harkon/ai-tax-agent
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clean up base infra
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
Details
CI/CD Pipeline / Policy Validation (push) Has been cancelled
Details
CI/CD Pipeline / Test Suite (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Notifications (push) Has been cancelled
Details

Browse Source
This commit is contained in:
harkon
2025-10-11 11:42:43 +01:00
parent b324ff09ef
commit f0f7674b8d
52 changed files with 663 additions and 5224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

401
scripts/cleanup-infra-structure.sh
View File

@@ -1,401 +0,0 @@
#!/bin/bash
# Cleanup and align infrastructure structure
# This script consolidates configurations and removes duplication
set -e
# Colors
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
RED='\033[0;31m'
NC='\033[0m'
log_info() {
echo -e "${BLUE} $1${NC}"
}
log_success() {
echo -e "${GREEN}$1${NC}"
}
log_warning() {
echo -e "${YELLOW}⚠️ $1${NC}"
}
log_error() {
echo -e "${RED}$1${NC}"
}
# Script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
INFRA_DIR="$PROJECT_ROOT/infra"
log_info "Cleaning up infrastructure structure..."
echo " Project Root: $PROJECT_ROOT"
echo " Infra Dir: $INFRA_DIR"
echo ""
# Step 1: Backup current structure
log_info "Step 1: Creating backup..."
BACKUP_DIR="$PROJECT_ROOT/infra-backup-$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"
cp -r "$INFRA_DIR/configs" "$BACKUP_DIR/" 2>/dev/null || true
log_success "Backup created at $BACKUP_DIR"
# Step 2: Align Traefik configurations
log_info "Step 2: Aligning Traefik configurations..."
# The source of truth is infra/compose/traefik/config/
# Remove duplicates from infra/configs/traefik/config/
if [ -d "$INFRA_DIR/configs/traefik/config" ]; then
log_warning " Removing duplicate Traefik configs from infra/configs/traefik/config/"
rm -rf "$INFRA_DIR/configs/traefik/config"
log_success " Removed duplicate Traefik configs"
fi
# Keep only app-specific Traefik middleware in configs
mkdir -p "$INFRA_DIR/configs/traefik"
cat > "$INFRA_DIR/configs/traefik/app-middlewares.yml" << 'EOF'
# Application-specific Traefik middlewares
# These are loaded by the application infrastructure, not the external Traefik
http:
middlewares:
# Large upload middleware for Gitea registry
gitea-large-upload:
buffering:
maxRequestBodyBytes: 5368709120 # 5GB
memRequestBodyBytes: 104857600 # 100MB
maxResponseBodyBytes: 5368709120 # 5GB
memResponseBodyBytes: 104857600 # 100MB
retryExpression: "IsNetworkError() && Attempts() < 3"
# Rate limiting for public APIs
api-ratelimit:
rateLimit:
average: 100
burst: 50
period: 1s
# Security headers
security-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
EOF
log_success " Created app-specific Traefik middlewares"
# Step 3: Align Authentik configurations
log_info "Step 3: Aligning Authentik configurations..."
# infra/compose/authentik/ - Production service configs
# infra/configs/authentik/ - Application bootstrap configs (keep separate)
if [ -d "$INFRA_DIR/configs/authentik" ]; then
log_info " Keeping app-specific Authentik bootstrap in infra/configs/authentik/"
log_success " Authentik configs aligned"
fi
# Step 4: Clean up old directories
log_info "Step 4: Cleaning up old directories..."
# Remove old standalone config directories that were moved
OLD_DIRS=(
"$INFRA_DIR/traefik"
"$INFRA_DIR/grafana"
"$INFRA_DIR/prometheus"
"$INFRA_DIR/loki"
"$INFRA_DIR/promtail"
"$INFRA_DIR/vault"
"$INFRA_DIR/neo4j"
"$INFRA_DIR/postgres"
)
for dir in "${OLD_DIRS[@]}"; do
if [ -d "$dir" ] && [ -f "$INFRA_DIR/configs/$(basename $dir)/.moved" ]; then
log_warning " Removing old directory: $dir"
rm -rf "$dir"
log_success " Removed $dir"
fi
done
# Step 5: Update .gitignore
log_info "Step 5: Updating .gitignore..."
cat > "$INFRA_DIR/.gitignore" << 'EOF'
# Environment files (contain secrets)
environments/*/.env
!environments/*/.env.example
compose/*/.env
!compose/env.example
# Certificates
certs/*/
!certs/.gitkeep
compose/*/certs/
!compose/*/certs/.gitkeep
# Provider credentials
compose/traefik/.provider.env
configs/traefik/.provider.env
# Data directories
compose/*/data/
compose/*/media/
compose/authentik/media/
compose/authentik/custom-templates/
compose/portainer/portainer/
# Backup files
*.backup
*.tmp
*-backup-*/
# Docker volumes (if mounted locally)
volumes/
# Logs
*.log
logs/
# Moved markers
**/.moved
EOF
log_success ".gitignore updated"
# Step 6: Create README for external services
log_info "Step 6: Creating documentation..."
cat > "$INFRA_DIR/compose/README.md" << 'EOF'
# External Services
This directory contains Docker Compose configurations for external services that run on the production server.
