sodimo

The Sodimo Manual

Processes, tools, internal reference

Sodimo · 2026

Chapter 1 Welcome Why this manual exists, who it is for, and how to read it.
The company
Chapter 2 Sodimo The operational facts the rest of the manual refers to: four domains, one warehouse, B2B customers. Chapter 3 The engagement Seven chapters with defined end states. What 'deployed' means. How the release feed works. Chapter 4 The Sodiwin black-box principle The single most important architectural rule: interface only via SFTP to the NAS, never direct. Chapter 5 Three design principles The architectural spine: conceptual fork, token accounting, single MCP surface.
The data
Chapter 6 Sodiwin Sodimo's ERP treated as a black box — why, how the nightly data export works, and Florian's role. Chapter 7 The sales data Paul's dashboard today, the rep roster, and what changes when D1 goes live. Chapter 8 The data warehouse All Sodiwin data in a Cloudflare database — what you can query and how the nightly feed works. Chapter 9 Sodiwin schema — the 21 tables The 21 tables Florian dumps from Sodiwin every night. French table names, English purpose, and the file-format rules every downstream parser depends on.
The infrastructure
Chapter 10 Network Gennevilliers office network: two VLANs, key hosts, the Framework Desktop, and Tailscale. Chapter 11 How the system is built Cloudflare hosts data and the one MCP surface. The harness hosts on-prem services. Traffic between them is pull-based. Chapter 12 Cloudflare Four domains, four public sites, internal tools gated by email, data warehouse, and AI gateway. Chapter 13 Mail 33 mailboxes self-hosted on the Fedora harness. Postfix, Dovecot, rspamd, Piler. Every AI-originated email goes through a Cloudflare queue before it touches the box. Chapter 14 The harness The Fedora bootc image Sodimo receives: two repos, one atomic OS, one rebuild procedure. Chapter 15 Baseline accounts playbook Every Sodimo-style engagement stands up the same account spine. Google Workspace first, then GitHub / Cloudflare / Tailscale anchor on it, then leger.run for the quadlet configs and local-model env. What gets created, in what order, and what it unlocks. Chapter 16 OpenWebUI — team chat with the local models The chat page where anyone at Sodimo talks to the local AI models — no login, in the browser, nothing leaves the building. Chapter 17 The vault Vaultwarden as Sodimo's account-and-key source of truth: what's stored, who has access, how it's rotated, backed up, and handed off. Chapter 18 Quadlet reference Every podman Quadlet shipped on the Sodimo harness — upstream project, image tag, ports, routing (Caddy vs cloudflared), environment, secrets, and upgrade path.
The AI layer
Chapter 19 AI on-prem Local AI on the Framework Desktop — what runs on-prem, when the system escalates to cloud, and which skills use which tier. Chapter 20 What the AI can access The Sodimo MCP endpoint — one Cloudflare Worker, the tools the AI can call, and the auth shape. Chapter 21 Skills library How the team authors and shares AI workflows. The deliverable is the sharing infrastructure — the specific skills are for the team to grow over time. Chapter 22 Paperclip — where background agents live Scheduled and background agent runs — who fired, what they did, what it cost, and whether they finished. The audit surface for Sodimo's AI stack. Chapter 23 Computer-use agent — out of scope What the sodiwin-agent write-path would have been, and why it is not shipping this engagement.
The repositories
Chapter 24 The repos What each repository does, its status, and what it depends on. Chapter 25 Open items What is blocking, what Paul still needs to send, and where decisions live. Chapter 26 CRM Twenty CRM as a pinned quadlet; Sodimo's MCP tools call Twenty's REST/GraphQL API directly and emit run-ledger rows. No forks, no Postgres shortcut. Chapter 27 WhatsApp order-acknowledgment bot A narrowly scoped webhook that drafts order-acknowledgment replies when a customer messages Sodimo on WhatsApp. Experimental, guardrailed, secondary. Chapter 28 Annex: decisions log The 152 D-decisions (D-001 to D-152) that shaped the engagement, with Tom's verbatim calls.
The dashboard
Chapter 29 The launchpad One page that lists every internal URL a Sodimo employee reaches — Cockpit, OpenWebUI, Paperclip, Twenty CRM, Piler, the manual — grouped by audience, with the access model spelled out.
The employee guidebook
Chapter 30 Cloudflare Pages with Claude Code How an employee builds a small internal web page — a report, a dashboard, a one-off tool — by talking to Claude Code in plain English, then deploys it to a sodimo.eu URL. Chapter 31 Account vault basics What the Sodimo vault is (a Sodimo-hosted Vaultwarden), how an employee reaches it through the browser over Cloudflare Access + Google login, what goes in and what stays out. Full technical spec is in chapter *The vault*. Chapter 32 Key rotation Why Sodimo rotates credentials on a schedule, the canonical cadence per credential type, and the step-by-step walk-throughs — driven from the Vaultwarden UI or Claude Code — for each type. Chapter 33 SSH basics What SSH is, when a Sodimo employee encounters it (mostly during maintenance or handoff), and how to set up a key from scratch and land it in the vault.