Archicratia/archicratie-edition
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8cbaa5117cf2aa4f2504e6a7312bd887d5079012
archicratie-edition/docs/diagrams/diagram.svg
Archicratia 78eb9cbb58
All checks were successful
CI / build-and-anchors (push) Successful in 1m46s
Details
SMOKE / smoke (push) Successful in 14s
Details
chore: add diagrams + scripts + archicrat-ia route
2026-02-20 18:27:25 +01:00

619 lines
15 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
width="1600"
height="980"
viewBox="0 0 1600 980"
version="1.1"
id="svg66"
sodipodi:docname="diagram.svg"
inkscape:version="1.3-alpha (95f74fb, 2023-03-31)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<sodipodi:namedview
id="namedview66"
pagecolor="#ffffff"
bordercolor="#000000"
borderopacity="0.25"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:zoom="0.82625"
inkscape:cx="1002.118"
inkscape:cy="617.85174"
inkscape:window-width="1472"
inkscape:window-height="1022"
inkscape:window-x="234"
inkscape:window-y="30"
inkscape:window-maximized="0"
inkscape:current-layer="svg66" />
<defs
id="defs1">
<marker
id="arrow"
viewBox="0 0 10 10"
refX="9.5"
refY="5"
markerWidth="8"
markerHeight="8"
orient="auto-start-reverse">
<path
d="M 0 0 L 10 5 L 0 10 z"
fill="#222"
id="path1" />
</marker>
<style
id="style1">
.title { font: 700 22px sans-serif; fill:#111; }
.h2 { font: 700 16px sans-serif; fill:#111; }
.txt { font: 13px sans-serif; fill:#111; }
.small { font: 12px sans-serif; fill:#111; }
.box { fill:#fafafa; stroke:#222; stroke-width:1.5; }
.zone { fill:#f3f3f3; stroke:#111; stroke-width:2; }
.note { fill:#fff; stroke:#666; stroke-width:1.2; }
.line { stroke:#222; stroke-width:2; fill:none; marker-end:url(#arrow); }
.dash { stroke:#222; stroke-width:2; fill:none; stroke-dasharray:7 6; marker-end:url(#arrow); }
</style>
</defs>
<!-- Header -->
<text
x="40"
y="45"
class="title"
id="text1">Archicratie Web Edition : schéma global (Local Mac Studio vs NAS Synology DS220+)</text>
<text
x="40"
y="75"
class="small"
id="text2">Lecture : (1) utilisateur → DSM → Traefik/Authelia → site ; (2) dev → package → slot green/blue → switch Traefik (provider file) ; (3) proposer → issues → runner → labels.</text>
<!-- LOCAL ZONE -->
<rect
x="35"
y="110"
width="520"
height="820"
rx="18"
class="zone"
id="rect2" />
<text
x="60"
y="145"
class="h2"
id="text3">LOCAL — Mac Studio (atelier de dev)</text>
<rect
x="60"
y="175"
width="470"
height="95"
rx="12"
class="box"
id="rect3" />
<text
x="80"
y="205"
class="h2"
id="text4">Repo Astro (édition)</text>
<text
x="80"
y="230"
class="txt"
id="text5">• src/content/ (contenu web)</text>
<text
x="80"
y="250"
class="txt"
id="text6">• scripts tooling (anchors, import docx, apply-ticket)</text>
<rect
x="60"
y="295"
width="470"
height="80"
rx="12"
class="box"
id="rect6" />
<text
x="80"
y="325"
class="h2"
id="text7">Build statique</text>
<text
x="80"
y="350"
class="txt"
id="text8">npm run build → dist/ (site statique)</text>
<rect
x="60"
y="400"
width="470"
height="95"
rx="12"
class="box"
id="rect8" />
<text
x="80"
y="430"
class="h2"
id="text9">Release pack</text>
<text
x="80"
y="455"
class="txt"
id="text10">archive .tar.gz + .sha256</text>
<text
x="80"
y="475"
class="txt"
id="text11">destination NAS : /volume2/docker/archicratie-web/incoming/</text>
<rect
x="60"
y="520"
width="470"
height="120"
rx="12"
class="note"
id="rect11" />
<text
x="80"
y="550"
class="h2"
id="text12">Centre de vérité</text>
<text
x="80"
y="575"
class="txt"
id="text13">Tu commits/push vers Gitea (NAS) :</text>
<text
x="80"
y="598"
class="txt"
id="text14">• code + docs + diagrammes (SVG)</text>
<text
x="80"
y="621"
class="txt"
id="text15">• issues = backlog éditorial</text>
<!-- NAS ZONE -->
<rect
x="590"
y="110"
width="975"
height="820"
rx="18"
class="zone"
id="rect15" />
<text
x="615"
y="145"
class="h2"
