Infrastructure as Code for the nsheaps organization. Manages container deployments (Docker Compose via Arcane) and GitHub organization resources (Pulumi).

Container stacks deployed to hosts via Arcane GitOps sync. Each folder in hosts/ relates to a specific host, containing one or more docker-compose files.

For validation purposes, each compose file must end in -compose.yaml or -compose.yml.

Stacks are deployed automatically via the arcane-deploy GitHub Action:

• On push to main (when hosts/heapsnas/** changes): The arcane-deploy workflow discovers compose files and creates/updates GitOps syncs in Arcane.
• Sync naming: Files like hosts/heapsnas/nextcloud/docker-compose.yaml become sync heapsnas-nextcloud in Arcane.
• Auto-sync: Arcane polls for changes every 5 minutes in addition to push-triggered syncs.

Secrets (Arcane API key, deploy key) are stored as GitHub repository secrets, synced via the nsheaps/.github 1Password sync workflow.

1. Create a directory under hosts/<hostname>/<stack-name>/
2. Add a docker-compose.yaml file
3. Push to main — Arcane will auto-discover and deploy it

Previously, stacks were synced via Portainer GitOps polling. The _portainer/ directory in hosts/ contains the bootstrap compose for Portainer itself. See Portainer stack docs for reference.

Example stacks: https://github.com/portainer/templates/tree/master/stacks

GitHub org resources (repos, teams, branch protection) managed via Pulumi YAML. See github-org/README.md for full documentation including Terraform equivalents.

gh repo clone nsheaps/iac ~/src/nsheaps/iac || true
cd ~/src/nsheaps/iac
mise install                    # install tools (node, yarn, pulumi, etc.)
corepack enable && corepack install
yarn install