Back to Library
Storage

Provisioning Stack - irl.coop

irl.coop
Jan 1, 2026

Provisioning Stack - irl.coop

Based on the "Swim Buddies" scenario.

Core Infrastructure

  • Orchestration: Kubernetes (k8s) or Docker Swarm? (Needs to spin up pods per group).
  • Identity (IdP): Keycloak or Authentik?
    • Requirement: Needs to handle Google OAuth + Wallet Connect (SIWE).
  • Domain/DNS: Wildcard DNS (*.irl.coop).
    • Provider: Cloudflare / AWS Route53.

The "Swim Buddies" Bundle

Communication & Office

  1. Phone Number:
    • Features: Voice, SMS, Extensions, Availability routing.
    • Candidate: Twilio API, SignalWire, or Asterisk/FreePBX (self-hosted).
  2. Email:
    • Features: group@group.irl.coop, aliases.
    • Candidate: Postfix/Dovecot (hard to maintain reputation) or Mailgun/AWS SES (API-driven).
  3. Office Suite:
    • Requirement: OnlyOffice (Explicitly mentioned).
  4. Project Management:
    • Requirement: OpenProject (Explicitly mentioned).
  5. Automation:
    • Requirement: "Automation service".
    • Candidate: n8n (self-hostable, workflow based).
    • Orchestration: Temporal.io (System-level workflows, like SMS/Puppeteer coordination).

Data & Web3

  1. Storage:
    • Requirement: S3 Compatible.
    • Candidate: MinIO (Tenant per group or bucket per group).
  2. Maps:
    • Requirement: OpenMapServer.
  3. Zo Instance:
    • Candidate: OpenClaw container (sandbox).
  4. Web3 Identity/State:
    • LitPKP: Programmable Key Pairs for multi-sig/governance signing.
    • Ceramic (ComposeDB): Decentralized data record for group metadata.

Financial (The Hard Part)

  1. Banking/Venmo:
    • Strategy: RPA / Browser Automation (Puppeteer/Playwright).
    • Implementation:
      • Provision consumer Venmo account per group.
      • Use group's unique phone number for 2FA (SMS receiver).
      • Requirements: Residential proxies (avoid datacenter IP bans), robust fingerprinting (stealth plugins), CAPTCHA solving service.
    • Risk: High maintenance (UI changes break scripts), TOS violation risk, ban risk.

Questions

  1. Isolation: Multi-tenant.
    • Decision: Run centralized instances of services (OnlyOffice, OpenProject, MinIO) and use logical separation (Projects, Tenants, Buckets) to keep group data apart.
    • Benefit: Lower resource overhead, easier updates.
    • Trade-off: Complex permission management to ensure strict data isolation.
  2. Banking: Venmo via Puppeteer automation.

Written by

irl.coop

hello@irl.coop