docs: nouvelle feuille de route homelab (phases 7-11)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 15:44:15 +02:00 · 2026-06-02 15:44:15 +02:00 · 88b30f509c
commit 88b30f509c
parent 61c4e6e22b
1 changed files with 21 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -209,11 +209,30 @@ Internet --> [VPS Scaleway DEV1-S - 51.158.126.113]
 - [x] Configurer backups vzdump Proxmox -> NFS (storage qnap-backups, schedule nuit)
 - [x] Remplacer disque HS + RAID reconstruit

-### Phase 7 - Kubernetes (futur)
+### Phase 7 - Resilience & pilotage nomade (en cours)
+- [ ] State Terraform distant (Scaleway Object Storage : hors-site, versionne, verrouille, chiffre)
+- [ ] Acces admin multi-machines via WireGuard (un peer/cle par machine, le VPS reste pur routeur)
+- [ ] Resilience des secrets (inventaire + backstop gestionnaire de mots de passe + runbook de recovery)
+
+### Phase 8 - Industrialisation & nouveaux services
+- [ ] Role Ansible `docker_service` (factoriser forgejo/tools/runner/nextcloud)
+- [ ] Navidrome (musique self-hosted type Spotify, clients offline Android/PC, bibliotheque sur QNAP NFS)
+
+### Phase 9 - Observabilite
+- [ ] Prometheus + Grafana interne (vm-tools)
+- [ ] Liveness externe gratuite (Healthchecks.io dead-man-switch + UptimeRobot) -> alertes Discord
+- [ ] Principe : metriques en interne, alerting de survie hors-site (jamais sur le VPS)
+
+### Phase 10 - CI/CD & GitOps (futur)
+- [ ] Workflow Forgejo Actions : lint sur PR (terraform fmt/validate, tflint, ansible-lint, yamllint)
+- [ ] Branche master protegee + CI verte obligatoire
+- [ ] terraform plan / ansible --check sur PR, puis apply/playbook au merge (prerequis : state distant)
+- [ ] Trappe de secours manuelle conservee (paradoxe du bootstrap du runner)
+
+### Phase 11 - Kubernetes (futur)
 - [ ] VM k3s single-node (6 Go RAM)
 - [ ] Migration progressive des services
 - [ ] ArgoCD (GitOps)
- [ ] Monitoring (Grafana/Loki/Prometheus)

 ---