feat: Introduce production Docker and CI/CD setup, removing internal documentation and agent workflows.

2026-01-30 13:43:59 +01:00
parent 3a620a84c5
commit 1a2bbb011c
16 changed files with 613 additions and 896 deletions
--- a/shared/scripts/deploy.sh
+++ b/shared/scripts/deploy.sh
@@ -0,0 +1,131 @@
+#!/bin/bash
+# =============================================================================
+# Aurora Production Deployment Script
+# =============================================================================
+# Run this script to deploy the latest version of Aurora
+# Usage: bash deploy.sh
+# =============================================================================
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+echo -e "${GREEN}╔══════════════════════════════════════════╗${NC}"
+echo -e "${GREEN}║        Aurora Deployment Script          ║${NC}"
+echo -e "${GREEN}╚══════════════════════════════════════════╝${NC}"
+echo ""
+
+cd "$PROJECT_DIR"
+
+# =============================================================================
+# Pre-flight Checks
+# =============================================================================
+echo -e "${YELLOW}[1/5] Running pre-flight checks...${NC}"
+
+# Check if .env exists
+if [ ! -f .env ]; then
+  echo -e "${RED}Error: .env file not found${NC}"
+  exit 1
+fi
+
+# Check if Docker is running
+if ! docker info &>/dev/null; then
+  echo -e "${RED}Error: Docker is not running${NC}"
+  exit 1
+fi
+
+echo -e "  ${GREEN}✓${NC} Pre-flight checks passed"
+
+# =============================================================================
+# Backup Database (optional but recommended)
+# =============================================================================
+echo -e "${YELLOW}[2/5] Creating database backup...${NC}"
+
+BACKUP_DIR="$PROJECT_DIR/shared/db/backups"
+mkdir -p "$BACKUP_DIR"
+
+if docker ps | grep -q aurora_db; then
+  BACKUP_FILE="$BACKUP_DIR/backup_$(date +%Y%m%d_%H%M%S).sql"
+  docker exec aurora_db pg_dump -U "${DB_USER:-auroradev}" "${DB_NAME:-auroradev}" > "$BACKUP_FILE" 2>/dev/null || true
+  if [ -f "$BACKUP_FILE" ] && [ -s "$BACKUP_FILE" ]; then
+    echo -e "  ${GREEN}✓${NC} Database backed up to: $BACKUP_FILE"
+  else
+    echo -e "  ${YELLOW}⚠${NC} Database backup skipped (container not running or empty)"
+    rm -f "$BACKUP_FILE"
+  fi
+else
+  echo -e "  ${YELLOW}⚠${NC} Database backup skipped (container not running)"
+fi
+
+# =============================================================================
+# Pull Latest Code (if using git)
+# =============================================================================
+echo -e "${YELLOW}[3/5] Pulling latest code...${NC}"
+
+if [ -d .git ]; then
+  git pull origin main 2>/dev/null || git pull origin master 2>/dev/null || echo "  Skipping git pull"
+  echo -e "  ${GREEN}✓${NC} Code updated"
+else
+  echo -e "  ${YELLOW}⚠${NC} Not a git repository, skipping pull"
+fi
+
+# =============================================================================
+# Build and Deploy
+# =============================================================================
+echo -e "${YELLOW}[4/5] Building and deploying containers...${NC}"
+
+# Build the new image
+docker compose -f docker-compose.prod.yml build --no-cache
+
+# Stop and remove old containers, start new ones
+docker compose -f docker-compose.prod.yml down
+docker compose -f docker-compose.prod.yml up -d
+
+echo -e "  ${GREEN}✓${NC} Containers deployed"
+
+# =============================================================================
+# Health Check
+# =============================================================================
+echo -e "${YELLOW}[5/5] Waiting for health checks...${NC}"
+
+sleep 10
+
+# Check container status
+if docker ps | grep -q "aurora_app.*healthy"; then
+  echo -e "  ${GREEN}✓${NC} aurora_app is healthy"
+else
+  echo -e "  ${YELLOW}⚠${NC} aurora_app health check pending (may take up to 60s)"
+fi
+
+if docker ps | grep -q "aurora_db.*healthy"; then
+  echo -e "  ${GREEN}✓${NC} aurora_db is healthy"
+else
+  echo -e "  ${YELLOW}⚠${NC} aurora_db health check pending"
+fi
+
+# =============================================================================
+# Cleanup
+# =============================================================================
+echo ""
+echo -e "${YELLOW}Cleaning up old Docker images...${NC}"
+docker image prune -f
+
+# =============================================================================
+# Summary
+# =============================================================================
+echo ""
+echo -e "${GREEN}╔══════════════════════════════════════════╗${NC}"
+echo -e "${GREEN}║       Deployment Complete! 🚀            ║${NC}"
+echo -e "${GREEN}╚══════════════════════════════════════════╝${NC}"
+echo ""
+echo -e "Container Status:"
+docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | grep aurora
+echo ""
+echo -e "View logs with: ${YELLOW}docker logs -f aurora_app${NC}"
--- a/shared/scripts/setup-server.sh
+++ b/shared/scripts/setup-server.sh
@@ -0,0 +1,160 @@
+#!/bin/bash
+# =============================================================================
+# Server Setup Script for Aurora Production Deployment
+# =============================================================================
+# Run this script ONCE on a fresh server to configure security settings.
