# sites

Per-plant edge deployments. One folder per physical site.

## Convention

```
sites/<plant>/
├── compose.yml      # include: ../../stacks/...
├── .env.example     # committed; copy to .env locally
└── README.md        # site-specific notes (IPs, LAN ranges, ops contact)
```

The folder name is **kebab-case** and matches the plant's short name (e.g. `nieuwveer`, `bath`, `waalwijk`).

## What runs at an edge

nginx-proxy, wireguard-client, keycloak, portainer, influxdb, grafana, node-red, mqtt, postfix. Cloud-only services (gitea, jenkins, sql, wireguard-server) are not deployed at edges.

## Networks (mirrors cloud, plant-LAN-facing)

| Network | Notes |
|---|---|
| `edge` | nginx-proxy, bound to the plant-LAN interface only |
| `app` | nginx-proxy, mqtt, postfix, node-red, grafana, keycloak, wireguard-client |
| `data` | influxdb, grafana (`internal: true`) |
| `mgmt` | portainer, keycloak, wireguard-client |

## Ingress at edge

| Port | Container | Bound to |
|---|---|---|
| tcp/80, 443 | nginx-proxy | plant-LAN interface only |

The wireguard-client publishes nothing — it dials out to the cloud server.

## Creating a new site

1. `cp -r <existing-site> sites/<new-plant>` (or scaffold by hand).
2. Edit `compose.yml` for any site-specific overrides.
3. Edit `.env.example` and copy to `.env` with real values.
4. Deploy: `cd sites/<new-plant> && docker compose up -d`.

See [`../docs/architecture.md`](../docs/architecture.md) for the full design rationale.