docs: automate generated docs commits and add docs site structure

scripts/docs/generate-all.sh

@@ -7,5 +7,6 @@ scripts/docs/render-compose-config.sh
 python3 scripts/docs/generate-compose-inventory.py docs/generated/docker-compose.resolved.yml docs/generated/compose-inventory.md
 python3 scripts/docs/generate-traefik-routes.py docs/generated/docker-compose.resolved.yml docs/generated/traefik-routes.md
 python3 scripts/docs/generate-prometheus-rules.py docs/generated/prometheus-rules.md
+python3 scripts/docs/generate-docs-index.py docs/generated/index.md
 python3 scripts/docs/generate-diagrams.py docs/generated/docker-compose.resolved.yml docs/diagrams/docker-compose.dot docs/diagrams/docker-compose.svg
 python3 scripts/docs/sanitize-public-docs.py docs/generated docs/diagrams docs/public

scripts/docs/generate-docs-index.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+from pathlib import Path
+import sys
+
+out = Path(sys.argv[1])
+out.parent.mkdir(parents=True, exist_ok=True)
+out.write_text(
+    """# Generated Documentation
+
+This directory contains documentation generated automatically from repository configuration.
+
+## Files
+
+- [Compose file list](compose-files.txt)
+- [Resolved Docker Compose config](docker-compose.resolved.yml)
+- [Compose inventory](compose-inventory.md)
+- [Traefik routes](traefik-routes.md)
+- [Prometheus rules](prometheus-rules.md)
+- [Docker Compose diagram](../diagrams/docker-compose.svg)
+"""
+)

scripts/docs/sanitize-public-docs.py

@@ -1,18 +1,46 @@
 #!/usr/bin/env python3
-import sys,re,shutil
+import re
+import sys
 from pathlib import Path
-srcg,srcd,out=sys.argv[1],sys.argv[2],sys.argv[3]
-outp=Path(out)
-outp.mkdir(parents=True,exist_ok=True)
-for src in [Path(srcg),Path(srcd)]:
-    for f in src.rglob('*'):
-        if not f.is_file(): continue
-        rel=f.relative_to(src)
-        dest=outp/src.name/rel
-        dest.parent.mkdir(parents=True,exist_ok=True)
-        txt=f.read_text(errors='ignore')
-        txt=re.sub(r'\b[a-zA-Z0-9.-]+\.lan\.ddnsgeek\.com\b','<internal-domain>',txt)
-        txt=re.sub(r'\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3})\b','<private-ip>',txt)
-        txt=re.sub(r'(?i)\b(password|token|api_key|secret)\s*[:=]\s*[^\s\n]+',r'\1=<redacted>',txt)
-        txt=re.sub(r'(?m)^([A-Z0-9_]*(?:PASSWORD|TOKEN|API_KEY|SECRET)[A-Z0-9_]*)\s*[:=]\s*.*$',r'\1=<redacted>',txt)
-        dest.write_text(txt)
+
+src_generated = Path(sys.argv[1])
+src_diagrams = Path(sys.argv[2])
+out_dir = Path(sys.argv[3])
+out_dir.mkdir(parents=True, exist_ok=True)
+
+
+def sanitize_text(content: str) -> str:
+    content = re.sub(r'\b[a-zA-Z0-9.-]+\.lan\.ddnsgeek\.com\b', '<internal-domain>', content)
+    content = re.sub(
+        r'\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3})\b',
+        '<private-ip>',
+        content,
+    )
+    content = re.sub(r'(?i)\b(password|token|api[_-]?key|secret)\s*[:=]\s*[^\s\n]+', r'\1=<redacted>', content)
+    content = re.sub(r'(?m)^([A-Z0-9_]*(?:PASSWORD|TOKEN|API_KEY|SECRET)[A-Z0-9_]*)\s*[:=]\s*.*$', r'\1=<redacted>', content)
+    return content
+
+for name in ['compose-inventory.md', 'traefik-routes.md', 'prometheus-rules.md']:
+    src = src_generated / name
+    if src.exists():
+        (out_dir / name).write_text(sanitize_text(src.read_text(errors='ignore')))
+
+svg_src = src_diagrams / 'docker-compose.svg'
+if svg_src.exists():
+    (out_dir / 'docker-compose.svg').write_text(sanitize_text(svg_src.read_text(errors='ignore')))
+
+(out_dir / 'index.md').write_text(
+    """# Public Infrastructure Summary
+
+This folder contains sanitized documentation generated from the infrastructure repository.
+
+Sensitive values such as internal domain names, private IP addresses, tokens, passwords, and secrets are redacted.
+
+## Documents
+
+- [Compose Inventory](compose-inventory.md)
+- [Traefik Routes](traefik-routes.md)
+- [Prometheus Rules](prometheus-rules.md)
+- [Docker Compose Diagram](docker-compose.svg)
+"""
+)