Skip to content

How racket-book integrates with keystone

What is keystone?

Keystone is the shared platform that hosts all of Stefan's web apps. It owns the VPS, the ingress layer, the Postgres instance, the gotrue auth runtime, and the GitLab CI template that every app extends. RBO is one of several tenants on keystone (alongside CSD and ALJ). Keystone is owned and operated by Atlas; RBO is a consumer.

Where to find it

What RBO consumes

  • Hosting — VPS slot on the shared Hetzner CCX13.
  • Databaserbo_test and rbo_prod Postgres databases on the keystone PG instance, accessed via PgBouncer.
  • Auth runtime — gotrue tenant for stringer login + V3 magic-link.
  • Ingress — Caddy routes racket-book-test.wagen.io and stringing.wagen.io to RBO's containers.
  • CI template — GitLab CI include: reference to keystone's shared template for build/test/deploy stages.
  • Backups — RBO's DBs are part of keystone's nightly pg_dump job.
  • Email — outbound goes via the same Resend SMTP relay (smtp.resend.com:587, free-tier caps 100/day · 3000/mo, DKIM resend._domainkey.wagen.io) configured at the keystone level per keystone ADR-0005.

What RBO owns

These are explicitly not keystone's job:

  • The application code, its tests, its dependencies.
  • The data model and migrations (Alembic, in RBO's repo).
  • Receipt PDF templates, i18n bundles, business logic.
  • RBO-specific GitLab CI jobs that bolt onto keystone's shared template.

How to onboard a new RBO environment

  1. Open an issue on wagen/keystone requesting rbo_<env> provisioning.
  2. Atlas runs the "Adding a new app DB" recipe — see https://keystone-f63287.gitlab.io/operations/.
  3. Atlas ships the connection string and auth tenant credentials via the keystone secrets convention.
  4. RBO's .gitlab-ci.yml deploy job references those secrets and the Caddy config snippet.

Boundary

If a change would only affect RBO — application code, migrations, receipt templates, RBO-specific CI jobs — it stays in this repo. If a change affects RBO and CSD and ALJ at once — ingress, the shared Postgres instance, gotrue, the shared CI template — it's a keystone change and belongs in wagen/keystone.