Jonathan β Systems Architect :toc: :toclevels: 3 :icons: font
The FlatRacoon Network Stack is a production-ready, modular, declarative, and fully narratable ecosystem designed to integrate secure access (Twingate), encrypted overlay networking (ZeroTier), distributed storage (IPFS), IPv6-only networking, Hesiod DNS, and BGP backbone simulation into a cohesive, orchestrated platform.
This repository acts as the integration layer and source of truth for all components. Each module is independently deployable, immutable, and reversible, while the integrated tooling composes them into a unified operational system.
Current Status: π’ All core components (orchestrator, TUI, interface SDK) are production-ready at 100% completion. The stack is now entering the seam smoothing phase to enhance robustness, user experience, and enterprise-grade quality.
Repository: twingate-helm-deploy
Provides secure ingress/egress into the Kubernetes environment using Helm-managed Twingate Connectors.
Repository: zerotier-k8s-link
Establishes encrypted peer-to-peer mesh networking between Kubernetes nodes.
Repository: ipfs-overlay
Deploys private IPFS nodes bound to the ZeroTier overlay for secure, decentralised storage.
Repository: ipv6-site-enforcer
Enforces IPv6-only ingress with NAT64/DNS64 for legacy client compatibility.
Repository: hesiod-dns-map
Provides Hesiod (HS-class) DNS-based service discovery and resource mapping.
Repository: bgp-backbone-lab
Private BGP routing lab for route policy development and testing.
Repository: flatracoon-os
Minix-Flatcar hybrid OS prototype for immutable, microkernel-driven container hosting.
Repository: network-dashboard
Phoenix LiveView dashboard for real-time monitoring of all stack components.
This repository - orchestrator/
Phoenix/Elixir orchestrator that consumes machine-readable manifests from all modules and coordinates deployment, configuration, health checks, and lifecycle events.
Exposes REST API for programmatic and TUI access.
This repository - tui/ and interface/
TUI (Ada/SPARK): Interactive command-line interface with HTTP client for orchestrator API. Compiles to a 250KB statically-linked binary with full network module management capabilities.
SDK (Deno/ReScript): Type-safe JavaScript/TypeScript SDK for programmatic orchestrator access.
Provides FlatRacoonClient with result types for error handling and ES6 module output.
| Component | Technology |
|---|---|
Orchestrator |
Elixir / Phoenix LiveView |
TUI |
Ada/SPARK (kith patterns) |
Interface |
Deno / ReScript |
Configuration |
Nickel (via Mustfile) |
Task Runner |
Just + Must |
Secrets |
poly-secret-mcp (Vault/SOPS) |
Kubernetes |
poly-k8s-mcp (kubectl/Helm) |
Observability |
poly-observability-mcp (Prometheus/Grafana/Loki) |
-
Twingate establishes secure access to the cluster.
-
ZeroTier forms an encrypted mesh between nodes.
-
IPFS nodes operate exclusively on the ZeroTier overlay.
-
IPv6 enforcer ensures all traffic is v6-native.
-
Hesiod provides service discovery across the mesh.
-
BGP lab validates routing policies before production.
-
Network dashboard provides real-time visibility.
-
The orchestrator coordinates cross-module configuration and health.
-
Declarative over imperative
-
Immutable over mutable
-
Modular over monolithic
-
Narratable over opaque
-
Reversible over destructive
flatracoon-netstack/
βββ orchestrator/ # Elixir/Phoenix orchestrator
β βββ lib/
β βββ config/
β βββ test/
βββ tui/ # Ada/SPARK TUI (kith patterns)
β βββ src/
βββ interface/ # Deno/ReScript interface
β βββ src/
βββ configs/ # Nickel configurations
β βββ base.ncl
β βββ modules.ncl
β βββ secrets.ncl
βββ modules/ # Git submodules
β βββ twingate-helm-deploy/
β βββ zerotier-k8s-link/
β βββ ipfs-overlay/
β βββ ipv6-site-enforcer/
β βββ hesiod-dns-map/
β βββ bgp-backbone-lab/
β βββ flatracoon-os/
β βββ network-dashboard/
β βββ poly-k8s-mcp/
β βββ poly-secret-mcp/
β βββ poly-observability-mcp/
βββ health/ # Health check definitions
βββ docs/ # Extended documentation
βββ .github/workflows/ # CI/CD
βββ Justfile # Task runner
βββ Mustfile # Must configuration (Nickel)
βββ STATE.scm # Project state
βββ META.scm # Architecture decisions
βββ ECOSYSTEM.scm # Ecosystem relationships
βββ PLAYBOOK.scm # Operational playbook
βββ AGENTIC.scm # AI agent guidance
βββ NEUROSYM.scm # Neurosymbolic reasoning
βββ SECURITY.md # Tri-perimeter security model
βββ CONTRIBUTING.md # Contribution guide
βββ README.adoc # This fileEach module exposes a machine-readable manifest consumed by the orchestrator:
{
"module": "<module-name>",
"version": "0.1.0",
"layer": "<layer-name>",
"requires": ["<dependencies>"],
"provides": ["<capabilities>"],
"config_schema": "configs/schema.ncl",
"health_endpoint": "/health",
"metrics_endpoint": "/metrics"
}-
Each module exposes a machine-readable manifest consumed by this orchestrator.
