This is what we use to run ICT Union.
System is split into few components witch separated responsibilities.
This helps us to have much finer grain control over permissions. For instance Gray Whale -- out database migration manager -- expects super user level permissions to db while Orca -- our registration and members management service -- requires just permissions necessary for its operation.
Every component has its own documentation within README.md file!
| name | status | role | language |
|---|---|---|---|
| Acceptance Test |  |
Integration test of whole system | Python3 |
| Gray Whale |  |
Database migrations and management | SQL |
| Orca |  |
Registration and onboarding processing | Rust |
| Melon Head |  |
Web UI client for orca | Rescript |
| Member's Panel |  |
Entry dashboard for organization members | TypeScript |
The goal behind this project is to eventually aggregate all systems that help with organization management starting with system for new member registrations. We use service oriented architecture but with monolithic Postgresql. Isolation is of db layer is done purely by capabilities provided by the DB. This is so that we could leverage unified data source for providing various functionality. But it also means we will need to be super careful about coupling database schema into services.
Primary motivation for service oriented architecture is that this imposes little to no restriction on what technical implementation of any individual part. That should hopefully in turn reduce the barrier for entry as individual contributors have a free hand in choosing familiar stack for implementation of individual services.
We choose to use Rust for the first service supporting the registrations since it is community driven, focused on producing safe and fast goal and community governance is fairly compatible with union internal guidelines.
Technical solution is also guided by principles of:
- Limiting amount of dependencies on corporate owned proprietary technology
- Focus on cheap running costs of the system
- Focus on sustainability in terms of maintenance cost, environmental impact etc.
We define Makefile for convenient workflow around the project.
make postgres
Make sure to configure Gray Whale according to its documentation first!
make migrate
make psql
Clean all outputs from make
make clean
make up
Run all docker-compose services locally
make up
Then visit http://localhost:8180 to access keycloak console. Default permissions:
| field | value |
|---|---|
| user name | admin |
| password | admin |
This resource, unlike official documentation, has some useful examples https://www.mastertheboss.com/keycloak/keycloak-with-docker/
flake.nix so don't forget to make sure that you have support for flakes enabled in your config.
Flake exports dev various components as packages and their corresponding dev shells. See examples bellow.
# Run migrations using nix
$ nix run .#gray-whale -- migrate
# Build orca using nix
$ nix build .#orca
# jump into dev shell for orca
$ cd orca
$ nix develop .#orcaAll source code is releleased under AGPLv3 license unless specifically state otherwise.
Copyright (C) 2023 members of Odborová organizace pracujících v ICT
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.