TELEICU/Current state assessment
More languages
More actions
The current TELEICU deployment across 200+ sites suffers from three systemic reliability factors. This page documents them so the upgrade targets them specifically.
Factor 1: Power and internet disruption
Sites in semi-urban and rural areas experience unreliable grid power and internet connectivity.
Impact: - Nodes go offline without graceful shutdown, risking data corruption on the underlying filesystem - Configuration pull agents (once deployed) will have irregular check-in windows - Monitoring must account for nodes that are expected to be offline for hours at a time - Alerting must distinguish between a genuinely failed node and one that is simply disconnected
Factor 2: Tampering and configuration drift
Hospital PCs are physically accessible to local staff. This has led to:
- Cloudflare tunnel credentials being modified or replaced - Docker Compose files being hand-edited, breaking expected service definitions - System configuration (networking, firewall rules) being changed without change control - No audit trail for who made what change
Impact: - Declared state and actual state diverge silently - Support calls increase as nodes exhibit non-standard behavior - Security posture degrades as tunnel creds may be compromised
Both upgrade paths address this differently: - Ansible: ansible-pull reverts drift on each run (soft guarantee — drift can exist between pull intervals) - NixOS: Immutable /etc — tampering is impossible without rebooting to a different generation (hard guarantee)
Factor 3: OS security and maintenance gaps
The fleet is fragmented across three Ubuntu versions:
- Ubuntu 20.04 — several nodes, nearing or past EOL for some packages - Ubuntu 22.04 — the majority - Ubuntu 24.04 — newer additions
Impact: - No consistent patch cadence across the fleet - Security patches applied ad-hoc or not at all - Ansible roles / NixOS modules must handle version-specific differences - Upgrade path to a single baseline requires either OS reinstall (NixOS) or an in-place upgrade playbook (Ansible)
Summary
All three factors compound: unreliable connectivity makes updates harder, tampering makes state unpredictable, and OS fragmentation makes every node slightly different. The migration strategy targets all three simultaneously by enforcing a single, immutable or pull-reconciled configuration across a uniform OS baseline.