chore(deploy): migrate to the Kamal substrate; remove Nomad/Vault/Packer leftovers#196
Merged
Merged
Conversation
… HashiCorp/Packer leftovers
The DataZoo substrate switched to ADR-0013: Kamal on Hetzner cattle hosts +
OpenTofu (CI-applied) + private ghcr + a GCP backplane (Secret Manager, GCS,
Cloud Logging, Managed Prometheus), two-actor PR model. The Nomad/Consul/Vault/
Fabio stack and the Packer golden image are retired.
Removed (archived-stack leftovers):
- docs/deploy/escurel.nomad.hcl, escurel-explore.nomad.hcl,
escurel-export-shipper.nomad.hcl (Nomad jobspecs)
- docs/deploy/escurel.pkr.hcl (Packer golden-image fragment)
- docs/deploy/escurel.tailscale-acl.json (per-app ACL; now substrate-managed)
Rewrote to the new concept:
- docs/deploy/substrate.md — escurel as a Kamal stateful pet: host-1 data
Volume + FsStore, STOP-FIRST deploys (single-writer DuckDB), image via the
repo Dockerfile -> ghcr, Secret Manager secrets, internal exposure via the
registry, restic->GCS Volume backups. Defers platform mechanics to the
substrate-platform skill.
- docs/deploy/README.md — file table (Dockerfile + publish-image.yml, not
jobspecs), Target C rewritten to the Kamal pet, placeholders table.
Synced references (no code change — all source hits were comments):
- CLAUDE.md principle 4 + locked decisions; config.rs/health.rs/main.rs/
runner/s3.rs comments (Nomad->orchestrator/Kamal, Vault->Secret Manager);
spec/{README,platform,protocol,roadmap,storage}.md; docs/README.md;
operations.md; the escurel-platform skill refs (08/09/10);
apps/escurel-explore/README.md; the dated explorer-auth note.
CHANGELOG history + the dx.md triton-test FakeConsul fixture left as-is.
fmt + compile clean on the touched crates.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates escurel's deployment docs to the new DataZoo substrate concept
(ADR-0013: Kamal on Hetzner cattle hosts + OpenTofu + private ghcr + a GCP
backplane — Secret Manager, GCS, Cloud Logging, Managed Prometheus; two-actor PR
model) and removes the retired HashiCorp/Packer artefacts.
Removed (archived-stack leftovers)
docs/deploy/escurel.nomad.hcl,escurel-explore.nomad.hcl,escurel-export-shipper.nomad.hcl— Nomad jobspecsdocs/deploy/escurel.pkr.hcl— Packer golden-image fragmentdocs/deploy/escurel.tailscale-acl.json— per-app ACL (substrate-managed now)Rewritten to the new concept
docs/deploy/substrate.md— escurel as a Kamal stateful pet: pinnedto host-1, bind-mounting the data Volume at
/data(FsStore), STOP-FIRSTdeploys (single-writer DuckDB), image via the repo
Dockerfile→ ghcr, secretsfrom GCP Secret Manager, internal exposure via
apps/registry.yml, restic→GCSVolume backups. Platform mechanics deferred to the
substrate-platformskill.The per-app Kamal deploy contract + registry row live in the substrate repo.
docs/deploy/README.md— file table (Dockerfile + publish-image.yml),Target C, placeholders.
Reference sync (no code change — every source hit was a comment)
CLAUDE.md (principle 4 + locked decisions);
config.rs/health.rs/main.rs/ runnermain.rs/s3.rscomments (Nomad→orchestrator/Kamal,Vault→Secret Manager);
spec/{README,platform,protocol,roadmap,storage}.md;docs/README.md;operations.md; theescurel-platformskill refs (08/09/10);apps/escurel-explore/README.md; the dated explorer-auth note. Fixed two brokenlinks to deleted files.
Left intentionally
The append-only
CHANGELOG.mdhistory;dx.md'sFakeConsul(a tritonintegration-test fixture, not a deployment artefact).
Test plan
Docs + comments + file deletions only — no behaviour change; all old-stack
source references were comments.
cargo fmt --check+ compile clean on thetouched crates; the full gate runs in CI.
Note: the substrate default store is now documented as FsStore on the host-1
Volume (the substrate skill's canonical single-writer/STOP-FIRST pet), with
Hetzner Object Storage /
STORAGE_BACKEND=s3as optional blob offload.🤖 Generated with Claude Code