# near-intents-monitor platform repo

This repository is the **shared platform/infrastructure** repo for the Hetzner + k3s cluster.

The `unrip` application now lives in its own separate repository.

## Repo layout

```text
infra/
  terraform/
    hetzner/
scripts/
  hetzner/
deploy/
  hetzner/
  k8s/
    platform/
    overlays/
      hetzner-single-node/
```

## Shared platform at repo root

Shared/root-owned parts include:
- Hetzner Terraform
- cloud-init + bootstrap scripts
- cluster/platform Kubernetes manifests
- Forgejo
- Forgejo runner
- registry
- cert-manager
- Traefik integration
- Grafana
- Loki
- Promtail
- Headlamp
- shared operator docs and runbooks

## Application repo: `unrip`

The trading-system code and project-specific deployment assets were split into a separate `unrip` repository.
That repo now owns the app source, Docker build, local compose setup, app manifests, and project docs.

## Canonical production path

The canonical production path is the repo-driven Hetzner + k3s bootstrap flow.

```bash
cp scripts/hetzner/bootstrap-secrets.env.example scripts/hetzner/bootstrap-secrets.env
source scripts/hetzner/bootstrap-secrets.env
bash scripts/hetzner/bootstrap.sh
```

Bootstrap now:
1. provisions/updates Hetzner infra with Terraform
2. optionally manages DNS through Cloudflare or Porkbun
3. fetches kubeconfig from the node into `.state/hetzner/kubeconfig.yaml`
4. renders `.state/hetzner/generated-overlay/`
5. applies the shared platform manifests and shared/generated secrets
6. bootstraps Forgejo admin, runner, repo, and Actions config
7. seeds this infra repo into Forgejo

## Runtime surfaces

- Forgejo: `https://git.doran.133011.xyz/`
- Registry: `https://registry.doran.133011.xyz/`
- Grafana: `https://grafana.doran.133011.xyz/`
- Headlamp: `https://headlamp.doran.133011.xyz/`


## Operator docs

Current operator/platform docs:
- `docs/hetzner-k3s-bootstrap.md`
- `docs/hetzner-self-hosted-ci-runbook.md`
- `docs/k8s-observability.md`
- `docs/hetzner-rebuild-pipeline.md`
- `deploy/hetzner/README.md`
- `deploy/k8s/README.md`
- `deploy/k8s/overlays/hetzner-single-node/README.md`

## Notes

- Ingress is Traefik-based. The old ingress-nginx path is obsolete.
- Grafana is for historical log search.
- Headlamp is for cluster/pod browsing and pod logs.
- Use `pass`-backed `*_PASS` values for secrets whenever possible.