Proposed BlueSky 3 Repositories

[smaddock]

Suggesting breaking out the different components of BlueSky into separate repositories for easier development, maintenance, and installation:

• bluesky-server
• bluesky-webui
• bluesky-connect
• bluesky-admin
• bluesky-server-terraform
• bluesky-server-docker

bluesky-server

Only the actual files required to serve BlueSkyConnect tunnels and track endpoints.

Major changes:

• [x] move files to standard Linux locations (configs in /etc, PIDs in /run, etc.)
• [ ] generates only a macOS configuration profile, not the client or admin installers
• [x] remove Apache and PHP dependency for API functionality (cgi-bin/collector.php)
• [x] change default database to SQLite
• [ ] configurable with different databases
• [ ] configurable with different PKI certificate authorities
• [x] dependencies handled through APT
• [ ] server configuration handled through server-terraform or server-docker repos

Build artifacts:

• [x] Debian (et al) deb binary package
• [ ] possibly RHEL (et al) rpm binary package
• [ ] possibly signed package repositories

bluesky-webui

Web-based admin UI for managing endpoint database. Optional install.

Major changes:

• can run on separate node from the server
• either update AppGini or replace
• remove superfluous UI elements
• configurable with different web servers
• move source code out of public directory
• SSO (SAML) support

Build artifacts:

• Debian (et al) deb binary package
• possibly RHEL (et al) rpm binary package
• possibly signed package repositories

bluesky-connect

Endpoint agent for reverse TCP tunnels.

Major changes:

• possibly replace autossh with nebula or innernet
• install and codebase is server-agnostic, configured with a macOS configuration profile
• possibly contain all components inside a macOS application bundle
• package and possible app are signed and notarized
• build process handled with munki-pkg

Build artifacts:

• signed/notarized macOS pkg distribution package

bluesky-admin

Mac administrative utilities for connecting to endpoints.

Major changes:

• install and codebase is server-agnostic, configured with a macOS configuration profile
• repo contains only source code, "apps" are created during build process
• package apps are signed and notarized
• add icon to apps
• build process handled with munki-pkg

Build artifacts:

• signed/notarized macOS pkg distribution package

bluesky-server-terraform

Opinionated image and deployment of BlueSky server on a cloud- or local-VM.

Major changes:

• [x] VM-only code, remove conditionals for in-Docker
• [x] Configures server and dependencies
• [ ] Support AWS, GCP, Azure and DigitalOcean

Build artifacts:

• [ ] Packer files to build a server image on platform of choice
• [x] Terraform files to stand up a server on platform of choice

bluesky-server-docker

Opinionated Docker image of BlueSky server.

Major changes:

• Docker-only code, remove conditionals for in-Docker
• Orchestration config for auto-deployment of additional required containers

Build artifacts:

• Docker image in Dockerhub

[smaddock]

Thinking through how to make BlueSky more usable and sustainable for our MSP going forward, these are the changes I would want to make. What are other people’s thoughts? I can try to keep the list above updated as we discuss and work through it. Already seeing something I forgot...

[smaddock]

I like the idea of WireGuard for point-to-point connections (although I don’t have an issue with SSH) but I definitely don’t want a peer mesh network where endpoints could connect to each other, which is what Innernet and Nebula seemed designed for. Seems there are some straightforward WireGuard management UIs like https://github.com/perara/wg-manager and https://github.com/ngoduykhanh/wireguard-ui that could get us most of the way there, but also want to hear @AllPurposeBen’s thoughts since I believe he originally brought up switching away from SSH.

[smaddock]

Dunno if it needs a separate repo or if it can just be part of the bluesky-connect repo, but I'd like to pull all the "remove old version" code into a standalone uninstaller.

[smaddock]

If anyone's following along at home, WIP for the server is up: https://github.com/smaddock/bluesky-server/tree/dev-3.x

[smaddock]

WIP for Terraform on DigitalOcean is up: https://github.com/smaddock/bluesky-server-terraform/tree/dev-3.x