corrosion-admin-panel/infra/README.md

# Corrosion Infrastructure Stack

**Purpose**: Dedicated infrastructure services (Git, CDN) separated from application stack for operational resilience.

## Services

### Gitea (git.corrosionmgmt.com)
- **Container**: `corrosion-gitea`
- **Host Port**: 8090
- **SSH Port**: 8095
- **Database**: SQLite (self-contained)
- **Purpose**: Source control, CI/CD, companion agent releases

### SeaweedFS (cdn.corrosionmgmt.com)
- **Container**: `corrosion-cdn`
- **Filer UI Port**: 8091 (primary CDN interface)
- **S3 API Port**: 8092 (programmatic access)
- **Master Port**: 8093 (admin/monitoring)
- **Volume Port**: 8094 (internal storage)
- **Purpose**: Map hosting, plugin packages, companion binaries, backups

## Deployment

### Architecture Note

**This stack runs on the PUBLIC docker host** (where Nginx Proxy Manager is).

The **Gitea act_runner** runs separately on **asgard** (the build server) and connects to the public Gitea instance remotely.

See `ASGARD-RUNNER.md` for act_runner setup instructions.

### First-time setup (on public docker host):
```bash
cd infra
docker compose up -d
```

### Nginx Proxy Manager Configuration:

**Proxy Host 1: Git**
- Domain: `git.corrosionmgmt.com`
- Forward IP: `<asgard-internal-ip>` (e.g., 192.168.x.x or 172.17.0.1)
- Forward Port: `8090`
- Websockets: ✅ Enable
- SSL: ✅ Force SSL, HTTP/2 Support

**Proxy Host 2: CDN**
- Domain: `cdn.corrosionmgmt.com`
- Forward IP: `<asgard-internal-ip>`
- Forward Port: `8091`
- Websockets: ✅ Enable
- SSL: ✅ Force SSL

## Architecture Benefits

1. **Resilience**: Restarting Corrosion app doesn't affect Git/CDN
2. **Simplicity**: No shared database dependencies
3. **Separation**: Infrastructure vs application concerns
4. **Scalability**: Can move to dedicated hardware later

## Access Points

- **Gitea Web**: https://git.corrosionmgmt.com
- **Gitea SSH**: ssh://git@git.corrosionmgmt.com:8095
- **CDN Filer UI**: https://cdn.corrosionmgmt.com
- **S3 API**: http://<asgard-ip>:8092 (internal only, no proxy)
- **SeaweedFS Master**: http://<asgard-ip>:8093 (internal only, no proxy)

## First-time Gitea Setup

1. Navigate to https://git.corrosionmgmt.com
2. Initial setup wizard will appear
3. Accept defaults (SQLite database pre-configured)
4. Create admin account
5. Enable Actions in admin panel

## S3 Configuration (for Backend API)

Add to Corrosion backend `.env`:
```bash
S3_ENDPOINT=http://<asgard-internal-ip>:8092
S3_ACCESS_KEY=<generate-random-key>
S3_SECRET_KEY=<generate-random-secret>
S3_BUCKET=corrosion-maps
S3_REGION=us-east-1
```

## Maintenance

```bash
# View logs
docker compose logs -f

# Restart services
docker compose restart

# Update images
docker compose pull
docker compose up -d

# Backup data
tar -czf gitea-backup-$(date +%Y%m%d).tar.gz gitea/
tar -czf seaweedfs-backup-$(date +%Y%m%d).tar.gz seaweedfs/
```

## Integration with Corrosion

- Companion agent binaries → Gitea releases
- Map files → SeaweedFS buckets
- Custom plugins → Gitea private repos (Phase 3)
- Backup snapshots → SeaweedFS volumes