Ephemeral Castle Repository Map

Scope

This page maps the internal structure of ephemeral-castle/.

Current Synthesis

ephemeral-castle/ is split into a small number of operational zones: the active Proxmox/Talos cluster bootstrap path, the Tailscale control-plane path, the Hetzner runtime track, and a thin layer of reusable templates and notes.

Top-Level Layout

  • clusters/ - cluster-specific infrastructure trees
  • tailscale/ - tailnet policy and bootstrap automation
  • runtimes/ - runtime-oriented stacks that are not the active cluster bootstrap path
  • templates/ - copy-and-adapt blueprints for new clusters or GitOps repos
  • docs/ - repository-level documentation
  • root helper scripts - operational cleanup and rescue utilities

Active Cluster Subtree

clusters/tazlab-k8s/proxmox/

  • create.sh - one-shot rebirth orchestrator
  • destroy.sh - cloud and local teardown
  • nuclear-wipe.sh / nuclear-wipe.py - Proxmox VM purge helpers
  • check-blog.sh - final HTTPS/blog verification
  • precision-test.sh - wipe/create wrapper with timing log
  • stress-test.sh - repeated destroy/create loop with per-cycle logs
  • configs/ - generated kubeconfig and talosconfig

clusters/tazlab-k8s/live/

  • env.hcl - source of truth for cluster variables
  • terragrunt.hcl - shared backend/provider generation
  • secrets/ - Infisical-backed secret fetch layer
  • platform/ - Proxmox + Talos VM and machine configuration
  • engine/ - ESO + ClusterSecretStore + Flux token bridge
  • networking/ - MetalLB bootstrap and address pool config
  • gitops/ - Flux bootstrap and cluster-vars
  • storage/ - Longhorn bootstrap and S3 backup secret
  • states/ - generated Terraform state files

clusters/tazlab-k8s/modules/

  • secrets-fetcher/ - reads Infisical and generates TALOS_SECRETBOX_KEY if missing
  • proxmox-talos/ - creates VMs, applies Talos config, bootstraps the cluster
  • k8s-engine/ - installs ESO and creates the tazlab-secrets store
  • k8s-networking/ - installs MetalLB and configures IP allocation and L2 advertisement
  • k8s-storage/ - installs Longhorn and the S3 backup secret
  • k8s-flux/ - creates cluster-vars and bootstraps Flux

Runtime Track

  • runtimes/lushycorp-vault/hetzner/ is the target runtime workspace for the LushyCorp Vault track.
  • In the current worktree, the live code focus remains the Proxmox/Talos cluster path and Tailscale foundation.

Operational Helpers

  • final-cleanup.sh - brute-force local cleanup and import-based VM destruction
  • rescue-orphans.sh - import-and-destroy orphan recovery flow

Relationships

Source Basis

  • AGENTS.ctx/ephemeral-castle/CONTEXT.md
  • clusters/tazlab-k8s/BOOTSTRAP.md
  • clusters/tazlab-k8s/live/env.hcl