619 lines
15 KiB
XML
619 lines
15 KiB
XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||
<svg
|
||
width="1600"
|
||
height="980"
|
||
viewBox="0 0 1600 980"
|
||
version="1.1"
|
||
id="svg66"
|
||
sodipodi:docname="diagram.svg"
|
||
inkscape:version="1.3-alpha (95f74fb, 2023-03-31)"
|
||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||
xmlns="http://www.w3.org/2000/svg"
|
||
xmlns:svg="http://www.w3.org/2000/svg">
|
||
<sodipodi:namedview
|
||
id="namedview66"
|
||
pagecolor="#ffffff"
|
||
bordercolor="#000000"
|
||
borderopacity="0.25"
|
||
inkscape:showpageshadow="2"
|
||
inkscape:pageopacity="0.0"
|
||
inkscape:pagecheckerboard="0"
|
||
inkscape:deskcolor="#d1d1d1"
|
||
inkscape:zoom="0.82625"
|
||
inkscape:cx="1002.118"
|
||
inkscape:cy="617.85174"
|
||
inkscape:window-width="1472"
|
||
inkscape:window-height="1022"
|
||
inkscape:window-x="234"
|
||
inkscape:window-y="30"
|
||
inkscape:window-maximized="0"
|
||
inkscape:current-layer="svg66" />
|
||
<defs
|
||
id="defs1">
|
||
<marker
|
||
id="arrow"
|
||
viewBox="0 0 10 10"
|
||
refX="9.5"
|
||
refY="5"
|
||
markerWidth="8"
|
||
markerHeight="8"
|
||
orient="auto-start-reverse">
|
||
<path
|
||
d="M 0 0 L 10 5 L 0 10 z"
|
||
fill="#222"
|
||
id="path1" />
|
||
</marker>
|
||
<style
|
||
id="style1">
|
||
.title { font: 700 22px sans-serif; fill:#111; }
|
||
.h2 { font: 700 16px sans-serif; fill:#111; }
|
||
.txt { font: 13px sans-serif; fill:#111; }
|
||
.small { font: 12px sans-serif; fill:#111; }
|
||
.box { fill:#fafafa; stroke:#222; stroke-width:1.5; }
|
||
.zone { fill:#f3f3f3; stroke:#111; stroke-width:2; }
|
||
.note { fill:#fff; stroke:#666; stroke-width:1.2; }
|
||
.line { stroke:#222; stroke-width:2; fill:none; marker-end:url(#arrow); }
|
||
.dash { stroke:#222; stroke-width:2; fill:none; stroke-dasharray:7 6; marker-end:url(#arrow); }
|
||
</style>
|
||
</defs>
|
||
<!-- Header -->
|
||
<text
|
||
x="40"
|
||
y="45"
|
||
class="title"
|
||
id="text1">Archicratie – Web Edition : schéma global (Local Mac Studio vs NAS Synology DS220+)</text>
|
||
<text
|
||
x="40"
|
||
y="75"
|
||
class="small"
|
||
id="text2">Lecture : (1) utilisateur → DSM → Traefik/Authelia → site ; (2) dev → package → slot green/blue → switch Traefik (provider file) ; (3) proposer → issues → runner → labels.</text>
|
||
<!-- LOCAL ZONE -->
|
||
<rect
|
||
x="35"
|
||
y="110"
|
||
width="520"
|
||
height="820"
|
||
rx="18"
|
||
class="zone"
|
||
id="rect2" />
|
||
<text
|
||
x="60"
|
||
y="145"
|
||
class="h2"
|
||
id="text3">LOCAL — Mac Studio (atelier de dev)</text>
|
||
<rect
|
||
x="60"
|
||
y="175"
|
||
width="470"
|
||
height="95"
|
||
rx="12"
|
||
class="box"
|
||
id="rect3" />
|
||
<text
|
||
x="80"
|
||
y="205"
|
||
class="h2"
|
||
id="text4">Repo Astro (édition)</text>
|
||
<text
|
||
x="80"
|
||
y="230"
|
||
class="txt"
|
||
