docs: rewrite README with structured overview and quick start guide

Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
2026-03-03 12:49:06 +00:00
parent c7be03a743
commit b4d60f2f38
219 changed files with 34586 additions and 2 deletions
--- a/terraform/storage.tf
+++ b/terraform/storage.tf
@@ -0,0 +1,98 @@
+# Storage Resources for Agathos Containers
+# Provisions Incus storage volumes and S3 buckets with access keys
+
+# Storage volume for Nextcloud data
+resource "incus_storage_volume" "nextcloud_data" {
+  name    = "nextcloud-data"
+  pool    = var.storage_pool
+  project = var.project_name
+
+  config = {
+    size = "100GB"
+  }
+}
+
+# S3 bucket for Lobechat file storage
+resource "incus_storage_bucket" "lobechat" {
+  name        = "lobechat"
+  pool        = var.storage_pool
+  project     = var.project_name
+  description = "Lobechat file storage bucket"
+}
+
+# Access key for Lobechat S3 bucket
+resource "incus_storage_bucket_key" "lobechat_key" {
+  name           = "lobechat-access"
+  pool           = incus_storage_bucket.lobechat.pool
+  storage_bucket = incus_storage_bucket.lobechat.name
+  project        = var.project_name
+  role           = "admin"
+}
+
+# S3 bucket for Casdoor file storage
+resource "incus_storage_bucket" "casdoor" {
+  name        = "casdoor"
+  pool        = var.storage_pool
+  project     = var.project_name
+  description = "Casdoor file storage bucket"
+}
+
+# Access key for Casdoor S3 bucket
+resource "incus_storage_bucket_key" "casdoor_key" {
+  name           = "casdoor-access"
+  pool           = incus_storage_bucket.casdoor.pool
+  storage_bucket = incus_storage_bucket.casdoor.name
+  project        = var.project_name
+  role           = "admin"
+}
+
+# S3 bucket for Spelunker file storage
+resource "incus_storage_bucket" "spelunker" {
+  name        = "spelunker"
+  pool        = var.storage_pool
+  project     = var.project_name
+  description = "Spelunker file storage bucket"
+}
+
+# Access key for Spelunker S3 bucket
+resource "incus_storage_bucket_key" "spelunker_key" {
+  name           = "spelunker-access"
+  pool           = incus_storage_bucket.spelunker.pool
+  storage_bucket = incus_storage_bucket.spelunker.name
+  project        = var.project_name
+  role           = "admin"
+}
+
+# Outputs for S3 credentials (to be stored in Ansible vault)
+output "lobechat_s3_credentials" {
+  description = "Lobechat S3 bucket credentials - store in vault as vault_lobechat_s3_*"
+  value = {
+    bucket     = incus_storage_bucket.lobechat.name
+    access_key = incus_storage_bucket_key.lobechat_key.access_key
+    secret_key = incus_storage_bucket_key.lobechat_key.secret_key
+    endpoint   = "https://${incus_storage_bucket.lobechat.location}"
+  }
+  sensitive = true
+}
+
+output "casdoor_s3_credentials" {
+  description = "Casdoor S3 bucket credentials - store in vault as vault_casdoor_s3_*"
+  value = {
+    bucket     = incus_storage_bucket.casdoor.name
+    access_key = incus_storage_bucket_key.casdoor_key.access_key
+    secret_key = incus_storage_bucket_key.casdoor_key.secret_key
+    endpoint   = "https://${incus_storage_bucket.casdoor.location}"
+  }
+  sensitive = true
+}
+
+output "spelunker_s3_credentials" {
+  description = "Spelunker S3 bucket credentials - store in vault as vault_spelunker_s3_*"
+  value = {
+    bucket     = incus_storage_bucket.spelunker.name
+    access_key = incus_storage_bucket_key.spelunker_key.access_key
+    secret_key = incus_storage_bucket_key.spelunker_key.secret_key
+    endpoint   = "https://${incus_storage_bucket.spelunker.location}"
+  }
+  sensitive = true
+}