niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/notes/ASL-AUTH-HOST ISO + Overlay Directory Layout.md

113 lines
3.6 KiB
Markdown
Raw Normal View History

Added some notes that needs to be analyzed.
2026-01-17 00:19:49 +01:00
Perfect! Heres a **concrete directory layout blueprint** for your `asl-auth-host` ISO + overlay, ready to drop in binaries, certificates, and configuration. This integrates the concepts we discussed: domains, certificates, personal/common datasets, and the overlay structure.
---
## ASL-AUTH-HOST ISO + Overlay Directory Layout
```
/iso_root/ # Root of ISO filesystem (from debootstrap)
/bin/ # Executables
asl-auth-host # Main host binary
asl-rescue # Rescue binary
init-asl-host.sh # Init script to bootstrap datasets & services
helper-mount.sh # Optional helper scripts
/etc/
asl-auth-host/
config.yaml # Host config (domains, policies, SOPS paths)
policy.hash # Optional policy hash for offline validation
/var/lib/asl/ # ASL storage root
common/ # Courtesy/common domain data
blocks/ # Encrypted blocks or artifacts
index/ # Store index for common domain
snapshots/ # Snapshots for deterministic reconstruction
logs/ # Append-only log
personal/ # Personal domain data
blocks/ # Encrypted personal blocks
index/
snapshots/
logs/
pools/ # Placeholder directories for ZFS datasets if used
/var/lib/asl/certs/ # Certificates and DAM bundles
root-offline/ # Offline root certs
domain-authority/ # Signed DAM bundles
sops/ # Optional SOPS bundles
/var/log/ # Host logs
asl-auth-host.log
```
---
### Notes
1. **ISO Root (`/iso_root`)**
* Populated via debootstrap in Debian container. Overlay merges your binaries and directory structure.
2. **Binaries (`/bin`)**
* Place `asl-auth-host` and `asl-rescue` here.
* Init scripts can handle mounting ZFS datasets or preparing `/var/lib/asl` before starting the store.
3. **Host Configuration (`/etc/asl-auth-host`)**
* `config.yaml` contains domain IDs, policies, and SOPS bundle paths.
* `policy.hash` allows offline verification of policies before admission.
4. **ASL Storage (`/var/lib/asl`)**
* **Common**: Courtesy domain with pre-seeded blocks/artifacts.
* **Personal**: New private domain for rescued material.
* **Pools**: Reserved for mounting ZFS pools when booted.
5. **Certificates (`/var/lib/asl/certs`)**
* Offline roots for verifying DAM signatures.
* Domain authority DAM bundles received via SOPS.
6. **Logging (`/var/log`)**
* Minimal logs for host activity, index writes, and rescue operations.
---
### Optional: Overlay Sub-structure for Development
```
/overlay/
bin/
asl-auth-host
asl-rescue
init-asl-host.sh
etc/
asl-auth-host/config.yaml
asl-auth-host/policy.hash
var/
lib/
asl/
common/
personal/
pools/
certs/
log/
```
*This overlay merges into `/iso_root` during ISO build.*
---
This layout **supports bootstrapping a personal domain from scratch**, seeding the courtesy/common domain, and later integrating offline DAM bundles. It also keeps your binaries and helper scripts isolated in `/bin` and `/etc` configs clean.
---
I can also **draft an example `config.yaml` for the host** showing:
* Domain IDs
* Courtesy lease definitions
* Default SOPS bundle paths
* Snapshot/retention policies
…so your host is ready to pick up a new domain or rescued data.
Do you want me to draft that next?
Reference in a new issue Copy permalink