Enhance infrastructure and application configurations
- Updated AGENTS.md to include new directories for execution plans and implemented feature reports. - Modified Ansible host variables for dev-02 and gpu-01 to change API endpoints and add new configurations for Scaleway. - Adjusted firewall rules in gpu-01 to allow HTTPS traffic instead of the previous Ollama port. - Added OAuth2 proxy configurations to gpu-01 for enhanced security. - Removed deprecated open-webui module from Terraform app configurations. - Updated Terraform configurations to reflect changes in local variables and removed unused secrets. - Created a new sectool.json file for CloudNS integration with Bitwarden. - Enhanced SELinux configurations for nginx to allow connections to any port and added oauth2-proxy port.
This commit is contained in:
@@ -3,6 +3,8 @@
|
||||
## Repo Structure
|
||||
|
||||
- **`ansible/`** — Playbooks, roles, inventory. Runs against bare-metal servers.
|
||||
- **`.opencode/plans/`** — Plans under execution
|
||||
- **`implemented/`** — Reports of implemented features
|
||||
- **`terraform/`** — IaC (OpenTofu for K8s app deployments + cloud provisioning).
|
||||
- **`inventory/hosts`** — Ansible inventory. All hosts and groups.
|
||||
- **`requirements/`** — pip requirements files: `ansible.txt`, `dev.txt`, `opentofu.txt`.
|
||||
@@ -26,7 +28,11 @@ export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES # if on a MAC
|
||||
```
|
||||
|
||||
### Running playbooks
|
||||
```sh
|
||||
|
||||
**Note:** ```sectool``` just need to be used when secrets must be injected to the environment, if the command does not requires secrets injection do not use ```sectool```
|
||||
|
||||
```
|
||||
sh
|
||||
cd ansible
|
||||
sectool exec ansible-playbook -u $ANSIBLE_USER playbook_<name>.yml
|
||||
```
|
||||
@@ -64,11 +70,33 @@ Excluded paths: `.git/`, `.github/`, `tests/`. Warns on: `line-length`, `yaml[li
|
||||
- `terraform/iac/cloudns/` — DNS (cloudns)
|
||||
- `terraform/iac/scaleway/` — Scaleway infrastructure
|
||||
|
||||
### Secrets
|
||||
### Running Terraform / OpenTofu
|
||||
|
||||
Each terraform directory has its own `sectool.env`. Run `sectool` to load secrets before `tofu init/plan/apply`:
|
||||
To validate plane (mandatory before apply)
|
||||
```sh
|
||||
sectool env -d terraform/apps/dev-01/ -- tofu plan
|
||||
sectool exec tofu plan
|
||||
```
|
||||
Apply:
|
||||
```sh
|
||||
sectool exec tofu apply --auto-approve
|
||||
```
|
||||
|
||||
## Secrets
|
||||
|
||||
To list secrets:
|
||||
```sh
|
||||
sectool vault list
|
||||
```
|
||||
To set a secret:
|
||||
```sh
|
||||
sectool vault set <secret name> <secret value>
|
||||
```
|
||||
To set a secret:
|
||||
```sh
|
||||
sectool vault get <secret name> <secret value>
|
||||
```
|
||||
|
||||
|
||||
### Module structure
|
||||
- `terraform/modules/apps/` — application modules (Nextcloud, etc.)
|
||||
@@ -112,3 +140,8 @@ sectool exec cntb get instances --oauth2-clientid="$CONTABO_CLIENT_ID" ...
|
||||
- Ansible roles follow galaxy conventions: `defaults/`, `tasks/`, `meta/`, `files/`, `templates/`
|
||||
- `tasks/main.yml` is the entrypoint for every role
|
||||
- Host vars: `ansible/host_vars/<hostname>.yml`
|
||||
|
||||
|
||||
## Troubleshooting and planning
|
||||
|
||||
- When troubleshooting and planning use deepwiki whenever possible to get documentation or information, deepwiki provides information about projects hosted on github to agents.
|
||||
|
||||
Reference in New Issue
Block a user