## Services
### Traefik
- **Location**: `traefik/`
- **Purpose**: Reverse proxy and load balancer for all services
- **Deploy**: `cd traefik && docker compose up -d`
- **Access**: https://traefik.harkon.co.uk
### Authentik
- **Location**: `authentik/`
- **Purpose**: SSO and authentication provider
- **Deploy**: `cd authentik && docker compose up -d`
- **Access**: https://authentik.harkon.co.uk
### Gitea
- **Location**: `gitea/`
- **Purpose**: Git repository hosting and container registry
- **Deploy**: `cd gitea && docker compose up -d`
- **Access**: https://gitea.harkon.co.uk
### Nextcloud
- **Location**: `nextcloud/`
- **Purpose**: File storage and collaboration
- **Deploy**: `cd nextcloud && docker compose up -d`
- **Access**: https://nextcloud.harkon.co.uk
### Portainer
- **Location**: `portainer/`
- **Purpose**: Docker management UI
- **Deploy**: `cd portainer && docker compose up -d`
- **Access**: https://portainer.harkon.co.uk
## Deployment
### Production (Remote Server)
```bash
# SSH to server
ssh deploy@141.136.35.199
# Navigate to service directory
cd /opt/ai-tax-agent/infra/compose/<service>
# Deploy service
docker compose up -d
# Check logs
docker compose logs -f
# Check status
docker compose ps
```
### Local Development
For local development, use the all-in-one compose file:
```bash
cd infra/compose
docker compose -f docker-compose.local.yml up -d
```
## Configuration
Each service has its own `.env` file for environment-specific configuration:
- `traefik/.provider.env` - GoDaddy API credentials
- `authentik/.env` - Authentik secrets
- `gitea/.env` - Gitea database credentials
## Networks
All services use shared Docker networks:
- `frontend` - Public-facing services
- `backend` - Internal services
Create networks before deploying:
```bash
docker network create frontend
docker network create backend
```
## Maintenance
### Update Service
```bash
cd /opt/ai-tax-agent/infra/compose/<service>
docker compose pull
docker compose up -d
```
### Restart Service
```bash
cd /opt/ai-tax-agent/infra/compose/<service>
docker compose restart
```
### View Logs
```bash
cd /opt/ai-tax-agent/infra/compose/<service>
docker compose logs -f
```
### Backup Data
```bash
# Backup volumes
docker run --rm -v <service>_data:/data -v $(pwd):/backup alpine tar czf /backup/<service>-backup.tar.gz /data
```
## Integration with Application
These external services are used by the application infrastructure:
- **Traefik** - Routes traffic to application services
- **Authentik** - Provides SSO for application UIs
- **Gitea** - Hosts Docker images for application services
The application infrastructure is deployed separately using:
```bash
./infra/scripts/deploy.sh production infrastructure
./infra/scripts/deploy.sh production services
```
EOF
log_success "Created external services README"
# Step 7: Create deployment helper script
log_info "Step 7: Creating deployment helper script..."
cat > "$SCRIPT_DIR/deploy-external.sh" << 'EOF'
#!/bin/bash
# Deploy external services on production server
# Usage: ./scripts/deploy-external.sh <service>
set -e
SERVICE=$1
if [ -z "$SERVICE" ]; then
echo "Usage: $0 <service>"
echo ""
echo "Available services:"
echo " traefik"
echo " authentik"
echo " gitea"
echo " nextcloud"
echo " portainer"
echo " all"
exit 1
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
COMPOSE_DIR="$PROJECT_ROOT/infra/compose"
deploy_service() {
local svc=$1
echo "🚀 Deploying $svc..."
if [ ! -d "$COMPOSE_DIR/$svc" ]; then
echo "❌ Service directory not found: $COMPOSE_DIR/$svc"
return 1
fi
cd "$COMPOSE_DIR/$svc"
docker compose up -d
echo "✅ $svc deployed"
}
if [ "$SERVICE" = "all" ]; then
deploy_service "traefik"
sleep 5
deploy_service "authentik"
sleep 5
deploy_service "gitea"
deploy_service "nextcloud"
deploy_service "portainer"
else
deploy_service "$SERVICE"
fi
echo ""
echo "🎉 Deployment complete!"
EOF
chmod +x "$SCRIPT_DIR/deploy-external.sh"
log_success "Created deploy-external.sh script"
# Step 8: Summary
echo ""
log_success "Cleanup complete!"
echo ""
log_info "Summary of changes:"
echo " ✅ Removed duplicate Traefik configs"
echo " ✅ Created app-specific Traefik middlewares"
echo " ✅ Aligned Authentik configurations"
echo " ✅ Cleaned up old directories"
echo " ✅ Updated .gitignore"
echo " ✅ Created external services README"
echo " ✅ Created deploy-external.sh script"
echo ""
log_info "Backup location: $BACKUP_DIR"
echo ""
log_info "Next steps:"
echo " 1. Review changes in infra/ directory"
echo " 2. Update Makefile with new targets"
echo " 3. Test local deployment: make run"
echo " 4. Test external service deployment: ./scripts/deploy-external.sh traefik"
echo ""

