From d8671aa47dd0472b9779918a7a9cdddf9bfde355 Mon Sep 17 00:00:00 2001
From: Sam Anthony <sam@samanthony.xyz>
Date: Fri, 6 Mar 2026 16:31:54 -0500
Subject: doc: architecture and authentication

---
 doc/arch.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 doc/arch.md

(limited to 'doc/arch.md')

diff --git a/doc/arch.md b/doc/arch.md
new file mode 100644
index 0000000..faac44e
--- /dev/null
+++ b/doc/arch.md
@@ -0,0 +1,35 @@
+
+# Architecture
+
+Intended to be deployed on OpenBSD.
+
+- LAN
+	- shop.samanthony.xyz
+		- Basic web server, e.g. httpd(8)
+		- Serves static HTML files
+		- Serves scripts (js/wasm) including htmx.js
+	- api.shop.samanthony.xyz
+		- `buthapi` API server
+		- Serves htmx fragments
+		- Serves 9P {/cart, /checkout} to authenticated clients via websockets
+	- auth.shop.samanthony.xyz
+		- `buthauth` web authentication gateway
+		- Client-facing HTTP interface to authfs
+		- Handles registration and login forms
+	- authfs
+		- `buthauthfs` daemon
+		- Persistent user database
+		- Stores password hashes
+		- Manages client sessions
+		- Serves 9P to api and auth servers
+	- relay
+		- relayd(8)
+		- TLS proxy/gateway
+- WAN
+	- Client web browser
+		- HTML renderer, js/wasm interpreter
+		- Generates and stores its session ID (in a cookie)
+
+The LAN could be either a single OpenBSD host, several vmd(8) VMs, or several machines in a VPN, e.g. Tailscale.
+
+![[arch.png]]
-- 
cgit v1.2.3