Closes the gap between Gitea main (b48eb2a, Vite portal + Node
orchestrator, 29 PRs merged, 167 tests) and what's actually serving
curucombo.xn--vov0g.com (Next.js 'ISO-20022 Combo Flow' app from an
unpushed local b118b2b checkout). After this PR is merged and the
runbook in scripts/deployment/README.md is followed on CT 8604, the
Phoenix deployment will serve d-bis/CurrenciCombo main.
Artifacts (all under scripts/deployment/):
- systemd/currencicombo-orchestrator.service - Node orchestrator,
EnvironmentFile=/etc/currencicombo/orchestrator.env, full systemd
hardening (ProtectSystem=strict, PrivateTmp, no caps).
- systemd/currencicombo-webapp.service - nginx serving Vite
SPA on :3000 via RuntimeDirectory=/run/currencicombo-webapp.
- webapp-nginx.conf - self-contained nginx
config; intentionally 421s on /api/* and /events/* so an NPMplus
misconfig fails loudly instead of silently returning index.html.
- .env.prod.example - template for
/etc/currencicombo/orchestrator.env. Documents every EXT-* blocker
env var 1:1 with the Proxmox repo's check-external-dependencies.sh.
- install.sh - idempotent host setup:
user, dirs, nginx, fresh Postgres role/DB (--force-recreate-db to
wipe), Redis autodetect, env file with auto-generated
EVENT_SIGNING_SECRET + 3 API keys, systemd units enabled but not
started. --dry-run supported.
- deploy-currencicombo-8604.sh - build-and-swap deploy
driver (the script deploy-targets.json / phoenix-deploy-api calls):
git fetch/reset, orchestrator tsc build, portal vite build with
VITE_ORCHESTRATOR_URL baked in, migrations, timestamped backup,
systemctl stop, rsync, systemctl start, smoke /ready + portal /,
grep EXT-* from journalctl. --ref, --dry-run, --skip-migrate,
--skip-build, --rollback.
- README.md - architecture diagram,
first-time setup (8 steps), NPMplus ingress rule table, subsequent-
deploy one-liner, rollback, troubleshooting table, cutover-from-
pre-existing-Next.js sequence, explicit list of Proxmox-side
follow-ups.
Target-agnostic: no IP / hostname / VLAN hardcoded. The only file that
embeds the public hostname is README.md (for documentation) and the
default VITE_ORCHESTRATOR_URL in deploy-currencicombo-8604.sh (which
is overridable via env).
Single-origin NPMplus routing (confirmed with user):
curucombo.\xe6\x9b\xbc\xe6\x9d\x8e.com/api/* -> 10.160.0.14:8080 (orchestrator)
curucombo.\xe6\x9b\xbc\xe6\x9d\x8e.com/events/* -> 10.160.0.14:8080 (SSE)
curucombo.\xe6\x9b\xbc\xe6\x9d\x8e.com/* -> 10.160.0.14:3000 (Vite SPA)
Verified on this box (headless):
- shellcheck --severity=warning: clean on both scripts.
- bash -n: clean on both scripts.
- systemd-analyze verify: both unit files parse cleanly (only complaint
is /usr/sbin/nginx not being executable, expected -- nginx is
installed at deploy time).
- install.sh --dry-run: fails fast with the expected FATAL on hosts
without psql (build box). On CT 8604 with Postgres+Redis already
installed, it walks through every step.
- deploy-currencicombo-8604.sh --help: prints the usage.
No runtime code changes. Non-UI. Complements PR #30 (docker-compose
sandbox) which remains the local-dev path.
Proxmox-side follow-up (separate commit on /home/intlc/projects/proxmox
after this PR merges and cutover runs cleanly):
- Update phoenix-deploy-api/deploy-targets.json to point at
scripts/deployment/deploy-currencicombo-8604.sh.
- Retire the inaccurate "Next.js webapp with ignoreBuildErrors"
language in EXTERNAL_DEPENDENCY_BLOCKERS.md.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
Devin AI