arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
factory/doc/adr
History
Gabriel Radureau 8330d82225 docs(runbooks): add "new web app" setup runbook under doc/runbooks/ 
Document, as a tree-docs tree, the end-to-end procedure to stand up a new
web application on the Arcodange platform — a mechanic spread across the
factory, tools and app repos with non-trivial ordering dependencies.

Covers: Gitea repo creation (org-secret inheritance), Postgres DB + owner
role (factory/postgres/iac), platform Vault declaration (gitea_cicd_<app>
+ policies, tools/hashicorp-vault/iac), the app Helm chart (VSO dynamic
secrets via pgbouncer), the app Terraform (app_roles module), the CI
workflows (tofu apply + image build, incl. the copy-pasted role pitfall),
and ArgoCD registration (factory/argocd/values.yaml). Adds a naming-
conventions concept page and an ordered checklist.

Wires the legacy doc/adr "setup hello world web app" item and the factory
README to the runbook. New docs live under doc/ (singular) per the PR #8
convention.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 17:22:30 +02:00
..
00_dns_os_etc.md
k3s setup and git action runner
2024-08-12 21:45:16 +02:00
01_docker_k3s.md
k3s setup and git action runner
2024-08-12 21:45:16 +02:00
02_main_components.md
k3s setup and git action runner
2024-08-12 21:45:16 +02:00
03_cicd_gitea_action_argocd.md
doc: begin cicd setup md
2024-08-18 12:02:16 +02:00
04_tool_hashicorp_vault.md
use self signed cert for internal domain arcodange.lab
2025-12-31 17:38:04 +01:00
20260509-telegram-gateway-auth.md
docs: place new ADR under doc/adr (singular) per convention
2026-05-09 14:25:37 +02:00
README.md
docs(runbooks): add "new web app" setup runbook under doc/runbooks/
2026-05-31 17:22:30 +02:00

README.md

Bases

Fondamentaux

Note

Reference: Arcodange Factory Ansible Collection

Important

duckdns.org offre un sous domaine de duckdns.org gratuitement ainsi que des (sous-)sous domaines. Avec notre token on peut valider le challenge DNS de letsencrypt (pour du SSL gratuit) et configurer un cron job pour mettre à jour l'ip publique référencée par notre sous-domaine.

%%{init: { 'logLevel': 'debug', 'theme': 'base' } }%%
flowchart
    net[Internet]
    subgraph "Local Network (livebox)"
        net_rules{network rules}
        subgraph pi1
            subgraph Docker_pi1[Docker]
                %%subgraph Traefik
                %%    :web80
                %%    :websecure443
                %%end
                gitea_action_runner
            end
            subgraph k3s_server[K3S Master]
                %% Traefik -.-> K3S_Traefik
                subgraph K3S_Traefik
                    subdomain_git[/git.arcodange.duckdns.org/]
                end
                Pods[hello world web app]
                ArgoCD
            end
        end
        subgraph pi2
            subgraph Docker_pi2[Docker]
                subgraph gitea_network
                    subgraph postgres_service
                    end
                    subgraph gitea_service
                    end
                end
            end
            subgraph HardDisk[Hard Disk]
                pg_data[pg_data partition]
                gitea_data[gitea_data partition]
                nfs_data[NFS_data partition]
                K3S_storage_provisioner --o nfs_data
            end
            subgraph k3s_agent[K3S Agent]
                Pods'[hello world web app]
            end
        end
    end

    postgres_service --o pg_data
    gitea_service --o gitea_data

    net -. "http(s)://(*.)arcodange.duckdns.org" .- net_rules -. :<i>443/80</i> .-> K3S_Traefik
    %% Traefik

    subdomain_git -.-> gitea_service

    classDef k3s fill:#fff,stroke:#f0f,stroke-width:1px;
    classDef storage fill:#999,stroke:#000,stroke-width:2px;

    class HardDisk storage;
    class k3s_server,k3s_agent,K3S_storage_provisioner k3s;
Reference in New Issue View Git Blame Copy Permalink