d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

docs(gov-portals): Gitea-only forge policy; clarify GitHub as non-canonical

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
2026-05-12 15:32:41 -07:00
parent bebea622fe
commit 4c32c0cd60
3 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md
View File

@@ -4,6 +4,7 @@ This document ties together **Gitea repos**, the **gov-portals-monorepo** umbrel
## North star
- **Forge policy (Gitea-only):** `Gov_Web_Portals/*` repos and the monorepo use **only Gitea** as authoritative remote — no GitHub `origin` for those trees. **`d-bis/proxmox`** uses **`gitea`** as canonical for pushes; a GitHub remote may exist only as a **non-authoritative** mirror. See [GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md](./GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md).
- **Authoritative application code** for each portal lives in its **Gitea repo** under `Gov_Web_Portals/` (DBIS, ICCC, OMNL, XOM), with **`main`** as the integration branch unless you have agreed otherwise.
- **Integration / shared layout** lives in **`Gov_Web_Portals/gov-portals-monorepo`** (workspace + `packages/shared`). Portal repos use `workspace:*` for `@public-web-portals/shared`, so **CI that runs `pnpm install` in the portal repo alone is insufficient** unless you vendor shared — the recommended Actions flow clones the monorepo and **overlays** the pushed portal tree (see templates below).
- **Live runtime** for the xom-dev stack is **LXC 7804** (`IP_GOV_PORTALS_DEV`, default `192.168.11.54`) with systemd units `gov-portal-DBIS``gov-portal-XOM` on ports **30013004**. Public hostnames are documented in [GOV_PORTALS_XOM_DEV_DEPLOYMENT.md](./GOV_PORTALS_XOM_DEV_DEPLOYMENT.md).

28
docs/04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md Normal file
View File

