Migrate sigvild-gallery to production environment
- Add multi-environment architecture (homelab + production) - Create production environment (mini-vps) for client projects - Create homelab playbook for arch-vps services - Create production playbook for mini-vps services - Move sigvild-gallery from homelab to production - Restructure variables: group_vars/production + host_vars/arch-vps - Add backup-sigvild.yml playbook with auto-restore functionality - Fix restore logic to check for data before creating directories - Add manual variable loading workaround for Ansible 2.20 - Update all documentation for multi-environment setup - Add ADR-007 documenting multi-environment architecture decision
This commit is contained in:
74
README.md
74
README.md
@@ -32,43 +32,64 @@ Rick-infra implements a security-first infrastructure stack featuring:
|
||||
└─────────────────────────────────────────────────────────────┘
|
||||
```
|
||||
|
||||
## Infrastructure Environments
|
||||
|
||||
Rick-infra manages **two separate environments**:
|
||||
|
||||
### 🏠 Homelab (arch-vps)
|
||||
Personal services and experimentation at **jnss.me**:
|
||||
- PostgreSQL, Valkey, Podman infrastructure
|
||||
- Authentik SSO (auth.jnss.me)
|
||||
- Nextcloud (cloud.jnss.me)
|
||||
- Gitea (git.jnss.me)
|
||||
|
||||
### 🚀 Production (mini-vps)
|
||||
Client projects requiring high uptime:
|
||||
- Sigvild Gallery (sigvild.no, api.sigvild.no)
|
||||
- Minimal infrastructure footprint
|
||||
|
||||
## Quick Start
|
||||
|
||||
### Prerequisites
|
||||
- **VPS**: Fresh Arch Linux VPS with root access
|
||||
- **DNS**: Domain pointed to VPS IP address
|
||||
- **DNS**: Domains pointed to VPS IP addresses
|
||||
- **SSH**: Key-based authentication configured
|
||||
|
||||
### Deploy Complete Stack
|
||||
### Deploy Infrastructure
|
||||
|
||||
```bash
|
||||
# 1. Clone repository
|
||||
git clone https://github.com/your-username/rick-infra.git
|
||||
cd rick-infra
|
||||
|
||||
# 2. Configure inventory
|
||||
cp inventory/hosts.yml.example inventory/hosts.yml
|
||||
# Edit inventory/hosts.yml with your VPS details
|
||||
# 2. Configure inventory (already set up)
|
||||
# inventory/hosts.yml defines homelab and production groups
|
||||
|
||||
# 3. Set up vault variables
|
||||
ansible-vault create host_vars/arch-vps/vault.yml
|
||||
# Add required secrets (see deployment guide)
|
||||
ansible-vault edit group_vars/production/vault.yml # Production secrets
|
||||
ansible-vault edit host_vars/arch-vps/vault.yml # Homelab secrets
|
||||
|
||||
# 4. Deploy complete infrastructure
|
||||
ansible-playbook -i inventory/hosts.yml site.yml --ask-vault-pass
|
||||
# 4. Deploy to specific environment
|
||||
ansible-playbook playbooks/homelab.yml # Deploy homelab
|
||||
ansible-playbook playbooks/production.yml # Deploy production
|
||||
ansible-playbook site.yml # Deploy both
|
||||
```
|
||||
|
||||
**Total deployment time**: 8-14 minutes for complete stack
|
||||
**Deployment times**:
|
||||
- Homelab (full stack): 8-14 minutes
|
||||
- Production (minimal): 3-5 minutes
|
||||
|
||||
### Verify Deployment
|
||||
|
||||
```bash
|
||||
# Check services
|
||||
# Check homelab services
|
||||
curl -I https://auth.jnss.me/ # Authentik SSO
|
||||
curl -I https://git.jnss.me/ # Gitea (if enabled)
|
||||
curl -I https://cloud.jnss.me/ # Nextcloud
|
||||
ansible homelab -a "systemctl status postgresql valkey caddy"
|
||||
|
||||
# Check infrastructure
|
||||
ansible arch-vps -m command -a "systemctl status postgresql valkey caddy"
|
||||
# Check production services
|
||||
curl -I https://sigvild.no/ # Sigvild Gallery
|
||||
ansible production -a "systemctl status sigvild-gallery caddy"
|
||||
```
|
||||
|
||||
## Key Features
|
||||
@@ -116,21 +137,32 @@ ansible arch-vps -m command -a "systemctl status postgresql valkey caddy"
|
||||
|
||||
## Core Services
|
||||
|
||||
### Infrastructure Services (Native systemd)
|
||||
### Homelab Services (arch-vps)
|
||||
|
||||
**Infrastructure (Native systemd)**:
|
||||
- **PostgreSQL** - High-performance database with Unix socket support
|
||||
- **Valkey** - Redis-compatible cache with Unix socket support
|
||||
- **Caddy** - Automatic HTTPS reverse proxy with Cloudflare DNS
|
||||
- **Podman** - Rootless container runtime with systemd integration
|
||||
|
||||
### Authentication Services
|
||||
**Authentication**:
|
||||
- **Authentik** - Modern SSO server with OAuth2/OIDC/SAML support
|
||||
- **Forward Auth** - Transparent service protection via Caddy integration
|
||||
- **Multi-Factor Authentication** - TOTP, WebAuthn, SMS support
|
||||
- **Forward Auth** - Transparent service protection via Caddy
|
||||
|
||||
### Application Services (Containerized)
|
||||
**Applications (Containerized)**:
|
||||
- **Nextcloud** - Personal cloud storage and file sync
|
||||
- **Gitea** - Self-hosted Git service with SSO integration
|
||||
- **Gallery** - Media gallery with authentication
|
||||
- **Custom Services** - Template for additional service integration
|
||||
|
||||
### Production Services (mini-vps)
|
||||
|
||||
**Infrastructure**:
|
||||
- **Caddy** - Automatic HTTPS reverse proxy with Cloudflare DNS
|
||||
|
||||
**Applications**:
|
||||
- **Sigvild Gallery** - Wedding photo gallery with PocketBase API
|
||||
- Frontend: SvelteKit static site
|
||||
- Backend: Go + SQLite (PocketBase)
|
||||
- Domains: sigvild.no, api.sigvild.no
|
||||
|
||||
## Architecture Benefits
|
||||
|
||||
|
||||
Reference in New Issue
Block a user