Baguette
/
website
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New explanations, new pages (some projects, contact).

master
Karchnu 2020-05-01 03:32:28 +02:00
parent 87c1ddcb8c
commit b9fbe3c780
11 changed files with 308 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/_common/menu.fr.md
View File

@ -9,6 +9,10 @@
---
[Blog](/blog/)
[Blog](/fr/blog/)
---
[Contact](/fr/contact/)

4
content/_common/menu.md
View File

@ -11,3 +11,7 @@
[Blog](/blog/)
---
[Contact](/contact/)

4
content/_index.md
View File

@ -4,10 +4,12 @@ title = "Baguette - OS, tools and stuff"
paginate_by = 5
+++
Hello! Here a quick links to our <red>currently expanding</red> documentation.
Hello! Here a few links to our <red>currently expanding</red> documentation.
- [BaguetteOS: the French operating system.][baguetteos]
- [Our projects, beyond the OS.][projects]
- [Rant 'bout software.][rant]
[baguetteos]: /baguette
[projects]: /projects
[rant]: /handbook/rant

46
content/baguette/index.md
View File

@ -248,7 +248,7 @@ There is a strict separation between core system and third party software.<br />
[See slotting.](#slotting)
- `/usr/baguette` for core system programs
- `/usr/bad` for non slot-able software
- `/usr/third-party` for other software
- `/usr/<third-party>` for other software
## Languages
@ -261,7 +261,7 @@ Now, more than ever, we have better alternatives for all non kernel-related tool
That being said: we do not want dynamic languages.
We need:
- simple, small and efficient binaries
- less possible dependencies (not to download half `cpan` or `pypi` for any freaking software)
- the fewest dependencies possible (not to download half `cpan` or `pypi` for any freaking software)
**Crystal language for system tools.** *syntax and productivity of Ruby, the speed of C*<br />
@ -626,7 +626,8 @@ Service management often comes with:
These shortcomings imply manual configuration, scripting to manage databases and users, specific tooling for each database and service: this is heavy machinery.
To overcome drawbacks of having simplistic tools, sys-admins developed all kind of monstrous architectures.
- **LXC** *chroot + network + software limits*
- **LXC** *it's basically a chroot with network and software limits*<br />
LXC is *kinda* reasonable, and may be useful in som cases, but it provides no simple way of configuring our services.
- **Qemu + KVM, Xen** *let's add software mimicking hardware's complexity to the mix, telling everyone it's for security and simplicity*
- **docker** *I don't know how to do simple applications nor packages, so I give to you my whole dev environment*<br />
Note: we have to admit, packaging on most OS is painful for absolutely no good reason.
@ -652,6 +653,7 @@ And advanced users should have an uncomplicated CLI tool to do that.
```sh
# We want a wordpress service, proxied by an nginx and using postgresql as DBMS
# THIS IS THE "VERBOSE" VERSION
# 1. we add an nginx
$ service add nginx
@ -664,7 +666,7 @@ $ service add postgresql
```sh
# 3. we add the wordpress
# by default, it uses available http proxy and database, but let's be "verbose"
# by default, it uses available http proxy and database
$ service add wordpress domain=example.com http=nginx database=postgresql
```
@ -690,6 +692,25 @@ A bit of explanation:
Stopping a service also stops its dependencies, unless specified otherwise.
Of course, a service is not stopped if it is required elsewhere.
Wanna see the less verbose version?
```zsh
$ service add wordpress domain=example.com
```
```zsh
$ service start wordpress
```
<red>TODO</red>
And <u>that's it</u>.
1. Services have tokens.
2. Tokens are used by default.
3. BaguetteOS provides **default** services for each token.
4. If a service is added and its dependencies aren't satisfied, we add other services.
5. (Bonus) If a service isn't installed, we ask nicely if the user wants to install it.<br />
This is in discussion.
Here are a few functionalities `service` brings.
1. **uncomplicated service configuration with shared information**<br />
@ -1044,20 +1065,24 @@ So, we need a language for both administration dashboard and online services, he
- seems to be a very young tech, with no real good language or documentation
