diff options
| author | Sam Anthony <sam@samanthony.xyz> | 2026-03-07 11:45:19 -0500 |
|---|---|---|
| committer | Sam Anthony <sam@samanthony.xyz> | 2026-03-07 11:45:19 -0500 |
| commit | 7c32f8a87889c8fdb8637243fd540061ea1a8539 (patch) | |
| tree | fe5b5b42f3cfe74e755cf57419b7f3d3b6dd89bb /doc/arch.md | |
| parent | 36381d86c6a690a7870ce360dad63be333361447 (diff) | |
| download | buth-7c32f8a87889c8fdb8637243fd540061ea1a8539.zip | |
doc: simplify architecture, some notes
Got rid of client-side 9p, which was just silly bloat. Using HTTP
exclusively on the client side now, with htmx.
Combined auth and api servers into monolithic buthd, which translates
http/9p between client and backend 9p servers.
Added some implementation and security notes, and part of shopfs.
Diffstat (limited to 'doc/arch.md')
| -rw-r--r-- | doc/arch.md | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/doc/arch.md b/doc/arch.md index faac44e..4a5a0e1 100644 --- a/doc/arch.md +++ b/doc/arch.md @@ -1,7 +1,7 @@ # Architecture -Intended to be deployed on OpenBSD. +Intended to be deployed on OpenBSD with all processes running with minimal privileges. - LAN - shop.samanthony.xyz @@ -9,27 +9,36 @@ Intended to be deployed on OpenBSD. - Serves static HTML files - Serves scripts (js/wasm) including htmx.js - api.shop.samanthony.xyz - - `buthapi` API server + - `buthd` API server - Serves htmx fragments - - Serves 9P {/cart, /checkout} to authenticated clients via websockets - - auth.shop.samanthony.xyz - - `buthauth` web authentication gateway - - Client-facing HTTP interface to authfs - - Handles registration and login forms + - Proxy between client HTTP and backend 9P servers + - Handles login forms: client↔authfs + - Handles cart and checkout endpoints: client↔shopfs - authfs - - `buthauthfs` daemon + - `buthauthfs` 9P file server daemon - Persistent user database - Stores password hashes - Manages client sessions - - Serves 9P to api and auth servers - - relay - - relayd(8) + - shopfs + - `buthshopfs` 9P file server daemon + - Inventory + - User shopping carts + - Checkout + - relayd(8) - TLS proxy/gateway - WAN - Client web browser - HTML renderer, js/wasm interpreter - - Generates and stores its session ID (in a cookie) + - Generates and stores session cookies The LAN could be either a single OpenBSD host, several vmd(8) VMs, or several machines in a VPN, e.g. Tailscale. +An administrator can manage the site by mounting the `fs` daemons in a terminal's namespace with userspace plan9 utils. + ![[arch.png]] + +## Notes + +Should `buthd` be monolithic, or should there be one http/9p gateway per 9p file server, multiplexed by relayd? should the htmx fragment serving/template rendering be broken out into its own process? + +Nice to minimize number of http servers (just httpd and buthd). Less sysadmin: relayd, permissions, init scripts. |