Skip to main content

Services Documentation

This section documents each service deployed by Soverstack.

Core Infrastructure Services

Service	Purpose	Documentation
VyOS Firewall	Network security, routing	Firewall rules, NAT, VPN
PowerDNS	Authoritative DNS	Zone management, DNSSEC
dnsdist	DNS load balancing	Query routing, caching

Networking Services

Service	Purpose	Documentation
Headscale VPN	Zero-trust networking	Mesh VPN, ACLs
HAProxy	Load balancing	TCP/HTTP balancing

Security Services

Service	Purpose	Documentation
Keycloak IAM	Identity management	SSO, OIDC, SAML
OpenBao Secrets	Secrets management	KV store, PKI, transit

Database Services

Service	Purpose	Documentation
PostgreSQL + Patroni	Relational database	HA, replication, backup

Observability Services

Service	Purpose	Documentation
Prometheus Monitoring	Metrics collection	Scraping, alerting rules
Grafana Dashboards	Visualization	Dashboards, data sources
Loki Logging	Log aggregation	LogQL, retention
Wazuh SIEM	Security monitoring	Threat detection, compliance

Service Architecture

High Availability Patterns

All production services follow HA patterns:

Pattern	Services	Description
Active-Passive	VyOS, PostgreSQL	VRRP failover
Active-Active	dnsdist, HAProxy	Load balanced
Cluster	etcd, Patroni	Consensus-based
Mesh	Headscale, Loki	Peer-to-peer

Service Dependencies

Configuration Sources

Services are configured from multiple layers:

Layer	Provides
`platform.yaml`	Domain, tier, datacenter
`networking.yaml`	VPN, DNS, firewall rules
`compute.yaml`	VM specs, placement
`databases.yaml`	Database connections
`security.yaml`	IAM, secrets
`apps.yaml`	Subdomain routing

Core Infrastructure Services
Networking Services
Security Services
Database Services
Observability Services
Service Architecture
High Availability Patterns
Service Dependencies
Configuration Sources