NanoXiLT Engineering Docs¶
Welcome to the NanoXiLT internal engineering knowledge base. This site covers everything you need to get a new service running on the platform — from provisioning databases and Vault secrets to CI/CD and deployment.
Quick navigation¶
-
Onboard a new application
Step-by-step guide: DB → Vault → CI/CD → deploy -
VPN Access
Connect via WireGuard to reach internal services -
Vault Secrets
Managing secrets with HashiCorp Vault -
Databases
PostgreSQL and MariaDB provisioning -
Onboard API
Use the internal API to provision resources without SSH
Architecture overview¶
┌──────────────────────────────────┐
Internet / VPN ──► │ Traefik (TLS termination) │
│ *.nanoxilt.com │
└────────────┬─────────────────────┘
│
┌───────────────────┼───────────────────────┐
│ │ │
┌────────▼──────┐ ┌─────────▼───────┐ ┌───────────▼──────┐
│ nanoxiltpay │ │ onboard-api │ │ mailcow mail │
│ api /pay │ │ (VPN only) │ │ server │
└───────────────┘ └─────────────────┘ └──────────────────┘
│
┌────────▼──────────────────────────────┐
│ Internal network (traefik-netV2) │
│ │
│ Vault PostgreSQL MariaDB │
│ (secrets) (relational) (mariadb) │
└───────────────────────────────────────┘
Platform services¶
| Service | URL | Access |
|---|---|---|
| Main API | https://api.nanoxilt.com |
Public |
https://mail.nanoxilt.com |
Public | |
| Onboard API | https://onboard.nanoxilt.com |
VPN only |
| Docs (this site) | https://internal.docs.nanoxilt.com |
VPN only |
| Vault UI | https://vault.nanoxilt.com |
VPN only |
| Portainer | https://portainer.nanoxilt.com |
VPN only |
VPN required
Services marked VPN only are only reachable when connected to the NanoXiLT WireGuard VPN.
See VPN Access to connect.