From 0ee01d07a3f3e1e757d65154daacecbfbe2bab68 Mon Sep 17 00:00:00 2001 From: ARCHITECT Date: Thu, 25 Dec 2025 10:40:19 +0000 Subject: [PATCH] fix(arch): Enforce instance autonomy principle across docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates to ensure DECK/CORP are documented as autonomous instances: - overview.md: Clarify ARCHITECT is for build/deploy only, not runtime - filosofia.md: Mark shared services (GRACE, etc.) as optional - backup-recovery.md: Each instance does its own local backup to its own R2 bucket Key principle: Instances never depend on ARCHITECT at runtime. πŸ€– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- 00_VISION/filosofia.md | 17 ++- 01_ARQUITECTURA/overview.md | 19 ++- 05_OPERACIONES/backup-recovery.md | 205 +++++++++++++++++++----------- 3 files changed, 165 insertions(+), 76 deletions(-) diff --git a/00_VISION/filosofia.md b/00_VISION/filosofia.md index bfc90c7..7b82648 100644 --- a/00_VISION/filosofia.md +++ b/00_VISION/filosofia.md @@ -101,5 +101,18 @@ VALORES β†’ OBJETIVOS β†’ IMÁGENES IA β†’ CURACIΓ“N HUMANA β†’ LO QUE SOBREVIVE Cada instancia: - Tiene su propio bucket de almacenamiento - Puede renombrar sus agentes -- Opera de forma descentralizada -- Se conecta a servicios compartidos (GRACE, THE FACTORY, CIRCLE) +- **Opera de forma autΓ³noma** (no depende de ARCHITECT en runtime) +- Tiene su propio gestor de secretos (Vaultwarden) +- Hace sus propios backups a R2 + +### Servicios Compartidos (Opcionales) + +Las instancias **pueden** conectarse a servicios GPU compartidos: + +| Servicio | FunciΓ³n | Requerido | +|----------|---------|-----------| +| GRACE | ExtracciΓ³n IA | Opcional | +| THE FACTORY | GeneraciΓ³n | Opcional | +| CIRCLE | ColaboraciΓ³n | Opcional | + +> **Nota:** Si los servicios compartidos no estΓ‘n disponibles, la instancia sigue operando. Solo las funciones de IA estarΓ‘n limitadas. diff --git a/01_ARQUITECTURA/overview.md b/01_ARQUITECTURA/overview.md index e918db3..f716db9 100644 --- a/01_ARQUITECTURA/overview.md +++ b/01_ARQUITECTURA/overview.md @@ -5,24 +5,37 @@ --- +## Principio Fundamental + +> **ARCHITECT es el constructor. DECK y CORP son instancias autΓ³nomas.** + +- **ARCHITECT**: Construye, despliega, coordina. NO es dependencia runtime. +- **DECK/CORP**: Operan independientemente. Funcionan si ARCHITECT estΓ‘ caΓ­do. + +--- + ## Diagrama General ``` β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ CAPA DE COORDINACIΓ“N β”‚ +β”‚ CAPA DE CONSTRUCCIΓ“N (solo deploy/dev) β”‚ β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ ARCHITECT (69.62.126.110) β”‚ β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ β”‚ β”‚PostgreSQLβ”‚ β”‚ Gitea β”‚ β”‚Orchestratorβ”‚ β”‚ Infisical β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ central β”‚ β”‚ 25 repos β”‚ β”‚ v5 β”‚ β”‚ Secrets β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ contexto β”‚ β”‚ 25 repos β”‚ β”‚ v5 β”‚ β”‚ (master) β”‚ β”‚ β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ +β”‚ β”‚ +β”‚ Rol: ConstrucciΓ³n, deployment, gestiΓ³n central de secretos β”‚ +β”‚ NO es dependencia runtime de las instancias β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β”‚ β”‚ + deploy β”‚ β”‚ β”‚ deploy β–Ό β–Ό β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ CAPA DE SERVIDORES β”‚ +β”‚ CAPA DE INSTANCIAS (autΓ³nomas) β”‚ β”‚ β”‚ β”‚ β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ β”‚ β”‚ DECK β”‚ β”‚ CORP β”‚ β”‚ HST β”‚ β”‚ diff --git a/05_OPERACIONES/backup-recovery.md b/05_OPERACIONES/backup-recovery.md index d21bddc..57f96e8 100644 --- a/05_OPERACIONES/backup-recovery.md +++ b/05_OPERACIONES/backup-recovery.md @@ -5,6 +5,15 @@ --- +## Principio Fundamental + +> **Cada instancia es responsable de su propio backup.