Skip to content
Open details about function61.com the company
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
LICENSE
README.md

README.md

In this repo I'd like to open up details about how I run the company, its webservices and develop apps.

TODO: more openness. Inspired by opencompany/awesome-open-company

Infrastructure level decisions

Problem (link = more details) Solution
Cloud Hetzner
Cloud lock-in Only compute to maximize portability, everything else like queues from AWS
Single or multi-DC availability Multi-DC, probably multi-vendor as well for safety
OS CoreOS with auto-updates disabled
Infrastructure immutability Packer + Terraform, see function61/james
PKI Root CA in Yubikey, cfssl. Our toolkit image.
Secure auth to SSH Agent + Yubikey
Containerization Docker
Orchestration Docker Swarm
Container cross-host networking Docker Swarm
Orchestration dashboard Portainer
Backups function61/ubackup
Domain registrar AWS Route53
DNS Cloudflare
DDOS protection Cloudflare
Centralized logging Google Stackdriver (see instructions)
Alerting function61/lambda-alertmanager
Website uptime monitoring alertmanager-canary (sub-project of lambda-alertmanager)
Public status page UptimeRobot
Metrics Prometheus + function61/promswarmconnect
Metrics dashboard Grafana
Container secrets ENV variable injection via orchestration
Edge routing Traefik

Application level decisions

While some applications require different solutions for different problems, this is the basic stack we start with and customize from there where needed.

Always prefer statically compiled languages. The more safety (= "if it compiles, it probably works") the language guarantees, the better. Humans make mistakes - get tools that help with that.

Problem Solution
Philosophy The Twelve-Factor App
Programming language, backend Go
Programming language, frontend TypeScript
Frontend UI architecture React
Build system Turbo Bob (builder pattern)
CI system Travis CI for public stuff, GitLab for private stuff
Source code hosting GitHub for public stuff, GitLab for private stuff
Container image hosting Docker Hub for public stuff, GitLab for private stuff
Build artefact hosting Bintray for public stuff, AWS S3 for private stuff
Log shipping That's an infrastructure concern
Persistence Eventhorizon + BoltDB
Session mechanism JWT
Auth methods SSO(password, TOTP, U2F)

Miscellaneous design decisions

Problem Solution
Payment traffic Stripe
Accounting ledger-cli
Developer secrets management function61/pi-security-module
Helpdesk system Freshdesk
You can’t perform that action at this time.