mts1b-deploy
Multi-target installer: Docker, Proxmox LXC, K8s, Nomad, VMware — kernel-
menuconfigstyle.
Repo: github.com/MTS1B/mts1b-deploy Layer: 1 Depends on: foundation, textual (TUI), proxmoxer, kubernetes, ... Audience: every operator deploying MTS1B
What it is
A meta-repo + CLI that renders deployment artifacts (compose files, LXC configs, Helm charts, ...) for the entire MTS1B ecosystem from a single config file.
mts1b-deploy menuconfig # TUI: pick target + profile
mts1b-deploy install # render + provision + start
mts1b-deploy status # /healthz for everything
mts1b-deploy upgrade # rolling upgrade
mts1b-deploy backup configure # restic snapshots
mts1b-deploy demo backtest-equities
See concept: deployment profiles for the full target × profile matrix.
Targets
| Target | Status | Notes |
|---|---|---|
docker-compose | ✅ Wave 1 | Single-host default |
proxmox-lxc | ✅ Wave 1 ⭐ | Maintainer's primary testbed |
kubernetes-helm | Wave 2 | EKS / GKE / AKS / k3s / kind |
nomad | Wave 2 | HashiCorp Nomad |
crossplane | Wave 2 | XRDs for multi-cloud composition |
pulumi / terraform | Wave 2 | Cloud IaC |
ansible | Wave 2 | Bare metal / VMs |
vmware-ovf | Wave 3 | OVF appliance |
packer | Wave 3 | AMI / qcow2 / OVA images |
native-mac | Wave 3 | brew install mts1b |
native-windows | Wave 3 | winget / scoop |
native-linux | Wave 3 | deb / rpm / pacman |
Profiles
| Profile | Services included |
|---|---|
minimal | postgres, nats, foundation, platform, deploy |
backtest-only | minimal + quantkit, GPUbacktester, datalake, research (read-only) |
paper-trading | backtest-only + brokers (paper), oms, oms-algos, riskengine, portfolio, marketdata |
foundational-12 | All 12 v1 repos |
live-trading | foundational-12 + live broker creds + halt manager hardened |
full | All 29 repos (after v3) |
Module layout
mts1b_deploy/
├── cli/ # click-based CLI entrypoints
├── tui/ # Textual menuconfig
├── targets/
│ ├── docker_compose.py
│ ├── proxmox_lxc.py # uses proxmoxer
│ ├── kubernetes.py # generates Helm charts
│ ├── nomad.py
│ ├── vmware.py
│ └── ...
├── render/
│ ├�── compose.j2 # Jinja2 template
│ ├── lxc.conf.j2
│ ├── helm-chart.j2
│ └── ...
├── secrets/
│ ├── vault_bootstrap.py
│ └── envconsul.py
├── backup/
│ └── restic.py
└── observability/
├── prometheus.yaml
└── grafana_dashboards/
The config file
mts1b.config
target: proxmox-lxc
profile: foundational-12
asset_classes: [equities, crypto]
optional:
llm: false
githubbot: false
discordbot: false
frontends: true
secrets:
source: external-vault
vault_addr: https://vault.local:8200
vault_role: mts1b
proxmox:
api_url: https://proxmox.local:8006/api2/json
node: pve1
storage: local-lvm
network: vmbr0
template: ubuntu-22.04-standard
ssh_keys:
- "ssh-ed25519 AAAA..."
postgres:
version: "16"
shared_buffers: 4GB
ports:
oms_grpc: 50051
oms_http: 8001
# ... per-service
CLI reference
# Configure
mts1b-deploy menuconfig # TUI
mts1b-deploy config validate # static + connectivity checks
# Lifecycle
mts1b-deploy install # idempotent install/update
mts1b-deploy status # healthz for every service
mts1b-deploy logs <service> # tail logs
mts1b-deploy restart <service>
mts1b-deploy stop / start / down
mts1b-deploy destroy # ⚠️ deletes data
# Upgrades
mts1b-deploy upgrade --dry-run
mts1b-deploy upgrade
mts1b-deploy rollback --to <commit>
# Backups
mts1b-deploy backup configure --target nfs://... --schedule "0 3 * * *"
mts1b-deploy backup now
mts1b-deploy restore --to-staging
# Operational
mts1b-deploy demo backtest-equities
mts1b-deploy demo paper-trade
mts1b-deploy open grafana # opens browser
Idempotency
mts1b-deploy install is idempotent. Running it twice with the same config does nothing the second time. Diffs config-vs-running state and applies only changes.
This means:
- Safe to run in CI on every commit (drift detection)
mts1b-deploy diffshows config-vs-running deltas before apply
What gets rendered
For target=proxmox-lxc:
./out/
├── proxmox/
│ ├── lxc-templates/ # one per service
│ ├── provision.sh # idempotent
│ └── teardown.sh
├── env/ # Vault-rendered .env files
└── observability/
For target=docker-compose:
./out/
├── docker-compose.yml
├── docker-compose.override.yml
├── .env
└── volumes/
For target=kubernetes-helm (Wave 2):
./out/
├── charts/ # one Chart per service
├── values.yaml
└── kustomization.yaml
Vault bootstrap
mts1b-deploy vault bootstrap provisions a Vault instance suitable for MTS1B:
- Spawns Vault on the chosen target (LXC, container, ...)
- Initializes with Shamir 5-of-3
- Configures roles + policies for each MTS1B service
- Loads default secret paths
- Outputs unseal shares to
~/.mts1b/vault-init.json(move off-host!)
You can skip this if you already have a Vault; just set VAULT_ADDR + VAULT_TOKEN and the renderer will read from it.
Backups
restic-based:
- Dedup (typical 90%+ ratio)
- AES-256 + zstd
- NFS / S3 / B2 / local
- Schedule via cron / systemd timer
Tested: mts1b-deploy restore --to-staging runs every quarter.
Roadmap
| Version | Items |
|---|---|
| 0.1 (Wave 1) | docker-compose + proxmox-lxc targets, foundational-12 profile, Vault bootstrap |
| 0.2 (Wave 2) | kubernetes-helm, nomad, terraform, crossplane targets |
| 0.3 (Wave 2) | Multi-host docker swarm, k3d for laptop dev |
| 0.4 (Wave 3) | Native installers (brew, winget, deb, rpm), VMware OVF, Packer images |
| 1.0 (LTS) | Stable CLI, frozen config schema |
See also
- Concept: Deployment profiles — target × profile matrix
- Tutorial: Deploy to Proxmox — end-to-end walkthrough