Studio:5505 Industries/Diagrams
From Amaranth Legacy, available at amaranth-legacy.community
More actions
---
config:
layout: elk
---
flowchart LR
internet>"Internet"]
desec["<a href='https://desec.io/'>deSEC</a>"]
internet -- DNS --> desec
subgraph home
subgraph playground
minecraft["<a href='https://www.minecraft.net/about-minecraft'>Minecraft</a>"]
end
subgraph kubernetes["<a href='https://kubernetes.io/'>Kubernetes</a>"]
garage["<a href='https://garagehq.deuxfleurs.fr/'>Garage</a>"]
subgraph observability
victoriametrics-operator["<a href='https://docs.victoriametrics.com/operator/'>VictoriaMetrics Operator</a>"]
victoriametrics["<a href='https://victoriametrics.com/products/open-source/'>VictoriaMetrics</a>"]
victorialogs["<a href='https://victoriametrics.com/products/victorialogs/'>VictoriaLogs</a>"]
vector["<a href='https://vector.dev/'>Vector</a>"]
prometheus["<a href='https://prometheus.io/'>Prometheus</a>"]
grafana["<a href='https://grafana.com/oss/grafana/'>Grafana</a>"]
victoriametrics & victorialogs -- management --> victoriametrics-operator
prometheus -- metrics storage --> victoriametrics
vector -- log storage --> victorialogs
grafana -- metrics retrieval --> victoriametrics
grafana -- log retrieval --> victorialogs
end
subgraph analytics
umami["<a href='https://umami.is/'>Umami</a>"]
umami-data["<a href='https://www.postgresql.org/'>PostgreSQL</a>"]
umami-redis["<a href='https://valkey.io/'>Valkey</a>"]
umami -- database --> umami-data
umami -- cache --> umami-redis
end
subgraph amaranth-legacy-idp
kratos["<a href='https://www.ory.com/kratos'>Ory Kratos</a>"]
kratos-data["<a href='https://www.postgresql.org/'>PostgreSQL</a>"]
kratos-ui-ktor["<a href='https://codeberg.org/amaranth-legacy/kratos-ui-ktor'>kratos-ui-ktor</a>"]
kratos2mw["<a href='https://codeberg.org/amaranth-legacy/kratos2mw'>kratos2mw</a>"]
kratos -- database --> kratos-data
kratos-ui-ktor -- backend --> kratos
kratos -- flow validation<br>(registration, settings) --> kratos2mw
end
subgraph amaranth-legacy
mediawiki["<a href='https://www.mediawiki.org/wiki/MediaWiki'>MediaWiki</a>"]
mediawiki-data["<a href='https://www.postgresql.org/'>PostgreSQL</a>"]
mediawiki-redis["<a href='https://valkey.io/'>Valkey</a>"]
mediawiki-memcached["<a href='https://memcached.org/'>memcached</a>"]
mediawiki-elasticsearch["<a href='https://www.elastic.co/elasticsearch'>Elasticsearch</a>"]
mediawiki-job-runner["<a href='https://www.mediawiki.org/wiki/Manual:RunJobs.php'>MediaWiki job runner</a>"]
mediawiki-nginx["<a href='https://nginx.org/'>nginx</a>"]
mediawiki-nginx -- backend --> mediawiki
mediawiki & mediawiki-job-runner -- database --> mediawiki-data
mediawiki -- cache, stash --> mediawiki-memcached
mediawiki -- job queue storage --> mediawiki-redis
mediawiki-redis -- job queue retrieval --> mediawiki-job-runner
mediawiki -- search backend --> mediawiki-elasticsearch
end
mediawiki & mediawiki-job-runner -- file storage --> garage
mediawiki -- authentication, session management --> kratos
kratos2mw -- username validation --> mediawiki
subgraph amaranth-legacy-discord
mediawiki-discord-integration["<a href='https://codeberg.org/amaranth-legacy/MediaWikiDiscordIntegration'>MediaWikiDiscordIntegration</a>"]
mediawiki-discord-integration -- backend --> mediawiki
end
subgraph amaranth-legacy-irc
ergo["<a href='https://ergo.chat/'>Ergo</a>"]
ergo-history["<a href='https://mariadb.org/'>MariaDB</a>"]
dis4irc["<a href='https://github.com/zachbr/Dis4IRC'>Dis4IRC</a>"]
gamja["<a href='https://codeberg.org/emersion/gamja'>gamja</a>"]
ergo -- history database --> ergo-history
dis4irc <-- Discord bridge --> ergo
gamja -- backend --> ergo
end
ergo -- authentication --> kratos
subgraph envoy-gateway-system
envoy-gateway["<a href='https://gateway.envoyproxy.io/'>Envoy Gateway</a>"]
envoy-default-internet["<a href='https://www.envoyproxy.io/'>Envoy</a>"]
envoy-default-internet -- management --> envoy-gateway
envoy-default-internet -- amaranth-legacy.community --> mediawiki-nginx
envoy-default-internet -- amaranth-legacy.yttrium.systems --> garage
envoy-default-internet -- chat.amaranth-legacy.community/ --> gamja
envoy-default-internet -- chat.amaranth-legacy.community/socket --> ergo
envoy-default-internet -- idp.amaranth-legacy.community/ --> kratos-ui-ktor
envoy-default-internet -- idp.amaranth-legacy.community/api/kratos/ --> kratos
envoy-default-internet -- observability.5505.industries --> grafana
envoy-default-internet -- analytics.5505.industries --> umami
envoy-default-internet -- IRC --> ergo
end
end
end