** + +DECK y CORP son instancias autΓ³nomas. No dependen de ARCHITECT para hacer backups. +Cada servidor ejecuta su script de backup localmente y sube directamente a R2. + +--- + ## Estado Actual ### Backups Existentes @@ -20,94 +29,144 @@ --- -## Plan de Backup Propuesto +## Arquitectura de Backups -### PostgreSQL - Backup Diario - -```bash -#!/bin/bash -# /opt/scripts/backup_postgres.sh - -set -e - -DATE=$(date +%F) -BACKUP_DIR="/tmp/pg_backup" - -# Cargar credenciales R2 -source /home/orchestrator/orchestrator/.env -export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY" -export AWS_SECRET_ACCESS_KEY="$R2_SECRET_KEY" - -R2_ENDPOINT="https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com" - -mkdir -p $BACKUP_DIR - -# Backup ARCHITECT -echo "Backing up ARCHITECT..." -sudo -u postgres pg_dump architect | gzip > $BACKUP_DIR/architect_$DATE.sql.gz -aws s3 cp $BACKUP_DIR/architect_$DATE.sql.gz s3://architect/backups/postgres/ \ - --endpoint-url $R2_ENDPOINT - -# Cleanup local -rm -rf $BACKUP_DIR - -echo "Backup completado: $DATE" ``` - -### Cron Configuration - -```bash -# /etc/cron.d/tzzr-backup -# Backup diario a las 3:00 AM -0 3 * * * orchestrator /opt/scripts/backup_postgres.sh >> /var/log/tzzr-backup.log 2>&1 +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ ARCHITECT β”‚ β”‚ DECK β”‚ β”‚ CORP β”‚ +β”‚ β”‚ β”‚ β”‚ β”‚ β”‚ +β”‚ backup.sh ───┼────►│ backup.sh ───┼────►│ backup.sh ───┼────► R2 +β”‚ (local) β”‚ β”‚ (local) β”‚ β”‚ (local) β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ + β”‚ β”‚ + β–Ό β–Ό + Sin dependencia Sin dependencia + de ARCHITECT de ARCHITECT ``` --- -## Backup por Servidor +## Backup por Servidor (LOCAL) ### ARCHITECT (69.62.126.110) +**UbicaciΓ³n script:** `/opt/scripts/backup_postgres.sh` + ```bash -# Base de datos: architect -sudo -u postgres pg_dump architect | gzip > architect_$(date +%F).sql.gz +#!/bin/bash +# Ejecutar EN ARCHITECT - backup local + +set -e +DATE=$(date +%F) + +# Credenciales R2 (desde Vaultwarden local o .env) +source /opt/architect/.env +export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY" +export AWS_SECRET_ACCESS_KEY="$R2_SECRET_KEY" +R2_ENDPOINT="https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com" + +# Backup local +sudo -u postgres pg_dump architect | gzip > /tmp/architect_$DATE.sql.gz # Subir a R2 -aws s3 cp architect_$(date +%F).sql.gz s3://architect/backups/postgres/ \ +aws s3 cp /tmp/architect_$DATE.sql.gz s3://architect/backups/postgres/ \ --endpoint-url $R2_ENDPOINT + +rm /tmp/architect_$DATE.sql.gz +echo "ARCHITECT backup completado: $DATE" ``` ### DECK (72.62.1.113) -```bash -# Base de datos: tzzr -ssh deck 'sudo -u postgres pg_dump tzzr | gzip' > deck_tzzr_$(date +%F).sql.gz +**UbicaciΓ³n script:** `/opt/scripts/backup_postgres.sh` -# Subir a R2 -aws s3 cp deck_tzzr_$(date +%F).sql.gz s3://architect/backups/deck/ \ +```bash +#!