TheLovinator/Tussilago
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Begin Firecracker microVM support

Browse source
This commit is contained in:
Joakim Hellsén 2026-04-25 06:34:37 +02:00
commit ed8ad1bee9
Signed by: Joakim Hellsén
SSH key fingerprint: SHA256:/9h/CsExpFp+PRhsfA0xznFx2CGfTT5R/kpuFfUgEQk
11 changed files with 290 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.github/copilot-instructions.md vendored
View file

@ -13,7 +13,7 @@ Auto-Clarity: drop caveman for security warnings, irreversible actions, user con
# Context: Tussilago
A platform to run and host applications, with a focus on Python applications.
- **Tech Stack**: Python 3.14+, Django 6, Celery, SQLite (platform), PostgreSQL/Redis (tenants).
- **Infrastructure**: Podman, gVisor (sandboxing), Caddy (reverse proxy/load balancer).
- **Infrastructure**: Firecracker microVMs (sandboxing), Podman (image/build workflow), Caddy (reverse proxy/load balancer).
- **Tooling**: `uv` (package manager/runner), `pytest`, `ruff`.
## CRITICAL: Security & Architecture constraints
@ -22,6 +22,7 @@ A platform to run and host applications, with a focus on Python applications.
- **Subprocess**: NEVER use `os.system`. MUST use `subprocess.run(..., check=True, capture_output=True, text=True)`. Handle `subprocess.CalledProcessError` explicitly.
- **Database IDs**: NEVER expose internal Linux UIDs (integers) to the frontend/API. MUST use `UUIDv4` for external references.
- **Caddy**: MUST interact with Caddy strictly via its JSON REST API.
- **Firecracker Isolation**: Tenant workloads MUST run inside Firecracker microVM boundaries. Do not assume host-level process trust; enforce per-VM network/storage isolation and explicit lifecycle control.
- **PostgreSQL Isolation**: For shared-tier DBs, use logical isolation. Create roles with `NOSUPERUSER`, `CONNECTION LIMIT`, and configured `statement_timeout`.
- **Connection Pooling**: Assume PgBouncer is active. In Django settings, `DISABLE_SERVER_SIDE_CURSORS = True` MUST be set.
@ -67,7 +68,7 @@ A platform to run and host applications, with a focus on Python applications.
- **Celery Tasks**:
- **Idempotency**: All tasks MUST be idempotent. If a task fails halfway and retries, it MUST NOT corrupt the system or create duplicate containers.
- **Serialization**: NEVER pass Django ORM instances as task arguments. Pass `UUID`s or primitive types and refetch the object inside the task.
- **Retries**: Always implement bounded exponential backoff for external interactions (e.g., interacting with the Caddy API or waiting for gVisor).
- **Retries**: Always implement bounded exponential backoff for external interactions (e.g., interacting with the Caddy API or waiting for Firecracker microVM readiness).
## Testing Standards
- **Mocking**: NEVER allow test suites to execute real `podman` subprocess calls or make real HTTP requests to Caddy. MUST use `unittest.mock.patch` or `responses`/`httpx-mock` for external boundaries.