-
Cross-module dependencies are resolved only at this layer.
-
Modules must remain independently deployable and testable.
-
All configuration must be deterministic, reversible, and auditable.
-
The orchestrator is the single source of truth for deployment state.
See DEPLOYMENT.adoc for comprehensive deployment guide.
-
Erlang/OTP 26+, Elixir 1.16+
-
GNAT Ada 2022 (for TUI)
-
Deno 1.40+ (for interface SDK)
-
Kubernetes 1.28+ with kubectl configured
-
Helm 3.12+
# Deploy ZeroTier overlay
kubectl apply -f https://github.com/hyperpolymath/zerotier-k8s-link/releases/latest/download/zerotier-daemonset.yaml
# Deploy Twingate access layer
helm install twingate-connector twingate/connector --namespace twingate-system --create-namespace
# Deploy IPFS storage layer
kubectl apply -f https://github.com/hyperpolymath/ipfs-overlay/releases/latest/download/statefulset.yamlcd orchestrator
mix deps.get
mix ecto.create && mix ecto.migrate
MIX_ENV=prod mix release
_build/prod/rel/flatracoon_orchestrator/bin/flatracoon_orchestrator startcd tui
gprbuild -P flatracoon_tui.gpr
sudo cp bin/flatracoon_tui /usr/local/bin/flatracoon
# Use the TUI
flatracoon status
flatracoon health
flatracoon deploy zerotier-k8s-link| Module | Purpose | Layer |
|---|---|---|
twingate-helm-deploy |
Twingate Connector via Helm |
Access |
zerotier-k8s-link |
ZeroTier overlay mesh |
Overlay |
ipfs-overlay |
Private IPFS cluster |
Storage |
ipv6-site-enforcer |
IPv6-only enforcement |
Network |
hesiod-dns-map |
Hesiod DNS service discovery |
Naming |
bgp-backbone-lab |
BGP routing simulation |
Network |
flatracoon-os |
Microkernel container OS |
Platform |
network-dashboard |
Real-time monitoring |
Observability |
| Phase |
π’ Production Ready (Seam Smoothing) |
| Completion |
100% |
| Core Components |
All production-ready (orchestrator, TUI, interface SDK) |
| Network Modules |
twingate-helm-deploy, zerotier-k8s-link, ipfs-overlay (100%) |
| Next Phase |
Seam smoothing and polish (see Seam Analysis) |
| Component | Status | Completion |
|---|---|---|
Orchestrator (Elixir/Phoenix) |
π’ Production Ready |
100% |
TUI (Ada/SPARK) |
π’ Production Ready |
100% |
Interface SDK (Deno/ReScript) |
π’ Production Ready |
100% |
twingate-helm-deploy |
π’ Production Ready |
100% |
zerotier-k8s-link |
π’ Production Ready |
100% |
ipfs-overlay |
π’ Production Ready |
100% |
ipv6-site-enforcer |
π‘ Scaffolding |
5% |
hesiod-dns-map |
π‘ Scaffolding |
5% |
bgp-backbone-lab |
π‘ Scaffolding |
5% |
flatracoon-os |
π‘ Research |
2% |
network-dashboard |
π‘ Scaffolding |
5% |
poly-k8s-mcp |
π’ Production Ready |
100% |
poly-secret-mcp |
π’ Production Ready |
100% |
poly-observability-mcp |
π’ Production Ready |
100% |
The FlatRacoon Stack is functionally complete with all core components operational. The focus now shifts to smoothing, sealing, and shining the integration points.
See SEAM_ANALYSIS.adoc for the comprehensive analysis identifying:
-
π΄ 0 Critical seams - Production ready!
-
π‘ 7 Important seams - UX and robustness improvements
-
π’ 12 Nice-to-have seams - Polish for enterprise-grade quality
Priority improvements: - Interface SDK JSON parsing implementation - Orchestrator deployment verification - TUI HTTP error code handling - Module auto-discovery - Configuration standardization - Enhanced integration testing