54
scripts/debug-remote.sh
View File

@@ -1,54 +0,0 @@
#!/bin/bash
# Debug script for remote server issues
echo "=== Connecting to remote server ==="
echo "Running diagnostics..."
echo ""
ssh -t deploy@141.136.35.199 << 'ENDSSH'
set -x
echo "=== 1. Check Docker is running ==="
docker --version
docker info | head -10
echo ""
echo "=== 2. Check Docker images ==="
docker images | head -20
echo ""
echo "=== 3. Check if logged in to Gitea ==="
cat ~/.docker/config.json 2>/dev/null || echo "No Docker config found"
echo ""
echo "=== 4. Check Gitea container ==="
docker ps | grep gitea || echo "Gitea not running"
echo ""
echo "=== 5. Check recent Docker logs ==="
docker ps -a --format "{{.Names}}" | head -5
echo ""
echo "=== 6. Test Gitea registry connectivity ==="
curl -I https://gitea.harkon.co.uk/v2/ 2>&1 | head -10
echo ""
echo "=== 7. Check disk space ==="
df -h | grep -E "Filesystem|/$"
echo ""
echo "=== 8. Check if base-ml build is in progress ==="
docker ps | grep build || echo "No build in progress"
echo ""
echo "=== 9. Check Docker build logs (if any) ==="
docker ps -a --filter "ancestor=gitea.harkon.co.uk/harkon/base-ml" --format "{{.ID}} {{.Status}}"
echo ""
echo "=== 10. Try a simple docker login test ==="
echo "Testing registry connectivity..."
curl -v https://gitea.harkon.co.uk/v2/ 2>&1 | grep -E "HTTP|401|200"
ENDSSH

54
scripts/deploy-external.sh
View File

@@ -1,54 +0,0 @@
#!/bin/bash
# Deploy external services on production server
# Usage: ./scripts/deploy-external.sh <service>
set -e
SERVICE=$1
if [ -z "$SERVICE" ]; then
echo "Usage: $0 <service>"
echo ""
echo "Available services:"
echo " traefik"
echo " authentik"
echo " gitea"
echo " nextcloud"
echo " portainer"
echo " all"
exit 1
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
COMPOSE_DIR="$PROJECT_ROOT/infra/compose"
deploy_service() {
local svc=$1
echo "🚀 Deploying $svc..."
if [ ! -d "$COMPOSE_DIR/$svc" ]; then
echo "❌ Service directory not found: $COMPOSE_DIR/$svc"
return 1
fi
cd "$COMPOSE_DIR/$svc"
docker compose up -d
echo "$svc deployed"
}
if [ "$SERVICE" = "all" ]; then
deploy_service "traefik"
sleep 5
deploy_service "authentik"
sleep 5
deploy_service "gitea"
deploy_service "nextcloud"
deploy_service "portainer"
else
deploy_service "$SERVICE"
fi
echo ""
echo "🎉 Deployment complete!"

5
scripts/deploy-to-production.sh
View File

@@ -216,7 +216,7 @@ verify_deployment() {
echo ""
echo "=== Docker Networks ==="
docker network ls | grep -E "frontend|backend"
docker network ls | grep -E "apa-frontend|apa-backend"
echo ""
echo "=== Disk Usage ==="
@@ -290,7 +290,7 @@ case "${1:-all}" in
verify_deployment
;;
logs)
show_logs "${2:-svc-ingestion}"
show_logs "${2:-apa-svc-ingestion}"
;;
all)
deploy_all
@@ -310,4 +310,3 @@ case "${1:-all}" in
exit 1
;;
esac

