Skip to content

ADR-0005: IT/OT separation at folder and inventory level, not repo level

Status

Accepted — 2026-03-31

Context

The platform serves both IT and OT workloads. A decision was needed on whether to separate IT and OT at the repo level or within shared repos using folder and inventory structure.

Decision

IT/OT separation is enforced at the folder and Ansible inventory level within shared repos. The repo split is sensitivity-based:

  • archon-platform — infra, nodes, k3s, Terraform, Ansible
  • archon-apps — Grafana, Node-RED, Ollama, peries.ca, MQTT, ESP32 firmware
  • archon-cloud — Azure/GCP/AWS/Alibaba credentials and configs

Inside archon-apps, IT and OT content is separated by folder and by Ansible inventory (inventories/it/ vs inventories/ot/).

Alternatives Considered

Separate repos (archon-it, archon-ot) — Cross-repo dependency complexity. Shared Ansible roles would need a third repo or duplication. More branch policies to maintain.

Single monorepo — Mixes credential sensitivity levels in one access boundary. Cloud credentials and OT firmware in the same scope is poor security practice.

Consequences

  • Ansible inventories must clearly separate IT and OT hosts
  • Pipelines must use path filters to route IT vs OT changes correctly
  • archon-cloud access control must be tighter than other repos
  • OT-specific ADRs live in archon-apps/docs/adr/

References

  • ADR-0001 (hybrid branching) — GitFlow applies to OT folders in archon-apps