id="text5">• src/content/ (contenu web)</text>
|
||
<text
|
||
x="80"
|
||
y="250"
|
||
class="txt"
|
||
id="text6">• scripts tooling (anchors, import docx, apply-ticket)</text>
|
||
<rect
|
||
x="60"
|
||
y="295"
|
||
width="470"
|
||
height="80"
|
||
rx="12"
|
||
class="box"
|
||
id="rect6" />
|
||
<text
|
||
x="80"
|
||
y="325"
|
||
class="h2"
|
||
id="text7">Build statique</text>
|
||
<text
|
||
x="80"
|
||
y="350"
|
||
class="txt"
|
||
id="text8">npm run build → dist/ (site statique)</text>
|
||
<rect
|
||
x="60"
|
||
y="400"
|
||
width="470"
|
||
height="95"
|
||
rx="12"
|
||
class="box"
|
||
id="rect8" />
|
||
<text
|
||
x="80"
|
||
y="430"
|
||
class="h2"
|
||
id="text9">Release pack</text>
|
||
<text
|
||
x="80"
|
||
y="455"
|
||
class="txt"
|
||
id="text10">archive .tar.gz + .sha256</text>
|
||
<text
|
||
x="80"
|
||
y="475"
|
||
class="txt"
|
||
id="text11">destination NAS : /volume2/docker/archicratie-web/incoming/</text>
|
||
<rect
|
||
x="60"
|
||
y="520"
|
||
width="470"
|
||
height="120"
|
||
rx="12"
|
||
class="note"
|
||
id="rect11" />
|
||
<text
|
||
x="80"
|
||
y="550"
|
||
class="h2"
|
||
id="text12">Centre de vérité</text>
|
||
<text
|
||
x="80"
|
||
y="575"
|
||
class="txt"
|
||
id="text13">Tu commits/push vers Gitea (NAS) :</text>
|
||
<text
|
||
x="80"
|
||
y="598"
|
||
class="txt"
|
||
id="text14">• code + docs + diagrammes (SVG)</text>
|
||
<text
|
||
x="80"
|
||
y="621"
|
||
class="txt"
|
||
id="text15">• issues = backlog éditorial</text>
|
||
<!-- NAS ZONE -->
|
||
<rect
|
||
x="590"
|
||
y="110"
|
||
width="975"
|
||
height="820"
|
||
rx="18"
|
||
class="zone"
|
||
id="rect15" />
|
||
<text
|
||
x="615"
|
||
y="145"
|
||
class="h2"
|
||
id="text16">DISTANT — NAS Synology DS220+ (DSM + Container Manager)</text>
|
||
<!-- USERS -->
|
||
<rect
|
||
x="615"
|
||
y="175"
|
||
width="275"
|
||
height="90"
|
||
rx="12"
|
||
class="box"
|
||
id="rect16" />
|
||
<text
|
||
x="635"
|
||
y="205"
|
||
class="h2"
|
||
id="text17">Utilisateurs (web)</text>
|
||
<text
|
||
x="635"
|
||
y="230"
|
||
class="txt"
|
||
id="text18">• visiteurs</text>
|
||
<text
|
||
x="635"
|
||
y="250"
|
||
class="txt"
|
||
id="text19">• éditeurs (accès protégé)</text>
|
||
<!-- DSM Reverse Proxy -->
|
||
<rect
|
||
x="920"
|
||
y="175"
|
||
width="615"
|
||
height="90"
|
||
rx="12"
|
||
class="box"
|
||
id="rect19" />
|
||
<text
|
||
x="945"
|
||
y="205"
|
||
class="h2"
|
||
id="text20">DSM Reverse Proxy (HTTPS public → Traefik)</text>
|
||
<text
|
||
x="945"
|
||
y="230"
|
||
class="txt"
|
||
id="text21">• pointe vers 127.0.0.1:18080 (Traefik edge)</text>
|
||
<text
|
||
x="945"
|
||
y="252"
|
||
class="txt"
|
||
id="text22">• bascule/rollback = switch Traefik (reload) ; DSM reste stable</text>
|
||
<!-- Edge Traefik -->
|
||
<rect
|
||
x="920"
|
||
y="295"
|
||
width="615"
|
||
height="110"
|
||
