TPA-RFC-45: make two more architecture diagrams

Now we have two models: one of email delivery flow, the other of the redundancy architecture. Turns out the latter might be clear enough on its own; the main difference is it omits other mail host snowflakes like lists and the other mail hosts (gitlab, rt, etc). See team#41009

TPA-RFC-45: make two more architecture diagrams
27c3bb8b · anarcat · b731d00a · 27c3bb8b · 27c3bb8b · 27c3bb8b
Verified Commit 27c3bb8b authored 9 months ago by anarcat
--- a/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-flow.dot
+++ b/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-flow.dot
+digraph email {
+        label="TPA-RFC-44 Email routing overview\ntorproject.org, June 2024"
+        labelloc=bottom
+        compound=true
+
+        node [shape=rectangle]
+
+        // a user
+        user [shape=triangle]
+
+        subgraph "clustertpoha" {
+                label="highly available TPA infrastructure"
+                style=dotted
+
+                submit1
+                // new machines
+                mailbox1 [color="green" style=filled label="mailbox1\nDovecot"]
+                webmail1 [color="green" style=filled label="webmail1\nRoundcube"]
+                mx1 [color="green" style=filled label="mx1\nrewriting"]
+                mta1 [color="green" style=filled label="mta1\nrewriting"]
+        }
+        subgraph "clustertpo" {
+                label="other TPA infrastructure"
+                style=dotted
+                // all other boxes that don't do anything special with email
+                tpoboxes [label="other TPA hosts"]
+                lists [color="green" style=filled label="lists\nschleuder\nmailman 3"]
+                // hosts that manage and send their own email
+                mailhosts [label="mail hosts\ngitlab, RT, CiviCRM"]
+        }
+        // external boxes
+        dotdotdot [label="internet\nnon TPO mail hosts", shape=ellipse]
+
+        webmail1 -> mailbox1 [dir=both]
+
+        // all relations
+
+        // mx receives email from everywhere and forwards it
+        dotdotdot -> mx1 -> { mailhosts, lists, mailbox1 }
+        // mail also goes directly to those hosts as welll
+        dotdotdot -> { mailhosts, lists }
+        // internal servers will relay mail through the MX, not directly to mbox
+        { submit1, mta1, webmail1 } -> { mx1, mailhosts, lists }
+        // user interacts with those
+        user -> { mailhosts, lists, submit1 }
+        user -> { webmail1 } [dir=both]
+        user -> mailbox1 [dir=both]
+        // those all relay mail to the outside
+        { submit1, mailhosts, lists, mta1, webmail1 } -> dotdotdot
+        // except those, who still go through the relay
+        tpoboxes -> mta1
+}
--- a/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-flow.png
+++ b/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-flow.png
--- a/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-ha.dot
+++ b/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-ha.dot
+digraph email {
+        label="TPA-RFC-44 Email high availability design\ntorproject.org, June 2024\nsome gnt-dal traffic redacted for clarity"
+        labelloc=bottom
+        compound=true
+
+        node [shape=rectangle]
+
+        // a user
+        user [shape=triangle]
+
+        subgraph "clusterfsn" {
+                label="gnt-fsn cluster"
+                style=dotted
+
+                submit1
+                mailbox1 [color="green" style=filled label="mailbox1\nDovecot"]
+                webmail1 [color="green" style=filled label="webmail1\nRoundcube"]
+                // webmail -> all?
+                mx1 [color="green" style=filled label="mx1\n"]
+                mta1 [color="green" style=filled label="mta1\n"]
+        }
+
+        subgraph "clusterdal" {
+                label="gnt-dal cluster"
+                style=dotted
+                submit2 [color="green" style=filled]
+                mailbox2 [color="green" style=filled label="mailbox2\nDovecot\nfailover"]
+                webmail2 [color="green" style=filled label="webmail2\nRoundcube"]
+                mx2 [color="green" style=filled label="mx2\nrewriting"]
+                mta2 [color="green" style=filled label="mta2\nrewriting"]
+                redacted [style=dotted]
+        }
+
+        // external boxes
+        external [label="internet\nnon TPO mail hosts", shape=ellipse]
+        internal [label="other TPO hosts"]
+
+        // HA mailbox cluster
+        webmail1 -> mailbox1
+        webmail2 -> mailbox2
+        webmail1 -> mailbox2 [style="dotted"]
+        webmail2 -> mailbox1 [style="dotted"]
+        mailbox1 -> mailbox2 -> mailbox1 [label="sync"]
+
+        // all relations
+        mx1 -> mailbox1
+        { mta1, webmail1 } -> mx1
+        { mta1, webmail1 } -> mx2 [style=dotted]
+        internal -> mta1
+        internal -> mta2 [style=dotted]
+        // user interacts with those
+        user -> { submit1 }
+        user -> { submit2 } [style=dotted]
+        user -> { webmail1 } [dir=both]
+        user -> { webmail2 } [dir=both style="dotted"]
+        user -> mailbox1 [dir=both]
+        user -> mailbox2 [dir=both style="dotted"]
+        // those all relay mail to the outside
+        { submit1, mta1, webmail1 } -> external
+        { mx2, submit2, mta2, webmail2 } -> redacted
+        submit1 -> {mx1, mailbox1}
+        mx1 -> mailbox2 [style=dotted]
+}
--- a/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-ha.png
+++ b/policy/tpa-rfc-44-email-emergency-recovery/architecture-post-ha.png