diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 00000000..afcc7ab4
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,51 @@
+# Architecture
+
+## High Level Overview
+
+The Security tracker consists of a server process that's responsible for
+handling HTTP requests and a worker process that's doing all the background
+processing.
+
+
+
+### External services
+
+The tracker needs to communicate with third party services, namely:
+
+1) The GitHub API for user authentication, team permissions, creating issues, etc
+2) Two GitHub repos:
+ a) https://github.com/nixos/nixpkgs to pull the latest changes on nixpkgs
+ b) https://github.com/CVEProject/cvelistV5 to pull CVE data
+3) https://prometheus.nixos.org/ to get information about the latest channels
+
+
+# Database Schema
+
+
+
+# Nix Store, storage space and filesystem considerations
+
+The tracker requires significant storage space to run properly. In particular,
+there are two different areas you'll need storage for, the database and the Nix
+store.
+
+## Database
+
+In order to store three diffent Nixpkgs releases, you'll need around 80GB of
+space for the Postgresql database. This is the case right now for storing
+24.05, 24.11 and 25.05.
+
+As the number of CVEs and packages increases, the storage space requirement
+will most likely increase as well.
+
+## Nix Store and filesystem
+
+Since the tracker builds derivations for all packages, it creates a lot of
+small files in the filesystem. You need to make sure you have both enough space
+for this and enough inodes on your filesystem. We suggest you [optimise the nix
+store](https://wiki.nixos.org/wiki/Storage_optimization) and turn on automatic
+optimisation.
+
+If you're using ext4, read this [Nix issue](https://github.com/NixOS/nix/issues/1522)
+as you'll need to enable support for `large_dir`in your filesystem for
+optimisation to work.
diff --git a/docs/architecture.mermaid b/docs/architecture.mermaid
new file mode 100644
index 00000000..31d30f75
--- /dev/null
+++ b/docs/architecture.mermaid
@@ -0,0 +1,67 @@
+graph TB
+ Users["**👥 Users**"]
+
+ subgraph External["**External Services**"]
+ GitHub["**GitHub API**"]
+ GitHubNixos["**GitHub Repository** *nixos/nixpkgs*"]
+ GitHubCVEs["**GitHub Repository** *CVEProject/cvelistV5*"]
+ NixMonitoring["**NixOS Monitoring** *Channel Status*"]
+ end
+
+ subgraph SecurityTracker ["**Security Tracker Host**"]
+ subgraph Web["**Web**"]
+ Nginx["**Nginx HTTP**"]
+ WSGI["**WSGI Django** *Django Views*"]
+ end
+
+ subgraph ManageCommands["**Management Commands**"]
+ FetchAllChannels["**fetch_all_channels**"]
+ IngestCVEs["**ingest_delta_cve**"]
+ end
+
+ subgraph Background["**Background Tasks**"]
+ SystemdTimerChannels["**Systemd Timer Fetch Channels**"]
+ SystemdTimerCVEs["**Systemd Timer Ingest CVEs**"]
+ NixEval["**Evaluate Nix**"]
+ DjangoWorker["**Django worker**"]
+ end
+
+ subgraph Storage["**Storage**"]
+ PostgreSQL["**PostgreSQL** *CVE Records Channels Users Issues*"]
+ LocalGitCheckout["**Local Git Repo** *nixpkgs clone /var/lib/web-security-tracker/nixpkgs-repo*"]
+ NixStore["**Nix store**"]
+ end
+
+ end
+
+ %% User interactions
+ Users -->|HTTP Request| Nginx -->|Forward| WSGI -->|Queries| PostgreSQL
+ WSGI --> GitHub
+
+ %% Timers
+ SystemdTimerChannels -.->|**Triggers Daily**| FetchAllChannels
