Infrastructure¶
The bottom-up view of what physically and logically underlies our 32 apps.
Read this before the app docs — every app sits on this foundation. If you understand the cloud accounts, the VPSes, the network and the reverse proxies, you understand how a change ripples.
Layers¶
The infrastructure stack from "lowest level" (what we rent) to "highest" (what serves user requests):
| Layer | Doc | What it covers |
|---|---|---|
| 0. Cloud accounts & VPS providers | cloud-accounts.md | OCI tenancies, Hetzner / DigitalOcean / Linode / etc. accounts, who pays, who has root |
| 1. Servers (VPSes / VMs / ADBs) | servers.md | Every individual machine: hostname, IP, specs, role, OS |
| 2. Network | network.md | Wireguard topology, internal subnets, VLANs, routing |
| 3. Reverse proxies & ingress | proxies.md | Which proxy fronts which apps, on which servers |
| 4. TLS certificates | tls.md | Cert sources, renewal, wildcard vs per-host |
| 5. Backups | backups.md | What's backed up, where, and whether it's been restored |
| 6. Domains & DNS | ../overview/domains.md | Domain registry — already documented |
| 7. Apps | ../apps/ | The 32 services that ride on top |
| Known issues | known-issues.md | 41 active operational risks and recent incidents |
| Runbooks | runbooks/ | Step-by-step recovery procedures (RB-001..RB-003) |
Cross-references¶
shared-infra.md— the logical dependency map (Authentik, Vault, etc.). Thisinfra/directory is the physical one.landscape.md— leadership view.domains.md— DNS / registrar / TLS strategy.
Filling order¶
- Cloud accounts — what providers, what tenancies, who has root.
- Servers — every VPS / VM / ADB inventoried.
- Network — Wireguard server, subnets.
- Proxies — which proxy on which server, fronts which apps.
- TLS — cert source per host.
- Then circle back to the app docs and link each one to the server it runs on.