From 1536974fcc63a73f187886534761e7b83acb80b3 Mon Sep 17 00:00:00 2001 From: Fredrick Amnehagen Date: Fri, 6 Feb 2026 08:27:29 +0100 Subject: [PATCH] docs: standardize recommended workflow in readme --- README.md | 34 +++++++--------------------------- 1 file changed, 7 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 4160a98..796bda1 100644 --- a/README.md +++ b/README.md @@ -34,40 +34,20 @@ export INFRA_CONFIG=$(pwd)/config.yaml ## Common Workflows -### Provisioning a New Service +### Official Recommended Flow 1. **Find an IP:** `infra ip next-free` -2. **Create Database:** `infra db provision "project-name"` -3. **Provision LXC:** `infra proxmox create-lxc 12345 debian-13 "project-host" "10.32.70.x/16" "10.32.0.1" --node la-vmh-12` -4. **Setup DNS:** `infra dns add-host 10.32.70.x "project-host"` -5. **Expose Ingress:** `infra ingress add "project.loopaware.com" 10.32.70.x 80` +2. **Create Database:** `infra db provision "my-project"` +3. **Provision LXC:** `infra proxmox create-lxc 12xxx debian-13 "my-host" "10.32.70.x/16" "10.32.0.1" --node la-vmh-12` +4. **Setup DNS:** `infra dns add-host 10.32.70.x "my-host"` +5. **Update SSL:** `infra cert renew` +6. **Expose Ingress:** `infra ingress add "my-project.loopaware.com" 10.32.70.x 80` ### Full Decommission Clean up every trace of a service in one command: ```bash -infra decommission --domain project.loopaware.com --mac --vmid 12345 --node la-vmh-12 --port-name project_udp +infra decommission --domain my-project.loopaware.com --mac --vmid 12xxx --node la-vmh-12 ``` -### 4. Certificates (Let's Encrypt) -The infrastructure uses a consolidated SAN (Subject Alternative Name) strategy to optimize Let's Encrypt rate limits. - -- **`loopaware.com.pem`**: Wildcard cert for all public services. -- **`la-infra-san.pem`**: Consolidated SAN cert for all internal `*.fe.loopaware.com` hosts. - -The system automatically discovers new internal hosts and adds them to the SAN certificate nightly at 3:00 AM. - -```bash -# List all active certificates in shared storage -infra cert list - -# Check expiry date of the main wildcard cert -infra cert status - -# Manually trigger discovery and renewal (Rate-limit safe) -infra cert renew -``` - -### 5. Cloudflare DDNS - ## Safety & Validation - **Template Resolution:** The `debian-13` alias automatically finds the latest template on the target Proxmox node. - **Input Validation:** All IPs, MACs, and Ports are validated before execution.