michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redaction (#1)

Browse Source 
Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
This commit was merged in pull request #1.
This commit is contained in:
Michael DiLeo
2025-12-24 13:40:47 +00:00
committed by michael_dileo
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
.cursor/rules/applications.mdc Normal file
View File

@@ -0,0 +1,124 @@
---
description: Fediverse applications deployment patterns and configurations
globs: ["manifests/applications/**/*", "build/**/*"]
alwaysApply: false
---
# Fediverse Applications ✅ OPERATIONAL
## Application Overview
All applications use **Zero Trust architecture** via Cloudflare tunnels with dedicated S3 buckets for media storage:
### Currently Deployed Applications
- **Mastodon**: `https://mastodon.keyboardvagabond.com` - Microblogging platform ✅ OPERATIONAL
- **Pixelfed**: `https://pixelfed.keyboardvagabond.com` - Photo sharing platform ✅ OPERATIONAL
- **PieFed**: `https://piefed.keyboardvagabond.com` - Forum/Reddit-like platform ✅ OPERATIONAL
- **BookWyrm**: `https://bookwyrm.keyboardvagabond.com` - Social reading platform ✅ OPERATIONAL
- **Picsur**: `https://picsur.keyboardvagabond.com` - Image storage ✅ OPERATIONAL
## Application Architecture Patterns
### Multi-Container Design
Most fediverse applications use **multi-container architecture**:
- **Web Container**: HTTP requests, API, web UI (Nginx + app server)
- **Worker Container**: Background jobs, federation, media processing
- **Beat Container**: (Django apps only) Celery Beat scheduler for periodic tasks
### Storage Strategy ✅ OPERATIONAL
**Per-Application CDN Strategy**: Each application uses dedicated Backblaze B2 bucket with Cloudflare CDN:
- **Pixelfed CDN**: `pm.keyboardvagabond.com` → `pixelfed-bucket`
- **PieFed CDN**: `pfm.keyboardvagabond.com` → `piefed-bucket`
- **Mastodon CDN**: `mm.keyboardvagabond.com` → `mastodon-bucket`
- **BookWyrm CDN**: `bm.keyboardvagabond.com` → `bookwyrm-bucket`
### Database Integration
All applications use the shared **PostgreSQL HA cluster**:
- **Connection**: `postgresql-shared-rw.postgresql-system.svc.cluster.local:5432`
- **Dedicated Databases**: Each app has its own database (e.g., `mastodon`, `pixelfed`, `piefed`, `bookwyrm`)
- **High Availability**: 3-instance cluster with automatic failover
## Framework-Specific Patterns
### Laravel Applications (Pixelfed)
```yaml
# Critical Laravel S3 Configuration
FILESYSTEM_DRIVER=s3
PF_ENABLE_CLOUD=true
FILESYSTEM_CLOUD=s3
AWS_BUCKET=pixelfed-bucket # Dedicated bucket approach
AWS_URL=https://pm.keyboardvagabond.com/ # CDN URL
```
### Flask Applications (PieFed)
```yaml
# Flask Configuration with Redis and S3
FLASK_APP=pyfedi.py
DATABASE_URL=
CACHE_REDIS_URL=
S3_BUCKET=
S3_PUBLIC_URL=https://pfm.keyboardvagabond.com
```
### Django Applications (BookWyrm)
```yaml
# Django S3 Configuration
USE_S3=true
AWS_STORAGE_BUCKET_NAME=bookwyrm-bucket
AWS_S3_CUSTOM_DOMAIN=bm.keyboardvagabond.com
AWS_DEFAULT_ACL="" # Backblaze B2 doesn't support ACLs
```
### Ruby Applications (Mastodon)
```yaml
# Mastodon Dual Ingress Pattern
# Web: mastodon.keyboardvagabond.com
# Streaming: streamingmastodon.keyboardvagabond.com (WebSocket)
STREAMING_API_BASE_URL: wss://streamingmastodon.keyboardvagabond.com
```
## Container Build Patterns
### Multi-Stage Docker Strategy ✅ WORKING
Optimized builds reduce image size by ~75%:
- **Base Image**: Shared foundation with dependencies and source code
- **Web Container**: Production web server configuration
- **Worker Container**: Background processing optimizations
- **Size Reduction**: From 1.3GB single-stage to ~350MB multi-stage
### Harbor Registry Integration
- **Registry**: `<YOUR_REGISTRY_URL>`
- **Image Pattern**: `<YOUR_REGISTRY_URL>/library/app-name:tag`
- **Build Process**: `./build-all.sh` in project root
## ActivityPub Inbox Rate Limiting ✅ OPERATIONAL
### Nginx Burst Configuration Pattern
Implemented across all fediverse applications to handle federation traffic spikes:
```nginx
# Rate limiting zone - 100MB buffer, 10 requests/second
limit_req_zone $binary_remote_addr zone=inbox:100m rate=10r/s;
# ActivityPub inbox location block
location /inbox {
limit_req zone=inbox burst=300; # 300 request buffer
# Extended timeouts for ActivityPub processing
}
```
### Rate Limiting Behavior
- **Normal Operation**: 10 requests/second processed immediately
- **Burst Handling**: Up to 300 additional requests queued
- **Overflow Response**: HTTP 503 when buffer exceeds capacity
- **Federation Impact**: Protects backend from overwhelming traffic spikes
## Application Deployment Standards
- **Zero Trust Ingress**: All applications use Cloudflare tunnel pattern
- **Container Registry**: Harbor for all custom images
- **Multi-Stage Builds**: Required for Python/Node.js applications
- **Storage**: Longhorn with 2-replica redundancy
- **Monitoring**: ServiceMonitor integration with OpenObserve
- **Rate Limiting**: ActivityPub inbox protection for all fediverse apps
@fediverse-app-template.yaml
@s3-storage-config-template.yaml
@activitypub-rate-limiting-template.yaml