+ FetchAllChannels -->|1 Fetch Channels| NixMonitoring
+ FetchAllChannels -->|2 Git pull| GitHubNixos
+ FetchAllChannels -->|3 Update Repo| LocalGitCheckout
+ FetchAllChannels -->|4 Evaluate Nix| NixEval --> NixStore
+
+ SystemdTimerCVEs -.->|**Triggers Daily**| IngestCVEs
+ IngestCVEs -->|1 Fetch CVEs| GitHubCVEs
+ IngestCVEs -->|2 Update Database| PostgreSQL
+ IngestCVEs -->|3 PgTrigger Suggestions| DjangoWorker
+
+ classDef userClass fill:#e1f5fe,stroke:#01579b,stroke-width:3px,color:#000
+ classDef externalClass fill:#f3e5f5,stroke:#4a148c,stroke-width:3px,color:#000
+ classDef webClass fill:#e8f5e8,stroke:#2e7d32,stroke-width:3px,color:#000
+ classDef commandClass fill:#fff3e0,stroke:#e65100,stroke-width:3px,color:#000
+ classDef backgroundClass fill:#fce4ec,stroke:#c2185b,stroke-width:3px,color:#000
+ classDef storageClass fill:#f1f8e9,stroke:#33691e,stroke-width:3px,color:#000
+ classDef subgraphClass fill:#fafafa,stroke:#424242,stroke-width:3px
+
+ class Users userClass
+ class GitHub,GitHubNixos,GitHubCVEs,NixMonitoring externalClass
+ class Nginx,WSGI webClass
+ class FetchAllChannels,IngestCVEs commandClass
+ class SystemdTimerChannels,SystemdTimerCVEs,NixEval,DjangoWorker backgroundClass
+ class PostgreSQL,LocalGitCheckout,NixStore storageClass
+ class Storage,Background,ManageCommands,Web subgraphClass
diff --git a/docs/svg/architecture.svg b/docs/svg/architecture.svg
new file mode 100644
index 00000000..96583402
--- /dev/null
+++ b/docs/svg/architecture.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/docs/svg/models.svg b/docs/svg/models.svg
new file mode 100644
index 00000000..d1c1fde2
--- /dev/null
+++ b/docs/svg/models.svg
@@ -0,0 +1,3008 @@
+
+
+
+
+
diff --git a/infra/README.md b/infra/README.md
index afc04f7c..576be616 100644
--- a/infra/README.md
+++ b/infra/README.md
@@ -37,6 +37,6 @@ Then commit `secrets/name_of_secret.age` as usual.
## Metrics
-A [Prometheus Node Exporter](https://github.com/prometheus/node_exporter) is running exposing host specfic metrics. These are scraped by the nixos.org [Prometheus](https://prometheus.nixos.org/graph) and are also available under [Grafana](https://grafana.nixos.org/).
+A [Prometheus Node Exporter](https://github.com/prometheus/node_exporter) is running exposing host specfic metrics. These are scraped by the nixos.org [Prometheus](https://prometheus.nixos.org/graph) and are also available under [Grafana](https://grafana.nixos.org/d/rYdddlPWk/node-exporter-full?orgId=1&from=now-24h&to=now&timezone=browser&var-datasource=default&var-job=node&var-node=tracker.security.nixos.org:9100&var-diskdevices=%5Ba-z%5D%2B%7Cnvme%5B0-9%5D%2Bn%5B0-9%5D%2B%7Cmmcblk%5B0-9%5D%2B&refresh=1m).
-Moreover, a [Postgres Exporter](https://github.com/prometheus-community/postgres_exporter) and a [SQL exporter](https://github.com/justwatchcom/sql_exporter) run in the host exposing Postgres and application specific metrics.
+Moreover, a [Postgres Exporter](https://github.com/prometheus-community/postgres_exporter) and a [SQL exporter](https://github.com/justwatchcom/sql_exporter) run in the host exposing Postgres and application specific metrics. A dashboard for these metrics is [here](https://grafana.nixos.org/d/beo2uotj65lvkb/nix-security-tracker?orgId=1&from=now-6h&to=now&timezone=browser&var-Instance=tracker.security.nixos.org:9237).