bchanot-cv/.claude/memory/decisions.md
bastien c2e1dd30a8 docs(memory): backfill registries for docker, certbot, formation
decisions.md  — log BDR-004 (containerize site with nginx:alpine behind reverse
                proxy): rationale, hardening flags (read_only, cap_drop,
                no-new-privileges, tmpfs), alternatives rejected (bare nginx,
                Caddy/Traefik). Reference commits: 7957b04.

learnings.md  — log LRN-001 (certbot --nginx matches `server_name`, not
                filename): root cause was leftover `server_name autreprojet.fr`
                in `sites-available/bchanot.fr`. Future check:
                `grep -n "server_name" /etc/nginx/sites-enabled/*` before any
                certbot install on a multi-site VPS.

journal.md    — 5 lines covering docker setup, git init + remote + push,
                certbot diagnose + fix, prior commit batch, and today's
                feat(formation) section work (commit 1d5fbfa).

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-15 20:37:28 +02:00

4.3 KiB

type entry_prefix schema rules
decisions_registry BDR
id date title decision why alternatives status supersedes
BDR-XXX YYYY-MM-DD string (<= 80 chars) string (what was chosen) string (motivation, context) list of strings (what was rejected + why)
proposed | accepted | deprecated | superseded
BDR-XXX (optional)
Append-only. Never rewrite past entries - add a new one with status superseded if needed.
One entry per non-trivial choice. Trivial = reversible in under 10 min with no cross-file impact.
Capture why more carefully than what - the what rots, the why lasts.

Decisions registry (BDR)

Index

ID Date Title Status
BDR-001 2026-05-15 Static single-file site, no framework accepted
BDR-002 2026-05-15 weasyprint pour PDF CV depuis HTML accepted
BDR-003 2026-05-15 Position pro: CDI prioritaire, freelance parallèle accepted
BDR-004 2026-05-15 Containerize site with nginx:alpine behind reverse proxy accepted

BDR-001 — Static single-file site, no framework

  • Date: 2026-05-15
  • Statut: accepted
  • Décision: index.html unique, CSS inline <style>, JS vanilla inline <script>. Aucun bundler, aucun build step.
  • Pourquoi: Landing perso 1 page. Audience recruteurs/CTO. Critère "click Contacter <10s". Zéro dep, zéro maintenance, zéro tracking. Indexable par défaut.
  • Alternatives rejetées:
    • Astro — overkill, ajoute build step pour 1 page.
    • React SPA — interdit pour site public indexable (cf ~/.claude/CLAUDE.md).
    • HTML + CSS externes — éclate 1 livrable en 3 fichiers sans bénéfice.
  • Référence: index.html, section Stack de CLAUDE.md.

BDR-002 — weasyprint pour génération PDF CV

  • Date: 2026-05-15
  • Statut: accepted
  • Décision: weasyprint CV_Bastien_Chanot.html CV_Bastien_Chanot.pdf à chaque modif HTML CV.
  • Pourquoi: weasyprint déjà installé (~/.local/bin/weasyprint). Chromium absent. wkhtmltopdf déprécié.
  • Alternatives rejetées:
    • Chromium --print-to-pdf — pas installé.
    • wkhtmltopdf — déprécié + WebKit ancien, rendu moins fidèle.
    • Print manuel via navigateur — pas reproductible, dérive entre HTML et PDF.
  • Warnings connus: box-shadow: none ignoré par weasyprint, sans impact visuel.
  • Référence: CV_Bastien_Chanot.pdf.

BDR-003 — Position pro: CDI prioritaire, missions freelance en parallèle

  • Date: 2026-05-15
  • Statut: accepted
  • Décision: Site annonce CDI systèmes/embarqué prioritaire, ZenQuality (freelance) en parallèle. Géo: full remote idéal, hybride 1-2 j/mois si Paris, mobilité Pays de la Loire.
  • Pourquoi: Recadrage user. Première version annonçait "Missions long terme & expertise" — pas représentatif. Hiérarchie CDI > freelance maintenant explicite (hero eyebrow + about para + callout + CV header).
  • Référence: index.html (hero-eyebrow, about-text para 3, about-callout) + CV_Bastien_Chanot.html (header).

BDR-004 — Containerize site with nginx:alpine behind reverse proxy

  • Date: 2026-05-15
  • Status: accepted
  • Decision: Ship site as bchanot-web Docker container (nginx:1.27-alpine). Container listens on port 80 internally; host port configurable via PORT env (default 8080), bound to 127.0.0.1. Host nginx terminates TLS + proxy_pass to container.
  • Why: VPS hosts multiple sites (zenquality.fr, nuit-folle.zenquality.fr, bchanot.fr). Container isolates static assets + nginx config, easier rollback, reproducible build. Loopback bind blocks direct external hits, forces traffic through host nginx (TLS, rate limit, logs).
  • Hardening: read_only: true, cap_drop: ALL + minimal cap_add, no-new-privileges, tmpfs for /var/cache/nginx + /var/run + /tmp. CSP allows inline CSS/JS (project convention) + Google Fonts. HSTS deliberately omitted at container level — set by outer proxy after TLS termination.
  • Alternatives rejected:
    • Bare static files served by host nginx — no isolation, config drift between sites, harder rollback.
    • Caddy / Traefik container — overkill for 1 static site, host nginx already handles TLS for other domains.
  • Reference: Dockerfile, nginx.conf, docker-compose.yml, .env.example.