rootsystem

server.garden Privileged Automation Agent

mkdir -p ssh

ssh-keygen -t ed25519 -N '' -f ./ssh/servergarden_builtin_ed22519

go build -o ansible-wrapper/ansible-playbook-wrapper ansible-wrapper/main.go
go build -o host-key-poller/host-key-poller host-key-poller/main.go

# you will have to provide a complete config file. normally this would be provideded by seedpacket
nano config.json

go run *.go

---

Rootsystem is the entrypoint & most highly privileged part of the server.garden automation system, hence "root" in the name.

Rootsystem starts the first time a server.garden system boots, and it uses provided credentials and options to create, plan & apply multiple terraform projects based on its own collection of terraform modules & ansible roles. It is responsible for installing and configuring the required base-system components of a server.garden datacenter, such as:

• threshold, the public-internet-facing gateway & TCP reverse tunnel
• serviceroad, the peer-to-peer vpn
• spigot, the consensus & leader-election service
• caddy, the Let's Encrypt ACME client, TLS terminator & reverse-proxy

Rootsystem will create one terraform-global project first, where it configures DNS entries and an optional cloud instance to act as an ingress gateway.

Then, it will create a terraform-local-<node-name> project on each node, which will set up node-specific elements of the system, both in the cloud (node-specific DNS entries, threshold configurations, etc) and locally on the node itself.

In the future, rootsystem will also have a continuous-integration-ish role, where it handles configuration changes as they are posted & re-runs builds as needed.

Rootsystem has no user-interface of its own, however, it is tightly coupled to the seedpacket desktop application. Rootsystem posts status updates to object storage, which seedpacket can read & display to the user in real time via polling.