philipp/doran
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
18 commits 1 branch 0 tags 490 KiB
Find a file
Philipp 20d9cffe42 Add ntfy utility service to cluster platform 
Proof: python3 test/ntfy_manifest_test.py; kubectl kustomize deploy/k8s/overlays/hetzner-single-node.

Assumptions: ntfy starts as an internal ClusterIP platform utility at http://ntfy.utility.svc.cluster.local; public or Tailscale exposure requires a later authenticated ingress decision.

Still fake: No public ntfy URL, auth policy, iOS subscription, webhook ingress, or durable ntfy cache volume is configured yet.
2026-04-16 00:22:12 +02:00
deploy Add ntfy utility service to cluster platform 2026-04-16 00:22:12 +02:00
docs refactor: isolate unrip project into projects folder 2026-03-29 14:33:19 +02:00
infra/terraform/hetzner fix: rename cluster node to doran-1 2026-03-30 17:46:16 +02:00
node_modules Initial commit through Cline Kanban 2026-03-28 13:04:10 +01:00
scripts fix: bootstrap standalone app repo on cluster rebuild 2026-03-30 17:57:49 +02:00
test Add ntfy utility service to cluster platform 2026-04-16 00:22:12 +02:00
.gitignore refactor: isolate unrip project into projects folder 2026-03-29 14:33:19 +02:00
README.md refactor: split unrip into separate repo 2026-03-30 17:39:20 +02:00

README.md

near-intents-monitor platform repo

This repository is the shared platform/infrastructure repo for the Hetzner + k3s cluster.

The unrip application now lives in its own separate repository.

Repo layout

infra/
  terraform/
    hetzner/
scripts/
  hetzner/
deploy/
  hetzner/
  k8s/
    platform/
    overlays/
      hetzner-single-node/

Shared platform at repo root

Shared/root-owned parts include:

  • Hetzner Terraform
  • cloud-init + bootstrap scripts
  • cluster/platform Kubernetes manifests
  • Forgejo
  • Forgejo runner
  • registry
  • cert-manager
  • Traefik integration
  • Grafana
  • Loki
  • Promtail
  • Headlamp
  • shared operator docs and runbooks

Application repo: unrip

The trading-system code and project-specific deployment assets were split into a separate unrip repository. That repo now owns the app source, Docker build, local compose setup, app manifests, and project docs.

Canonical production path

The canonical production path is the repo-driven Hetzner + k3s bootstrap flow.

cp scripts/hetzner/bootstrap-secrets.env.example scripts/hetzner/bootstrap-secrets.env
source scripts/hetzner/bootstrap-secrets.env
bash scripts/hetzner/bootstrap.sh

Bootstrap now:

  1. provisions/updates Hetzner infra with Terraform
  2. optionally manages DNS through Cloudflare or Porkbun
  3. fetches kubeconfig from the node into .state/hetzner/kubeconfig.yaml
  4. renders .state/hetzner/generated-overlay/
  5. applies the shared platform manifests and shared/generated secrets
  6. bootstraps Forgejo admin, runner, repo, and Actions config
  7. seeds this infra repo into Forgejo

Runtime surfaces

  • Forgejo: https://git.doran.133011.xyz/
  • Registry: https://registry.doran.133011.xyz/
  • Grafana: https://grafana.doran.133011.xyz/
  • Headlamp: https://headlamp.doran.133011.xyz/

Operator docs

Current operator/platform docs:

  • docs/hetzner-k3s-bootstrap.md
  • docs/hetzner-self-hosted-ci-runbook.md
  • docs/k8s-observability.md
  • docs/hetzner-rebuild-pipeline.md
  • deploy/hetzner/README.md
  • deploy/k8s/README.md
  • deploy/k8s/overlays/hetzner-single-node/README.md

Notes

  • Ingress is Traefik-based. The old ingress-nginx path is obsolete.
  • Grafana is for historical log search.
  • Headlamp is for cluster/pod browsing and pod logs.
  • Use pass-backed *_PASS values for secrets whenever possible.