Data Flow & Persistence Architecture

Overview

The CFS Server Manager architecture implements a Unified Storage Architecture for core services while maintaining direct bind mount persistence for the Antigravity IDE.

Unified Storage Architecture

Core infrastructure services (ollama, open-webui) use Docker Named Volumes for persistence:

graph TD
    subgraph DockerVolumes ["Docker Named Volumes"]
        OLL[ollama_ollama_data]
        OWI[openwebui_open-webui_data]
    end

    subgraph Containers ["Docker Containers"]
        COL[ollama Container]
        COW[open-webui Container]
    end

    OLL ===|Volume Mount| COL
    OWI ===|Volume Mount| COW

Antigravity IDE Persistence

The Antigravity IDE remains on its original direct bind mount architecture:

graph TD
    subgraph Host ["Strato VPS (Host)"]
        HV[Persistent Home: /opt/antigravity/data/kasm-profile-persistent]
        PD[Project Data: /opt/antigravity/data/PROJECT-DEVELOPMENT]
    end

    subgraph Container ["Antigravity IDE (Container)"]
        EH[Home Directory: /home/kasm-user]
        BM[Workspaces: /home/kasm-user/data]
    end

    HV ===|Bind Mount: rw| EH
    PD --- BM

Critical Data Paths

Because the entire /home/kasm-user is a persistent bind mount, all configurations are saved automatically. This includes:

Category	Path (IDE)	Host Location (VPS)
User Identity	~/.ssh/	kasm-profile-persistent/.ssh/
Agent State	~/.gemini/	kasm-profile-persistent/.gemini/
Tool Configs	~/.config/	kasm-profile-persistent/.config/
Browser Data	~/.cache/google-chrome	kasm-profile-persistent/.cache/google-chrome
VS Code State	~/.vscode/	kasm-profile-persistent/.vscode/

Architecture: Direct Home Bind Mount

This architecture replaces the previous "Shadow Home" (rsync-based) pattern. The key advantages are:

1. Zero-Latency Persistence: Changes made in the IDE (e.g., adding an SSH key or changing a VS Code setting) are written directly to the host disk.
2. No Script Dependency: The persistence is managed by the Docker engine's mount subsystem, not by ephemeral shell scripts (profile-backup.sh, etc.).
3. Complete State Preservation: Unlike whitelisting, this captures every hidden file and dotfile created by any tool installed in the container.

Shadow Mounts (Legacy)

While the main persistence is handled by the home mount, other legacy mounts like /home/kasm-user/data/ide-backup may still exist in the configuration but should be treated as secondary or deprecated.

Note: This setup ensures that the Antigravity IDE feels like a fixed workstation, even when the underlying container is recreated from a newer image.

Off-site Backup Flow

To protect against host-level failures, critical data is backed up off-site to Google Drive using Restic and rclone.

graph LR
    subgraph Host ["Strato VPS"]
        D[(Data Root)]
        SC[Scripts]
        R[Restic Engine]
    end

    subgraph Cloud ["Off-site Storage"]
        GD[(Google Drive)]
    end

    D --> R
    SC -->|Automation| R
    R -->|via rclone| GD

Authentication Architecture

To avoid API quota limits, rclone is configured with a Custom OAuth 2.0 Client ID:

• System: rclone config on VPS
• Credential Type: OAuth Client ID (Desktop App)
• Benefit: Dedicated "private road" to Google Drive API, bypassing shared public client limits.
• Verification: rclone about gdrive: shows 100% quota availability without 403 errors.