- Zig has wasm as a Tier 1 support, we should investigate
- Let's rewrite things... QML was the way all along
<a name="slotting"></a>
# 4. Slotting: providing software the right way
The usual way to provide software is to maintain a version of a software or a library, package it into a distribution, then provide it as *the* OS version of the software.
The usual way to provide software is to package it into a distribution, then provide it as *the* OS version of the software.
In the long run, software and libraries change, which is no big deal since maintainers verify the consistency of the different versions provided by the OS.
Maintainers' job is to verify that all programs have the right library versions under their OS.
### Current set of problems
- what happens when two programs need a different version of a library?<br />
The installation of both may no be possible.
See python from version 2 to 3 as an example: developers knew it will break OS systems.
So, they provided by themselves new names for their binaries (`python-2.7`), and libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.8/` and this is a form of slotting.
This is mostly done for languages, by what about other packaged applications and libraries?
See python from version 2 to 3 as an example: developers knew it will break OSs.
So, they provided by themselves new names for their binaries (`python-2.7`), and libraries are *by default* packaged into a directory specific for a python version, such as `/usr/lib/python3.8/`.
This is mostly done for languages, but what about other packaged applications and libraries?
- what happens when two libraries are compatible but you want both on your system (see libressl and openssl)?<br />
One of them could be provided in another path, such as `/usr/lib/libressl`.
- what happens when you want to provide a **very** long term support for your users?
*see companies running decade-old OSs and databases*
@ -1067,7 +1092,7 @@ BaguetteOS has a simple and safe way to let users and maintainers provide packag
Slotting is a lot like repositories, except that repositories provide packages in the same prefixes than your base system.
**Without slotting**<br />
**Without slotting** <side-note>*basically, your life sucks*</side-note><br />
Let's take an example with simple repositories.
You add a non-official repository for <blue>my-overly-awesome-game</blue> to your Debian system.
This newly installed program will be in `/usr/bin`, as every other program.
@ -1078,7 +1103,7 @@ This newly installed program will be in `/usr/bin`, as every other program.
In <u>both cases</u> these libraries will end-up in `/usr/lib`.
**With slotting**<br />
**With slotting** <side-note>*your're awesome*</side-note><br />
With slotting, the program will be in `/usr/`<blue>my-overly-awesome-game</blue>`/bin`.
1. What if requires libraries?
These libraries will be installed in your base system so any of your non-official slot can use them.
@ -1126,6 +1151,7 @@ You have now a shit-ton of ways to get software updates, and for *almost* all of
<u>*But, BaguetteOS... I still need my last version of Blah!*</u> We gotcha buddy.<br />
You wanna go fast? Try sonic the good slot: `/usr/sonic`.
With this slot, the BaguetteOS maintainers provide the last versions of a variety of applications and libraries.
You will have bleeding-edge technologies and bugs. You're welcome!
### How slotting works in BaguetteOS

17
content/contact/index.fr.md Normal file
View File

@ -0,0 +1,17 @@
+++
title = "Contact"
+++
# Contact
Pour venir nous parler, n'hésitez pas à venir sur [notre Mattermost][mattermost].
Il y a également des passerelles :
- IRC (#baguetteOS sur freenode)
- XMPP (en cours)
Et bientôt une mailing-list pour suivre nos aventures dans les grandes lignes !
[mattermost]: https://team.baguette.netlib.re

16
content/contact/index.md Normal file
View File

@ -0,0 +1,16 @@
+++
title = "Contact"
+++
# Contact
Wanna talk with us? [Here's our mattermost.][mattermost].
There are bridges with IRC (#baguetteos on freenode) and XMPP (on the way).
And soon, a mailing-list so you can follow the big steps of our development!
[mattermost]: https://team.baguette.netlib.re

43