id="text16">DISTANT — NAS Synology DS220+ (DSM + Container Manager)</text>
<!-- USERS -->
<rect
x="615"
y="175"
width="275"
height="90"
rx="12"
class="box"
id="rect16" />
<text
x="635"
y="205"
class="h2"
id="text17">Utilisateurs (web)</text>
<text
x="635"
y="230"
class="txt"
id="text18">• visiteurs</text>
<text
x="635"
y="250"
class="txt"
id="text19">• éditeurs (accès protégé)</text>
<!-- DSM Reverse Proxy -->
<rect
x="920"
y="175"
width="615"
height="90"
rx="12"
class="box"
id="rect19" />
<text
x="945"
y="205"
class="h2"
id="text20">DSM Reverse Proxy (HTTPS public → Traefik)</text>
<text
x="945"
y="230"
class="txt"
id="text21">• pointe vers 127.0.0.1:18080 (Traefik edge)</text>
<text
x="945"
y="252"
class="txt"
id="text22">• bascule/rollback = switch Traefik (reload) ; DSM reste stable</text>
<!-- Edge Traefik -->
<rect
x="920"
y="295"
width="615"
height="110"
rx="12"
class="box"
id="rect22" />
<text
x="945"
y="325"
class="h2"
id="text23">Traefik (edge) — écoute 127.0.0.1:18080</text>
<text
x="945"
y="350"
class="txt"
id="text24">• entrée unique derrière DSM</text>
<text
x="945"
y="372"
class="txt"
id="text25">• middlewares : sanitize-remote + forward-auth Authelia</text>
<text
x="945"
y="394"
class="txt"
id="text26">• un seul backend site actif (blue OU green) via 20-archicratie-backend.yml</text>
<!-- Auth Stack -->
<rect
x="615"
y="310"
width="275"
height="250"
rx="12"
class="box"
id="rect26" />
<text
x="635"
y="340"
class="h2"
id="text27">Auth stack</text>
<text
x="635"
y="365"
class="txt"
id="text28">Authelia</text>
<text
x="635"
y="387"
class="small"
id="text29">• forward-auth : /api/authz/forward-auth</text>
<text
x="635"
y="415"
class="txt"
id="text30">LLDAP</text>
<text
x="635"
y="438"
class="small"
id="text31">• annuaire LDAP “source of truth”</text>
<text
x="635"
y="466"
class="txt"
id="text32">Redis</text>
<text
x="635"
y="489"
class="small"
id="text33">• sessions / cache (selon config)</text>
<text
x="635"
y="525"
class="small"
id="text34"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan68"
x="635"
y="525">Objectif : SSO/MFA + anti lock-out</tspan><tspan
sodipodi:role="line"
id="tspan69"
x="635"
y="540">déploiement progressif)</tspan></text>
<!-- Web Blue/Green -->
<rect
x="920"
y="435"
width="300"
height="135"
rx="12"
class="box"
id="rect34" />
<text
x="945"
y="465"
class="h2"
id="text35">web_blue (slot A)</text>
<text
x="945"
y="490"
class="txt"
id="text36">127.0.0.1:8081 → container:80</text>
<text
x="945"
y="515"
class="txt"
id="text37">sert dist/ (Nginx/HTTP)</text>
<text
x="945"
y="540"
class="small"
id="text38">ne jamais modifier si LIVE</text>
<rect
x="1235"
y="435"
width="300"
height="135"
rx="12"
class="box"
id="rect38" />
<text
x="1260"
y="465"
class="h2"
id="text39">web_green (slot B)</text>
<text
x="1260"
y="490"
class="txt"
id="text40">127.0.0.1:8082 → container:80</text>
<text
x="1260"
y="515"
class="txt"
id="text41">sert dist/ (Nginx/HTTP)</text>
<text
x="1260"
y="540"
class="small"
id="text42">slot “next” (staging)</text>
<!-- Switch script -->
<rect
x="847.41852"
y="587.45636"
width="691.17664"
height="69.928497"
rx="13.486373"
class="note"
id="rect42" />
<text
x="932.38275"
y="617.42059"
class="txt"
id="text43"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan67"
x="932.38275"
y="617.42059">switch-archicratie.sh : bascule blue/green en réécrivant 20-archicratie-backend.yml</tspan><tspan
sodipodi:role="line"
x="932.38275"
y="633.67059"
id="tspan3">puis reload Traefik (provider file)</tspan></text>
<!-- Gitea -->
<rect
x="615"
y="690"
width="520"
height="160"
rx="12"
class="box"
id="rect43" />
<text
x="635"
y="720"
class="h2"
id="text44"
style="font-style:normal;font-variant:normal;font-weight:700;font-stretch:normal;font-size:16px;line-height:normal;font-family:sans-serif">Gitea (forge web + API)</text>
<text
x="635"
y="745"
class="txt"
