TSM.ID
15 KiB
15 KiB
[TSM.ID].[11031972] Arsitektur Gitea & Phantom
Overview
DEVELOPER (Local)
|
git push
|
v
┌─────────────────────────────────────────────┐
│ GITEA (gitea.ultramodul.xyz) │
│ Port 3050 (Internal) │
│ NGINX Reverse Proxy :443 │
├─────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────┐ │
│ │ Repositories │ │
│ │ ├── supreme_commander/multiverse │ │
│ │ │ (Induk - Dokumentasi Ekosistem) │ │
│ │ └── supreme_commander/xcom-ultra │ │
│ │ (119 Modul Rust - PXE Engine) │ │
│ └──────────────────────────────────────┘ │
│ │
│ ┌──────────────────────────────────────┐ │
│ │ Forgejo Actions (CI/CD) │ │
│ │ ├── act_runner (ALPHA) │ │
│ │ ├── act_runner (BETA) │ │
│ │ └── act_runner (GAMMA) │ │
│ └──────────┬───────────────────────────┘ │
│ │ │
│ ┌──────────┴───────────────────────────┐ │
│ │ Webhooks │ │
│ │ └── POST /phantom/deploy │ │
│ └──────────┬───────────────────────────┘ │
│ │ │
└─────────────┼───────────────────────────────┘
│
│ webhook trigger
v
┌─────────────────────────────────────────────┐
│ PHANTOM DEPLOYMENT ENGINE │
│ (Auto-Deploy Orchestrator) │
├─────────────────────────────────────────────┤
│ │
│ ┌──────────────────────────────────────┐ │
│ │ Phantom Listener │ │
│ │ ├── Webhook Receiver (HTTP) │ │
│ │ ├── Signature Verifier (HMAC) │ │
│ │ └── Event Parser (push/tag/PR) │ │
│ └──────────┬───────────────────────────┘ │
│ │ │
│ ┌──────────┴───────────────────────────┐ │
│ │ Deploy Pipeline │ │
│ │ ├── 1. git pull (latest code) │ │
│ │ ├── 2. cargo build --release │ │
│ │ ├── 3. cargo test --workspace │ │
│ │ ├── 4. Binary swap (zero downtime) │ │
│ │ ├── 5. Health check │ │
│ │ └── 6. Rollback (if failed) │ │
│ └──────────┬───────────────────────────┘ │
│ │ │
│ ┌──────────┴───────────────────────────┐ │
│ │ Node Distributor │ │
│ │ ├── ALPHA (Primary Build) │ │
│ │ ├── BETA (Canary Deploy) │ │
│ │ └── GAMMA (Full Rollout) │ │
│ └──────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────┘
Gitea Server
Konfigurasi
| Parameter | Nilai |
|---|---|
| Domain | gitea.ultramodul.xyz |
| Internal Port | 3050 |
| External | NGINX → HTTPS :443 |
| Database | PostgreSQL |
| User | supreme_commander |
| Runner | Forgejo Actions (act_runner) |
Repositories
supreme_commander/
├── multiverse # Repo induk - dokumentasi ekosistem
│ └── README.md # Peta 119 modul + arsitektur
│
└── xcom-ultra # Repo engine - 119 modul Rust
├── Cargo.toml # Workspace 119 members
├── README.md # Dokumentasi teknis
├── .gitignore
├── .forgejo/
│ └── workflows/
│ └── ci.yml # CI/CD pipeline
│
├── xcu-core/ # [01] Foundation engine
├── xcu-sfu/ # [02] Selective Forwarding Unit
├── xcu-quic/ # [03] QUIC transport
├── ... # ... 116 modul lainnya
└── xcu-veritas/ # [119] Truth verification
Forgejo Actions Pipeline
# .forgejo/workflows/ci.yml
name: "[TSM.ID].[11031972] 3Z Pipeline"
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
check:
name: "Zero Error Check"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo check --workspace
test:
name: "Zero Warning Test"
runs-on: ubuntu-latest
needs: check
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- run: cargo test --workspace
audit:
name: "3Z Audit"
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: "Watermark Check"
run: |
count=$(grep -rl "TSM.ID.*11031972" --include="*.rs" | wc -l)
echo "Watermarked files: $count"
- name: "No unwrap() in production"
run: |
# Exclude test blocks
violations=$(grep -rn "\.unwrap()" --include="*.rs" | grep -v "mod tests" | grep -v "#\[test\]" | grep -v "fn test_" | wc -l)
echo "unwrap() violations: $violations"
- name: "No panic!() in production"
run: |
violations=$(grep -rn "panic!(" --include="*.rs" | grep -v "mod tests" | grep -v "#\[test\]" | wc -l)
echo "panic!() violations: $violations"