22
scripts/deploy.sh
View File

@@ -20,7 +20,7 @@ echo "🔐 Generating development certificates..."
# Step 3: Start core infrastructure first
echo "🏗️ Starting core infrastructure..."
cd infra/compose
docker compose -f docker-compose.local.yml up -d traefik postgres redis
docker compose -f docker-compose.local.yml up -d ata-traefik ata-postgres ata-redis
cd ../..
# Step 4: Wait for core services and fix database issues
@@ -31,28 +31,28 @@ sleep 15
# Step 5: Start Authentik components in order
echo "🔐 Starting Authentik components..."
cd infra/compose
docker compose -f docker-compose.local.yml up -d authentik-db authentik-redis
docker compose -f docker-compose.local.yml up -d ata-authentik-db ata-authentik-redis
sleep 10
docker compose -f docker-compose.local.yml up -d authentik-server
docker compose -f docker-compose.local.yml up -d ata-authentik-server
sleep 15
docker compose -f docker-compose.local.yml up -d authentik-worker authentik-outpost
docker compose -f docker-compose.local.yml up -d ata-authentik-worker ata-authentik-outpost
cd ../..
# Step 6: Start remaining infrastructure
echo "🏗️ Starting remaining infrastructure..."
cd infra/compose
docker compose -f docker-compose.local.yml up -d vault neo4j qdrant minio prometheus grafana loki
docker compose -f docker-compose.local.yml up -d ata-vault ata-neo4j ata-qdrant ata-minio ata-prometheus ata-grafana ata-loki
cd ../..
# Step 7: Wait and verify Authentik is healthy
echo "⏳ Waiting for Authentik to be healthy..."
timeout=120
counter=0
while [ "$(docker inspect --format='{{.State.Health.Status}}' authentik-server 2>/dev/null)" != "healthy" ]; do
while [ "$(docker inspect --format='{{.State.Health.Status}}' ata-authentik-server 2>/dev/null)" != "healthy" ]; do
if [ $counter -ge $timeout ]; then
echo "❌ Authentik server failed to become healthy within $timeout seconds"
echo "📋 Checking logs..."
docker compose -f infra/compose/docker-compose.local.yml logs --tail=10 authentik-server
docker compose -f infra/compose/docker-compose.local.yml logs --tail=10 ata-authentik-server
exit 1
fi
sleep 2
@@ -65,15 +65,15 @@ echo "✅ Authentik is healthy"
echo "🚀 Starting application services..."
cd infra/compose
docker compose -f docker-compose.local.yml up -d \
svc-ingestion svc-extract svc-forms svc-hmrc svc-kg \
svc-normalize-map svc-ocr svc-rag-indexer svc-rag-retriever \
svc-reason svc-rpa svc-firm-connectors svc-coverage ui-review
ata-svc-ingestion ata-svc-extract ata-svc-forms ata-svc-hmrc ata-svc-kg \
ata-svc-normalize-map ata-svc-ocr ata-svc-rag-indexer ata-svc-rag-retriever \
ata-svc-reason ata-svc-rpa ata-svc-firm-connectors ata-svc-coverage ata-ui-review
cd ../..
# Step 9: Start Unleash (may fail, but that's OK)
echo "📊 Starting Unleash (may require manual configuration)..."
cd infra/compose
docker compose -f docker-compose.local.yml up -d unleash || echo "⚠️ Unleash failed to start - may need manual token configuration"
docker compose -f docker-compose.local.yml up -d ata-unleash || echo "⚠️ Unleash failed to start - may need manual token configuration"
cd ../..
# Step 10: Final verification