rx="12"
|
||
class="box"
|
||
id="rect22" />
|
||
<text
|
||
x="945"
|
||
y="325"
|
||
class="h2"
|
||
id="text23">Traefik (edge) — écoute 127.0.0.1:18080</text>
|
||
<text
|
||
x="945"
|
||
y="350"
|
||
class="txt"
|
||
id="text24">• entrée unique derrière DSM</text>
|
||
<text
|
||
x="945"
|
||
y="372"
|
||
class="txt"
|
||
id="text25">• middlewares : sanitize-remote + forward-auth Authelia</text>
|
||
<text
|
||
x="945"
|
||
y="394"
|
||
class="txt"
|
||
id="text26">• un seul backend site actif (blue OU green) via 20-archicratie-backend.yml</text>
|
||
<!-- Auth Stack -->
|
||
<rect
|
||
x="615"
|
||
y="310"
|
||
width="275"
|
||
height="250"
|
||
rx="12"
|
||
class="box"
|
||
id="rect26" />
|
||
<text
|
||
x="635"
|
||
y="340"
|
||
class="h2"
|
||
id="text27">Auth stack</text>
|
||
<text
|
||
x="635"
|
||
y="365"
|
||
class="txt"
|
||
id="text28">Authelia</text>
|
||
<text
|
||
x="635"
|
||
y="387"
|
||
class="small"
|
||
id="text29">• forward-auth : /api/authz/forward-auth</text>
|
||
<text
|
||
x="635"
|
||
y="415"
|
||
class="txt"
|
||
id="text30">LLDAP</text>
|
||
<text
|
||
x="635"
|
||
y="438"
|
||
class="small"
|
||
id="text31">• annuaire LDAP “source of truth”</text>
|
||
<text
|
||
x="635"
|
||
y="466"
|
||
class="txt"
|
||
id="text32">Redis</text>
|
||
<text
|
||
x="635"
|
||
y="489"
|
||
class="small"
|
||
id="text33">• sessions / cache (selon config)</text>
|
||
<text
|
||
x="635"
|
||
y="525"
|
||
class="small"
|
||
id="text34"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan68"
|
||
x="635"
|
||
y="525">Objectif : SSO/MFA + anti lock-out</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan69"
|
||
x="635"
|
||
y="540">déploiement progressif)</tspan></text>
|
||
<!-- Web Blue/Green -->
|
||
<rect
|
||
x="920"
|
||
y="435"
|
||
width="300"
|
||
height="135"
|
||
rx="12"
|
||
class="box"
|
||
id="rect34" />
|
||
<text
|
||
x="945"
|
||
y="465"
|
||
class="h2"
|
||
id="text35">web_blue (slot A)</text>
|
||
<text
|
||
x="945"
|
||
y="490"
|
||
class="txt"
|
||
id="text36">127.0.0.1:8081 → container:80</text>
|
||
<text
|
||
x="945"
|
||
y="515"
|
||
class="txt"
|
||
id="text37">sert dist/ (Nginx/HTTP)</text>
|
||
<text
|
||
x="945"
|
||
y="540"
|
||
class="small"
|
||
id="text38">ne jamais modifier si LIVE</text>
|
||
<rect
|
||
x="1235"
|
||
y="435"
|
||
width="300"
|
||
height="135"
|
||
rx="12"
|
||
class="box"
|
||
id="rect38" />
|
||
<text
|
||
x="1260"
|
||
y="465"
|
||
class="h2"
|
||
id="text39">web_green (slot B)</text>
|
||
<text
|
||
x="1260"
|
||
y="490"
|
||
class="txt"
|
||
id="text40">127.0.0.1:8082 → container:80</text>
|
||
<text
|
||
x="1260"
|
||
y="515"
|
||
class="txt"
|
||
id="text41">sert dist/ (Nginx/HTTP)</text>
|
||
<text
|
||
x="1260"
|
||
y="540"
|
||
class="small"
|
||
id="text42">slot “next” (staging)</text>
|
||
<!-- Switch script -->
|
||
