factory/doc/adr/README.md

# Bases

## Fondamentaux

- [x] [Setup DNS, OS, ...](./00_dns_os_etc.md)
- [x] [docker & k3s](./01_docker_k3s.md)
- [x] [main components](./02_main_components.md)
  - [x] setup volume, nfs, k8s provisioner
  - [x] setup postgres
  - [x] setup gitea
    - [x] setup mail alert
- [x] [setup gitea runners, Argo CD](./03_cicd_gitea_action_argocd.md)
  - [x] sync git repo with github/gitlab
  - [ ] docker hub
  - [x] gitea packages
- [ ] devsecops tools
  - [x] [hashicorp vault](./04_tool_hashicorp_vault.md)
  - [ ] terrakube
  - [ ] prometheus/grafana
  - [ ] ansible AWX
- [ ] setup hello world web app — 📖 procédure complète : [runbook « Nouvelle application web »](../runbooks/new-web-app/README.md)
  - [ ] manage postgres credentials → [base de données](../runbooks/new-web-app/02-database.md) + [Vault plateforme](../runbooks/new-web-app/03-vault-platform.md)
  - [ ] protect public endpoint (crowdsec) → [chart : ingress public](../runbooks/new-web-app/04-helm-chart.md)

> [!NOTE]
> Reference: [Arcodange _**Factory**_ Ansible Collection](/ansible/arcodange/factory/README.md)

> [!IMPORTANT]
> [duckdns.org](https://duckdns.org/) offre un sous domaine de duckdns.org gratuitement ainsi que des (sous-)sous domaines. Avec notre token on peut valider le challenge DNS de letsencrypt (pour du SSL gratuit) et configurer un cron job pour mettre à jour l'ip publique référencée par notre sous-domaine.

```mermaid
%%{init: { 'logLevel': 'debug', 'theme': 'base' } }%%
flowchart
    net[Internet]
    subgraph "Local Network (livebox)"
        net_rules{network rules}
        subgraph pi1
            subgraph Docker_pi1[Docker]
                %%subgraph Traefik
                %%    :web80
                %%    :websecure443
                %%end
                gitea_action_runner
            end
            subgraph k3s_server[K3S Master]
                %% Traefik -.-> K3S_Traefik
                subgraph K3S_Traefik
                    subdomain_git[/git.arcodange.duckdns.org/]
                end
                Pods[hello world web app]
                ArgoCD
            end
        end
        subgraph pi2
            subgraph Docker_pi2[Docker]
                subgraph gitea_network
                    subgraph postgres_service
                    end
                    subgraph gitea_service
                    end
                end
            end
            subgraph HardDisk[Hard Disk]
                pg_data[pg_data partition]
                gitea_data[gitea_data partition]
                nfs_data[NFS_data partition]
                K3S_storage_provisioner --o nfs_data
            end
            subgraph k3s_agent[K3S Agent]
                Pods'[hello world web app]
            end
        end
    end

    postgres_service --o pg_data
    gitea_service --o gitea_data

    net -. "http(s)://(*.)arcodange.duckdns.org" .- net_rules -. :<i>443/80</i> .-> K3S_Traefik
    %% Traefik

    subdomain_git -.-> gitea_service

    classDef k3s fill:#fff,stroke:#f0f,stroke-width:1px;
    classDef storage fill:#999,stroke:#000,stroke-width:2px;

    class HardDisk storage;
    class k3s_server,k3s_agent,K3S_storage_provisioner k3s;
```