In this repo I'd like to open up details about how I run the company, its webservices and develop apps.
TODO: more openness. Inspired by opencompany/awesome-open-company
| Problem (link = more details) | Solution |
|---|---|
| Cloud | Hetzner |
| Cloud lock-in | Only compute to maximize portability, everything else like queues from AWS |
| Single or multi-DC availability | Multi-DC, probably multi-vendor as well for safety |
| OS | Flatcar Linux with auto-updates disabled |
| Infrastructure immutability | Packer + Terraform, see function61/james |
| PKI | Root CA in Yubikey, cfssl. Our toolkit image. |
| Secure auth to SSH | Agent + Yubikey |
| Containerization | Docker |
| Orchestration | Docker Swarm |
| Container cross-host networking | Docker Swarm |
| Orchestration dashboard | Portainer |
| Backups | function61/ubackup |
| Domain registrar | AWS Route53 |
| DNS | Cloudflare |
| DDOS protection | Cloudflare |
| Centralized logging | Google Stackdriver (see instructions) |
| Alerting | function61/lambda-alertmanager |
| Website uptime monitoring | alertmanager-canary (sub-project of lambda-alertmanager) |
| Public status page | UptimeRobot |
| Metrics | Prometheus + function61/promswarmconnect |
| Metrics dashboard | Grafana |
| Container secrets | ENV variable injection via orchestration |
| Edge routing | function61/edgerouter |
While some applications require different solutions for different problems, this is the basic stack we start with and customize from there where needed.
Always prefer statically compiled languages. The more safety (= "if it compiles, it probably works") the language guarantees, the better. Humans make mistakes - get tools that help with that.
| Problem | Solution |
|---|---|
| Philosophy | The Twelve-Factor App |
| Programming language, backend | Go |
| Programming language, frontend | TypeScript |
| Frontend UI architecture | React |
| Build system | Turbo Bob (builder pattern) |
| CI system | Travis CI for public stuff, GitLab for private stuff |
| Source code hosting | GitHub for public stuff, GitLab for private stuff |
| Container image hosting | Docker Hub for public stuff, GitLab for private stuff |
| Build artefact hosting | GitHub for public stuff, AWS S3 for private stuff |
| Log shipping | That's an infrastructure concern |
| Persistence | Eventhorizon + BoltDB |
| Session mechanism | JWT |
| Auth methods | SSO(password, TOTP, U2F) |
| Problem | Solution |
|---|---|
| Payment traffic | Stripe |
| Accounting | ledger-cli |
| Developer secrets management | function61/pi-security-module |
| Helpdesk system | Freshdesk |