Architectus Operations

Local Development

Build Site

cd ~/atelier/_architectus/architectus-docs
npm install
make          # or: npx antora antora-playbook-local.yml

Push All Repos

# Push all architectus repos to all remotes
architectus-push

# Check status across all repos
architectus-push --status

Create New Repos (One-Time)

# Creates repos on GitHub, GitLab, and Gitea
~/bin/create-architectus-repos.sh

# Dry run first
~/bin/create-architectus-repos.sh --dry-run

Credential Management

tea CLI (Gitea)

Config location: ~/.config/tea/config.yml (symlinked from vault)

logins:
    - name: gitea
      url: https://gitea-01.inside.domusdigitalis.dev:3000  # Port required!
      token: <from-vault>
      default: true
      # NO ssh_key line - causes prompting bug
      user: evanusmodestus

gh/glab

Both use symlinked configs from gocryptfs vault:

~/.config/gh/ → vault
~/.config/glab/ → vault

Security Audit

Before any deployment, verify no sensitive data:

# Scan for secrets
grep -rIE '(password|secret|token|api.?key|private.?key)' \
  --include="*.adoc" --include="*.yml" ~/atelier/_architectus/

# Scan for internal IPs/hostnames
grep -rIE '(inside\.domusdigitalis|10\.50\.|chla)' \
  --include="*.adoc" ~/atelier/_architectus/

# Find sensitive files
find ~/atelier/_architectus/ -name ".env*" -o -name "*.pem" -o -name "*.key"

Related

Secrets Infrastructure - Vault/gocryptfs setup
Antora Documentation System - Hub-spoke patterns