Spencer
c93dcb5daf
- Create README.md with project layout and quick start instructions - Implement backup scripts for Gitea, including database and repository exports - Add systemd service and timer for automated Gitea backups - Develop bootstrap scripts for homelab and VPS setup - Document architecture and restore procedures - Configure Caddy reverse proxy and Docker Compose for service management - Establish secrets management guidelines
33 lines
894 B
Markdown
33 lines
894 B
Markdown
# Architecture
|
|
|
|
## Model
|
|
|
|
- VPS is public edge (Caddy + VPN client).
|
|
- Homelab hosts internal application stacks.
|
|
- Traffic path: Internet -> VPS Caddy -> VPN -> homelab service.
|
|
|
|
## State Conventions
|
|
|
|
- `/srv/ops` cloned repo
|
|
- `/srv/secrets` decrypted runtime secrets (not committed)
|
|
- `/srv/data/<stack>` persistent bind mounts
|
|
- `/srv/backups` backup artifacts
|
|
|
|
## Deployment Order
|
|
|
|
1. Edge bootstrap on VPS
|
|
2. Homelab bootstrap
|
|
3. Bring up proxy/network dependencies
|
|
4. Bring up core stacks (gitea, db)
|
|
5. Bring up secondary stacks (kuma, apps)
|
|
|
|
## Bootstrap Paradox Mitigation
|
|
|
|
Because ops is hosted on Gitea inside the homelab, bootstrap uses three repo sources:
|
|
|
|
1. Primary Gitea repo
|
|
2. Optional fallback mirror (secondary git host)
|
|
3. Local git bundle backup (`/srv/backups/ops/latest/ops.bundle`)
|
|
|
|
Nightly backups include both full Gitea backups and standalone repo exports/bundles.
|