harkon/ai-tax-agent
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ai-tax-agent/infra/compose/README.md
harkon 7e54ee9099
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
Details
CI/CD Pipeline / Policy Validation (push) Has been cancelled
Details
CI/CD Pipeline / Test Suite (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Notifications (push) Has been cancelled
Details
feat: working infra with sso
2025-12-04 12:49:43 +02:00

2.5 KiB
Raw Permalink Blame History

Compose Stacks

This folder is for the self-contained local stack (self-signed TLS) and Traefik assets. Remote environments use the shared compose files in infra/base together with infra/scripts/deploy.sh.

Local development (self-signed TLS)

  • Copy envs: cp infra/compose/env.example infra/compose/.env then set passwords/secrets and the dev domain (defaults to local.lan).
  • Host aliases: add the domain to /etc/hosts (e.g. 127.0.0.1 auth.local.lan api.local.lan grafana.local.lan vault.local.lan minio.local.lan).
  • Networks: ./infra/scripts/setup-networks.sh (creates apa-frontend and apa-backend used everywhere).
  • Run: cd infra/compose && docker compose --env-file .env -f docker-compose.local.yml up -d.
  • Stop: docker compose --env-file .env -f docker-compose.local.yml down.
  • TLS: Traefik mounts infra/compose/traefik/certs/local.{crt,key}. Regenerate if needed with openssl req -x509 -newkey rsa:2048 -nodes -keyout infra/compose/traefik/certs/local.key -out infra/compose/traefik/certs/local.crt -days 365 -subj "/CN=*.local.lan".

Cloud / remote (Lets Encrypt)

  • Structure:

    • infra/environments/production/ contains the unified compose.yaml and compose.override.yaml (for port binding).
    • infra/base/ contains the shared service definitions.
    • infra/scripts/deploy.sh is the deployment automation script.

  • Configuration:

    • Create infra/environments/production/.env based on .env.example.
    • Ensure DOMAIN is set (e.g., app.harkon.co.uk).
    • Ensure AUTHENTIK_BOOTSTRAP_EMAIL matches the blueprint (e.g., admin@app.harkon.co.uk).
    • Ensure AUTHENTIK_BOOTSTRAP_FILE is set to ./authentik/bootstrap-prod.yaml.

  • Deployment:

    1. SSH into the server.
    2. Navigate to the project directory.
    3. Run: ./infra/scripts/deploy.sh production all
      • This deploys infrastructure, monitoring, and application services.
      • It automatically uses the production compose files and environment variables.

  • Certificates:

    • Traefik uses DNS-01 via GoDaddy (configured in infra/environments/production/.env).
    • Ensure GODADDY_API_KEY and GODADDY_API_SECRET are set.
    • Certificates are stored in infra/base/certs/ (mapped to /var/traefik/certs in container).

Files of note

  • docker-compose.local.yml full local stack.
  • traefik/traefik.local.yml and traefik/traefik-dynamic.local.yml static/dynamic Traefik config for local.
  • traefik/certs/ self-signed certs used by the local proxy.
  • env.example defaults for local .env.