12
scripts/dev-up.sh
View File

@@ -33,8 +33,8 @@ bash "$ROOT_DIR/scripts/generate-dev-certs.sh"
# 4) Bring up core infra (detached)
echo "🏗️ Starting Traefik + core infra..."
docker compose -f "$COMPOSE_DIR/docker-compose.local.yml" up -d \
traefik authentik-db authentik-redis authentik-server authentik-worker \
vault postgres neo4j qdrant minio redis prometheus grafana loki
ata-traefik ata-authentik-db ata-authentik-redis ata-authentik-server ata-authentik-worker \
ata-vault ata-postgres ata-neo4j ata-qdrant ata-minio ata-redis ata-prometheus ata-grafana ata-loki
# 5) Wait for Traefik, then Authentik (initial-setup or login)
echo "⏳ Waiting for Traefik to respond..."
@@ -77,7 +77,7 @@ fi
# 7) Start Authentik outpost if token present
if [[ -n "${AUTHENTIK_OUTPOST_TOKEN:-}" && "${AUTHENTIK_OUTPOST_TOKEN}" != "changeme" ]]; then
echo "🔐 Starting Authentik outpost..."
docker compose -f "$COMPOSE_DIR/docker-compose.local.yml" up -d authentik-outpost || true
docker compose -f "$COMPOSE_DIR/docker-compose.local.yml" up -d ata-authentik-outpost || true
else
echo " Set AUTHENTIK_OUTPOST_TOKEN in $COMPOSE_DIR/.env to start authentik-outpost"
fi
@@ -86,9 +86,9 @@ fi
if [[ "${START_APP_SERVICES:-true}" == "true" ]]; then
echo "🚀 Starting application services..."
docker compose -f "$COMPOSE_DIR/docker-compose.local.yml" up -d \
svc-ingestion svc-extract svc-kg svc-rag-retriever svc-coverage \
svc-firm-connectors svc-forms svc-hmrc svc-normalize-map svc-ocr \
svc-rag-indexer svc-reason svc-rpa ui-review unleash || true
ata-svc-ingestion ata-svc-extract ata-svc-kg ata-svc-rag-retriever ata-svc-coverage \
ata-svc-firm-connectors ata-svc-forms ata-svc-hmrc ata-svc-normalize-map ata-svc-ocr \
ata-svc-rag-indexer ata-svc-reason ata-svc-rpa ata-ui-review ata-unleash || true
fi
echo "🎉 Dev environment is up"

152
scripts/enable-gitea-registry.sh
View File

@@ -1,152 +0,0 @@
#!/bin/bash
# Enable Gitea Container Registry
# This script configures Gitea to support Docker container registry
set -e
REMOTE_HOST="deploy@141.136.35.199"
GITEA_PATH="/opt/compose/gitea"
echo "🔧 Enabling Gitea Container Registry..."
# Step 1: Add packages configuration to Gitea
echo "📝 Step 1: Configuring Gitea packages..."
ssh $REMOTE_HOST << 'EOF'
# Create custom configuration directory if it doesn't exist
sudo mkdir -p /opt/compose/gitea/custom/conf
# Create or update custom app.ini with packages enabled
sudo tee /opt/compose/gitea/custom/conf/app.ini > /dev/null << 'GITEA_CONFIG'
[packages]
ENABLED = true
CHUNKED_UPLOAD_PATH = /data/gitea/tmp/package-upload
[packages.container]
ENABLED = true
GITEA_CONFIG
echo "✅ Gitea configuration created"
EOF
# Step 2: Update Gitea compose file to mount custom config and add registry labels
echo "📝 Step 2: Updating Gitea compose file..."
ssh $REMOTE_HOST << 'EOF'
cd /opt/compose/gitea
# Backup current compose file
sudo cp compose.yaml compose.yaml.backup
# Create updated compose file with registry support
sudo tee compose.yaml > /dev/null << 'COMPOSE_FILE'
---
services:
server:
image: docker.io/gitea/gitea:1.24.5
container_name: gitea-server
env_file:
- ./.env
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}
- GITEA__database__NAME=${POSTGRES_DB:-gitea}
- GITEA__database__USER=${POSTGRES_USER:-gitea}
- GITEA__database__PASSWD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
- GITEA__server__SSH_PORT=2221
- GITEA__server__ROOT_URL=https://gitea.harkon.co.uk
- GITEA__packages__ENABLED=true
- GITEA__packages__CHUNKED_UPLOAD_PATH=/data/gitea/tmp/package-upload
networks:
- frontend
- backend
volumes:
- gitea-data:/data
- ./custom/conf/app.ini:/data/gitea/conf/app.ini.custom:ro
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "2221:22"
depends_on:
- db
labels:
# Main Gitea web interface
- traefik.enable=true
- traefik.http.services.gitea.loadbalancer.server.port=3000
- traefik.http.services.gitea.loadbalancer.server.scheme=http
- traefik.http.routers.gitea-https.entrypoints=websecure
- traefik.http.routers.gitea-https.rule=Host(`gitea.harkon.co.uk`)
- traefik.http.routers.gitea-https.tls=true
- traefik.http.routers.gitea-https.tls.certresolver=godaddy
- traefik.http.routers.gitea-https.service=gitea
# Container Registry (same port, different subdomain)
- traefik.http.routers.gitea-registry.entrypoints=websecure
- traefik.http.routers.gitea-registry.rule=Host(`registry.harkon.co.uk`)
- traefik.http.routers.gitea-registry.tls=true
- traefik.http.routers.gitea-registry.tls.certresolver=godaddy
- traefik.http.routers.gitea-registry.service=gitea
restart: unless-stopped
db:
image: docker.io/library/postgres:17.5
container_name: gitea-db
environment:
- POSTGRES_USER=${POSTGRES_USER:-gitea}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
- POSTGRES_DB=${POSTGRES_DB:-gitea}
networks:
- backend
volumes:
- gitea-db:/var/lib/postgresql/data
restart: unless-stopped
volumes:
gitea-data:
driver: local
gitea-db:
driver: local
networks:
frontend:
external: true
backend:
external: true
COMPOSE_FILE
echo "✅ Gitea compose file updated"
EOF
# Step 3: Restart Gitea to apply changes
echo "📝 Step 3: Restarting Gitea..."
ssh $REMOTE_HOST << 'EOF'
cd /opt/compose/gitea
docker compose down
docker compose up -d
echo "⏳ Waiting for Gitea to start..."
sleep 15
echo "✅ Gitea restarted"
EOF
echo ""
echo "✅ Gitea Container Registry enabled successfully!"
echo ""
echo "📋 Next steps:"
echo "1. Verify DNS: dig registry.harkon.co.uk (should point to 141.136.35.199)"
echo "2. Wait for SSL certificate (Traefik will auto-generate)"
echo "3. Create Gitea access token:"
echo " - Login to https://gitea.harkon.co.uk"
echo " - Settings → Applications → Generate New Token"
echo " - Select scope: write:package"
echo "4. Login to registry:"
echo " docker login registry.harkon.co.uk"
echo " Username: <your-gitea-username>"
echo " Password: <your-access-token>"
echo ""
echo "🔍 Check Gitea logs:"
echo " ssh deploy@141.136.35.199 'docker logs gitea-server'"

