Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org/pulls/115 Reviewed-by: Inex Code <inex.code@selfprivacy.org> Co-authored-by: dettlaff <dettlaff@riseup.net> Co-committed-by: dettlaff <dettlaff@riseup.net>
2.5 KiB
title | linkTitle | weight | date | description |
---|---|---|---|---|
Project architecture | Architecture | 5 | 2022-01-09 | How the project is organized and how it works. |
Yes, you could use kubernetes. But why when immutability is ensured by NixOS?
User app: Flutter/Dart was chosen because of the speed and smoothness of the UI and cross-platform.
Server side (backend): NixOS + Python. NixOS was chosen because of its reproducibility, python because of its versatility and popularity.
Service providers
We do not get paid by any service providers! We are not affiliated with them in any way. We chose them purely for professional reasons. But we do not exclude partnership in the future.
Hosting
SelfPrivacy supports two hosting providers: Hetzer and DigitalOcean
Both were chosen because of low price and acceptable level of service, quality REST API.
Candidates:
- Own personal iron server. Our main priority right now;
- A service provider that will provide an API to deploy an iron server. Outside FVEY;
- OVH
- Scaleway
There's also free Oracle Cloud, but where you don't pay, you're usually a commodity.
DNS
There's a choice between Cloudflare, deSEC, or DigitalOcean DNS.
deSEC is a more private option and is recommended by default.
Cloudflare likely collects data in proxy traffic mode, otherwise it's hard to explain why they would offer such services for free. In our case, we don't proxy anything and use it only as a DNS server.
Backup repository
We use Backblaze.
The first 20GB are free and significantly cheaper than AWS. Backblaze publishes its hardware developments in open source. They also shares very useful statistics on disk failures, based on which one can choose the most reliable and tested option.
In the future, we might replace them with a self-hosted solution or a peer-to-peer one. Currently, this is not a top priority since the data is encrypted, and the service provider only sees the IP address of your server, not the device with the application.