CSTF/civilsociety-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update.

Browse Source
This commit is contained in:
Paul Payne
2025-04-27 15:03:28 -07:00
parent 0a697ef78a
commit 81451bf973
42 changed files with 3596 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/projects/education.md
View File

@@ -2,4 +2,6 @@
title = 'Education'
+++
Curating and developing education resources.
Curating and developing education resources.
Check out our [Learning articles](../learning/).

65
content/projects/sovereign-cloud/_index.md Normal file
View File

@@ -0,0 +1,65 @@
+++
title = 'Sovereign Cloud'
+++
The Sovereign Cloud is the Civil Society Technology Foundation's reference implementation for personal and organizational self-hosted infrastructure. This project empowers individuals and organizations to run their own digital services without dependency on centralized corporate platforms.
## Overview
The Sovereign Cloud provides a complete, accessible solution for operating essential digital services on infrastructure you control. It combines carefully selected open-source components into a cohesive system that balances security, usability, and maintainability.
By deploying the Sovereign Cloud, organizations can:
- Host their own email, calendar, file storage, website, and collaboration tools
- Maintain full control over their data and communications
- Reduce or eliminate dependencies on surveillance-based platforms
- Build technical capacity and digital sovereignty
- Participate in a community of practice around independent infrastructure
The Soverign Cloud project aims to start you with a simple self-hosted cloud solution that gets you set up quickly and easily manage your cloud. However, it is a full solution. None of the technical foundations are stripped away. You can go deeper and extend your cloud how you see fit.
### Architecture
The Soverign cloud allows individuals and organizations (cloud admins) to install and manage a full Kubernetes cluster (using K3s) made of one or multiple computers on their own premises. Kubernetes manages much of the complexity of maintaining the health of your cloud and managing the applications deployed in it.
### Applications
Admins can deploy various applications into their cloud, including:
- Email servers with webmail interfaces
- Calendar and contacts synchronization
- File storage and sharing
- Collaborative document editing
- Website hosting
- Chat and communication tools
- Knowledge management systems
- And more, based on organizational needs
## Getting Started
The Soverign Cloud project is currently being built out. When v1 is ready, it will be freely available on GitHub. Instructions for getting started with your cloud will be included in the repository after it is cloned.
See our [Tech Notes](tech-notes) page for more information on current development.
## Community Support
The Sovereign Cloud is supported by a community of practitioners who share knowledge, troubleshooting tips, and enhancements. The Civil Society Technology Foundation provides:
- Documentation and tutorials
- Installation guides for different environments
- Regular security advisories
- Community forum for mutual assistance
- Workshops and training opportunities
## Philosophy
The Sovereign Cloud embodies the Civil Society Technology Foundation's core principles:
- **Sovereignty by Design**: Users control their data and computing environment
- **Open Source, Always**: All components are free to use, study, modify, and share
- **Self-Hosting Infrastructure**: Direct control reduces dependency and vulnerability
- **Transparent Governance**: All components have clear, accountable governance
- **Forkability is Freedom**: Any component can be replaced or modified as needed
- **Practical Autonomy**: Infrastructure that users can understand and maintain
By providing this reference implementation, we demonstrate that digital sovereignty is not merely theoretical but practically achievable with current technology and modest resources.

