William Gill
12bf35caf8
Greenfield Go multi-tenant IPFS Pinning Service wire-compatible with the
IPFS Pinning Services API spec. Paired 1:1 with Kubo over localhost RPC,
clustered via embedded NATS JetStream, Postgres source-of-truth with
RLS-enforced tenancy, Fiber + huma v2 for the HTTP surface, Authentik
OIDC for session login with kid-rotated HS256 JWT API tokens.
Feature-complete against the 22-milestone build plan, including the
ship-it v1.0 gap items:
* admin CLIs: drain/uncordon, maintenance, mint-token, rotate-key,
prune-denylist, rebalance --dry-run, cache-stats, cluster-presences
* TTL leader election via NATS KV, fence tokens, JetStream dedup
* rebalancer (plan/apply split), reconciler, requeue sweeper
* ristretto caches with NATS-backed cross-node invalidation
(placements live-nodes + token denylist)
* maintenance watchdog for stuck cluster-pause flag
* Prometheus /metrics with CIDR ACL, HTTP/pin/scheduler/cache gauges
* rate limiting: session (10/min) + anonymous global (120/min)
* integration tests: rebalance, refcount multi-org, RLS belt
* goreleaser (tar + deb/rpm/apk + Alpine Docker) targeting Gitea
Stack: Cobra/Viper, Fiber v2 + huma v2, embedded NATS JetStream,
pgx/sqlc/golang-migrate, ristretto, TypeID, prometheus/client_golang,
testcontainers-go.
1.6 KiB
1.6 KiB
anchorage
Highly-available, multi-tenant IPFS Pinning Service wire-compatible with the IPFS Pinning Services API spec.
Each anchorage instance is paired 1:1 with its own Kubo daemon and joins an embedded NATS cluster for signaling. Postgres is the source of truth for all durable state (pins, placements, orgs, users, tokens, audit log).
Status: skeleton complete, milestones 1–22 all landed end-to-end. The in-memory store is in place for dev; the pgx-backed store slots in once sqlc generates the code from sqlc.yaml + queries/.
See:
- docs/architecture.md
- docs/cluster-ops.md — drain / maintenance procedures
- docs/auth-flow.md — how anchorage handles humans + API clients
- docs/authentik-setup.md — configuring Authentik as the OIDC provider
- deploy/README.md — deb/rpm install + Swarm stack deploy
Quickstart (dev)
make build
./bin/anchorage version
Layout
cmd/anchorage/— thinmainentry point.internal/cmd/— Cobra command tree (version, soonserve,migrate,admin).internal/app/anchorage/— composition root (wires deps, lifecycle).internal/pkg/— domain packages (config,store,pin,ipfs, ...).configs/— example Viper YAML.docs/— architecture, auth flow, operations.
Development
make check # fmt + vet + lint + test + vuln
make test # go test -race ./...
make build # ./bin/anchorage