<rect
|
||
x="847.41852"
|
||
y="587.45636"
|
||
width="691.17664"
|
||
height="69.928497"
|
||
rx="13.486373"
|
||
class="note"
|
||
id="rect42" />
|
||
<text
|
||
x="932.38275"
|
||
y="617.42059"
|
||
class="txt"
|
||
id="text43"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan67"
|
||
x="932.38275"
|
||
y="617.42059">switch-archicratie.sh : bascule blue/green en réécrivant 20-archicratie-backend.yml</tspan><tspan
|
||
sodipodi:role="line"
|
||
x="932.38275"
|
||
y="633.67059"
|
||
id="tspan3">puis reload Traefik (provider file)</tspan></text>
|
||
<!-- Gitea -->
|
||
<rect
|
||
x="615"
|
||
y="690"
|
||
width="520"
|
||
height="160"
|
||
rx="12"
|
||
class="box"
|
||
id="rect43" />
|
||
<text
|
||
x="635"
|
||
y="720"
|
||
class="h2"
|
||
id="text44"
|
||
style="font-style:normal;font-variant:normal;font-weight:700;font-stretch:normal;font-size:16px;line-height:normal;font-family:sans-serif">Gitea (forge web + API)</text>
|
||
<text
|
||
x="635"
|
||
y="745"
|
||
class="txt"
|
||
id="text45"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif">• repo = centre de vérité</text>
|
||
<text
|
||
x="635"
|
||
y="768"
|
||
class="txt"
|
||
id="text46"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif">• issues = backlog</text>
|
||
<text
|
||
x="635"
|
||
y="791"
|
||
class="txt"
|
||
id="text47"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif">• labels = tri natif (type/state/cat)</text>
|
||
<text
|
||
x="635"
|
||
y="814"
|
||
class="small"
|
||
id="text48"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif">Note : parfois laissé sans forward-auth (runner/accès API) selon réglage</text>
|
||
<!-- Runner -->
|
||
<rect
|
||
x="1160"
|
||
y="690"
|
||
width="375"
|
||
height="170"
|
||
rx="12"
|
||
class="box"
|
||
id="rect48" />
|
||
<text
|
||
x="1185"
|
||
y="720"
|
||
class="h2"
|
||
id="text49">Gitea Actions Runner (act_runner)</text>
|
||
<text
|
||
x="1185"
|
||
y="745"
|
||
class="txt"
|
||
id="text50">• exécute les workflows</text>
|
||
<text
|
||
x="1185"
|
||
y="768"
|
||
class="txt"
|
||
id="text51">• doit monter /var/run/docker.sock</text>
|
||
<text
|
||
x="1185"
|
||
y="791"
|
||
class="txt"
|
||
id="text52">• jobs en conteneur (ex : python:3.12-slim)</text>
|
||
<text
|
||
x="1185"
|
||
y="814"
|
||
class="small"
|
||
id="text53"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan78"
|
||
x="1185"
|
||
y="814">• applique labels via API avec PAT (FORGE_TOKEN)</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan79"
|
||
x="1185"
|
||
y="829">— sinon 401</tspan></text>
|
||
<!-- Connections -->
|
||
<!-- User -> DSM -->
|
||
<path
|
||
d="M 890 220 L 920 220"
|
||
class="line"
|
||
id="path53" />
|
||
<!-- DSM -> Traefik -->
|
||
<path
|
||
d="M 1225 265 L 1225 295"
|
||
class="line"
|
||
id="path54" />
|
||
<!-- Traefik -> Web (one active) -->
