Sync Strategy¶
Source of Truth¶
flowchart LR
Local["Local Workstation"]
GitLab["GitLab<br/>(source of truth)"]
GDrive["Google Drive<br/>(read-only mirror)"]
Local -->|"git push"| GitLab
GitLab -->|"rclone copy"| GDrive
style GitLab fill:#1a5276,stroke:#2980b9,color:#fff
style GDrive fill:#1e8449,stroke:#27ae60,color:#fff
| Layer | System | Role |
|---|---|---|
| Primary | GitLab (self-hosted or gitlab.com) | Source of truth, version control, CI/CD |
| Mirror | Google Drive | Read-only copy for mobile access and backup |
| Working | Local workstation | Active development |
GitLab as Source of Truth¶
All infrastructure code, Fleet bundles, secrets (SOPS-encrypted), and documentation live in a single Git repository. GitLab is authoritative:
- All changes go through
git commit+git push - Fleet watches the GitLab repo for workload deployment
- OpenTofu state is committed (encrypted) after each apply
- No direct edits on VMs -- everything flows from the repo
Branch Strategy¶
| Branch | Purpose |
|---|---|
main |
Production -- what is deployed to the cluster |
feature/* |
Short-lived feature branches |
beast/* |
Experimental branches used during Beast sessions |
No staging environment
This is a single-cluster personal lab. The main branch IS production. Feature branches are tested on Beast and merged directly.
rclone Copy to Google Drive¶
A scheduled rclone copy mirrors the repository to Google Drive for offline access and as a secondary backup:
# Cron job on local workstation (runs daily at 22:00)
rclone copy ~/projects/lron-infra gdrive:Backups/lron-infra \
--exclude ".git/**" \
--exclude "node_modules/**" \
--exclude ".terraform/**" \
--exclude ".tofu/**"
| Parameter | Value |
|---|---|
| Direction | One-way: local -> GDrive |
| Schedule | Daily at 22:00 |
| Excludes | .git/, .terraform/, .tofu/, node_modules/ |
| SOPS files | Copied as-is (encrypted at rest) |
| Conflict policy | None -- GDrive is write-only destination |
GDrive is a mirror, not a sync target
Never edit files on Google Drive. Changes will be overwritten by the next rclone run. Git is the only place to make changes.
Conflict Resolution¶
Since GDrive is a one-way mirror, there are no sync conflicts by design. For Git-level conflicts:
| Scenario | Resolution |
|---|---|
| Concurrent edits on same file | Standard git merge/rebase |
| Beast branch diverges from main | Rebase beast/* onto main before merge |
| SOPS-encrypted file conflict | Decrypt both versions, resolve, re-encrypt |
| OpenTofu state conflict | Run tofu refresh then commit updated state |
Recovery from Desync¶
If the local workstation and GitLab get out of sync:
git fetch originto get latest remote stategit statusto identify divergencegit rebase origin/main(if local is ahead)git reset --hard origin/main(if local state is corrupt -- last resort)- Re-run
rclone copyto update GDrive mirror