10
scripts/fix-database-issues.sh
View File

@@ -11,7 +11,7 @@ echo "🔧 Fixing database issues..."
echo "⏳ Waiting for PostgreSQL to be ready..."
timeout=60
counter=0
while ! docker exec postgres pg_isready -U postgres >/dev/null 2>&1; do
while ! docker exec ata-postgres pg_isready -U postgres >/dev/null 2>&1; do
if [ $counter -ge $timeout ]; then
echo "❌ PostgreSQL failed to start within $timeout seconds"
exit 1
@@ -23,14 +23,14 @@ echo "✅ PostgreSQL is ready"
# Create unleash database if it doesn't exist
echo "📊 Creating unleash database if needed..."
docker exec postgres psql -U postgres -tc "SELECT 1 FROM pg_database WHERE datname = 'unleash'" | grep -q 1 || \
docker exec postgres psql -U postgres -c "CREATE DATABASE unleash;"
docker exec ata-postgres psql -U postgres -tc "SELECT 1 FROM pg_database WHERE datname = 'unleash'" | grep -q 1 || \
docker exec ata-postgres psql -U postgres -c "CREATE DATABASE unleash;"
echo "✅ Unleash database ready"
# Create tax_system database for Authentik if needed
echo "🔐 Creating tax_system database for Authentik if needed..."
docker exec postgres psql -U postgres -tc "SELECT 1 FROM pg_database WHERE datname = 'tax_system'" | grep -q 1 || \
docker exec postgres psql -U postgres -c "CREATE DATABASE tax_system;"
docker exec ata-postgres psql -U postgres -tc "SELECT 1 FROM pg_database WHERE datname = 'tax_system'" | grep -q 1 || \
docker exec ata-postgres psql -U postgres -c "CREATE DATABASE tax_system;"
echo "✅ Authentik database ready"
echo "🎉 Database issues fixed!"