@@ -0,0 +1,28 @@
# Gov portals and proxmox — directory, remotes, VMID, FQDN
Operator-oriented map for the **Gov Web Portals** monorepo, its **Gitea portal repos**, and the **proxmox** orchestration repo used for Phoenix CD.
## Source of truth: Gitea-only
- **`Gov_Web_Portals/*`** (monorepo + DBIS / ICCC / OMNL / XOM): **Gitea is the only authoritative forge.** Do not add a `github.com` `origin` for these repos; CI clones and submodule URLs should use **`https://gitea.d-bis.org/...`** (with token auth where required).
- **`d-bis/proxmox`**: **Canonical remote is `gitea`** (`https://gitea.d-bis.org/d-bis/proxmox.git`). A **`github.com`** remote may still exist as an **optional mirror or archive**; it is **not** the operator source of truth for pushes, Phoenix deploy wiring, or submodule pins. Prefer **`git push gitea main`** / **`git push gitea master`** for changes that must land on the LAN automation path.
| Project directory (typical) | Gitea repo | GitHub (non-canonical / optional) | VMID | FQDN (primary / dev) |
|------------------------------|------------|-------------------------------------|------|----------------------|
| `/home/intlc/projects/proxmox` | [`d-bis/proxmox`](https://gitea.d-bis.org/d-bis/proxmox) | Optional mirror: [`Order-of-Hospitallers/proxmox-cp`](https://github.com/Order-of-Hospitallers/proxmox-cp) — **do not use as SoT** | **—** (orchestration tree; targets many CTs/VMs) | **—** (no single app FQDN; forge: [`gitea.d-bis.org`](https://gitea.d-bis.org/d-bis/proxmox)) |
| `/srv/projects/proxmox` (Phoenix dev VM **5700**) | same as above | same | **5700** (Phoenix deploy API + Gitea runner host) | Dev / forge context: [`dev.d-bis.org`](https://dev.d-bis.org), [`gitea.d-bis.org`](https://gitea.d-bis.org); Phoenix deploy API is usually **LAN** `http://192.168.11.59:4001` (see [`DEV_VM_SSH_REMOTE_ACCESS.md`](DEV_VM_SSH_REMOTE_ACCESS.md)) |
| `/home/intlc/projects/gov-portals-monorepo` | [`Gov_Web_Portals/gov-portals-monorepo`](https://gitea.d-bis.org/Gov_Web_Portals/gov-portals-monorepo) — **set `origin` to this URL**; remove or rename extra remotes (e.g. `d-bis/gov-portals-monorepo`) if they confuse pushes | **—** (Gitea-only) | **7804** (LXC `gov-portals-dev` @ `192.168.11.54`) | **—** (monorepo has no single public hostname; portals below) |
| `…/gov-portals-monorepo/DBIS` | [`Gov_Web_Portals/DBIS`](https://gitea.d-bis.org/Gov_Web_Portals/DBIS) | **—** (Gitea-only) | **7804** | Public: [`https://d-bis.org/`](https://d-bis.org/) (and related `dbis-admin.d-bis.org`, `secure.d-bis.org` per [FQDN_EXPECTED_CONTENT.md](FQDN_EXPECTED_CONTENT.md)); dev: [`https://dbis.xom-dev.phoenix.sankofa.nexus/`](https://dbis.xom-dev.phoenix.sankofa.nexus/) |
| `…/gov-portals-monorepo/ICCC` | [`Gov_Web_Portals/ICCC`](https://gitea.d-bis.org/Gov_Web_Portals/ICCC) | **—** (Gitea-only) | **7804** | Dev: [`https://iccc.xom-dev.phoenix.sankofa.nexus/`](https://iccc.xom-dev.phoenix.sankofa.nexus/) |
| `…/gov-portals-monorepo/OMNL` | [`Gov_Web_Portals/OMNL`](https://gitea.d-bis.org/Gov_Web_Portals/OMNL) | **—** (Gitea-only) | **7804** | Dev: [`https://omnl.xom-dev.phoenix.sankofa.nexus/`](https://omnl.xom-dev.phoenix.sankofa.nexus/) |
| `…/gov-portals-monorepo/XOM` | [`Gov_Web_Portals/XOM`](https://gitea.d-bis.org/Gov_Web_Portals/XOM) | **—** (Gitea-only) | **7804** | Dev: [`https://xom.xom-dev.phoenix.sankofa.nexus/`](https://xom.xom-dev.phoenix.sankofa.nexus/) |
## Notes
- **VMID 7804** and xom-dev DNS/NPM are documented in [GOV_PORTALS_XOM_DEV_DEPLOYMENT.md](GOV_PORTALS_XOM_DEV_DEPLOYMENT.md).
- **DBIS** production vs **xom-dev** hostnames differ; Phoenix `deploy-targets.json` healthchecks use **`https://d-bis.org/.well-known/trust.json`** (DBIS) and **xom-dev** HTTPS roots for ICCC/OMNL/XOM.
- **Submodules** URLs are defined in the **`gov-portals-monorepo`** checkout (see that repos **`.gitmodules`** at repo root).
## Doc index
Listed in [MASTER_INDEX.md](../MASTER_INDEX.md) under configuration / Gov portals.

1
docs/MASTER_INDEX.md
View File

@@ -30,6 +30,7 @@
| **Gitea TLS expiry check** | `bash scripts/verify/check-gitea-certificate-expiry.sh` — warns before `gitea.d-bis.org` cert expiry blocks HTTPS pushes |
| **Gitea TLS expiry cron** | `bash scripts/maintenance/schedule-gitea-cert-check-cron.sh --install` — installs a daily warning check with `WARN_DAYS=30` |
| **Gitea repo ↔ VM CI/CD matrix** | [04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md) — per-repo workflows, Phoenix deploy targets, templates under `config/gitea-workflow-templates/`; gov portals live paths: [GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md](04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md) |
| **Gov portals: directory, Gitea/GitHub, VMID, FQDN** | [04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md](04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md) — one table for proxmox, `gov-portals-monorepo`, and DBIS/ICCC/OMNL/XOM submodules |
| **Gitea CD operator checklist** | [00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](00-meta/GITEA_CD_OPERATOR_CHECKLIST.md) — secrets, Phoenix host sync, `report-gitea-cd-parity.sh` |
| **TsunamiSwap DEX plan** | [00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md](00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md) — canonical TsunamiSwap VM `5010` plan, current DEX link, and publish checklist |
| **Required / optional / recommended (full plan)** | [00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) |