4. proot: based on the `proot` utility from OpenBSD
- works with Alpine's package format
- should integrate `BaguetteOS`'s package format
5. `networkctl`: configure network easily through the file format of OpenBSD interface configuration
- working
- could integrate more use-cases such as "internet box for small office/home"
6. build.zsh: create Makefiles for you, with a declarative project configuration
7. LibIPC and LibIPC-based tools
- LibIPC: efficient communication library
- authd: authentication deamon
- could integrate federation authentication processes (OAuth, etc.)
- todo: kanban
- websocketd: websockets used to connect browsers to LibIPC services online
- ipcd: host-based IPC configuration, allows the network administration of LibIPC-based applications<br />
Example: an application asks for the `authd` service, `ipcd` could redirect it to the `authd` of another system, seemlessly.
- tcpd: give the ability for LibIPC-based applications to perform communications
8. [dnsmanager][local-dnsmanager] (under-the-hood application of [netlib.re][netlibre])
- allow users to create and manage DNS zones, for free
### Not under active development, nor ever started (but still awesome)
1. firewalld: because your firewall should be a simple service provided seemlessly by your OS
2. guid: GUI service for other applications, so no-one else has to handle GUI-code
- should replace QML but with a lot of similarities (they got a lot of things right!)
# dnsmanager (and netlib.re) [local-dnsmanager]: /projects/dnsmanager
[local-service]: /projects/service
dnsmanager is a web interface to enable users to register DNS names and manage their zone. It is the software powering [netlib.re](https://netlib.re), a service to provide names for everyone on the Internet. [netlibre]: https://netlib.re
[netlib.re](https://netlib.re) is kindly operated by [Alsace Réseau Neutre](https://arn-fai.net), a neutral and non-profit Internet Service Provider based in Alsace, France. Don't be shy, come and ask questions!
# Features
- [x] User accounts
- [x] Simple and expert modes for zone edition
- [x] DynDNS-like automatic IP updates
- [x] Multiple client and parent zones
- [ ] DNS delegation
- [ ] 3rd party authentication (LDAP, OpenID Connect)
- [ ] Documented client-side API
- [ ] CAPTCHA?
# Setup
Please refer to the [project's repository](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# How to setup dnsmanager?
See the project [README](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# Does dnsmanager support delegation?
At the moment, dnsmanager cannot delegate zones although this feature is on the roadmap.
# Does dnsmanager support 3rd party auth?
At the moment, dnsmanager does not support an external authentication service such as LDAP although this feature is on the roadmap.

View File

@ -0,0 +1,57 @@
+++
title = "Service"
+++
# Service Overview
`service` is the default `BaguetteOS` service manaager.
It can:
- start, stop and request the status of a service, <u>and its dependencies</u>
- remember the PID of a service
- configure a service based on OS-provided templates
- ports are auto-configured (unless specified)
- passwords are generated at service start-up
- system users and groups are created for each service
- databases are created, configured with generated users and passwords
- back-up the service data
## Current development
`service` lacks simple scripts for managing databases, has no backup integration and needs more templates.
## TODO: logging
Currently, logging is simply a pair of files created in `/var/log` for each service.
The naming convention is:
```zsh
/var/log/$servicename.$environment.{err,log}
```
## TODO: databases
Currently, these is only support for `postgresql`.
## TODO: backup
There is currently on back-up system.
A simple `backup` tool should be developed, allowing users to provide back-up endpoints.
Here is a quick overview of what we have in mind:
```zsh
# backup add ssh:example.com:/srv/backup
```
## TODO: templates
Templates should be added for these services:
- php-fpm
- certificates
- hackmd
- prosody
- wordpress
... and a lot more!

View File

@ -0,0 +1,58 @@
+++
title = "Service"
+++
# Service Overview
`service` is the default `BaguetteOS` service manaager.
It can:
- start, stop and request the status of a service, <u>and its dependencies</u>
- remember the PID of a service
- configure a service based on OS-provided templates
- ports are auto-configured (unless specified)
- passwords are generated at service start-up
- system users and groups are created for each service
- databases are created, configured with generated users and passwords
- back-up the service data
## Current development
`service` lacks simple scripts for managing databases, has no backup integration and needs more templates.
## TODO: logging
Currently, logging is simply a pair of files created in `/var/log` for each service.
The naming convention is:
```zsh
/var/log/$servicename.$environment.{err,log}
```
## TODO: databases
Currently, these is only support for `postgresql`.
## TODO: backup
There is currently on back-up system.
A simple `backup` tool should be developed, allowing users to provide back-up endpoints.
Here is a quick overview of what we have in mind:
```zsh
# backup add ssh:example.com:/srv/backup
```
## TODO: templates
Templates should be added for these services:
- php-fpm
- certificates
- hackmd
- prosody
- wordpress
... and a lot more!