152
scripts/fix-gitea-upload-limit.sh
View File

@@ -1,152 +0,0 @@
#!/bin/bash
# Script to fix Gitea upload size limits for large Docker images
# Run this on the remote server: ssh deploy@141.136.35.199
set -e
echo "=== Gitea Registry Upload Limit Fix ==="
echo ""
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Step 1: Check if Gitea is running
echo -e "${YELLOW}Step 1: Checking Gitea status...${NC}"
if docker ps | grep -q gitea-server; then
echo -e "${GREEN}✓ Gitea is running${NC}"
GITEA_CONTAINER=$(docker ps --filter "name=gitea" --format "{{.Names}}" | head -1)
echo " Container: $GITEA_CONTAINER"
else
echo -e "${RED}✗ Gitea is not running!${NC}"
exit 1
fi
# Step 2: Check if Traefik is running
echo -e "\n${YELLOW}Step 2: Checking Traefik status...${NC}"
if docker ps | grep -q traefik; then
echo -e "${GREEN}✓ Traefik is running${NC}"
TRAEFIK_CONTAINER=$(docker ps --filter "name=traefik" --format "{{.Names}}" | head -1)
echo " Container: $TRAEFIK_CONTAINER"
HAS_TRAEFIK=true
else
echo -e "${YELLOW}⚠ Traefik is not running (may not be needed)${NC}"
HAS_TRAEFIK=false
fi
# Step 3: Find Traefik config directory
if [ "$HAS_TRAEFIK" = true ]; then
echo -e "\n${YELLOW}Step 3: Finding Traefik configuration...${NC}"
# Try to find Traefik config mount
TRAEFIK_CONFIG=$(docker inspect $TRAEFIK_CONTAINER | grep -A 1 '"Destination": "/etc/traefik"' | grep Source | cut -d'"' -f4 || echo "")
if [ -z "$TRAEFIK_CONFIG" ]; then
TRAEFIK_CONFIG="/opt/traefik/config"
echo -e "${YELLOW} Using default: $TRAEFIK_CONFIG${NC}"
else
echo -e "${GREEN} Found: $TRAEFIK_CONFIG${NC}"
fi
# Create config directory if it doesn't exist
sudo mkdir -p "$TRAEFIK_CONFIG"
# Step 4: Create Traefik middleware for large uploads
echo -e "\n${YELLOW}Step 4: Creating Traefik middleware...${NC}"
sudo tee "$TRAEFIK_CONFIG/gitea-large-upload.yml" > /dev/null << 'EOF'
http:
middlewares:
gitea-large-upload:
buffering:
maxRequestBodyBytes: 5368709120 # 5GB
memRequestBodyBytes: 104857600 # 100MB in memory
maxResponseBodyBytes: 5368709120 # 5GB
memResponseBodyBytes: 104857600 # 100MB in memory
retryExpression: "IsNetworkError() && Attempts() < 3"
EOF
echo -e "${GREEN}✓ Created $TRAEFIK_CONFIG/gitea-large-upload.yml${NC}"
# Step 5: Restart Traefik
echo -e "\n${YELLOW}Step 5: Restarting Traefik...${NC}"
docker restart $TRAEFIK_CONTAINER
sleep 3
echo -e "${GREEN}✓ Traefik restarted${NC}"
fi
# Step 6: Update Gitea configuration
echo -e "\n${YELLOW}Step 6: Updating Gitea configuration...${NC}"
# Backup current config
docker exec $GITEA_CONTAINER cp /data/gitea/conf/app.ini /data/gitea/conf/app.ini.backup
echo -e "${GREEN}✓ Backed up app.ini${NC}"
# Check if settings already exist
if docker exec $GITEA_CONTAINER grep -q "LFS_MAX_FILE_SIZE" /data/gitea/conf/app.ini; then
echo -e "${YELLOW} LFS_MAX_FILE_SIZE already configured${NC}"
else
# Add LFS_MAX_FILE_SIZE to [server] section
docker exec $GITEA_CONTAINER sh -c 'echo "LFS_MAX_FILE_SIZE = 5368709120" >> /data/gitea/conf/app.ini'
echo -e "${GREEN}✓ Added LFS_MAX_FILE_SIZE${NC}"
fi
# Check if packages section exists
if docker exec $GITEA_CONTAINER grep -q "\[packages\]" /data/gitea/conf/app.ini; then
echo -e "${YELLOW} [packages] section already exists${NC}"
else
# Add packages section
docker exec $GITEA_CONTAINER sh -c 'cat >> /data/gitea/conf/app.ini << EOF
[packages]
ENABLED = true
CHUNKED_UPLOAD_PATH = /data/gitea/tmp/package-upload
EOF'
echo -e "${GREEN}✓ Added [packages] section${NC}"
fi
# Step 7: Restart Gitea
echo -e "\n${YELLOW}Step 7: Restarting Gitea...${NC}"
docker restart $GITEA_CONTAINER
sleep 5
echo -e "${GREEN}✓ Gitea restarted${NC}"
# Step 8: Test registry endpoint
echo -e "\n${YELLOW}Step 8: Testing registry endpoint...${NC}"
RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" https://gitea.harkon.co.uk/v2/)
if [ "$RESPONSE" = "401" ] || [ "$RESPONSE" = "200" ]; then
echo -e "${GREEN}✓ Registry is accessible (HTTP $RESPONSE)${NC}"
else
echo -e "${RED}✗ Registry returned HTTP $RESPONSE${NC}"
fi
# Step 9: Summary
echo -e "\n${GREEN}=== Configuration Complete ===${NC}"
echo ""
echo "Next steps:"
echo "1. Log in to Gitea registry:"
echo " docker login gitea.harkon.co.uk"
echo ""
echo "2. Test with a small image:"
echo " docker pull alpine:latest"
echo " docker tag alpine:latest gitea.harkon.co.uk/harkon/test:latest"
echo " docker push gitea.harkon.co.uk/harkon/test:latest"
echo ""
echo "3. If successful, build and push base-ml:"
echo " cd /home/deploy/ai-tax-agent"
echo " docker build -f infra/docker/base-ml.Dockerfile -t gitea.harkon.co.uk/harkon/base-ml:v1.0.1 ."
echo " docker push gitea.harkon.co.uk/harkon/base-ml:v1.0.1"
echo ""
if [ "$HAS_TRAEFIK" = true ]; then
echo -e "${YELLOW}⚠ IMPORTANT: You need to add this label to your Gitea container:${NC}"
echo " traefik.http.routers.gitea.middlewares=gitea-large-upload@file"
echo ""
echo " Add it to your Gitea docker-compose.yml and restart:"
echo " docker-compose up -d gitea"
fi

