Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposed BlueSky 3 Repositories #44

Open
8 of 16 tasks
smaddock opened this issue Apr 10, 2022 · 5 comments
Open
8 of 16 tasks

Proposed BlueSky 3 Repositories #44

smaddock opened this issue Apr 10, 2022 · 5 comments
Assignees
@smaddock
Labels
enhancement

Comments

@smaddock
Copy link
Collaborator

smaddock commented Apr 10, 2022
edited
Loading

Suggesting breaking out the different components of BlueSky into separate repositories for easier development, maintenance, and installation:

  • bluesky-server
  • bluesky-webui
  • bluesky-connect
  • bluesky-admin
  • bluesky-server-terraform
  • bluesky-server-docker

bluesky-server

Only the actual files required to serve BlueSkyConnect tunnels and track endpoints.

Major changes:

  • move files to standard Linux locations (configs in /etc, PIDs in /run, etc.)
  • generates only a macOS configuration profile, not the client or admin installers
  • remove Apache and PHP dependency for API functionality (cgi-bin/collector.php)
  • change default database to SQLite
  • configurable with different databases
  • configurable with different PKI certificate authorities
  • dependencies handled through APT
  • server configuration handled through server-terraform or server-docker repos

Build artifacts:

  • Debian (et al) deb binary package
  • possibly RHEL (et al) rpm binary package
  • possibly signed package repositories

bluesky-webui

Web-based admin UI for managing endpoint database. Optional install.

Major changes:

  • can run on separate node from the server
  • either update AppGini or replace
  • remove superfluous UI elements
  • configurable with different web servers
  • move source code out of public directory
  • SSO (SAML) support

Build artifacts:

  • Debian (et al) deb binary package
  • possibly RHEL (et al) rpm binary package
  • possibly signed package repositories

bluesky-connect

Endpoint agent for reverse TCP tunnels.

Major changes:

  • possibly replace autossh with nebula or innernet
  • install and codebase is server-agnostic, configured with a macOS configuration profile
  • possibly contain all components inside a macOS application bundle
  • package and possible app are signed and notarized
  • build process handled with munki-pkg

Build artifacts:

  • signed/notarized macOS pkg distribution package

bluesky-admin

Mac administrative utilities for connecting to endpoints.

Major changes:

  • install and codebase is server-agnostic, configured with a macOS configuration profile
  • repo contains only source code, "apps" are created during build process
  • package apps are signed and notarized
  • add icon to apps
  • build process handled with munki-pkg

Build artifacts:

  • signed/notarized macOS pkg distribution package

bluesky-server-terraform

Opinionated image and deployment of BlueSky server on a cloud- or local-VM.

Major changes:

  • VM-only code, remove conditionals for in-Docker
  • Configures server and dependencies
  • Support AWS, GCP, Azure and DigitalOcean

Build artifacts:

  • Packer files to build a server image on platform of choice
  • Terraform files to stand up a server on platform of choice

bluesky-server-docker

Opinionated Docker image of BlueSky server.

Major changes:

  • Docker-only code, remove conditionals for in-Docker
  • Orchestration config for auto-deployment of additional required containers

Build artifacts:

  • Docker image in Dockerhub
@smaddock smaddock self-assigned this Apr 10, 2022
@smaddock
Copy link
Collaborator Author

Thinking through how to make BlueSky more usable and sustainable for our MSP going forward, these are the changes I would want to make. What are other people’s thoughts? I can try to keep the list above updated as we discuss and work through it. Already seeing something I forgot...

@smaddock
Copy link
Collaborator Author

smaddock commented Apr 10, 2022
edited
Loading

I like the idea of WireGuard for point-to-point connections (although I don’t have an issue with SSH) but I definitely don’t want a peer mesh network where endpoints could connect to each other, which is what Innernet and Nebula seemed designed for. Seems there are some straightforward WireGuard management UIs like https://github.com/perara/wg-manager and https://github.com/ngoduykhanh/wireguard-ui that could get us most of the way there, but also want to hear @AllPurposeBen’s thoughts since I believe he originally brought up switching away from SSH.

@smaddock
Copy link
Collaborator Author

Dunno if it needs a separate repo or if it can just be part of the bluesky-connect repo, but I'd like to pull all the "remove old version" code into a standalone uninstaller.

@smaddock
Copy link
Collaborator Author

If anyone's following along at home, WIP for the server is up: https://github.com/smaddock/bluesky-server/tree/dev-3.x

@smaddock
Copy link
Collaborator Author

WIP for Terraform on DigitalOcean is up: https://github.com/smaddock/bluesky-server-terraform/tree/dev-3.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smaddock smaddock

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smaddock