|
||
<path
|
||
d="M 1100 405 L 1070 435"
|
||
class="dash"
|
||
id="path55" />
|
||
<path
|
||
d="M 1355 405 L 1385 435"
|
||
class="dash"
|
||
id="path56" />
|
||
<!-- Traefik -> Auth -->
|
||
<path
|
||
d="M 920 350 L 890 350"
|
||
class="line"
|
||
id="path57" />
|
||
<!-- DSM -> Gitea (via router / host rules) -->
|
||
<path
|
||
d="M 917.44325,255.3177 883.05597,688.03328"
|
||
class="dash"
|
||
id="path58"
|
||
sodipodi:nodetypes="cc" />
|
||
<!-- Gitea -> Runner -->
|
||
<path
|
||
d="M 1135 710 L 1160 750"
|
||
class="line"
|
||
id="path59" />
|
||
<!-- Runner -> Gitea API -->
|
||
<path
|
||
d="M 1160 805 L 1135 740"
|
||
class="dash"
|
||
id="path60" />
|
||
<!-- Local -> NAS incoming -->
|
||
<path
|
||
d="M 530 448 L 615 448"
|
||
class="line"
|
||
id="path61" />
|
||
<!-- Legend -->
|
||
<rect
|
||
x="60"
|
||
y="670"
|
||
width="470"
|
||
height="245"
|
||
rx="12"
|
||
class="note"
|
||
id="rect61" />
|
||
<text
|
||
x="80"
|
||
y="700"
|
||
class="h2"
|
||
id="text61">Légende / invariants (ce qui casse “pour de vrai”)</text>
|
||
<text
|
||
x="80"
|
||
y="725"
|
||
class="txt"
|
||
id="text62"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan70"
|
||
x="80"
|
||
y="725">• Prod safe : on ne touche jamais au slot LIVE ;</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan71"
|
||
x="80"
|
||
y="741.25">build/test sur l’autre ; switch Traefik ; DSM ne change pas.</tspan></text>
|
||
<text
|
||
x="80"
|
||
y="768"
|
||
class="txt"
|
||
id="text63"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan76"
|
||
x="80"
|
||
y="768">• Runner : sans docker.sock → aucun job ;</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan77"
|
||
x="80"
|
||
y="784.40051">sans FORGE_TOKEN → 401 (labels).</tspan></text>
|
||
<text
|
||
x="80"
|
||
y="811"
|
||
class="txt"
|
||
id="text64"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan74"
|
||
x="80"
|
||
y="811">• Edge : Traefik :18080 derrière DSM ; sanitize-remote</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan75"
|
||
x="80"
|
||
y="827.25">+ forward-auth Authelia.</tspan></text>
|
||
<text
|
||
x="80"
|
||
y="854"
|
||
class="txt"
|
||
id="text65"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan1"
|
||
x="80"
|
||
y="854">• Blue/green : 8081/8082 ; Traefik décide le LIVE</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan2"
|
||
x="80"
|
||
y="870.25">(DSM pointe toujours sur :18080).</tspan></text>
|
||
<text
|
||
x="80"
|
||
y="891"
|
||
class="small"
|
||
id="text66"
|
||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif"><tspan
|
||
sodipodi:role="line"
|
||
id="tspan72"
|
||
x="80"
|
||
y="891">Astuce : exporte en PNG/PDF pour lecture “grand public”,</tspan><tspan
|
||
sodipodi:role="line"
|
||
id="tspan73"
|
||
x="80"
|
||
y="906">garde SVG comme source éditable.</tspan></text>
|
||
</svg>
|