The CanuckDUCK Technical Architecture – How It All Fits Together

CDK
Submitted by ecoadmin on

Why We're Sharing This

Most platforms treat their architecture as proprietary secrets. We're taking a different approach. CanuckDUCK is civic infrastructure—you deserve to understand how it works, where your data lives, and why we made the choices we did.

This is a living document. As we grow, it evolves.

The Ecosystem at a Glance

CanuckDUCK isn't a single website. It's a constellation of interconnected services, each handling a specific civic function:

Service

Purpose

Core

Authentication hub, identity management, SSO

Pond

Forums and community discussion

Consensus

Voting and democratic decision-making

Store

Commerce, subscriptions, affiliate marketplace

Flightplan

Democratic project management

Ducklings

Educational budget simulation platform

[News/RSS Service?]

Geographic news aggregation

All of these communicate through a unified authentication layer, so you move seamlessly between services while maintaining consistent identity and role permissions.

The Foundation

Virtualization & Hosting

  • Dell PowerEdge R720 servers running Proxmox virtualization
  • All infrastructure physically located in Canada 🇨🇦
  • Cloudflare integration for external access, DDoS protection, and performance

Application Layer

  • Drupal 11 ecosystem across all primary services
  • Custom modules for cross-site integration and civic-specific functionality

Why Drupal? It's battle-tested, open-source, and gives us the content modeling flexibility that civic discourse requires. Forums, voting systems, geographic taxonomies, role-based access—Drupal handles the complexity without vendor lock-in.

Identity & Privacy Architecture

This is where CanuckDUCK diverges from conventional platforms.

Pairwise Pseudonymous Identity

You're not the same "duck" everywhere. Your identity is contextually separated across communities—what you post in your municipal forum isn't trivially linkable to your participation in a national policy discussion.

Why? Authentic civic discourse requires the freedom to engage with ideas on their merits, without every statement becoming part of a permanent, platform-wide profile that follows you forever.

Authentication Flow

  • Core handles all authentication via SSO (JWT tokens)
  • Role propagation to satellite sites based on verified attributes
  • LDAP-based organizational administration for institutional users (municipalities, organizations)

What We Verify vs. What We Don't

  • ✅ Canadian residency (postal code validation)
  • ✅ Organizational affiliations (for official accounts)
  • ❌ Real names (not required, not stored unless you choose)
  • ❌ Government ID (we're civic infrastructure, not a surveillance apparatus)

Geographic Hierarchy

Everything routes through geography. Canada's postal code system gives us a natural 3-level hierarchy:

Level

Example

Scope

FSA (Forward Sortation Area)

T2P

Downtown Calgary

Regional

T2

Greater Calgary

Provincial/National

AB / CA

Alberta / Canada-wide

This means:

  • Local discussions stay local by default
  • Issues can escalate organically when they affect broader regions
  • Municipal administrators see their actual constituencies
  • News and content aggregation respects geographic relevance

The Forum Analysis Engine (FAE)

Our AI-assisted tool for community leaders. [See the companion post on AI edge cases for the philosophical discussion.]

What it does:

  • Summarizes high-volume discussion threads
  • Identifies emerging themes and constituent concerns
  • Flags content for human moderator review

What it runs on:

  • Currently: Gigabyte Radeon RX 7800 XT GAMING OC 16G (local inference)
  • Future: Scaled infrastructure as funding permits
  • Principle: Canadian soil, no external API calls for content analysis

Security & Traffic Analysis

VPN Detection & Traffic Origin Analysis

We're building tools to distinguish Canadian traffic from foreign origins. Why?

  • Civic discourse should be driven by Canadians discussing Canadian issues
  • Foreign influence campaigns are a real threat to democratic platforms
  • Transparency about traffic origins helps communities trust participation authenticity

This doesn't mean VPN users are banned—there are legitimate privacy reasons to use VPNs. But participation context matters, and we're developing nuanced approaches to handle edge cases.

Data Sovereignty

The Commitment:

  • All primary data stored on Canadian infrastructure
  • No selling or licensing of user data
  • No training external AI models on your contributions
  • Open data integrations (like Calgary Open Data) are additive—we pull public data in, we don't push private data out

What's In Progress

Transparency means admitting what's not finished:

  •  Staging environment separation (currently finalizing)
  • Expanded Open Data integrations beyond Calgary POC
  • Subscription tier implementation for organizational access
  • NFT avatar marketplace alongside free "Public Library"
  • Full modular community feature rollout

Open Questions for the Community

  • What aspects of the architecture would you like more detail on?
  • Are there integrations (municipal services, open data sources) you'd want prioritized?
  • How do you feel about the geographic hierarchy model? Does it map to how you think about community?
0
| Comments
0 recommendations