deploy:
name: "Phantom Deploy"
runs-on: ubuntu-latest
needs: [check, test, audit]
if: github.ref == 'refs/heads/master'
steps:
- name: "Trigger Phantom"
run: |
curl -X POST https://phantom.ultramodul.xyz/deploy \
-H "X-Signature: ${{ secrets.PHANTOM_SECRET }}" \
-d '{"repo":"xcom-ultra","branch":"master"}'
Phantom Deployment Engine
Arsitektur Internal
┌─────────────────────────────────────────────────────────┐
│ PHANTOM ENGINE │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ RECEIVER │───>│ VALIDATOR │───>│ BUILDER │ │
│ │ (Webhook) │ │ (HMAC+Auth) │ │ (Cargo) │ │
│ └─────────────┘ └──────────────┘ └─────┬──────┘ │
│ │ │
│ v │
│ ┌─────────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ MONITOR │<───│ HEALTH │<───│ DEPLOYER │ │
│ │ (Telemetry) │ │ CHECK │ │ (Swap) │ │
│ └─────────────┘ └──────────────┘ └────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ ROLLBACK ENGINE │ │
│ │ ├── Binary versioning (keep last 3) │ │
│ │ ├── Auto-rollback on health check fail │ │
│ │ └── Manual rollback via API │ │
│ └──────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
Deploy Flow (Zero Downtime)
Step 1: RECEIVE
Webhook POST dari Gitea
├── Verify HMAC signature
├── Parse event (push/tag)
└── Queue deploy job
Step 2: BUILD
├── git pull --ff-only
├── cargo check --workspace
├── cargo build --workspace --release
└── cargo test --workspace
Step 3: SWAP (Zero Downtime)
├── Copy new binary → /opt/xcu/bin/xcu-core.new
├── Signal graceful shutdown (SIGTERM)
├── Wait for connections to drain (max 30s)
├── mv xcu-core.new → xcu-core
└── Start new process
Step 4: VERIFY
├── Health check (HTTP 200)
├── Memory usage check
├── CPU usage check
└── Response time < 100ms
Step 5: ROLLBACK (if Step 4 fails)
├── mv xcu-core.backup → xcu-core
├── Restart old binary
├── Alert via webhook
└── Log failure reason
Node Distribution
┌──────────────────────────────────────────────────────────┐
│ DEPLOY STRATEGY │
├──────────────────────────────────────────────────────────┤
│ │
│ Phase 1: ALPHA (160.187.143.253) │
│ ├── Primary build node │
│ ├── First deploy target │
│ ├── Run full test suite │
│ └── If OK → proceed to Phase 2 │
│ │
│ Phase 2: BETA (160.187.143.133) │
│ ├── Canary deploy (10% traffic) │
│ ├── Monitor for 5 minutes │
│ ├── Compare metrics vs ALPHA │
│ └── If OK → proceed to Phase 3 │
│ │
│ Phase 3: GAMMA (160.187.143.172) │
│ ├── Full rollout (100% traffic) │
│ ├── Final health verification │
│ └── Deploy complete │
│ │
└──────────────────────────────────────────────────────────┘
Systemd Service
# /etc/systemd/system/phantom.service
[Unit]
Description=[TSM.ID].[11031972] Phantom Deploy Engine
After=network.target gitea.service
[Service]
Type=simple
User=root
WorkingDirectory=/var/www/phantom_workspace
ExecStart=/usr/bin/node phantom_listener.js
Restart=always
RestartSec=5
Environment=PHANTOM_PORT=9090
Environment=GITEA_URL=https://gitea.ultramodul.xyz
Environment=DEPLOY_PATH=/opt/xcu
[Install]
WantedBy=multi-user.target
Network Topology
INTERNET
│
│ HTTPS :443
v
┌───────────────┐
│ NGINX │
│ (SSL Termn) │
└───────┬───────┘
│
┌───────────┼───────────┐
│ │ │
v v v
┌─────────┐ ┌─────────┐ ┌─────────┐
│ GITEA │ │ PHANTOM │ │ XCU │
│ :3050 │ │ :9090 │ │ SERVICES│
└─────────┘ └─────────┘ └─────────┘
│ │ │
v v v
┌─────────────────────────────────┐
│ PostgreSQL :5432 │
│ Redis :6379 │
└─────────────────────────────────┘
Security
| Layer | Mekanisme |
|---|---|
| Transport | TLS 1.3 (Let's Encrypt) |
| Auth | Basic Auth + API Token |
| Webhook | HMAC-SHA256 signature |
| Deploy | Binary checksum verification |
| Access | UFW firewall + fail2ban |
| Secrets | Environment variables (not in repo) |
Watermark
[TSM.ID].[11031972]
All Rights Reserved. Proprietary & Confidential.