subgraph akamai-cloud["<a href='https://linode.com/'>Akamai Cloud</a>"]
subgraph ingress
caddy["<a href='https://caddyserver.com/'>Caddy</a>"]
anubis["<a href='https://anubis.techaro.lol/'>Anubis</a>"]
caddy -- HTTPS --> envoy-default-internet
caddy -- IRCS --> envoy-default-internet
caddy -- soul inspection --> anubis
anubis -- soul inspected --> caddy
end
end
caddy -- Minecraft --> minecraft
internet -- HTTPS<br>IRCS<br>Minecraft --> caddy
Amaranth Legacy Chat
sequenceDiagram actor user as User participant gamja participant kratos as Kratos participant ergo as IRC user->>gamja: Connect gamja->>kratos: GET /sessions/whoami?tokenize_as=irc Note over kratos: Signs using private JWK kratos-->>gamja: 200 OK<br>(includes JWT) gamja->>ergo: AUTHENTICATE IRCV3BEARER<br>(includes JWT) Note over ergo: Validates using public JWK ergo-->>gamja: :You are now logged in as [username]
Old system
sequenceDiagram
actor user as User
participant gamja
participant hydra as Hydra
participant kratos-ui-ktor
participant kratos as Kratos
participant ergo as IRC
user->>gamja: Connect
gamja->>hydra: GET /.well-known/openid-configuration
hydra-->>gamja: 200 OK<br>(lists endpoints)
gamja->>hydra: GET /oauth2/auth
hydra-->>gamja: 302 Found<br>(Location: kratos-ui-ktor/oauth2/login)
user->>kratos-ui-ktor: GET /oauth2/login
kratos-ui-ktor->>hydra: GET /admin/oauth2/auth/requests/login
hydra-->>kratos-ui-ktor: 200 OK<br>(includes login request)
Note over kratos-ui-ktor: skip == false
kratos-ui-ktor->>kratos: GET /sessions/whoami<br>(includes Cookie header)
Note over kratos: User logged in
kratos-->>kratos-ui-ktor: 200 OK<br>(includes session)
kratos-ui-ktor->>hydra: PUT /admin/oauth2/auth/requests/login/accept
hydra-->>kratos-ui-ktor: 200 OK<br>(includes redirect)
kratos-ui-ktor-->>user: 302 Found<br>(Location: hydra/oauth2/auth)
user->>hydra: GET /oauth2/auth
hydra-->>user: 302 Found<br>(Location: kratos-ui-ktor/oauth2/consent)
user->>kratos-ui-ktor: GET /oauth2/consent
kratos-ui-ktor->>hydra: GET /admin/oauth2/auth/requests/consent
hydra-->>kratos-ui-ktor: 200 OK<br>(includes consent request)
kratos-ui-ktor->>kratos: GET /admin/identities/{id}
kratos-->>kratos-ui-ktor: 200 OK<br>(includes identity)
Note over kratos-ui-ktor: Adds claims to ID token
kratos-ui-ktor->>hydra: PUT /admin/oauth2/auth/requests/consent/accept
hydra-->>kratos-ui-ktor: 200 OK<br>(includes redirect)
kratos-ui-ktor-->>user: 302 Found<br>(Location: hydra/oauth2/auth)
user->>hydra: GET /oauth2/auth
hydra-->>user: 200 OK<br>(Location: gamja)
user->>gamja: Connect
gamja->>hydra: POST /oauth2/token<br>(includes authorization code)
hydra-->>gamja: 200 OK<br>(includes token)
gamja->>ergo: AUTHENTICATE OAUTHBEARER
ergo->>hydra: GET /userinfo<br>(includes token)
hydra-->>ergo: 200 OK<br>(includes username)
ergo-->>gamja: :You are now logged in as [username]Amaranth Legacy IdP
sequenceDiagram
actor User
participant Kratos
participant kratos2mw as kratos2mw<br>(shim)
participant MediaWiki
User->>Kratos: Register account
Kratos->>kratos2mw: POST /registration<br>(contains identity traits)
kratos2mw->>MediaWiki: PUT /rest.php/orykratos/v0/username/usable<br>(contains username)
Note over MediaWiki: MediaWiki\User\UserNameUtils::getCanonical<br>(implicit validation)
Note over MediaWiki: MediaWiki\User\UserIdentityLookup::getUserIdentityByName<br>(direct username match check)
Note over MediaWiki: Check the orykratos_equiv table
alt Username usable
MediaWiki-->>kratos2mw: 200 OK<br>(usable: true)
kratos2mw-->>Kratos: 204 No Content
Kratos-->>User: Done
User->>MediaWiki: Visits page (implicit user creation)
Note over MediaWiki: LocalUserCreated is called
Note over MediaWiki: Add to the orykratos_equiv table
Note over MediaWiki: UserLoadAfterLoadFromSession is called
MediaWiki->>Kratos: GET /admin/identities/{id}
Kratos-->>MediaWiki: 200 OK<br>(contains email and real name)
Note over MediaWiki: Sets user email and real name
else Username unusable
MediaWiki-->>kratos2mw: 200 OK<br>(usable: false)
kratos2mw-->>Kratos: 400 Bad Request<br>(contains error message)
Kratos-->>User: [insert error message]
end
sequenceDiagram actor User participant Kratos participant kratos2mw as kratos2mw<br>(shim) User->>Kratos: Change account settings Kratos->>kratos2mw: POST /settings<br>(contains old and new identity traits) Note over kratos2mw: Check if usernames match (first letter decapitalized) alt Username not changed kratos2mw-->>Kratos: 204 No Content Kratos-->>User: Done else Username changed kratos2mw-->>Kratos: 400 Bad Request<br>(contains error message) Kratos-->>User: [insert error message] end