docs(infra): document new infra v2 structure and usage
This commit is contained in:
24
README.md
24
README.md
@@ -2,6 +2,30 @@
|
|||||||
|
|
||||||
All the software used and hosted by mindboost organized in containers.
|
All the software used and hosted by mindboost organized in containers.
|
||||||
|
|
||||||
|
## New Infra (v2) Overview
|
||||||
|
|
||||||
|
This repo now includes a modular, best‑practice infrastructure under `infra/` to make replication and selective deployment easy. It is centered on Traefik as the reverse proxy with automatic TLS via Let's Encrypt, environment layering, and pick‑what‑you‑need application stacks.
|
||||||
|
|
||||||
|
- Core: `infra/core/traefik` — Traefik with HTTPS (ACME), dashboard, and sane defaults
|
||||||
|
- Apps: `infra/apps/<service>` — self‑contained stacks (e.g., `nextcloud`)
|
||||||
|
- Env: `infra/env/<environment>/common.env` — environment defaults (dev/prod)
|
||||||
|
- Secrets: `infra/secrets/` — local secret storage (ignored by git)
|
||||||
|
- Make targets: top‑level `Makefile` to bootstrap, start proxy, and start apps
|
||||||
|
|
||||||
|
Quickstart
|
||||||
|
|
||||||
|
- Copy `infra/env/development/common.env` and adjust domains and ACME email.
|
||||||
|
- Create the shared proxy network and ACME storage: `make bootstrap`
|
||||||
|
- Start Traefik: `make proxy-up`
|
||||||
|
- Start a service, e.g. Nextcloud: `make app-up APP=nextcloud`
|
||||||
|
|
||||||
|
Notes
|
||||||
|
|
||||||
|
- Traefik dashboard is exposed at `TRAEFIK_DASHBOARD_DOMAIN` with optional basic auth.
|
||||||
|
- Services connect to an external `proxy` network for routing, plus their own internal network.
|
||||||
|
- Each app has its own `.env.example`; copy to `.env` and adjust.
|
||||||
|
- The legacy `apps/` structure remains as-is; new infra is additive and can coexist.
|
||||||
|
|
||||||
## Project Structure
|
## Project Structure
|
||||||
|
|
||||||
./apps/
|
./apps/
|
||||||
|
|||||||
29
docs/infra.md
Normal file
29
docs/infra.md
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
Infrastructure v2
|
||||||
|
|
||||||
|
Goals
|
||||||
|
|
||||||
|
- Modular stacks you can pick individually (Nextcloud, etc.)
|
||||||
|
- Unified reverse proxy (Traefik) with automatic TLS
|
||||||
|
- Clear env layering and git‑ignored secrets
|
||||||
|
- Simple Make targets for a smooth DX
|
||||||
|
|
||||||
|
Layout
|
||||||
|
|
||||||
|
- infra/core/traefik: Traefik compose + static/dynamic config
|
||||||
|
- infra/apps/<service>: Self‑contained compose stacks and .env.example
|
||||||
|
- infra/env/<env>/common.env: Shared environment defaults per environment
|
||||||
|
- infra/secrets: Local secret files (ignored)
|
||||||
|
- scripts/infra/bootstrap.sh: Creates proxy network and ACME storage
|
||||||
|
|
||||||
|
Usage
|
||||||
|
|
||||||
|
1. cp infra/env/development/common.env infra/env/development/common.env (adjust values)
|
||||||
|
2. make bootstrap
|
||||||
|
3. make proxy-up
|
||||||
|
4. make app-up APP=nextcloud
|
||||||
|
|
||||||
|
Security
|
||||||
|
|
||||||
|
- Do not commit real secrets. Place them in local `.env` files or secret managers.
|
||||||
|
- Optionally protect Traefik dashboard with basic auth via `TRAEFIK_BASIC_AUTH_USERS`.
|
||||||
|
|
||||||
Reference in New Issue
Block a user