# near-intents-monitor platform repo

This repository now serves two roles:

1. **shared platform/infrastructure** for the Hetzner + k3s cluster
2. the embedded **`unrip` project**, isolated under `projects/unrip/` so it can later become its own repository

## Repo layout

```text
infra/
  terraform/
    hetzner/
scripts/
  hetzner/
deploy/
  hetzner/
  k8s/
    platform/
    overlays/
      hetzner-single-node/
projects/
  unrip/
    src/
    package.json
    Dockerfile
    compose.yml
    deploy/
      k8s/
        base/
    docs/
```

## Shared platform at repo root

Shared/root-owned parts include:
- Hetzner Terraform
- cloud-init + bootstrap scripts
- cluster/platform Kubernetes manifests
- Forgejo
- Forgejo runner
- registry
- cert-manager
- Traefik integration
- Grafana
- Loki
- Promtail
- Headlamp
- shared operator docs and runbooks

## Embedded project: `unrip`

The trading-system code and project-specific deployment assets now live in:

- `projects/unrip/`

That directory contains:
- app source
- Node package files
- Docker build files
- local Compose setup
- project-specific Kubernetes manifests
- project-specific docs

Start there for project work:
- `projects/unrip/README.md`
- `projects/unrip/docs/contracts.md`
- `projects/unrip/docs/spec.md`

## Canonical production path

The canonical production path is the repo-driven Hetzner + k3s bootstrap flow.

```bash
cp scripts/hetzner/bootstrap-secrets.env.example scripts/hetzner/bootstrap-secrets.env
source scripts/hetzner/bootstrap-secrets.env
bash scripts/hetzner/bootstrap.sh
```

Bootstrap now:
1. provisions/updates Hetzner infra with Terraform
2. optionally manages DNS through Cloudflare or Porkbun
3. fetches kubeconfig from the node into `.state/hetzner/kubeconfig.yaml`
4. renders `.state/hetzner/generated-overlay/`
5. applies shared platform manifests plus the selected project manifests
6. bootstraps Forgejo admin, runner, repo, and Actions config
7. seeds this repo into Forgejo
8. lets Forgejo Actions perform the default image build + deploy path

## Runtime surfaces

- Forgejo: `https://git.doran.133011.xyz/`
- Registry: `https://registry.doran.133011.xyz/`
- Grafana: `https://grafana.doran.133011.xyz/`
- Headlamp: `https://headlamp.doran.133011.xyz/`

## Local project development

For the trading system itself:

```bash
cd projects/unrip
npm install
cp .env.example .env
# edit .env

docker compose up -d --build
```

## Operator docs

Current operator/platform docs:
- `docs/hetzner-k3s-bootstrap.md`
- `docs/hetzner-self-hosted-ci-runbook.md`
- `docs/k8s-observability.md`
- `docs/hetzner-rebuild-pipeline.md`
- `deploy/hetzner/README.md`
- `deploy/k8s/README.md`
- `deploy/k8s/overlays/hetzner-single-node/README.md`

## Notes

- Ingress is Traefik-based. The old ingress-nginx path is obsolete.
- Grafana is for historical log search.
- Headlamp is for cluster/pod browsing and pod logs.
- Use `pass`-backed `*_PASS` values for secrets whenever possible.