Software Selection¶
This is the reason we call it TAPPaaS. Pronounced Tapas like the Spanish dish: A collection of delicious appetizers that makes up a comprehensive serving.
The Software Stack of TAPPaaS delivers the capabilities we believe is needed for a well served Private IT Platform.
Selecting from the enormous pool of software we have used the principles of:
- must be Open Source
- must show a track record of being Secure
- must be "established", and sufficient feature complete
- must be open w.r.t. data formats (enabling migration away from TAPPaaS and/or away from the package)
Foundation¶
Mapping of TAPPaaS functionality to FOSS solutions
| Capability | Priority | Software | Comments |
|---|---|---|---|
| Compute | Mandatory | Proxmox | provide excellent compute cluster capability |
| Storage | Mandatory | Proxmox-ZFS | ZFS gives a lot of flexibility. and is build into proxmox, making it well aligned with Cluster management |
| Firewall. | Mandatory | OPNsense | Virtualized and combined with a layer 3 switch and proxmox bridging and vlan support |
| User Mgmt. | Mandatory | Authentik | |
| Backup | Mandatory | Proxmox Backup Server |
Base Cloud Infrastructure platform: Proxmox¶
This deliver most of the Compute and Storage foundation
Alternatives:
- XCP-ng: seems less polished and with less features.
- But it also seems more "free"
- FreeNAS, TrueNAS: good for storage, but not really a cloud platform, they do not have clustering and HA as Proxmox. Uses the same underpinning zfs file system
Persistent Storage layer¶
proxmox with ZFS gives: RAID, Snapshotting, Replication, NFS, iSCSI, Problem with proxmox is a limited GUI for management, and further the choice explosion zfs gives makes it hard to design a solution TAPPaaS will address this with recommended setup and automation
Note that proxmox and zfs do not give Hight Available storage. For this we plan on using CEPHT and Garage S3 We do not consider this a Foundation. but something that goes in to the business layer of TAPPaaS together with a HA implementation of a relational database
Firewall: OPNSense¶
Alternatives are:
- PFsense: PFSense is the original but is going more and more commercial
- OpenWRT: it seems less scalable and less feature rich
- proxmox firewall: would make it easier as it is already build in, but less secure
Backup:¶
- We generally keep all functions contained in VM's or LCM's.
- Running a Proxmox Backup service allow us to store backups on secondary tank, on separate nodes and on separate (off site) TAPPaaS systems
- In case of TAPPaaS deployment in High Availability then the HA mirror will add another backup copy
- We need to find a solution for backing up the PVE nodes them self, and any data that we store outside containers.
- We need to give special consideration to encryption keys
We will consider znapzend, used to snapshot and replicate zfs volumes across servers
AI Stack¶
Productivity Stack¶
Home Stack¶
| Capability | Priority | Software | Comments |
|---|---|---|---|
| medium | PostIO | Very difficult to run autonomously, maintenance is high | |
| Address book | High | NextCloud | need to be integrated into many other applications |
| Calendering | High | NextCloud | |
| Note Taking | Medium | ?? | Could simply be files in NextCloud, but need to be investigated |
| Photos | High | Immich | considered NextCloud with Memories module, but not well functioning on Android |
| Music | High | Jellyfin | |
| Video | High | Jellyfin | |
| Podcasts | medium | audiobookshelf?? | |
| Document | high | NextCloud Office / Libraoffice / OnlyOffice | consider Nextcloud, but not as FOSS as we would prefer |
| File synching | high | NextCloud | also function as document backup |
| Offline Web | medium | Karakeep | self-hosted open source version of Pocket |
| Virtual Assistant | medium | litellm, olama + Home Assistant | |
| Bookshelf | low | Calibra?? | |
| chat and video | High | Nextcloud ? | encourage use of Signal. need a solution for resiliency |
Small Community (variation of HOME)¶
| Capability | Priority | Software | Comments |
|---|---|---|---|
| WiFi Rooming | medium | R.O.B.I.N. ?? | |
| Internet Sharing | High | OPNsense | |
| Public Bookshelf | Medium | Calibra, wikipedia hosting, ... ?? | |
| Community Social | High | Mastedont? | |
| Video Conferencing | low | Nextcloud? |
Productivity Stack¶
| Capability | Priority | Software | Comments |
|---|---|---|---|
| High | |||
| Office Suite | High | OnlyOffice/Nextcloud Office | |
| Corporate website | High | ||
| ERP System | Medium | ||
| Office Wifi | Medium | ||
| Corporate VPN | High | NetBird | |
| Video Conferencing | Medium | NextCloud | |
| Chat | Medium | NextCloud? |
Software Development Stack¶
| Capability | Priority | Software | Comments |
|---|---|---|---|
| Git | High | CodeBerg | |
| CICD | High | Terraform, Ansible | |
| Backlog | High | ?? | |
| Application platform | High | K3S, Garage, PostGreSQL | |
| Reverse Proxy | High | Caddy | for development the requirement is easy access to a reverse proxy in a secure manner |