3
scripts/remote-debug-commands.txt
View File

@@ -62,5 +62,4 @@ ping -c 3 gitea.harkon.co.uk
# 15. Check if Traefik is running and configured
echo -e "\n=== Traefik Status ==="
docker ps | grep traefik
docker ps | grep apa-traefik || docker ps | grep traefik

3
scripts/rollback-deployment.sh
View File

@@ -125,7 +125,7 @@ echo -e "${BLUE}Step 6: Verifying deployment${NC}"
echo "----------------------------"
# Check running containers
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker ps --format 'table {{.Names}}\t{{.Status}}' | grep -E '(vault|minio|postgres|svc-)'"
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker ps --format 'table {{.Names}}\t{{.Status}}' | grep -E '(apa-vault|apa-minio|apa-postgres|apa-svc-)'"
echo ""
echo -e "${GREEN}========================================${NC}"
@@ -137,4 +137,3 @@ echo "1. Verify services are running: ./scripts/verify-deployment.sh"
echo "2. Check application: https://app.harkon.co.uk"
echo "3. Review logs if needed: ssh ${REMOTE_USER}@${REMOTE_HOST} 'docker logs <container>'"
echo ""

11
scripts/verify-deployment.sh
View File

@@ -58,14 +58,14 @@ echo -e "${YELLOW}1. Checking Infrastructure Services${NC}"
echo "-----------------------------------"
# Check containers on remote server
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'" | grep -E "(vault|minio|postgres|redis|neo4j|qdrant|nats)" || true
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker ps --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}'" | grep -E "(apa-vault|apa-minio|apa-postgres|apa-redis|apa-neo4j|apa-qdrant|apa-nats)" || true
echo ""
echo -e "${YELLOW}2. Checking Infrastructure Endpoints${NC}"
echo "------------------------------------"
check_service "Vault" "https://vault.${DOMAIN}/v1/sys/health" || true
check_service "MinIO Console" "https://minio-console.${DOMAIN}" || true
check_service "MinIO Console" "https://minio.${DOMAIN}" || true
check_service "Neo4j Browser" "https://neo4j.${DOMAIN}" || true
check_service "Qdrant" "https://qdrant.${DOMAIN}" || true
@@ -74,7 +74,7 @@ echo -e "${YELLOW}3. Checking Application Services${NC}"
echo "--------------------------------"
# Check application containers
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker ps --format 'table {{.Names}}\t{{.Status}}'" | grep -E "svc-" || true
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker ps --format 'table {{.Names}}\t{{.Status}}'" | grep -E "apa-svc-" || true
echo ""
echo -e "${YELLOW}4. Checking Application Endpoints${NC}"
@@ -116,7 +116,7 @@ echo ""
echo -e "${YELLOW}6. Checking Docker Networks${NC}"
echo "--------------------------"
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker network ls | grep -E '(frontend|backend)'" || true
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker network ls | grep -E '(apa-frontend|apa-backend)'" || true
echo ""
echo -e "${YELLOW}7. Checking Disk Usage${NC}"
@@ -135,7 +135,7 @@ echo -e "${YELLOW}9. Recent Container Logs (Last 10 lines)${NC}"
echo "---------------------------------------"
# Get logs from a few key services
for container in vault minio postgres svc-ingestion svc-extract; do
for container in apa-vault apa-minio apa-postgres apa-svc-ingestion apa-svc-extract; do
echo -e "\n${BLUE}=== $container ===${NC}"
ssh ${REMOTE_USER}@${REMOTE_HOST} "docker logs $container --tail 10 2>&1" || echo "Container not found"
done
@@ -151,4 +151,3 @@ echo "2. Review logs for errors: ssh ${REMOTE_USER}@${REMOTE_HOST} 'docker logs
echo "3. Access Grafana: https://grafana.${DOMAIN}"
echo "4. Access Application: https://app.${DOMAIN}"
echo ""