Welcome to Operation Advanced Infrastructure (OAI)

Motivation

Operation Advanced Infrastructure (OAI) is an ongoing initiative to build a more robust and reproducible infrastructure for our working environment, while providing thorough documentation. This will help onboard new team members, such as administrators and developers, and reduce the workload on existing personnel.

Goal

OAI can serve as a blueprint for a production-ready environment once the necessary approvals are obtained.

Key Points

• Every component of the infrastructure must be fully reproducible.

• All assets are managed under version control.

• Commits must be cryptographically signed.

• Git repositories, wikis, and bug trackers are provided to document all aspects of the system.

• Wherever possible, processes are automated.

• Regular backups are mandatory.

• Disaster recovery must be tested — maximum acceptable downtime is 8 hours.

These key points are non-negotiable.

Tools

​guix — for declarative, reproducible system management

​trac — for wiki documentation and issue tracking

​gitolite — for fine-grained access control to our Git repositories

​libre software — preferred wherever possible; exceptions (e.g., firmware) must be clearly justified

Recommended Hardware

• 1 server for CI/CD, with 10 TB storage and at least 12 CPU cores

• 1 mirror server for CI/CD output, with 20 TB storage

• 1 server to host gitolite repositories and the Trac installation

• 1 computer for air-gapped data exchange

• Multiple developer workstations

Personnel

• Two expert-level administrators with deep knowledge of Guix, ​DevSecOps, containerization, and Linux systems

• Two additional administrators capable of deploying predeclared systems and writing detailed bug reports

Time and Budget

• Hardware costs: under €10,000 (excluding developer workstations)

• Personnel training time: less than 3 months, assuming candidates are already motivated and possess solid administrative skills

Configs Workflows Questions and Answers Security considerations