+# Usage: sudo bash setup-server.sh
+# =============================================================================
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo -e "${GREEN}╔══════════════════════════════════════════╗${NC}"
+echo -e "${GREEN}║   Aurora Server Security Setup Script    ║${NC}"
+echo -e "${GREEN}╚══════════════════════════════════════════╝${NC}"
+echo ""
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+  echo -e "${RED}Error: Please run as root (sudo)${NC}"
+  exit 1
+fi
+
+# =============================================================================
+# 1. Create Deploy User
+# =============================================================================
+echo -e "${YELLOW}[1/5] Creating deploy user...${NC}"
+
+DEPLOY_USER="deploy"
+
+if id "$DEPLOY_USER" &>/dev/null; then
+  echo -e "  User '$DEPLOY_USER' already exists, skipping..."
+else
+  adduser --disabled-password --gecos "" $DEPLOY_USER
+  echo -e "  ${GREEN}✓${NC} Created user '$DEPLOY_USER'"
+fi
+
+# Add to docker group
+usermod -aG docker $DEPLOY_USER 2>/dev/null || groupadd docker && usermod -aG docker $DEPLOY_USER
+echo -e "  ${GREEN}✓${NC} Added '$DEPLOY_USER' to docker group"
+
+# Add to sudo group (optional - remove if you don't want sudo access)
+usermod -aG sudo $DEPLOY_USER
+echo -e "  ${GREEN}✓${NC} Added '$DEPLOY_USER' to sudo group"
+
+# Copy SSH keys from root to deploy user
+if [ -d /root/.ssh ]; then
+  mkdir -p /home/$DEPLOY_USER/.ssh
+  cp /root/.ssh/authorized_keys /home/$DEPLOY_USER/.ssh/ 2>/dev/null || true
+  chown -R $DEPLOY_USER:$DEPLOY_USER /home/$DEPLOY_USER/.ssh
+  chmod 700 /home/$DEPLOY_USER/.ssh
+  chmod 600 /home/$DEPLOY_USER/.ssh/authorized_keys 2>/dev/null || true
+  echo -e "  ${GREEN}✓${NC} Copied SSH keys to '$DEPLOY_USER'"
+fi
+
+# =============================================================================
+# 2. Configure UFW Firewall
+# =============================================================================
+echo -e "${YELLOW}[2/5] Configuring UFW firewall...${NC}"
+
+apt-get update -qq
+apt-get install -y -qq ufw
+
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow ssh
+# Add more rules as needed:
+# ufw allow 80/tcp   # HTTP
+# ufw allow 443/tcp  # HTTPS
+
+# Enable UFW (non-interactive)
+echo "y" | ufw enable
+echo -e "  ${GREEN}✓${NC} UFW firewall enabled and configured"
+
+# =============================================================================
+# 3. Install and Configure Fail2ban
+# =============================================================================
+echo -e "${YELLOW}[3/5] Installing fail2ban...${NC}"
+
+apt-get install -y -qq fail2ban
+
+# Create local jail configuration
+cat > /etc/fail2ban/jail.local << 'EOF'
+[DEFAULT]
+bantime = 1h
+findtime = 10m
+maxretry = 5
+
+[sshd]
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 3
+bantime = 24h
+EOF
+
+systemctl enable fail2ban
+systemctl restart fail2ban
+echo -e "  ${GREEN}✓${NC} Fail2ban installed and configured"
+
+# =============================================================================
+# 4. Harden SSH Configuration
+# =============================================================================
+echo -e "${YELLOW}[4/5] Hardening SSH configuration...${NC}"
+
+SSHD_CONFIG="/etc/ssh/sshd_config"
+
+# Backup original config
+cp $SSHD_CONFIG ${SSHD_CONFIG}.backup
+
+# Apply hardening settings
+sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' $SSHD_CONFIG
+sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' $SSHD_CONFIG
+sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' $SSHD_CONFIG
+sed -i 's/^#\?X11Forwarding.*/X11Forwarding no/' $SSHD_CONFIG
+sed -i 's/^#\?MaxAuthTries.*/MaxAuthTries 3/' $SSHD_CONFIG
+
+# Validate SSH config before restarting
+if sshd -t; then
+  systemctl reload sshd
+  echo -e "  ${GREEN}✓${NC} SSH hardened (root login disabled, password auth disabled)"
+else
+  echo -e "  ${RED}✗${NC} SSH config validation failed, restoring backup..."
+  cp ${SSHD_CONFIG}.backup $SSHD_CONFIG
+fi
+
+# =============================================================================
+# 5. System Updates
+# =============================================================================
+echo -e "${YELLOW}[5/5] Installing system updates...${NC}"
+
+apt-get upgrade -y -qq
+apt-get autoremove -y -qq
+echo -e "  ${GREEN}✓${NC} System updated"
+
+# =============================================================================
+# Summary
+# =============================================================================
+echo ""
+echo -e "${GREEN}╔══════════════════════════════════════════╗${NC}"
+echo -e "${GREEN}║          Setup Complete!                 ║${NC}"
+echo -e "${GREEN}╚══════════════════════════════════════════╝${NC}"
+echo ""
+echo -e "Next steps:"
+echo -e "  1. Update your local .env file:"
+echo -e "     ${YELLOW}VPS_USER=deploy${NC}"
+echo -e ""
+echo -e "  2. Test SSH access with the new user:"
+echo -e "     ${YELLOW}ssh deploy@<your-server-ip>${NC}"
+echo -e ""
+echo -e "  3. Deploy the application:"
+echo -e "     ${YELLOW}cd /home/deploy/Aurora && docker compose -f docker-compose.prod.yml up -d${NC}"
+echo ""
+echo -e "${RED}⚠️  IMPORTANT: Test SSH access with 'deploy' user BEFORE logging out!${NC}"
+echo -e "${RED}   Keep this root session open until you confirm 'deploy' user works.${NC}"