docs(infra): document new infra v2 structure and usage
This commit is contained in:
24
README.md
24
README.md
@@ -2,6 +2,30 @@
|
||||
|
||||
All the software used and hosted by mindboost organized in containers.
|
||||
|
||||
## New Infra (v2) Overview
|
||||
|
||||
This repo now includes a modular, best‑practice infrastructure under `infra/` to make replication and selective deployment easy. It is centered on Traefik as the reverse proxy with automatic TLS via Let's Encrypt, environment layering, and pick‑what‑you‑need application stacks.
|
||||
|
||||
- Core: `infra/core/traefik` — Traefik with HTTPS (ACME), dashboard, and sane defaults
|
||||
- Apps: `infra/apps/<service>` — self‑contained stacks (e.g., `nextcloud`)
|
||||
- Env: `infra/env/<environment>/common.env` — environment defaults (dev/prod)
|
||||
- Secrets: `infra/secrets/` — local secret storage (ignored by git)
|
||||
- Make targets: top‑level `Makefile` to bootstrap, start proxy, and start apps
|
||||
|
||||
Quickstart
|
||||
|
||||
- Copy `infra/env/development/common.env` and adjust domains and ACME email.
|
||||
- Create the shared proxy network and ACME storage: `make bootstrap`
|
||||
- Start Traefik: `make proxy-up`
|
||||
- Start a service, e.g. Nextcloud: `make app-up APP=nextcloud`
|
||||
|
||||
Notes
|
||||
|
||||
- Traefik dashboard is exposed at `TRAEFIK_DASHBOARD_DOMAIN` with optional basic auth.
|
||||
- Services connect to an external `proxy` network for routing, plus their own internal network.
|
||||
- Each app has its own `.env.example`; copy to `.env` and adjust.
|
||||
- The legacy `apps/` structure remains as-is; new infra is additive and can coexist.
|
||||
|
||||
## Project Structure
|
||||
|
||||
./apps/
|
||||
|
||||
29
docs/infra.md
Normal file
29
docs/infra.md
Normal file
@@ -0,0 +1,29 @@
|
||||
Infrastructure v2
|
||||
|
||||
Goals
|
||||
|
||||
- Modular stacks you can pick individually (Nextcloud, etc.)
|
||||
- Unified reverse proxy (Traefik) with automatic TLS
|
||||
- Clear env layering and git‑ignored secrets
|
||||
- Simple Make targets for a smooth DX
|
||||
|
||||
Layout
|
||||
|
||||
- infra/core/traefik: Traefik compose + static/dynamic config
|
||||
- infra/apps/<service>: Self‑contained compose stacks and .env.example
|
||||
- infra/env/<env>/common.env: Shared environment defaults per environment
|
||||
- infra/secrets: Local secret files (ignored)
|
||||
- scripts/infra/bootstrap.sh: Creates proxy network and ACME storage
|
||||
|
||||
Usage
|
||||
|
||||
1. cp infra/env/development/common.env infra/env/development/common.env (adjust values)
|
||||
2. make bootstrap
|
||||
3. make proxy-up
|
||||
4. make app-up APP=nextcloud
|
||||
|
||||
Security
|
||||
|
||||
- Do not commit real secrets. Place them in local `.env` files or secret managers.
|
||||
- Optionally protect Traefik dashboard with basic auth via `TRAEFIK_BASIC_AUTH_USERS`.
|
||||
|
||||
Reference in New Issue
Block a user