firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

[UPDATE] FFG-REF-001 v2.0: Corrected stale decisions, added ADR-004/005, applied standard

Browse Source
This commit is contained in:
mkrause612
2026-02-12 08:35:54 -06:00
parent 121d2dfdf4
commit aad40f1daa
1 changed files with 75 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
docs/reference/architecture-decisions.md
View File

@@ -1,54 +1,99 @@
# Architecture Decision Records
**Document ID:** FFG-REF-001
**Version:** 2.0
**Created:** February 9, 2026
**Last Updated:** February 12, 2026 (9:00 AM CST)
**Author:** Michael Krause
**Last Updated By:** The Chronicler
**Status:** 🟢 CURRENT
**Review Date:** Quarterly
---
## Decision: Management Services on TX1 (Not Command Center)
## ADR-001: Management Services on VPS, NOT Dedicated Servers
**Date:** February 9, 2026
**Decision:** Deploy Phase 0.5 management services on TX1 Dallas instead of Command Center
**Status:** IMPLEMENTED
**Status:** ✅ IMPLEMENTED
### Rationale
1. TX1 has 32 vCPU, 256GB RAM - currently 99% idle
2. Simpler networking without Command Center routing
3. Keeps Command Center clean for future Frostwall v2.0 DDoS protection
4. Gitea migration to TX1 was seamless - proven success
**Decision:** Deploy all management services (Gitea, Uptime Kuma, MkDocs, Code-Server, Automation, Wiki.js, NextCloud) on VPS infrastructure (Command Center + Ghost), NOT on dedicated game servers (TX1/NC1).
### Command Center Future Role
Reserved for Phase 1 DDoS protection (GRE hub, Cloudflare integration)
**Rationale:**
1. Game servers need dedicated resources — no management overhead competing with player experience
2. Keeps Command Center clean for future Frostwall DDoS protection (GRE hub, Cloudflare integration)
3. Security isolation — management plane separate from game plane
4. Cost-effective — VPS for management, bare metal for performance
**Current Layout:**
- Command Center (Dallas VPS): Gitea, Uptime Kuma, Code-Server, Automation
- Ghost (Chicago VPS): MkDocs, Wiki.js (x2), NextCloud
- TX1/NC1 (Dedicated): Game servers ONLY
---
## Known Limitation: NC1 and TX1 Cannot Communicate Directly
## ADR-002: NC1/TX1 Inter-Datacenter Routing
**Date:** February 9, 2026
**Status:** PERMANENT INFRASTRUCTURE CONSTRAINT
**Status:** ✅ RESOLVED
NC1 Charlotte and TX1 Dallas are in different Breezehost datacenters with no direct routing.
**Original Limitation:** NC1 (Charlotte) and TX1 (Dallas) could not communicate directly.
### Impact
- Uptime Kuma on TX1 cannot monitor NC1 services
- NC1 game servers excluded from TX1-based monitoring
- Cross-datacenter communication requires public internet
**Resolution:** Breezehost added a route on their infrastructure (Ticket #5ae82fd3, Feb 9, 2026). Brandon E: "Just needed a route added on our end."
### Acceptance
This is standard for multi-datacenter hosting and does not affect normal operations.
**Impact:** Full bidirectional communication between all servers. NC1 now monitored by Uptime Kuma. Cross-datacenter architecture options unlocked.
---
## Decision: Three-Tier Documentation Architecture
## ADR-003: Three-Tier Documentation Architecture
**Date:** February 9, 2026
**Decision:** Replace single BookStack with three-tier system
**Status:** ✅ IMPLEMENTED
| Tier | Technology | Domain | Access |
|------|------------|--------|--------|
**Decision:** Three separate documentation platforms for three audiences.
| Tier | Platform | Domain | Audience |
|:-----|:---------|:-------|:---------|
| PUBLIC | MkDocs | docs.firefrostgaming.com | Anyone |
| SUBSCRIBERS | Wiki.js + NextCloud | subscribers.firefrostgaming.com | Paid |
| STAFF | Wiki.js | staff.firefrostgaming.com | Staff |
| SUBSCRIBER | Wiki.js | subscribers.firefrostgaming.com | Paying members |
| STAFF | Wiki.js | staff.firefrostgaming.com | Admin/staff only |
### Rationale
- Security boundaries per tier
- Git-native public docs (MkDocs)
- UI-friendly private docs (Wiki.js for Meg)
- Appropriate tools for each use case
**Rationale:** Different audiences need different access levels. MkDocs is Git-native (auto-builds from repo). Wiki.js provides role-based access control for restricted content.
---
## ADR-004: Gitea Primary, GitHub as Private Backup
**Date:** February 11-12, 2026
**Status:** ✅ IMPLEMENTED
**Decision:** Self-hosted Gitea is the primary Git repository. GitHub mirror kept as private emergency backup.
**Rationale:**
1. Self-hosted = full control, no dependency on external service
2. Claude has direct API read/write access to Gitea
3. GitHub mirror was public — exposed IPs, ports, UUIDs (security risk)
4. Made GitHub private Feb 12, 2026 — defense in depth (if Command Center dies, docs exist offsite)
---
## ADR-005: Frostwall = Network Defense Only
**Date:** February 12, 2026
**Status:** 💡 NAMING CONVENTION
**Decision:** "Frostwall" refers exclusively to network defense architecture (GRE topology, UFW, DDoS protection). Visual/UI transitions between Fire and Frost paths are Firefrost brand concepts, not Frostwall.
**Rationale:** The design bible incorrectly used "Frostwall Protocol" for the UI age-verification gate. This conflates two distinct concepts. Clear naming prevents confusion as both systems are developed.
---
## Revision History
| Version | Date | Author | Change Type | Description |
|:--------|:-----|:-------|:------------|:------------|
| 1.0 | 2026-02-09 | Michael + Claude | Initial | Original architecture decisions documented |
| 2.0 | 2026-02-12 | The Chronicler | Rewrite | Corrected stale info (services moved from TX1, NC1/TX1 routing resolved). Added ADR-004 (Gitea/GitHub), ADR-005 (Frostwall naming). Applied FFG-STD-001 revision standard. |
---
**FFG-REF-001 — Architecture Decision Records**