CyMaIS Architecture Overview

Introduction

CyMaIS (Cyber Master Infrastructure Solution) is a modular, open-source IT infrastructure automation platform designed to simplify the deployment, management, and security of self-hosted environments.

It provides a flexible, scalable, and secure architecture based on modern DevOps principles, leveraging technologies like Ansible, Docker, and Infrastructure as Code (IaC).

An additional optional security layer allows full server encryption during installation using LUKS based on this solution:
https://github.com/kevinveenbirkenbach/hetzner-arch-luks

Key Points

Modular role-based architecture
Infrastructure-as-Code (IaC)
Docker-based containerization
Centralized Identity & Access Management (IAM)
Security by Design
Integration instead of forced migration
Optional full disk encryption layer for servers

Architecture Layers

1. Automation Layer

Ansible Playbooks & Roles
Git-managed configuration repository
Inventory-driven infrastructure definition

2. Container Orchestration Layer

Docker Compose service deployment
Per-role service templates
Automated health checks & updates

3. Security & Identity Layer

Centralized user management via LDAP
Single Sign-On (SSO) with Keycloak
Secrets management via Ansible Vault

4. Networking Layer

Secure VPN via WireGuard & OpenVPN
Nginx Reverse Proxy with automated TLS via Let's Encrypt
Encrypted server setup using hetzner-arch-luks

5. Application Layer

Modular application roles (Nextcloud, Gitea, Matrix, etc.)
Dynamic domain configuration
Integration of external/legacy services into the platform

6. Monitoring & Maintenance Layer

System health monitoring (BTRFS, Docker, Nginx)
Automated backup roles (local/remote)
Maintenance automation (cleanup, update, restart tasks)

CyMaIS — Modular. Secure. Automated. Decentralized.

2.3 KiB Raw Blame History