3 minute read
Roadmap
The following is a list of our tasks in no particular order, grouped by topics. This is a living document that will change over time.
Tasks in bold are sponsored, for example, by NlNet. Tasks in italic are in our current focus.
SP Nix flake format
- Restructure the NixOS configuration to use Nix flakes and migrate to newer NixOS version (nixos-config#38)
- Migrate to NixOS 23.05
- Package the SelfPrivacy API into a flake (selfprivacy-api#63)
- Develop the manifest format for packaging services to work with SelfPrivacy (nixos-config#40)
- Move existing services to SP Modules
- Email server (nixos-config#41)
- Bitwarden (nixos-config#42)
- Gitea / Forgejo (nixos-config#43)
- Nextcloud (nixos-config#44)
- Pleroma (nixos-config#45)
- Jitsi (nixos-config#46)
- Adapt SelfPrivacy API to manage these modules (selfprivacy-api#65)
- Implement the support from the GUI side
- Document the developed format of modules, write a user manual on creating a new one
Single sign on (SSO)
- Analyze protocols supported by different services. (LDAP, oAuth, OIDC, …)
- Compare different SSO solutions, choose the most appropriate.
- Implement Nix modules to integrate the selected SSO solution with the services we install.
- Add support for the SSO administration on the SelfPrivacy API and app side.
- Develop the self-service portal for the users.
Security
- Harden the systemd units
- System security audit logging
- GUI to view the audit log events
- Monitoring
- Alerts
Automatic backups
- Implement the new backups subsytem on the API in the storage-agnostic way
- Implement automatic backups and rotation
- Implement automatic restoration from the snapshot
- Allow recreating the server on the new machine using the backup automatically
- Automatic migration between machines
Add services
- Self-hosting a static website (selfprivacy#17)
- LibreOffice online
- BigBlueButton
- Corteza
- Flarum
- FileSender
- GoToSocial
- GNU Social
- KBin
- Funkwhale
- Castopod
- Mastodon
- UnifiedPush provider (for example, ntfy)
- Matrix server
- VPN (Collaboration with leap.se is possible)
Provisioning
- Refactor the provisioning logic
- Backup credentials are no longer need during setup (selfprivacy#370)
- Providers’ credentials are no longer needed to communicate with an existing server
- It is possible to update the token
- Multitenancy
- The installation progress can be tracked by the app
- More tools to debug failed installation
Manual installer (support for bare metal)
While cloud server providers offer APIs that allow us to perform almost fully automated server installation, it is not true self-hosting, if you can’t install the system on your own hardware. The installer shall be developed to allow deploying SelfPrivacy on systems where APIs are not available. There will be UX challenges on how to make this process as simple to the end user as possible. In the end, the user shall be able to control their server from the mobile SelfPrivacy app just like if they installed it using the cloud provider.
New providers (server)
- Scaleway
- We’re open for suggestions!
New providers (DNS)
- Porkbun
- We’re open for suggestions!
New providers (backup storage)
- SFTP
- Restic REST server
- We’re open for suggestions!
System management
- Track the progress of system rebuilds
- Allow deleting old system generations from GUI
- API to read logs from the services
App reactivity
- Handle situations when the server is offline
- Use websockets to keep information updated in real time
Localization and accessibility
- Translate server-side messages to the client’s language
- Make sure the app is fully usable with a keyboard
- Make sure the app is compliant with WCAG
Publishing
- Publish on Google Play
- Publish on Apple App Store