kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-04-22 16:02:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/docs/ARCHITECTURE.md

58 lines
2.3 KiB
Markdown
Raw Blame History

# CyMaIS Architecture Overview
## Introduction
CyMaIS (Cyber Master Infrastructure Solution) is a modular, open-source IT infrastructure automation platform designed to simplify the deployment, management, and security of self-hosted environments.
It provides a flexible, scalable, and secure architecture based on modern [DevOps](https://en.wikipedia.org/wiki/DevOps) principles, leveraging technologies like [Ansible](https://en.wikipedia.org/wiki/Ansible_(software)), [Docker](https://en.wikipedia.org/wiki/Docker_(software)), and [Infrastructure as Code (IaC)](https://en.wikipedia.org/wiki/Infrastructure_as_code).
An additional optional security layer allows full server encryption during installation using [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) based on this solution:
https://github.com/kevinveenbirkenbach/hetzner-arch-luks
---
## Key Points
- Modular role-based architecture
- Infrastructure-as-Code (IaC)
- Docker-based containerization
- Centralized Identity & Access Management (IAM)
- Security by Design
- Integration instead of forced migration
- Optional [full disk encryption](https://github.com/kevinveenbirkenbach/hetzner-arch-luks) layer for servers
## Architecture Layers
### 1. Automation Layer
- Ansible Playbooks & Roles
- Git-managed configuration repository
- Inventory-driven infrastructure definition
### 2. Container Orchestration Layer
- Docker Compose service deployment
- Per-role service templates
- Automated health checks & updates
### 3. Security & Identity Layer
- Centralized user management via LDAP
- Single Sign-On (SSO) with Keycloak
- Secrets management via Ansible Vault
### 4. Networking Layer
- Secure VPN via WireGuard & OpenVPN
- Nginx Reverse Proxy with automated TLS via Let's Encrypt
- Encrypted server setup using [hetzner-arch-luks](https://github.com/kevinveenbirkenbach/hetzner-arch-luks)
### 5. Application Layer
- Modular application roles (Nextcloud, Gitea, Matrix, etc.)
- Dynamic domain configuration
- Integration of external/legacy services into the platform
### 6. Monitoring & Maintenance Layer
- System health monitoring (BTRFS, Docker, Nginx)
- Automated backup roles (local/remote)
- Maintenance automation (cleanup, update, restart tasks)
---
> *CyMaIS — Modular. Secure. Automated. Decentralized.*
Reference in New Issue View Git Blame Copy Permalink