id="text45"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif">• repo = centre de vérité</text>
<text
x="635"
y="768"
class="txt"
id="text46"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif">• issues = backlog</text>
<text
x="635"
y="791"
class="txt"
id="text47"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif">• labels = tri natif (type/state/cat)</text>
<text
x="635"
y="814"
class="small"
id="text48"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif">Note : parfois laissé sans forward-auth (runner/accès API) selon réglage</text>
<!-- Runner -->
<rect
x="1160"
y="690"
width="375"
height="170"
rx="12"
class="box"
id="rect48" />
<text
x="1185"
y="720"
class="h2"
id="text49">Gitea Actions Runner (act_runner)</text>
<text
x="1185"
y="745"
class="txt"
id="text50">• exécute les workflows</text>
<text
x="1185"
y="768"
class="txt"
id="text51">• doit monter /var/run/docker.sock</text>
<text
x="1185"
y="791"
class="txt"
id="text52">• jobs en conteneur (ex : python:3.12-slim)</text>
<text
x="1185"
y="814"
class="small"
id="text53"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan78"
x="1185"
y="814">• applique labels via API avec PAT (FORGE_TOKEN)</tspan><tspan
sodipodi:role="line"
id="tspan79"
x="1185"
y="829">— sinon 401</tspan></text>
<!-- Connections -->
<!-- User -> DSM -->
<path
d="M 890 220 L 920 220"
class="line"
id="path53" />
<!-- DSM -> Traefik -->
<path
d="M 1225 265 L 1225 295"
class="line"
id="path54" />
<!-- Traefik -> Web (one active) -->
<path
d="M 1100 405 L 1070 435"
class="dash"
id="path55" />
<path
d="M 1355 405 L 1385 435"
class="dash"
id="path56" />
<!-- Traefik -> Auth -->
<path
d="M 920 350 L 890 350"
class="line"
id="path57" />
<!-- DSM -> Gitea (via router / host rules) -->
<path
d="M 917.44325,255.3177 883.05597,688.03328"
class="dash"
id="path58"
sodipodi:nodetypes="cc" />
<!-- Gitea -> Runner -->
<path
d="M 1135 710 L 1160 750"
class="line"
id="path59" />
<!-- Runner -> Gitea API -->
<path
d="M 1160 805 L 1135 740"
class="dash"
id="path60" />
<!-- Local -> NAS incoming -->
<path
d="M 530 448 L 615 448"
class="line"
id="path61" />
<!-- Legend -->
<rect
x="60"
y="670"
width="470"
height="245"
rx="12"
class="note"
id="rect61" />
<text
x="80"
y="700"
class="h2"
id="text61">Légende / invariants (ce qui casse “pour de vrai”)</text>
<text
x="80"
y="725"
class="txt"
id="text62"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan70"
x="80"
y="725">• Prod safe : on ne touche jamais au slot LIVE ;</tspan><tspan
sodipodi:role="line"
id="tspan71"
x="80"
y="741.25">build/test sur lautre ; switch Traefik ; DSM ne change pas.</tspan></text>
<text
x="80"
y="768"
class="txt"
id="text63"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan76"
x="80"
y="768">• Runner : sans docker.sock → aucun job ;</tspan><tspan
sodipodi:role="line"
id="tspan77"
x="80"
y="784.40051">sans FORGE_TOKEN → 401 (labels).</tspan></text>
<text
x="80"
y="811"
class="txt"
id="text64"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan74"
x="80"
y="811">• Edge : Traefik :18080 derrière DSM ; sanitize-remote</tspan><tspan
sodipodi:role="line"
id="tspan75"
x="80"
y="827.25">+ forward-auth Authelia.</tspan></text>
<text
x="80"
y="854"
class="txt"
id="text65"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan1"
x="80"
y="854">• Blue/green : 8081/8082 ; Traefik décide le LIVE</tspan><tspan
sodipodi:role="line"
id="tspan2"
x="80"
y="870.25">(DSM pointe toujours sur :18080).</tspan></text>
<text
x="80"
y="891"
class="small"
id="text66"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:sans-serif"><tspan
sodipodi:role="line"
id="tspan72"
x="80"
y="891">Astuce : exporte en PNG/PDF pour lecture “grand public”,</tspan><tspan
sodipodi:role="line"
id="tspan73"
x="80"
y="906">garde SVG comme source éditable.</tspan></text>
</svg>
Reference in New Issue View Git Blame Copy Permalink