content/projects/dnsmanager/index.md Normal file
View File

@ -0,0 +1,43 @@
+++
title = "dnsmanager"
+++
# dnsmanager (and netlib.re)
dnsmanager is a web interface to enable users to register DNS names and manage their zone.
It is the software powering [netlib.re][netlibre] a service to provide names for everyone on the Internet.
[netlib.re][netlibre] is kindly operated by [Alsace Réseau Neutre][arn], a neutral and non-profit Internet Service Provider based in Alsace, France. Don't be shy, come and ask questions!
[netlibre]: https://netlib.re
[arn]: https://arn-fai.net
# Features
- [x] User accounts
- [x] Simple and expert modes for zone edition
- [x] DynDNS-like automatic IP updates
- [x] Multiple client and parent zones
- [ ] DNS delegation
- [ ] 3rd party authentication (LDAP, OpenID Connect)
- [ ] Documented client-side API
- [ ] CAPTCHA?
# Setup
Please refer to the [project's repository](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# How to setup dnsmanager?
See the project [README](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# Does dnsmanager support delegation?
At the moment, dnsmanager cannot delegate zones although this feature is on the roadmap.
# Does dnsmanager support 3rd party auth?
At the moment, dnsmanager does not support an external authentication service such as LDAP although this feature is on the roadmap.

35
content/projects/index.fr.md
View File

@ -3,6 +3,41 @@ title = "Projets"
+++
1. `service` + `configure`
* des services supplémentaires à prendre en charge, au hasard :
* php-fpm
* certificates
* hackmd
* prosody
* wordpress
* ...
2. `packaging`
* pas loin d'être terminé (ou au moins utilisable)
3. `package`
* à tester
4. proot
* code à adapter aux .pkg et `package`
* à tester
6. `networkctl`
* code déjà présent, quasi utilisable tel quel
7. libipc
* code déjà présent et utilisé en pratique
* tests à faire sur les répertoires, fichiers et droits (rapide à faire)
8. plumberd + websocketd + tcpd...
* base importante
9. authd
* **de préférence**: faire une interface (actuellement spécifique à une application, on n'a rien de générique)
10. firewalld
* à écrire entièrement
* se fait en une semaine pour une première version avec iptables
5. build.zsh
* sauf si on veut le réécrire
11. ... guid? (à écrire entièrement)
12. quelques outils à base de libipc : kanban, interface de authd...
13. BaguetteOS
14. dnsmanager
# Nous contacter
N'hésitez pas à venir discuter avec nous sur [notre outil de communication][mattermost].

69
content/projects/index.md
View File

@ -2,41 +2,40 @@
title = "Projects"
+++
# Quick overview
<red>This page isn't ready for public review.</red>
Here is a list of our currently developping projects.
This list will grow up following our wildest dreams.
1. [service][local-service]: start, stop, configure services<br />
2. `packaging`
3. `package`
4. proot: based on the `proot` utility from OpenBSD
- works with Alpine's package format
- should integrate `BaguetteOS`'s package format
5. `networkctl`: configure network easily through the file format of OpenBSD interface configuration
- working
- could integrate more use-cases such as "internet box for small office/home"
6. build.zsh: create Makefiles for you, with a declarative project configuration
7. LibIPC and LibIPC-based tools
- LibIPC: efficient communication library
- authd: authentication deamon
- could integrate federation authentication processes (OAuth, etc.)
- todo: kanban
- websocketd: websockets used to connect browsers to LibIPC services online
- ipcd: host-based IPC configuration, allows the network administration of LibIPC-based applications<br />
Example: an application asks for the `authd` service, `ipcd` could redirect it to the `authd` of another system, seemlessly.
- tcpd: give the ability for LibIPC-based applications to perform communications
8. [dnsmanager][local-dnsmanager] (under-the-hood application of [netlib.re][netlibre])
- allow users to create and manage DNS zones, for free
### Not under active development, nor ever started (but still awesome)
1. firewalld: because your firewall should be a simple service provided seemlessly by your OS
2. guid: GUI service for other applications, so no-one else has to handle GUI-code
