Hacker News new | ask | show | jobs
by arch1e 84 days ago
Author of Sylve here, and I helped deploy the setup in the post.

> All I read is that they are still doing ClickOPS over DevSecOps!!

Their setup is mostly working on embedded stuff, and this involves some amount of moving VM disk images around, sometimes they run different software within the same VM disk, so that means ZFS properties need to be tweaked accordingly (compression, recordsize, etc). This is a lot easier to do with a UI than it is with CLI, and the UI is pretty good at showing you what’s going on. Now I'm all for automating stuff, but there's no clear pattern here to automate away,

Now regarding automation in Sylve, you can create a template out of Sylve (with networking, storage, CPU config etc.) and then deploy that template as many times as you want (from the UI), last I checked proxmox only allows you to clone from template one at a time.

What I do is pretty similar to what you mention, but I don't really use ansible since on FreeBSD if it's in the ports tree its one command (after base system is set up) which is `pkg install -y <package>`. And your entire stack (from your list), can be done with one command each. The only thing I see that would need a bit setup would be the wireguard vpn, but even that is pretty straightforward under FreeBSD (so you can do it with a jail and no need for a VM).
1 comments
h4kunamata 84 days ago
I see, based on your comment and others, Sylve seems to be heavily GUI for everything.

There is nothing wrong with that but if an user cannot perform the same tasks via CLI, I see that as a big blocker for a project to be fully adopted with exceptions. OPNSense, there is zero reasons to manage the whole network and what not via CLI, GUI makes life so much easier. I would hate it having to do everything via CLI.

The other thing is LXC, Sylve seems to call it jail.

I would expect this jail to support something like below.

Ansible only automates what you do manually, the server itself only sees the command and it will never run Ansible itself, so intead of manually creating a LXC, Ansible would send:

   - name: Deploy LXC
     ansible.builtin.command: >
      pct create {{ lxc_id }} {{ template }}
      --hostname {{ hostname }}
      --unprivileged 1
      --cores {{ cores }}
      --memory {{ memory }}
      --rootfs {{ storage }}:{{ rootfs_size }}
      --net0 name=eth0,bridge={{ bridge }},ip={{ static_ip }}/{{ cidr }},gw={{ gateway }}
      --features nesting=0
Of I wanna exec into the LXC container to restore a backup and start the system, I would expect Sylve to support this.

  - name: Import lists and hotfixes
    ansible.builtin.command: >
     pct exec {{ lxc_id }} -- bash -c "
     pihole-FTL --config ntp.sync.interval 0;
     systemctl stop pihole-FTL;
     sqlite3 /etc/pihole/gravity.db < /tmp/adlist.sql;
     systemctl start pihole-FTL;
     sudo pihole -g
     "
All of that from my PC without having to go to a browser. That is the friction that your team should look into automating, there is always a way, it is just easier to go to the browser.
link
arch1e 84 days ago
That’s fair, but Sylve isn’t GUI-only.

We’re API-first, the UI is just a client on top. We already ship Swagger docs with the code (docs/ on the repo), so everything the UI does is exposed and usable programmatically today.

Right now we’re still early (v0.2), so the CLI/SDK pieces aren’t fully there yet, but that’s what we’re building next.

Before v0.4 the plan is:

* a proper CLI for scripting

* a well-defined API lib (TypeScript/Go first, others later)

* parity between UI, CLI, and API

link
h4kunamata 84 days ago
Noice, I know I sound like a hater haha but I am just curious.

This is the first time I heard about it, I will check its documentation later. Workplace flagged it as grayware, go figure haha

link