dohertj2/network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Infisical credential pointers; inline credentials in component docs

Browse Source 
Reverses the recent Infisical-pointer convention. Each <service>.md
holds its credentials inline under the Access section again. The
Infisical service itself still runs as a Docker stack on the docker
host — it just isn't the source of truth for these docs anymore.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
dohertj2
2026-05-28 04:04:34 -04:00
parent ff2debe4a1
commit 8069f21240
7 changed files with 19 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CLAUDE.md
+2 -27
View File
@@ -12,40 +12,15 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
- **Network infrastructure**: Ubiquiti Unifi switches
- **Debugging scope**: VM-to-external-client connectivity issues across the ESXi virtual switch and physical Unifi switch layers
## Credentials convention
## Credentials
Plaintext passwords / API keys / tokens have been moved out of these files into [Infisical](infisical.md). Where a credential used to be inline, you'll now see a pointer in the form:
```
[Infisical: homelab/<env>/<folder>/<KEY>]
```
To fetch one (machine identity required — see `infisical.md`):
```bash
TOKEN=$(curl -s -X POST https://infisical.dohertylan.com/api/v1/auth/universal-auth/login \
-H 'Content-Type: application/json' \
-d '{"clientId":"<id>","clientSecret":"<secret>"}' \
| python3 -c "import json,sys;print(json.load(sys.stdin)['accessToken'])")
PROJ=$(curl -s -H "Authorization: Bearer $TOKEN" \
https://infisical.dohertylan.com/api/v1/workspace \
| python3 -c "import json,sys;print(json.load(sys.stdin)['workspaces'][0]['id'])")
curl -sG "https://infisical.dohertylan.com/api/v3/secrets/raw/<KEY>" \
-H "Authorization: Bearer $TOKEN" \
--data-urlencode "workspaceId=$PROJ" \
--data-urlencode "environment=<env>" \
--data-urlencode "secretPath=<folder>" \
| python3 -c "import json,sys;print(json.load(sys.stdin)['secret']['secretValue'])"
```
Or via the Infisical web UI at https://infisical.dohertylan.com.
Credentials live inline in each component's `.md` file under its **Access** section. Read the relevant doc to find them.
## Components
- [TrueNAS Server](truenas.md) — NAS at 10.100.0.25 (management) / 10.50.0.x (storage), serves SMB and NFS
- [ESXi Host](esxi.md) — HP server at 10.2.0.12, ESXi 8.0.3, 8 VMs (7 powered on), access via `govc` only (not SSH). **Read esxi.md for credentials and connection details.**
- [Docker Server](docker.md) — Debian 13 at 10.100.0.35, Docker host for 21 containers (arr stack, Traefik, Semaphore/Ansible). **This is the local machine.**
- [Infisical](infisical.md) — Secrets management at https://infisical.dohertylan.com, runs as a Docker stack on the docker host
- [Plex Server](plex.md) — Debian 11 at 10.100.0.24, Plex Media Server 1.43, NFS media from TrueNAS
- [Home Assistant](ha.md) — HAOS at 10.100.0.40, HA 2026.2.2, 2,411 entities, smart home automation. API access only (no SSH).
- [Ignition Gateway](ignition.md) — Debian 11 at 10.100.0.90, Ignition 8.3.3 (Maker), SCADA/IIoT platform with PostgreSQL 13