75
content/projects/sovereign-cloud/tech-notes/index.md Normal file
View File

@@ -0,0 +1,75 @@
+++
title = 'Sovereign Cloud Tech Notes'
+++
The Sovereign Cloud is under active development.
## Core Components
The Sovereign Cloud is being built on a lightweight Kubernetes distribution (K3s) that provides the foundation for deploying and managing containerized applications. This architecture offers several key advantages:
- **K3s**: A certified Kubernetes distribution designed for production workloads in unattended, resource-constrained, edge, IoT, or appliance settings
- Visibility layer
- **MetalLB**: Assigns network IPs to services, allowing clean exposure of applications within your LAN
- **Traefik**: Ingress controller that handles subdomain routing and TLS termination within your cloud
- **ExternalDNS**: Automatically registers cloud resources as subdomains with your external DNS provider (currently supporing CloudFlare)
- **CoreDNS**: Provides split-horizon DNS for both public and private services
- **cert-manager**: Automatically manages TLS certificates via Let's Encrypt and internal CA
- Volatility layer
- **Vanilla Kubernetes**: Kubernetes manifests, configured with kustomize, applied with kubectl.
- Persistece layer
- **Longhorn**: Cluster-wide block storage.
- **PostgreSQL/MariaDB**: Databases for applications requiring persistent storage
## Security Features
The Sovereign Cloud incorporates several security features:
- **Automatic TLS certificates**: All services use HTTPS with valid certificates
- **Network isolation**: Clear separation between public-facing and internal-only services
- **Split-horizon DNS**: Different resolution for internal vs. external access
- **Certificate-based authentication**: For administrative access
- **Regular updates**: Streamlined process for keeping components secure
- **Backup system**: Automated backups with encrypted off-site options
## Management Interfaces
The Sovereign Cloud includes a web-based dashboard for monitoring and managing your infrastructure:
- **Soveign Cloud Home**: A web application that is the central management interface for your cloud
- **Kubernetes Dashboard**: Web UI for full visibility of your Kubernetes cluster
- **Application-specific interfaces**: Each application provides its own management UI
## Why K3s?
K3s offers a lightweight, simplified version of Kubernetes without sacrificing core functionality. Its designed to be easy to install, easy to manage, and efficient enough to run in places where full Kubernetes would be too heavy — like edge devices, small clusters, or developer environments.
By stripping away unnecessary extras and bundling everything into a single binary, K3s dramatically reduces the complexity and resource demands of a Kubernetes installation. This makes it much faster to get started and much easier to operate over time.
For teams who want the power of Kubernetes without all the operational overhead, K3s provides a practical, open-source alternative that stays true to Kubernetes principles while removing a lot of the friction.
## Application Packaging
For the Sovereign Cloud project, we chose a simple, transparent approach to application packaging based on two principles: reproducibility and openness.
Each application is defined by a maintained Dockerfile. This ensures that anyone can rebuild the application from source without relying on external or proprietary tools. Keeping Dockerfiles clear and self-contained supports long-term sustainability and prevents hidden dependencies.
For deployment, we use plain Kubernetes manifests managed through Kustomize. Kustomize allows us to build a clean, declarative base for each application, then apply environment-specific overlays without introducing unnecessary complexity. It keeps the configuration understandable and versioned in Git, supporting collaboration and peer review across organizations.
By avoiding heavier tooling, we prioritize clarity and control over pseudo-convenience. Our goal is for anyone — technical teams within civil society or otherwise — to be able to read, audit, and reproduce the full deployment process without needing specialized knowledge or access to private infrastructure.
This approach keeps the system open, portable, and maintainable over the long term, aligning with Sovereign Cloud's goal of building infrastructure _for civil society, by civil society_.
### Why Not Helm?
While Helm is popular for managing Kubernetes applications, it introduces unnecessary complexity for many real-world deployments. Helm doesn't eliminate the need for careful configuration — it simply shifts it. Instead of managing plain YAML files directly, you now manage Helm charts, templates, and values files. This can actually make it harder to understand exactly what is being deployed.
Helm also creates hidden state inside your cluster, making upgrades and rollbacks dependent on Helm itself rather than on clear, versioned files in Git. If something goes wrong, you're often troubleshooting Helm releases and secrets instead of just fixing a Kubernetes manifest.
We value simplicity, transparency, and full control over infrastructure. Using plain YAML, lightweight templates, and Git provides a more reliable and auditable system. With a small amount of scripting, the same flexibility Helm promises can be achieved without introducing another layer of abstraction.
### Why Kustomize?
Kustomize provides a simple, powerful way to manage Kubernetes configurations without introducing hidden complexity. It works directly with plain YAML files — letting you layer changes cleanly and predictably.
Unlike templating systems that mix logic into your configuration, Kustomize keeps everything declarative. You start with a base set of manifests and apply structured overlays to customize them, without ever touching the originals. This approach keeps deployments transparent, easy to audit, and easy to version in Git.

8
content/projects/sovereign_cloud.md
View File

@@ -1,8 +0,0 @@
+++
title = 'Sovereign Cloud'
+++
A.K.A "The Stack", a.k.a., "The Starter Kit"
- Kubernetes
- Rancher