From 31355975e14b27a7421fd8a10ca51bf2dfc16b07 Mon Sep 17 00:00:00 2001 From: Julian Tabel Date: Tue, 10 Feb 2026 09:45:58 +0100 Subject: [PATCH] Update deployment beans to reflect SSH-based approach Remove Portainer references, mark NPM and env management as completed, update epic checklist and decided approach. Co-Authored-By: Claude Opus 4.6 --- ...ginx-proxy-manager-for-nuzlocke-tracker.md | 4 +-- ...locke-tracker-ahza--deployment-strategy.md | 29 +++++++++---------- ...-re0m--document-the-deployment-workflow.md | 8 +++-- ...p0b--environment-and-secrets-management.md | 5 ++-- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.beans/nuzlocke-tracker-3lfw--configure-nginx-proxy-manager-for-nuzlocke-tracker.md b/.beans/nuzlocke-tracker-3lfw--configure-nginx-proxy-manager-for-nuzlocke-tracker.md index 531d04a..487c367 100644 --- a/.beans/nuzlocke-tracker-3lfw--configure-nginx-proxy-manager-for-nuzlocke-tracker.md +++ b/.beans/nuzlocke-tracker-3lfw--configure-nginx-proxy-manager-for-nuzlocke-tracker.md @@ -1,11 +1,11 @@ --- # nuzlocke-tracker-3lfw title: Configure Nginx Proxy Manager for nuzlocke-tracker -status: todo +status: completed type: task priority: normal created_at: 2026-02-09T15:30:50Z -updated_at: 2026-02-09T16:53:13Z +updated_at: 2026-02-10T08:44:18Z parent: nuzlocke-tracker-ahza blocking: - nuzlocke-tracker-vpn5 diff --git a/.beans/nuzlocke-tracker-ahza--deployment-strategy.md b/.beans/nuzlocke-tracker-ahza--deployment-strategy.md index 56ff65d..a7e1b0d 100644 --- a/.beans/nuzlocke-tracker-ahza--deployment-strategy.md +++ b/.beans/nuzlocke-tracker-ahza--deployment-strategy.md @@ -16,19 +16,18 @@ Define and implement a deployment strategy for running the nuzlocke-tracker in p - **Dev environment:** Laptop/PC — continue using the existing `docker-compose.yml` for local development - **Production host:** Unraid server running Docker containers - **Networking:** LAN-only access, Nginx Proxy Manager already in place on Unraid -- **Orchestration:** Docker Compose for production (matching dev workflow). Install Portainer for container management and semi-automated deployments. +- **Orchestration:** Docker Compose for production (matching dev workflow). Deploy via SSH from the dev machine. ## Decided Approach -**Docker Compose + Portainer + Gitea (source hosting, container registry, CI/CD)** +**Docker Compose + SSH + Gitea (source hosting, container registry)** -1. **Gitea** runs on Unraid behind Nginx Proxy Manager with SSL (e.g., `gitea.nerdboden.de`). It serves as the self-hosted Git remote, container registry, and (optionally) CI/CD via Gitea Actions. -2. **Images are built on the dev machine** and pushed to Gitea's container registry as **user-level packages** (e.g., `gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest`, `gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest`). -3. **Production runs docker-compose** on Unraid, pulling images from the Gitea container registry instead of mounting source. -4. **Portainer** is installed on Unraid to manage stacks, provide a web UI, and enable webhook-triggered redeployments. -5. **A deploy script** on the dev machine automates the full flow: build images → push to Gitea registry → trigger Portainer webhook to redeploy. -6. **Nginx Proxy Manager** handles routing on the LAN (e.g., `nuzlocke.nerdboden.de` → frontend container, `gitea.nerdboden.de` → Gitea). -7. **Database** uses a bind mount (`./data/postgres`) for persistence on the Unraid disk; migrations run automatically on API container startup. The compose file lives at `/mnt/user/appdata/nuzlocke-tracker/`, so all persistent data is stored in subfolders there. +1. **Gitea** runs on Unraid behind Nginx Proxy Manager with SSL (e.g., `gitea.nerdboden.de`). It serves as the self-hosted Git remote and container registry. +2. **Images are built on the dev machine** (podman or docker, cross-compiled for linux/amd64) and pushed to Gitea's container registry as **user-level packages** (e.g., `gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest`, `gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest`). +3. **Production runs docker compose** on Unraid at `/mnt/user/appdata/nuzlocke-tracker/`, pulling images from the Gitea container registry instead of mounting source. +4. **A deploy script** on the dev machine automates the full flow: build images → push to Gitea registry → SCP compose file to Unraid → generate `.env` if missing → SSH to pull images and (re)start containers. +5. **Nginx Proxy Manager** handles routing on the LAN (e.g., `nuzlocke.nerdboden.de` → frontend container, `gitea.nerdboden.de` → Gitea). +6. **Database** uses a bind mount (`./data/postgres`) for persistence on the Unraid disk; migrations run automatically on API container startup. ## Branching Strategy @@ -42,7 +41,7 @@ Define and implement a