/bin/bash +# Ejecutar EN DECK - backup local (NO depende de ARCHITECT) + +set -e +DATE=$(date +%F) + +# Credenciales R2 (desde Vaultwarden DECK) +source /opt/deck/.env +export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY" +export AWS_SECRET_ACCESS_KEY="$R2_SECRET_KEY" +R2_ENDPOINT="https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com" + +# Backup local +sudo -u postgres pg_dump tzzr | gzip > /tmp/deck_tzzr_$DATE.sql.gz + +# Subir a R2 (bucket propio de DECK) +aws s3 cp /tmp/deck_tzzr_$DATE.sql.gz s3://deck/backups/postgres/ \ --endpoint-url $R2_ENDPOINT + +rm /tmp/deck_tzzr_$DATE.sql.gz +echo "DECK backup completado: $DATE" ``` ### CORP (92.112.181.188) -```bash -# Base de datos: corp -ssh corp 'sudo -u postgres pg_dump corp | gzip' > corp_$(date +%F).sql.gz +**UbicaciΓ³n script:** `/opt/scripts/backup_postgres.sh` -# Subir a R2 -aws s3 cp corp_$(date +%F).sql.gz s3://architect/backups/corp/ \ +```bash +#!/bin/bash +# Ejecutar EN CORP - backup local (NO depende de ARCHITECT) + +set -e +DATE=$(date +%F) + +# Credenciales R2 (desde Vaultwarden CORP) +source /opt/corp/.env +export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY" +export AWS_SECRET_ACCESS_KEY="$R2_SECRET_KEY" +R2_ENDPOINT="https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com" + +# Backup local +sudo -u postgres pg_dump corp | gzip > /tmp/corp_$DATE.sql.gz + +# Subir a R2 (bucket propio de CORP) +aws s3 cp /tmp/corp_$DATE.sql.gz s3://corp/backups/postgres/ \ --endpoint-url $R2_ENDPOINT + +rm /tmp/corp_$DATE.sql.gz +echo "CORP backup completado: $DATE" ``` ### HST (72.62.2.84) -```bash -# Base de datos: hst_images -ssh hst 'sudo -u postgres pg_dump hst_images | gzip' > hst_$(date +%F).sql.gz +**UbicaciΓ³n script:** `/opt/scripts/backup_postgres.sh` -# Subir a R2 -aws s3 cp hst_$(date +%F).sql.gz s3://architect/backups/hst/ \ +```bash +#!/bin/bash +# Ejecutar EN HST - backup local + +set -e +DATE=$(date +%F) + +source /opt/hst/.env +export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY" +export AWS_SECRET_ACCESS_KEY="$R2_SECRET_KEY" +R2_ENDPOINT="https://7dedae6030f5554d99d37e98a5232996.r2.cloudflarestorage.com" + +sudo -u postgres pg_dump hst_images | gzip > /tmp/hst_$DATE.sql.gz + +aws s3 cp /tmp/hst_$DATE.sql.gz s3://hst/backups/postgres/ \ --endpoint-url $R2_ENDPOINT + +rm /tmp/hst_$DATE.sql.gz +echo "HST backup completado: $DATE" +``` + +--- + +## Cron en Cada Servidor + +Cada instancia configura su propio cron: + +```bash +# /etc/cron.d/tzzr-backup (en cada servidor) +# Backup diario a las 3:00 AM +0 3 * * * root /opt/scripts/backup_postgres.sh >> /var/log/backup.log 2>&1 ``` --- @@ -157,26 +216,30 @@ docker exec gitea rm /tmp/gitea-dump-$DATE.zip ## Estructura de Backups en R2 +Cada instancia usa su propio bucket: + ``` s3://architect/backups/ β”œβ”€β”€ postgres/ -β”‚ β”œβ”€β”€ architect_2024-12-24.sql.gz -β”‚ β”œβ”€β”€ architect_2024-12-23.sql.gz -β”‚ └── ... -β”œβ”€β”€ deck/ -β”‚ β”œβ”€β”€ deck_tzzr_2024-12-24.sql.gz -β”‚ └── ... -β”œβ”€β”€ corp/ -β”‚ β”œβ”€β”€ corp_2024-12-24.sql.gz -β”‚ └── ... -β”œβ”€β”€ hst/ -β”‚ β”œβ”€β”€ hst_2024-12-24.sql.gz -β”‚ └── ... +β”‚ └── architect_2024-12-24.sql.gz └── gitea/ - β”œβ”€β”€ gitea-dump-2024-12-24_0300.zip - └── ... + └── gitea-dump-2024-12-24_0300.zip + +s3://deck/backups/ +└── postgres/ + └── deck_tzzr_2024-12-24.sql.gz + +s3://corp/backups/ +└── postgres/ + └── corp_2024-12-24.sql.gz + +s3://hst/backups/ +└── postgres/ + └── hst_2024-12-24.sql.gz ``` +> **Nota:** Cada instancia es dueΓ±a de sus backups. No hay dependencia cruzada. + --- ## RetenciΓ³n de Backups