fredrick/dynamic-infra-tooling
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: standardize recommended workflow in readme

Browse source
This commit is contained in:
Fredrick Amnehagen 2026-02-06 08:27:29 +01:00
parent 2123959fe8
commit 1536974fcc
1 changed files with 7 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

34
README.md
View file

@ -34,40 +34,20 @@ export INFRA_CONFIG=$(pwd)/config.yaml
## Common Workflows ## Common Workflows
### Provisioning a New Service ### Official Recommended Flow
1. **Find an IP:** `infra ip next-free` 1. **Find an IP:** `infra ip next-free`
2. **Create Database:** `infra db provision "project-name"` 2. **Create Database:** `infra db provision "my-project"`
3. **Provision LXC:** `infra proxmox create-lxc 12345 debian-13 "project-host" "10.32.70.x/16" "10.32.0.1" --node la-vmh-12` 3. **Provision LXC:** `infra proxmox create-lxc 12xxx debian-13 "my-host" "10.32.70.x/16" "10.32.0.1" --node la-vmh-12`
4. **Setup DNS:** `infra dns add-host <MAC> 10.32.70.x "project-host"` 4. **Setup DNS:** `infra dns add-host <MAC> 10.32.70.x "my-host"`
5. **Expose Ingress:** `infra ingress add "project.loopaware.com" 10.32.70.x 80` 5. **Update SSL:** `infra cert renew`
6. **Expose Ingress:** `infra ingress add "my-project.loopaware.com" 10.32.70.x 80`
### Full Decommission ### Full Decommission
Clean up every trace of a service in one command: Clean up every trace of a service in one command:
```bash ```bash
infra decommission --domain project.loopaware.com --mac <MAC> --vmid 12345 --node la-vmh-12 --port-name project_udp infra decommission --domain my-project.loopaware.com --mac <MAC> --vmid 12xxx --node la-vmh-12
``` ```
### 4. Certificates (Let's Encrypt)
The infrastructure uses a consolidated SAN (Subject Alternative Name) strategy to optimize Let's Encrypt rate limits.
- **`loopaware.com.pem`**: Wildcard cert for all public services.
- **`la-infra-san.pem`**: Consolidated SAN cert for all internal `*.fe.loopaware.com` hosts.
The system automatically discovers new internal hosts and adds them to the SAN certificate nightly at 3:00 AM.
```bash
# List all active certificates in shared storage
infra cert list
# Check expiry date of the main wildcard cert
infra cert status
# Manually trigger discovery and renewal (Rate-limit safe)
infra cert renew
```
### 5. Cloudflare DDNS
## Safety & Validation ## Safety & Validation
- **Template Resolution:** The `debian-13` alias automatically finds the latest template on the target Proxmox node. - **Template Resolution:** The `debian-13` alias automatically finds the latest template on the target Proxmox node.
- **Input Validation:** All IPs, MACs, and Ports are validated before execution. - **Input Validation:** All IPs, MACs, and Ports are validated before execution.