- should replace QML but with a lot of similarities (they got a lot of things right!)
# dnsmanager (and netlib.re)
dnsmanager is a web interface to enable users to register DNS names and manage their zone. It is the software powering [netlib.re](https://netlib.re), a service to provide names for everyone on the Internet.
[netlib.re](https://netlib.re) is kindly operated by [Alsace Réseau Neutre](https://arn-fai.net), a neutral and non-profit Internet Service Provider based in Alsace, France. Don't be shy, come and ask questions!
# Features
- [x] User accounts
- [x] Simple and expert modes for zone edition
- [x] DynDNS-like automatic IP updates
- [x] Multiple client and parent zones
- [ ] DNS delegation
- [ ] 3rd party authentication (LDAP, OpenID Connect)
- [ ] Documented client-side API
- [ ] CAPTCHA?
# Setup
Please refer to the [project's repository](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# How to setup dnsmanager?
See the project [README](https://github.com/KaneRoot/dnsmanager) for setup instructions.
# Does dnsmanager support delegation?
At the moment, dnsmanager cannot delegate zones although this feature is on the roadmap.
# Does dnsmanager support 3rd party auth?
At the moment, dnsmanager does not support an external authentication service such as LDAP although this feature is on the roadmap.
[local-dnsmanager]: /projects/dnsmanager
[local-service]: /projects/service
[netlibre]: https://netlib.re

57
content/projects/service/index.fr.md Normal file
View File

@ -0,0 +1,57 @@
+++
title = "Service"
+++
# Service Overview
`service` is the default `BaguetteOS` service manaager.
It can:
- start, stop and request the status of a service, <u>and its dependencies</u>
- remember the PID of a service
- configure a service based on OS-provided templates
- ports are auto-configured (unless specified)
- passwords are generated at service start-up
- system users and groups are created for each service
- databases are created, configured with generated users and passwords
- back-up the service data
## Current development
`service` lacks simple scripts for managing databases, has no backup integration and needs more templates.
## TODO: logging
Currently, logging is simply a pair of files created in `/var/log` for each service.
The naming convention is:
```zsh
/var/log/$servicename.$environment.{err,log}
```
## TODO: databases
Currently, these is only support for `postgresql`.
## TODO: backup
There is currently on back-up system.
A simple `backup` tool should be developed, allowing users to provide back-up endpoints.
Here is a quick overview of what we have in mind:
```zsh
# backup add ssh:example.com:/srv/backup
```
## TODO: templates
Templates should be added for these services:
- php-fpm
- certificates
- hackmd
- prosody
- wordpress
... and a lot more!

58
content/projects/service/index.md Normal file
View File

@ -0,0 +1,58 @@
+++
title = "Service"
+++
# Service Overview
`service` is the default `BaguetteOS` service manaager.
It can:
- start, stop and request the status of a service, <u>and its dependencies</u>
- remember the PID of a service
- configure a service based on OS-provided templates
- ports are auto-configured (unless specified)
- passwords are generated at service start-up
- system users and groups are created for each service
- databases are created, configured with generated users and passwords
- back-up the service data
## Current development
`service` lacks simple scripts for managing databases, has no backup integration and needs more templates.
## TODO: logging
Currently, logging is simply a pair of files created in `/var/log` for each service.
The naming convention is:
```zsh
/var/log/$servicename.$environment.{err,log}
```
## TODO: databases
Currently, these is only support for `postgresql`.
## TODO: backup
There is currently on back-up system.
A simple `backup` tool should be developed, allowing users to provide back-up endpoints.
Here is a quick overview of what we have in mind:
```zsh
# backup add ssh:example.com:/srv/backup
```
## TODO: templates
Templates should be added for these services:
- php-fpm
- certificates
- hackmd
- prosody
- wordpress
... and a lot more!