Add infra-tool: infrastructure registry with Incus container deployment

Service registry & discovery system that aggregates infrastructure metadata from Incus, K8s, APISIX, and BunnyCDN into NocoDB. Includes FastAPI HTTP API, systemd timer for 15-min auto-sync, and dual-mode collectors (REST API for container deployment, CLI/SSH fallback for local use). Deployed to jp1:infra-tool with Tailscale socket proxy for host network visibility. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-03 09:13:43 +09:00
commit 5e59261f63
20 changed files with 1962 additions and 0 deletions
--- a/deploy/env.template
+++ b/deploy/env.template
@@ -0,0 +1,23 @@
+# Infra Tool Environment Configuration
+# Copy to /etc/infra-tool/env and fill in values
+
+# NocoDB
+NOCODB_TOKEN=
+
+# BunnyCDN
+BUNNY_API_KEY=
+
+# APISIX
+APISIX_ADMIN_KEY=edd1c9f034335f136f87ad84b625c8f1
+
+# Vault (optional — if set, secrets are read from Vault)
+VAULT_ADDR=
+VAULT_TOKEN=
+
+# Incus REST API (certs at /etc/infra-tool/)
+INCUS_CERT_DIR=/etc/infra-tool
+
+# Kubernetes API
+K8S_API_SERVER=
+K8S_TOKEN=
+K8S_CA_CERT=
--- a/deploy/infra-api.service
+++ b/deploy/infra-api.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Infra Tool API
+After=network.target
+
+[Service]
+WorkingDirectory=/opt/infra-tool
+EnvironmentFile=/etc/infra-tool/env
+ExecStart=/root/.local/bin/uv run uvicorn api:app --host 0.0.0.0 --port 8080
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
--- a/deploy/infra-sync.service
+++ b/deploy/infra-sync.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Infra Tool Sync
+
+[Service]
+Type=oneshot
+WorkingDirectory=/opt/infra-tool
+EnvironmentFile=/etc/infra-tool/env
+ExecStart=/root/.local/bin/uv run python infra.py sync
--- a/deploy/infra-sync.timer
+++ b/deploy/infra-sync.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Infra Tool Sync Timer
+
+[Timer]
+OnCalendar=*:0/15
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/deploy/setup.sh
+++ b/deploy/setup.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# Infra Tool Container Setup Script
+# Run inside the infra-tool Incus container after creation
+set -euo pipefail
+
+echo "=== Installing system packages ==="
+apt-get update
+apt-get install -y python3 python3-pip curl ca-certificates
+
+echo "=== Installing uv ==="
+curl -LsSf https://astral.sh/uv/install.sh | sh
+export PATH="/root/.local/bin:$PATH"
+
+echo "=== Setting up directories ==="
+mkdir -p /opt/infra-tool
+mkdir -p /etc/infra-tool
+
+echo "=== Installing Python dependencies ==="
+cd /opt/infra-tool
+uv sync
+
+echo "=== Installing systemd units ==="
+cp deploy/infra-sync.service /etc/systemd/system/
+cp deploy/infra-sync.timer /etc/systemd/system/
+cp deploy/infra-api.service /etc/systemd/system/
+
+echo "=== Enabling services ==="
+systemctl daemon-reload
+systemctl enable --now infra-sync.timer
+systemctl enable --now infra-api.service
+
+echo "=== Done ==="
+echo "Remember to:"
+echo "  1. Copy TLS certs to /etc/infra-tool/incus-client.{crt,key}"
+echo "  2. Copy K8s token to /etc/infra-tool/k8s-token"
+echo "  3. Fill in /etc/infra-tool/env from deploy/env.template"
+echo "  4. Restart services: systemctl restart infra-api infra-sync"