deployment strategy for running the nuzlocke-tracker in p 1. Create `feature/xyz` from `develop` 2. Work on the feature, commit, merge into `develop` 3. When ready to deploy: merge `develop` → `main` -4. Run `./deploy.sh` (builds from `main`, pushes to Gitea registry, triggers Portainer webhook) +4. Run `./deploy.sh` (builds from `main`, pushes to Gitea registry, deploys to Unraid via SSH) ## Checklist @@ -51,10 +50,8 @@ Define and implement a deployment strategy for running the nuzlocke-tracker in p - [ ] **Configure Gitea container registry** — create an access token with `read:package` and `write:package` scopes, verify `docker login gitea.nerdboden.de` works, test pushing and pulling an image as a user-level package - [x] **Create production docker-compose file** (`docker-compose.prod.yml`) — uses images from the Gitea container registry, production env vars, no source volume mounts, proper restart policies - [x] **Create production Dockerfiles (or multi-stage builds)** — ensure frontend is built and served statically (e.g., via the API or a lightweight nginx container), API runs without debug mode -- [x] **Set up Portainer on Unraid** — install Portainer CE as a Docker container, configure the stack from the production compose file -- [x] **Configure Portainer API for automated redeployment** — deploy script uses Portainer CE REST API to pull latest images and restart the stack -- [x] **Create deploy script** — `./deploy.sh` builds images, pushes to Gitea registry, triggers Portainer API redeployment -- [ ] **Configure Nginx Proxy Manager** — add proxy host entries for Gitea and the nuzlocke-tracker frontend/API on the appropriate ports -- [ ] **Environment & secrets management** — create a `.env.prod` template, document required variables, decide on secret handling (`.env` file on Unraid, Portainer env vars, etc.) -- [ ] **Database backup strategy** — set up a simple scheduled backup for the PostgreSQL volume/data (e.g., cron + `pg_dump` script on Unraid) +- [x] **Create deploy script** — `./deploy.sh` builds images (podman/docker, linux/amd64), pushes to Gitea registry, SCPs compose file, generates `.env` if needed, pulls and starts containers via SSH +- [x] **Configure Nginx Proxy Manager** — add proxy host entries for Gitea and the nuzlocke-tracker frontend/API on the appropriate ports +- [x] **Environment & secrets management** — deploy script auto-generates `.env` with `POSTGRES_PASSWORD` on Unraid if missing; file lives at `/mnt/user/appdata/nuzlocke-tracker/.env` +- [ ] **Database backup strategy** — set up a simple scheduled backup for the PostgreSQL data (e.g., cron + `pg_dump` script on Unraid) - [ ] **Document the deployment workflow** — README or docs covering how to deploy, redeploy, rollback, and manage the production instance \ No newline at end of file diff --git a/.beans/nuzlocke-tracker-re0m--document-the-deployment-workflow.md b/.beans/nuzlocke-tracker-re0m--document-the-deployment-workflow.md index dc053ae..784999f 100644 --- a/.beans/nuzlocke-tracker-re0m--document-the-deployment-workflow.md +++ b/.beans/nuzlocke-tracker-re0m--document-the-deployment-workflow.md @@ -5,7 +5,7 @@ status: in-progress type: task priority: normal created_at: 2026-02-09T15:30:57Z -updated_at: 2026-02-09T16:55:02Z +updated_at: 2026-02-10T08:44:29Z parent: nuzlocke-tracker-ahza blocking: - nuzlocke-tracker-aiw6 @@ -19,5 +19,7 @@ Write documentation covering the full deployment setup and workflows. - How to deploy (run `./deploy.sh`) - How to redeploy after changes - How to rollback to a previous version -- How to manage the production instance (Portainer UI, logs, etc.) -- How to set up the production environment from scratch (registry, Portainer, NPM, secrets) \ No newline at end of file +- How to manage the production instance (SSH, docker compose logs, etc.) +- How to set up the production environment from scratch (registry auth, NPM, SSH access) +- Deploy script flow: build images (podman/docker) → push to Gitea registry → SCP compose file → generate .env if missing → pull and start containers via SSH +- Production files live at `/mnt/user/appdata/nuzlocke-tracker/` on Unraid (compose file, .env, data/) \ No newline at end of file diff --git a/.beans/nuzlocke-tracker-up0b--environment-and-secrets-management.md b/.beans/nuzlocke-tracker-up0b--environment-and-secrets-management.md index 43c161d..f22e9e3 100644 --- a/.beans/nuzlocke-tracker-up0b--environment-and-secrets-management.md +++ b/.beans/nuzlocke-tracker-up0b--environment-and-secrets-management.md @@ -1,10 +1,11 @@ --- # nuzlocke-tracker-up0b title: Environment and secrets management -status: todo +status: completed type: task +priority: normal created_at: 2026-02-09T15:30:52Z -updated_at: 2026-02-09T15:30:52Z +updated_at: 2026-02-10T08:44:18Z parent: nuzlocke-tracker-ahza ---