# CyMaIS Architecture Overview

## Introduction

CyMaIS (Cyber Master Infrastructure Solution) is a modular, open-source IT infrastructure automation platform designed to simplify the deployment, management, and security of self-hosted environments. 

It provides a flexible, scalable, and secure architecture based on modern [DevOps](https://en.wikipedia.org/wiki/DevOps) principles, leveraging technologies like [Ansible](https://en.wikipedia.org/wiki/Ansible_(software)), [Docker](https://en.wikipedia.org/wiki/Docker_(software)), and [Infrastructure as Code (IaC)](https://en.wikipedia.org/wiki/Infrastructure_as_code).

An additional optional security layer allows full server encryption during installation using [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) based on this solution:  
https://github.com/kevinveenbirkenbach/hetzner-arch-luks

---

## Key Points

- Modular role-based architecture
- Infrastructure-as-Code (IaC)
- Docker-based containerization
- Centralized Identity & Access Management (IAM)
- Security by Design
- Integration instead of forced migration
- Optional [full disk encryption](https://github.com/kevinveenbirkenbach/hetzner-arch-luks) layer for servers

## Architecture Layers

### 1. Automation Layer
- Ansible Playbooks & Roles  
- Git-managed configuration repository  
- Inventory-driven infrastructure definition  

### 2. Container Orchestration Layer
- Docker Compose service deployment  
- Per-role service templates  
- Automated health checks & updates  

### 3. Security & Identity Layer
- Centralized user management via LDAP  
- Single Sign-On (SSO) with Keycloak  
- Secrets management via Ansible Vault  

### 4. Networking Layer
- Secure VPN via WireGuard & OpenVPN  
- Nginx Reverse Proxy with automated TLS via Let's Encrypt  
- Encrypted server setup using [hetzner-arch-luks](https://github.com/kevinveenbirkenbach/hetzner-arch-luks)  

### 5. Application Layer
- Modular application roles (Nextcloud, Gitea, Matrix, etc.)  
- Dynamic domain configuration  
- Integration of external/legacy services into the platform  

### 6. Monitoring & Maintenance Layer
- System health monitoring (BTRFS, Docker, Nginx)  
- Automated backup roles (local/remote)  
- Maintenance automation (cleanup, update, restart tasks)  

---

> *CyMaIS — Modular. Secure. Automated. Decentralized.*