- deploy-currencicombo-8604.sh: on readiness timeout, print loud failure
summary (journalctl tails + exact --rollback command with specific
backup path) instead of silently exiting. Deliberately does NOT
auto-rollback; first cutovers often fail because of env/migration
mistakes and auto-restore hides the failure state ops needs.
- install.sh: on first run, write the three API keys + EVENT_SIGNING_SECRET
to /root/currencicombo-first-keys.txt (0600, root:root) as a handoff
copy. Canonical values still live in /etc/currencicombo/orchestrator.env.
Log one pointer line (not the secrets themselves) to journald.
Handoff file is NOT regenerated if orchestrator.env already exists.
- install-prune-cron.sh (new, opt-in): installs /etc/cron.daily/
currencicombo-prune-backups that deletes entries older than 30 days
from /var/lib/currencicombo/backups/ WHILE always keeping the newest
5 regardless of age. Enforced via newest-first sort + i<KEEP_MIN skip.
- webapp-nginx.conf: drop the misleading /events/* 421 guard-rail. The
orchestrator's SSE endpoint is /api/plans/:id/events/stream (under
/api/), so one /api/* guard-rail covers both normal REST and SSE.
- README.md: corrected NPMplus rule table to TWO rules (/api/* with
SSE-friendly proxy_buffering=off + 24h read_timeout + Connection ""
+ http/1.1, and /); added post-cutover smoke checks section with a
concrete SSE streaming test that catches silent proxy_buffering=on
misconfig; documented the /root/currencicombo-first-keys.txt handoff
and the install-prune-cron.sh workflow; replaced stale 'not auto-pruned'
note.
Verification:
- shellcheck --severity=warning: clean on all 3 scripts.
- bash -n: clean on install-prune-cron.sh.
- install-prune-cron.sh --dry-run: prints the pruner body with resolved
env values as expected.
- install.sh --dry-run: walks through user/dirs/nginx-apt steps, then
fails fast on missing psql (expected on a build box without Postgres).
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
Closes the gap between Gitea main (b48eb2a, Vite portal + Node
orchestrator, 29 PRs merged, 167 tests) and what's actually serving
curucombo.xn--vov0g.com (Next.js 'ISO-20022 Combo Flow' app from an
unpushed local b118b2b checkout). After this PR is merged and the
runbook in scripts/deployment/README.md is followed on CT 8604, the
Phoenix deployment will serve d-bis/CurrenciCombo main.
Artifacts (all under scripts/deployment/):
- systemd/currencicombo-orchestrator.service - Node orchestrator,
EnvironmentFile=/etc/currencicombo/orchestrator.env, full systemd
hardening (ProtectSystem=strict, PrivateTmp, no caps).
- systemd/currencicombo-webapp.service - nginx serving Vite
SPA on :3000 via RuntimeDirectory=/run/currencicombo-webapp.
- webapp-nginx.conf - self-contained nginx
config; intentionally 421s on /api/* and /events/* so an NPMplus
misconfig fails loudly instead of silently returning index.html.
- .env.prod.example - template for
/etc/currencicombo/orchestrator.env. Documents every EXT-* blocker
env var 1:1 with the Proxmox repo's check-external-dependencies.sh.
- install.sh - idempotent host setup:
user, dirs, nginx, fresh Postgres role/DB (--force-recreate-db to
wipe), Redis autodetect, env file with auto-generated
EVENT_SIGNING_SECRET + 3 API keys, systemd units enabled but not
started. --dry-run supported.
- deploy-currencicombo-8604.sh - build-and-swap deploy
driver (the script deploy-targets.json / phoenix-deploy-api calls):
git fetch/reset, orchestrator tsc build, portal vite build with
VITE_ORCHESTRATOR_URL baked in, migrations, timestamped backup,
systemctl stop, rsync, systemctl start, smoke /ready + portal /,
grep EXT-* from journalctl. --ref, --dry-run, --skip-migrate,
--skip-build, --rollback.
- README.md - architecture diagram,
first-time setup (8 steps), NPMplus ingress rule table, subsequent-
deploy one-liner, rollback, troubleshooting table, cutover-from-
pre-existing-Next.js sequence, explicit list of Proxmox-side
follow-ups.
Target-agnostic: no IP / hostname / VLAN hardcoded. The only file that
embeds the public hostname is README.md (for documentation) and the
default VITE_ORCHESTRATOR_URL in deploy-currencicombo-8604.sh (which
is overridable via env).
Single-origin NPMplus routing (confirmed with user):
curucombo.\xe6\x9b\xbc\xe6\x9d\x8e.com/api/* -> 10.160.0.14:8080 (orchestrator)
curucombo.\xe6\x9b\xbc\xe6\x9d\x8e.com/events/* -> 10.160.0.14:8080 (SSE)
curucombo.\xe6\x9b\xbc\xe6\x9d\x8e.com/* -> 10.160.0.14:3000 (Vite SPA)
Verified on this box (headless):
- shellcheck --severity=warning: clean on both scripts.
- bash -n: clean on both scripts.
- systemd-analyze verify: both unit files parse cleanly (only complaint
is /usr/sbin/nginx not being executable, expected -- nginx is
installed at deploy time).
- install.sh --dry-run: fails fast with the expected FATAL on hosts
without psql (build box). On CT 8604 with Postgres+Redis already
installed, it walks through every step.
- deploy-currencicombo-8604.sh --help: prints the usage.
No runtime code changes. Non-UI. Complements PR #30 (docker-compose
sandbox) which remains the local-dev path.
Proxmox-side follow-up (separate commit on /home/intlc/projects/proxmox
after this PR merges and cutover runs cleanly):
- Update phoenix-deploy-api/deploy-targets.json to point at
scripts/deployment/deploy-currencicombo-8604.sh.
- Retire the inaccurate "Next.js webapp with ignoreBuildErrors"
language in EXTERNAL_DEPENDENCY_BLOCKERS.md.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
- Added quick start instructions in README.md for first-time setup, including commands for complete setup, verification, and service start.
- Revised FINAL_STATUS.md to reflect the project's infrastructure completion and readiness for execution, detailing scripts created and documentation status.
- Added multi-platform deployment architecture details (Web App, PWA, DApp) to README.md.
- Included comprehensive troubleshooting guides and fix scripts in README.md.
- Enhanced CHANGELOG.md with new features, fixes, and improvements, including TypeScript error resolutions and updated documentation structure.
- Revised development setup instructions in DEV_SETUP.md to reflect changes in script usage and environment variable setup.
