[{"data":1,"prerenderedAt":123},["ShallowReactive",2],{"doc-\u002Fabout\u002Farchitecture-poster":3},{"id":4,"title":5,"body":6,"description":113,"edit":114,"extension":115,"meta":116,"navigation":117,"path":118,"seo":119,"stem":120,"vertical":114,"weight":121,"__hash__":122},"content\u002Fabout\u002Farchitecture-poster.md","Architecture poster",{"type":7,"value":8,"toc":104},"minimark",[9,13,16,21,28,34,40,46,52,64,70,78,94,97,101],[10,11,12],"p",{},"A single-page reference diagram of the OpenSense data flow, drawn in\nthe same Cold Storage Panel aesthetic as the dashboard. Print at A3\nlandscape; tape it to the rack. Useful when a customer asks \"where\ndoes my data go\" and you want a one-glance answer.",[14,15],"arch-diagram",{},[17,18,20],"h2",{"id":19},"what-each-box-does","What each box does",[10,22,23,27],{},[24,25,26],"strong",{},"Device."," A sensor that emits measurements. We support the four\nclasses shown: Shelly (WiFi), Aqara (Zigbee through a gateway), Efento\n(LoRaWAN), and a generic DIY ESP32 over either HTTPS or MQTTS. A clamp\nmeter for energy is the fifth (also HTTPS — same wire format as the\nESP32).",[10,29,30,33],{},[24,31,32],{},"Edge."," Caddy reverse-proxies all customer traffic with TLS 1.3 and\nper-route rate limits. The edge is the only host that talks to the\npublic internet directly; everything downstream is on localhost.",[10,35,36,39],{},[24,37,38],{},"Ingest service."," A Go binary. Validates the payload structure,\nmatches the token to a device, resolves measurement labels to channel\nids, runs the sanity-range check, deduplicates, then writes to\nTimescaleDB. Fast path: a typical ingest completes in 1.4 ms p50.",[10,41,42,45],{},[24,43,44],{},"Rule engine."," Reads new measurements off a Postgres listen\u002Fnotify\nchannel. Holds per-channel rule state in memory (with periodic\ncheckpoints). Emits events on state transitions; events go to the\naudit log and to the outbound dispatcher.",[10,47,48,51],{},[24,49,50],{},"Storage."," TimescaleDB on a dedicated LUKS-encrypted volume.\nHypertable chunks are one day each; the 5-min, 1-hr and 1-day\ncontinuous aggregates run as Postgres background workers. Backups\nhourly to a separate volume, weekly off-site.",[10,53,54,57,58,63],{},[24,55,56],{},"Audit + events."," A separate Postgres table — append-only, hash-\nchained, daily head published. See\n",[59,60,62],"a",{"href":61},"\u002Fsecurity\u002Faudit-trail","audit trail"," for the cryptographic detail.",[10,65,66,69],{},[24,67,68],{},"Outbound."," Telegram, email (via Postmark with EU-only routing for\nour account), customer webhook, and PDF generation are all served by\nthis one dispatcher. Retries with exponential backoff; respects\nper-channel digest policies.",[17,71,73,74,77],{"id":72},"what-is-not-drawn","What is ",[24,75,76],{},"not"," drawn",[79,80,81,85,88,91],"ul",{},[82,83,84],"li",{},"The web UI (a separate static SPA served from the same edge).",[82,86,87],{},"The reports container (Chromium-based, sits next to the dispatcher).",[82,89,90],{},"The MQTT bridge (drawn implicitly as one of the edge protocols).",[82,92,93],{},"The CI pipeline and the deploy host.",[10,95,96],{},"These are operational details, not data-flow concerns; they belong on\na separate diagram which we have not yet drawn. If you need it, ask.",[17,98,100],{"id":99},"want-it-as-a-pdf","Want it as a PDF?",[10,102,103],{},"The SVG above is the source. Right-click → \"Save image as…\" gives you\nthe SVG. Open in Inkscape or Illustrator; export to PDF at any size.\nThe font (B612 Mono) is open-licensed; embed it freely.",{"title":105,"searchDepth":106,"depth":106,"links":107},"",3,[108,110,112],{"id":19,"depth":109,"text":20},2,{"id":72,"depth":109,"text":111},"What is not drawn",{"id":99,"depth":109,"text":100},"A print-ready single-page system diagram",null,"md",{},true,"\u002Fabout\u002Farchitecture-poster",{"title":5,"description":113},"about\u002Farchitecture-poster",960,"axTrb-kZgEB-VWx-Ljf4f5yAEcoHsf_GB-M7gLv1cDc",1779022956357]