Initial Phoenix Sankofa Cloud setup

- Complete project structure with Next.js frontend - GraphQL API backend with Apollo Server - Portal application with NextAuth - Crossplane Proxmox provider - GitOps configurations - CI/CD pipelines - Testing infrastructure (Vitest, Jest, Go tests) - Error handling and monitoring - Security hardening - UI component library - Documentation
2025-11-28 12:54:33 -08:00
commit 6f28146ac3
229 changed files with 43136 additions and 0 deletions
--- a/scripts/setup-proxmox-agents.sh
+++ b/scripts/setup-proxmox-agents.sh
@@ -0,0 +1,199 @@
+#!/bin/bash
+set -euo pipefail
+
+# Proxmox Agent Setup Script
+
+SITE="${SITE:-}"
+NODE="${NODE:-}"
+CLOUDFLARE_TUNNEL_TOKEN="${CLOUDFLARE_TUNNEL_TOKEN:-}"
+PROMETHEUS_ENABLED="${PROMETHEUS_ENABLED:-true}"
+
+log() {
+    echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" >&2
+}
+
+error() {
+    log "ERROR: $*"
+    exit 1
+}
+
+check_prerequisites() {
+    if [ -z "${SITE}" ]; then
+        error "SITE environment variable is required"
+    fi
+    
+    if [ -z "${NODE}" ]; then
+        error "NODE environment variable is required"
+    fi
+    
+    if ! command -v pvesh &> /dev/null; then
+        error "This script must be run on a Proxmox node"
+    fi
+}
+
+install_cloudflared() {
+    log "Installing cloudflared..."
+    
+    if command -v cloudflared &> /dev/null; then
+        log "cloudflared is already installed"
+        return
+    fi
+    
+    # Download and install cloudflared
+    ARCH=$(uname -m)
+    case "${ARCH}" in
+        x86_64)
+            ARCH="amd64"
+            ;;
+        aarch64)
+            ARCH="arm64"
+            ;;
+        *)
+            error "Unsupported architecture: ${ARCH}"
+            ;;
+    esac
+    
+    CLOUDFLARED_VERSION="2023.10.0"
+    wget -q "https://github.com/cloudflare/cloudflared/releases/download/${CLOUDFLARED_VERSION}/cloudflared-linux-${ARCH}" -O /usr/local/bin/cloudflared
+    chmod +x /usr/local/bin/cloudflared
+    
+    log "cloudflared installed successfully"
+}
+
+configure_cloudflared_tunnel() {
+    log "Configuring Cloudflare tunnel..."
+    
+    if [ -z "${CLOUDFLARE_TUNNEL_TOKEN}" ]; then
+        log "Warning: CLOUDFLARE_TUNNEL_TOKEN not set, skipping tunnel configuration"
+        return
+    fi
+    
+    # Create tunnel config directory
+    mkdir -p /etc/cloudflared
+    
+    # Create tunnel credentials
+    cat > /etc/cloudflared/${SITE}-tunnel.json <<EOF
+{"AccountTag":"","TunnelSecret":"","TunnelID":"","TunnelName":"${SITE}-tunnel"}
+EOF
+    
+    # Create systemd service
+    cat > /etc/systemd/system/cloudflared-tunnel.service <<EOF
+[Unit]
+Description=Cloudflare Tunnel
+After=network.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/tunnel-configs/${SITE}.yaml run
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    
+    # Copy tunnel config (should be provided separately)
+    mkdir -p /etc/cloudflared/tunnel-configs
+    if [ -f "../cloudflare/tunnel-configs/proxmox-${SITE}.yaml" ]; then
+        cp "../cloudflare/tunnel-configs/proxmox-${SITE}.yaml" "/etc/cloudflared/tunnel-configs/${SITE}.yaml"
+    else
+        log "Warning: Tunnel config file not found, creating basic config..."
+        cat > "/etc/cloudflared/tunnel-configs/${SITE}.yaml" <<EOF
+tunnel: ${SITE}-tunnel
+credentials-file: /etc/cloudflared/${SITE}-tunnel.json
+
+ingress:
+  - hostname: ${NODE}.yourdomain.com
+    service: https://localhost:8006
+    originRequest:
+      tls:
+        skipVerify: true
+  - service: http_status:404
+EOF
+    fi
+    
+    systemctl daemon-reload
+    systemctl enable cloudflared-tunnel.service
+    systemctl start cloudflared-tunnel.service
+    
+    log "Cloudflare tunnel configured and started"
+}
+
+install_prometheus_exporter() {
+    if [ "${PROMETHEUS_ENABLED}" != "true" ]; then
+        log "Prometheus exporter disabled, skipping..."
+        return
+    fi
+    
+    log "Installing Prometheus exporter (pve_exporter)..."
+    
+    # Check if pve_exporter is already installed
+    if command -v pve_exporter &> /dev/null; then
+        log "pve_exporter is already installed"
+        return
+    fi
+    
+    # Install pve_exporter via pip or download binary
+    if command -v pip3 &> /dev/null; then
+        pip3 install pve_exporter
+    else
+        log "Warning: pip3 not found, please install pve_exporter manually"
+        return
+    fi
+    
+    # Create systemd service
+    cat > /etc/systemd/system/pve-exporter.service <<EOF
+[Unit]
+Description=Proxmox VE Prometheus Exporter
+After=network.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=/usr/local/bin/pve_exporter --web.listen-address=0.0.0.0:9221
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    
+    systemctl daemon-reload
+    systemctl enable pve-exporter.service
+    systemctl start pve-exporter.service
+    
+    log "Prometheus exporter installed and started"
+}
+
+configure_proxmox_api() {
+    log "Configuring Proxmox API access..."
+    
+    # Create API token for Crossplane provider
+    # This should be done manually or via Proxmox API
+    log "Note: Create an API token in Proxmox web UI:"
+    log "  Datacenter -> Permissions -> API Tokens"
+    log "  Token ID: crossplane-${SITE}"
+    log "  User: root@pam or dedicated service account"
+    log "  Permissions: Administrator or specific VM permissions"
+}
+
+main() {
+    log "Starting Proxmox agent setup for site ${SITE}, node ${NODE}..."
+    
+    check_prerequisites
+    install_cloudflared
+    configure_cloudflared_tunnel
+    install_prometheus_exporter
+    configure_proxmox_api
+    
+    log "Proxmox agent setup completed!"
+    log ""
+    log "Next steps:"
+    log "1. Verify Cloudflare tunnel: systemctl status cloudflared-tunnel"
+    log "2. Verify Prometheus exporter: curl http://localhost:9221/metrics"
+    log "3. Create API token in Proxmox web UI for Crossplane provider"
+}
+
+main "$@"
+