# AGENTS.md

> [!NOTE]
> **Infrapuzzle** is the monorepo for my personal infrastructure, encompassing Kubernetes cluster provisioning, workload deployment, DNS management, and IoT monitoring.

## Repository Structure & Documentation
This repository is divided into distinct domains, each with its own `AGENTS.md` or specialized documentation.

### 1. [Bootstrap](./bootstrap/AGENTS.md) (`bootstrap/`)
*   **Purpose**: Provisioning the single-node Kubernetes cluster (Haumdaucher).
*   **Tool**: Kubespray (Ansible).
*   **Key File**: `init.sh` (Source of Truth for versioning).
*   **Read**: [bootstrap/AGENTS.md](./bootstrap/AGENTS.md)

### 2. [Kubernetes Workloads](./k8s/AGENTS.md) (`k8s/`)
*   **Purpose**: Deploying applications and services to the cluster.
*   **Method**: GitOps-style directory structure (Namespace = Folder).
*   **Constraints**: Enforces `ingress-nginx`, `cert-manager` (Let's Encrypt), and `git-crypt` for secrets.
*   **Read**: [k8s/AGENTS.md](./k8s/AGENTS.md)

### 3. Terraform (`terraform/`)
*   **Purpose**: Infrastructure as Code for external resources, primarily **DNS**.
*   **Provider**: OVH (`ovh/ovh`).
*   **Scope**:
    *   **DNS Zones**: `haumdaucher.de`, `moritzgraf.de`, `ameliegraf.de`, and others.
    *   **Mail Config**: Google Workspace MX/SPF/DKIM records.
    *   **Cluster IP**: Points domains to the Haumdaucher node IP (`136.243.23.215`).
*   **Usage**:
    ```bash
    cd terraform
    terraform init
    terraform apply
    ```

### 4. Monitoring (`monitoring/`)
*   **Purpose**: IoT and physical device monitoring, separate from K8s metrics.
*   **Tool**: [ESPHome](https://esphome.io).
*   **Devices**: Temperature sensors, plant monitors (Xiaomi/BLE), ESP32 bridges.
*   **Usage**:
    ```bash
    cd monitoring
    # Flash or update a device
    esphome run config/<device>.secret.yml
    ```
*   **Network**: Devices typically operate on static IPs in the `192.168.x.x` range.

## Global Constraints
*   **Secrets**: `git-crypt` is used extensively. Ensure you have the unlock key before editing `*.secret` files.
*   **Identity**:
    *   **Cluster**: `haumdaucher`
    *   **Primary Domain**: `haumdaucher.de`
    *   **User Identity**: `moritzgraf.de`