Architecture Overview

Diagram

WindAutomat Architecture Diagram

Tasks

The somewhat complex logic of the task handler is skipped in the architecture diagram. Yet, they are the core of the WindAutomat software, taking care of the software updates. The following diagram visualises the logic flow from the CRON jobs to the execution of the commands on the target machines.

Flowchart

WindAutomat Task Flowchart

Description

This is a brief description of the components and their function shown in the architecture diagram.

Bun JS

The main WindAutomat software is written in typescript using the Bun JS runtime.

JSON RPC API

All CRUD operations can be performed through the JSON RPC API docuemented here.

Task Handler

The task handler is the core of the windautomat. It is subscribed to the postgres message queue and responsible for performing all backup and update tasks. For a more indepth understanding see the flowchart above.

JSX Frontend

There is a small frontend served by the same webserver as the API. It is currently only used to encrypt and decrypt the bitwarden access token, but is planned to function as the main interface to interact with the WindAutomat. It will also feature a webshell to observerve and control the update processes executed in tmux sessions.

PostgreSQL

PostgreSQL is used as the database and the messsage queue for the project.

Database

The database schema can be found at the Database page

Message queue

Using postgres as a message queue removes the requirement for an additional dependency, and nicely integrates with the remainder of the data structure. The notify function is triggered internally by a database function upon changes to the tasks table.

Bitwarden Secret Manager

All secrets are stored securely in the Bitwarden Secret Manager and accessed on demand at runtime. In the future this integration will be used to support key rotation for the services.

Proxmox

Proxmox is the hypervisor running all of the virtual machines. Integrating the Proxmox API allows full backup and restore capabilities of the VMs using disk images.

Matrix

Matrix is an open source slack alternative used internally at WindReserve. Integrating the API allows to send notifications for failed udpates and semi or not automated updates.

Metrics

The project uses the well known monitoring stack of prometheus and grafana.

Prometheus

Prometheus scrapes the /metrics endpoint served by the same webserver as the remainder of the WindAutomat.

Grafana

Grafan retrieves metrics from prometheus to visualise them in Dashboards. It is also capable of sending notifications upon tresspassing of predetermined thresholds.