From aad40f1daa3ba7a2e8f83a3bd7235f1cf5803f56 Mon Sep 17 00:00:00 2001 From: mkrause612 Date: Thu, 12 Feb 2026 08:35:54 -0600 Subject: [PATCH] [UPDATE] FFG-REF-001 v2.0: Corrected stale decisions, added ADR-004/005, applied standard --- docs/reference/architecture-decisions.md | 105 ++++++++++++++++------- 1 file changed, 75 insertions(+), 30 deletions(-) diff --git a/docs/reference/architecture-decisions.md b/docs/reference/architecture-decisions.md index a6122b6..9c4d365 100644 --- a/docs/reference/architecture-decisions.md +++ b/docs/reference/architecture-decisions.md @@ -1,54 +1,99 @@ +# Architecture Decision Records + +**Document ID:** FFG-REF-001 +**Version:** 2.0 +**Created:** February 9, 2026 +**Last Updated:** February 12, 2026 (9:00 AM CST) +**Author:** Michael Krause +**Last Updated By:** The Chronicler +**Status:** 🟢 CURRENT +**Review Date:** Quarterly --- -## Decision: Management Services on TX1 (Not Command Center) +## ADR-001: Management Services on VPS, NOT Dedicated Servers **Date:** February 9, 2026 -**Decision:** Deploy Phase 0.5 management services on TX1 Dallas instead of Command Center -**Status:** IMPLEMENTED +**Status:** ✅ IMPLEMENTED -### Rationale -1. TX1 has 32 vCPU, 256GB RAM - currently 99% idle -2. Simpler networking without Command Center routing -3. Keeps Command Center clean for future Frostwall v2.0 DDoS protection -4. Gitea migration to TX1 was seamless - proven success +**Decision:** Deploy all management services (Gitea, Uptime Kuma, MkDocs, Code-Server, Automation, Wiki.js, NextCloud) on VPS infrastructure (Command Center + Ghost), NOT on dedicated game servers (TX1/NC1). -### Command Center Future Role -Reserved for Phase 1 DDoS protection (GRE hub, Cloudflare integration) +**Rationale:** +1. Game servers need dedicated resources — no management overhead competing with player experience +2. Keeps Command Center clean for future Frostwall DDoS protection (GRE hub, Cloudflare integration) +3. Security isolation — management plane separate from game plane +4. Cost-effective — VPS for management, bare metal for performance + +**Current Layout:** +- Command Center (Dallas VPS): Gitea, Uptime Kuma, Code-Server, Automation +- Ghost (Chicago VPS): MkDocs, Wiki.js (x2), NextCloud +- TX1/NC1 (Dedicated): Game servers ONLY --- -## Known Limitation: NC1 and TX1 Cannot Communicate Directly +## ADR-002: NC1/TX1 Inter-Datacenter Routing **Date:** February 9, 2026 -**Status:** PERMANENT INFRASTRUCTURE CONSTRAINT +**Status:** ✅ RESOLVED -NC1 Charlotte and TX1 Dallas are in different Breezehost datacenters with no direct routing. +**Original Limitation:** NC1 (Charlotte) and TX1 (Dallas) could not communicate directly. -### Impact -- Uptime Kuma on TX1 cannot monitor NC1 services -- NC1 game servers excluded from TX1-based monitoring -- Cross-datacenter communication requires public internet +**Resolution:** Breezehost added a route on their infrastructure (Ticket #5ae82fd3, Feb 9, 2026). Brandon E: "Just needed a route added on our end." -### Acceptance -This is standard for multi-datacenter hosting and does not affect normal operations. +**Impact:** Full bidirectional communication between all servers. NC1 now monitored by Uptime Kuma. Cross-datacenter architecture options unlocked. --- -## Decision: Three-Tier Documentation Architecture +## ADR-003: Three-Tier Documentation Architecture **Date:** February 9, 2026 -**Decision:** Replace single BookStack with three-tier system +**Status:** ✅ IMPLEMENTED -| Tier | Technology | Domain | Access | -|------|------------|--------|--------| +**Decision:** Three separate documentation platforms for three audiences. + +| Tier | Platform | Domain | Audience | +|:-----|:---------|:-------|:---------| | PUBLIC | MkDocs | docs.firefrostgaming.com | Anyone | -| SUBSCRIBERS | Wiki.js + NextCloud | subscribers.firefrostgaming.com | Paid | -| STAFF | Wiki.js | staff.firefrostgaming.com | Staff | +| SUBSCRIBER | Wiki.js | subscribers.firefrostgaming.com | Paying members | +| STAFF | Wiki.js | staff.firefrostgaming.com | Admin/staff only | -### Rationale -- Security boundaries per tier -- Git-native public docs (MkDocs) -- UI-friendly private docs (Wiki.js for Meg) -- Appropriate tools for each use case +**Rationale:** Different audiences need different access levels. MkDocs is Git-native (auto-builds from repo). Wiki.js provides role-based access control for restricted content. +--- + +## ADR-004: Gitea Primary, GitHub as Private Backup + +**Date:** February 11-12, 2026 +**Status:** ✅ IMPLEMENTED + +**Decision:** Self-hosted Gitea is the primary Git repository. GitHub mirror kept as private emergency backup. + +**Rationale:** +1. Self-hosted = full control, no dependency on external service +2. Claude has direct API read/write access to Gitea +3. GitHub mirror was public — exposed IPs, ports, UUIDs (security risk) +4. Made GitHub private Feb 12, 2026 — defense in depth (if Command Center dies, docs exist offsite) + +--- + +## ADR-005: Frostwall = Network Defense Only + +**Date:** February 12, 2026 +**Status:** 💡 NAMING CONVENTION + +**Decision:** "Frostwall" refers exclusively to network defense architecture (GRE topology, UFW, DDoS protection). Visual/UI transitions between Fire and Frost paths are Firefrost brand concepts, not Frostwall. + +**Rationale:** The design bible incorrectly used "Frostwall Protocol" for the UI age-verification gate. This conflates two distinct concepts. Clear naming prevents confusion as both systems are developed. + +--- + +## Revision History + +| Version | Date | Author | Change Type | Description | +|:--------|:-----|:-------|:------------|:------------| +| 1.0 | 2026-02-09 | Michael + Claude | Initial | Original architecture decisions documented | +| 2.0 | 2026-02-12 | The Chronicler | Rewrite | Corrected stale info (services moved from TX1, NC1/TX1 routing resolved). Added ADR-004 (Gitea/GitHub), ADR-005 (Frostwall naming). Applied FFG-STD-001 revision standard. | + +--- + +**FFG-REF-001 — Architecture Decision Records**