Gabriel Radureau
23d8bc9231
Records how erp-sandbox's DATA is seeded, reset, and kept structurally incapable of harming prod — the application-data-layer complement to ADR-0001 (which rejected an in-cluster sandbox for INFRA rehearsal) and the lifecycle for the erp-sandbox instance ADR-0002 stood up. Decision: (1) iso-prod golden via read-only pg_dump of prod erp, app-scoped to llx_*; (2) reset = DROP OWNED BY erp_sandbox_role CASCADE + pg_restore --no-owner --role=erp_sandbox_role into the EXISTING db (no DROP/CREATE DATABASE, no CREATEDB, no superuser; provisioner-owned infra objects like the pgbouncer user_lookup function are left untouched); (3) prod-write isolation as a structural invariant (superuser only in human-gated postgres.yaml CI; DROP DATABASE gated by ownership — erp_sandbox_role owns only erp-sandbox, never prod erp/erp_role; sandbox-scoped Dolibarr key; membership-only runtime creds; host-guard; resettability); plus a human-gated promote via the read-only dolibarr-data-snapshot diff under a separate prod-write credential. The reset mechanism + the integrity invariant were validated against the live erp-sandbox: DROP OWNED BY erp_sandbox_role + app-scoped pg_restore round-trips to the golden checkpoint using only erp_sandbox_role membership (superuser=false, createdb=false, not a member of erp_role), proving prod is structurally unreachable from the sandbox credential. Drafted via a clean-context agent; mechanism refined from a live prototype. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Arcodange Factory
%%{init: { 'logLevel': 'debug', 'theme': 'base', 'rough':true } }%%
flowchart
prepare_hd>HD setup]
prepare_pg>PG Setup]
prepare_gitea>Gitea Setup]
origin_repo[[original repositories]]
github_repo_m[[gitea mirrors]]
gitlab_repo_m[[gitea mirrors]]
origin_repo -. mirrored .->gitlab_repo_m
origin_repo -. mirrored .->github_repo_m
tofu.state -. manages providers/go-gitea .- origin_repo
tofu.state -. manages providers/gitlabhq/gitlab .- gitlab_repo_m
tofu.state -. manages providers/integrations/github .- github_repo_m
subgraph Home
subgraph pi1
runner[/gitea runners\]
subgraph small HD
backup_data
end
end
subgraph pi2
PG[(Postgres)]
subgraph Gitea
origin_repo
end
subgraph HD
PG_data
Gitea_data
end
end
subgraph pi3
subgraph ai
ollama
end
end
subgraph "master (macbook pro)"
ansible{{ansible control-node}}
tofu{{opentofu control-node}}
subgraph ansible_scripts
direction TB
prepare_hd --> prepare_pg --> prepare_gitea
end
end
end
subgraph Internet
subgraph Gitlab
subgraph Group Arcodange
gitlab_repo_m
end
end
subgraph Github
subgraph Organization Arcodange
github_repo_m
end
end
subgraph GCP
subgraph project arcodange
subgraph gs://arcodange-tf
tofu.state
end
end
end
end
tofu == plan/apply ==> tofu.state
ansible == deploy ==> HD
ansible == deploy ==> PG
ansible == deploy ==> Gitea
ansible --- ansible_scripts
classDef done fill:gold,stroke:indigo,stroke-width:4px,color:blue;
class prepare_hd,nodeId2 done;
Documentation
- 📚
doc/— ADR (décisions d'architecture) + runbooks. - 🚀 Runbook : mettre en service une nouvelle application web — dépôt Gitea, base de données, Vault, chart Helm, Terraform, CI, ArgoCD.
🏹💻🪽