beatz174-bit
81 lines
2.4 KiB
Python
81 lines
2.4 KiB
Python
#!/usr/bin/env python3
|
|
import re
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
src_generated = Path(sys.argv[1])
|
|
src_diagrams = Path(sys.argv[2])
|
|
out_dir = Path(sys.argv[3])
|
|
out_dir.mkdir(parents=True, exist_ok=True)
|
|
|
|
|
|
def sanitize_text(content: str) -> str:
|
|
content = re.sub(r'\b([a-zA-Z0-9-]+)\.lan\.ddnsgeek\.com\b', r'\1.<domain>', content)
|
|
content = re.sub(
|
|
r'\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3})\b',
|
|
'<private-ip>',
|
|
content,
|
|
)
|
|
content = re.sub(r'(?i)\b(password|token|api[_-]?key|secret)\s*[:=]\s*[^\s\n]+', r'\1=<redacted>', content)
|
|
content = re.sub(r'(?m)^([A-Z0-9_]*(?:PASSWORD|TOKEN|API_KEY|SECRET)[A-Z0-9_]*)\s*[:=]\s*.*$', r'\1=<redacted>', content)
|
|
return content
|
|
|
|
|
|
for name in ['compose-inventory.md', 'traefik-routes.md']:
|
|
src = src_generated / name
|
|
if src.exists():
|
|
(out_dir / name).write_text(sanitize_text(src.read_text(errors='ignore')))
|
|
|
|
for svg_name in ['docker-compose.svg', 'physical-topology.svg', 'docker-traefik-dynu.svg']:
|
|
src = src_diagrams / svg_name
|
|
if src.exists():
|
|
(out_dir / svg_name).write_text(sanitize_text(src.read_text(errors='ignore')))
|
|
|
|
(out_dir / 'index.md').write_text(
|
|
"""# Public Infrastructure Summary
|
|
|
|
This documentation is generated from the infrastructure repository. Sensitive values are redacted.
|
|
|
|
> Generated docs are sanitised/redacted before publishing to GitHub Pages.
|
|
|
|
## Infrastructure diagrams
|
|
|
|
### Physical / virtual topology
|
|
|
|
|
|
|
|
### Docker, Traefik and Dynu routing
|
|
|
|
|
|
|
|
## Documents
|
|
|
|
- [Diagrams](diagrams.md)
|
|
- [Compose Inventory](compose-inventory.md)
|
|
- [Traefik Routes](traefik-routes.md)
|
|
"""
|
|
)
|
|
|
|
(out_dir / 'diagrams.md').write_text(
|
|
"""# Infrastructure diagrams
|
|
|
|
## Physical / virtual topology
|
|
|
|
This view groups containers by inferred host and service role (edge/proxy/auth, monitoring, automation, apps, and supporting storage/services).
|
|
|
|
<div class="diagram-wrap">
|
|
<img src="physical-topology.svg" alt="Physical topology">
|
|
</div>
|
|
|
|
## Docker, Traefik and Dynu routing
|
|
|
|
This view shows sanitised public DNS names flowing to Traefik, then to exposed Docker services, with backend Docker network membership shown as secondary context.
|
|
|
|
_Diagrams are generated from Compose data and Traefik labels._
|
|
|
|
<div class="diagram-wrap">
|
|
<img src="docker-traefik-dynu.svg" alt="Docker Traefik Dynu">
|
|
</div>
|
|
"""
|
|
)
|