wip self hosting linux machine

Author: sitole

deployment/self-hosting.mdx

@@ -49,18 +49,14 @@
             ]
           },
           {
-            "group": "Deploy E2B",
+            "group": "Infrastructure",
             "pages": [
-              "deployment/byoc",
-              "deployment/self-hosting"
+              "infrastructure/architecture",
+              "infrastructure/self-hosting",
+              "infrastructure/byoc"
             ]
           }
         ]
-      },
-      {
-        "anchor": "SDK Reference",
-        "icon": "square-terminal",
-        "href": "https://external-link.com/blog"
       }
     ]
   },

docs.json

@@ -0,0 +1,15 @@
+---
+title: "Architecture"
+description: "E2B infrastructure architecture overview"
+icon: "sitemap"
+---
+
+
+What services are needed to run E2B self-hosting?
+
+
+## Topics
+- Security
+
+- Virtualization isolation
+- Using Firecracker over Docker

infrastructure/architecture.mdx

@@ -0,0 +1,81 @@
+---
+title: "Self-Hosting"
+description: "Deploy E2B to your own cloud infrastructure"
+icon: "server"
+---
+
+Self-hosting E2B allows you to deploy and manage the whole E2B open-source stack on your own infrastructure.
+This gives you full control over your sandboxes, data, and security policies.
+
+We are currently officially supporting self-hosting on Google Cloud Platform (GCP) with Amazon Web Services (AWS), and on-premise support is coming soon.
+
+<Note>
+    If you are looking for a managed solution, consider our [Bring Your Own Cloud](/infrastructure/byoc) offering that will
+    bring you the same security and control with the E2B team managing infrastructure for you.
+</Note>
+
+## Google Cloud Platform
+
+## Linux Machine
+All E2B services are AMD64 compatible and ready to be deployed on Ubuntu 22.04 machines.
+Tooling for on-premise clustering and load-balancing is **not yet officially supported**.
+
+### Service images
+
+For running E2B core, you need to build and deploy **API**, **Edge (client-proxy)**, and **Orchestrator** services.
+This will work on any Linux machine with Docker installed. Orchestrator is built with Docker but deployed as a static binary, because it needs precise control over the Firecracker MicroVMs in the host system.
+
+Building and provisioning services can be similar to what we do with Google Cloud Platform builds and Nomad jobs setup.
+Details about architecture can be found in our [architecture](/infrastructure/architecture) sections.
+
+### Client machine setup
+
+#### Configuration
+
+The Orchestrator (client) machine requires a precise setup to spawn and control Firecracker-based sandboxes.
+This includes a correct OS version installed (Ubuntu 22.04) with KVM. It's possible to run KVM with nested virtualization, but there are some performance drawbacks.
+
+Most of the configuration can be taken from our client [machine setup script](https://github.com/e2b-dev/infra/blob/main/packages/cluster/scripts/start-client.sh).
+There are adjustments for the maximum number of inodes, socket connections, NBD, and huge pages allocations needed for the MicroVM process to work properly.
+
+#### Static binaries
+
+There is a need for a few files and folders to be present on the machine.
+For correctly working sandbox spawning, you need to have Firecracker, Linux kernel, and Envd binaries.
+We are distributing a pre-built one in the public Google Cloud bucket.
+
+```bash
+# Access publicly available pre-built binaries
+gsutil cp -r gs://e2b-prod-public-builds .
+```
+
+Static files and folder setup example. Please replace Linux and Firecracker with the versions you want to use.
+Ensure you use the same Linux and Firecracker versions for both sandbox build and spawning.
+
+```bash
+sudo mkdir -p /orchestrator/sandbox
+sudo mkdir -p /orchestrator/template
+sudo mkdir -p /orchestrator/build
+
+sudo mkdir /fc-envd
+sudo mkdir /fc-envs
+sudo mkdir /fc-vm
+
+# Replace with the source where you envd binary is hosted
+# Currently, envd needs to be taken from your source as we are not providing it.
+sudo curl -fsSL -o /fc-envd/envd ${source_url}
+sudo chmod +x /fc-envd/envd
+
+SOURCE_URL="https://storage.googleapis.com/e2b-prod-public-builds"
+KERNEL_VERSION="vmlinux-6.1.102"
+FIRECRACKER_VERSION="v1.12.1_d990331"
+
+# Download Kernel
+sudo mkdir -p /fc-kernels/vmlinux-${KERNEL_VERSION}
+sudo curl -fsSL -o /fc-kernels/${KERNEL_VERSION}/vmlinux.bin ${SOURCE_URL}/kernels/${KERNEL_VERSION}/vmlinux.bin
+
+# Download Firecracker
+sudo mkdir -p /fc-versions/${FIRECRACKER_VERSION}
+sudo curl -fsSL -o /fc-versions/${FIRECRACKER_VERSION}/firecracker ${SOURCE_URL}/firecrackers/${FIRECRACKER_VERSION}/firecracker
+sudo chmod +x /fc-versions/${FIRECRACKER_VERSION}/firecracker
+```

deployment/byoc.mdx renamed to infrastructure/byoc.mdx

@@ -0,0 +1,10 @@
+---
+title: "Security"
+description: "xxxx"
+icon: "shield"
+---
+
+???
+Why we are not using Docker (E2B vs Docker Containers)
+Jailer, Firecracker, Virtualization
+BYOC link (for additional data residency needs)