Add Makefile for dev/prod deployment, update CLAUDE.md
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
James
parent
22fed471f4
commit
599ab722b5
|
|
@ -6,6 +6,33 @@
|
|||
- SQLite DB: `clavitor.db` (pops, telemetry, uptime, incidents, accounts, vaults, sessions)
|
||||
- Dev mode: auto-detected when `templates/` dir exists on disk — reloads templates per request, but CSS/SVGs require rebuild (`go:embed`)
|
||||
- Port 8099
|
||||
- License: Elastic License 2.0 (NOT MIT)
|
||||
|
||||
## Deployment
|
||||
|
||||
### Dev (localhost — Florida)
|
||||
```
|
||||
make dev # build + restart locally
|
||||
make deploy-dev # same thing
|
||||
```
|
||||
|
||||
### Prod (Zürich — zurich.inou.com)
|
||||
```
|
||||
make deploy-prod # cross-compile amd64, scp to Zürich, restart systemd
|
||||
```
|
||||
|
||||
Prod runs at `/opt/clavitor-web/` as systemd service `clavitor-web`.
|
||||
Caddy reverse proxies `clavitor.ai`, `clavitor.com`, `dev.clavitor.ai` → `localhost:8099`.
|
||||
|
||||
### First-time setup (already done)
|
||||
```
|
||||
make setup-prod # creates /opt/clavitor-web, systemd service, uploads binary+db
|
||||
```
|
||||
Then manually update `/etc/caddy/Caddyfile` to reverse_proxy.
|
||||
|
||||
### SSH
|
||||
- Prod: `ssh root@zurich.inou.com`
|
||||
- Tailscale: `zurich` (100.70.148.118) — SSH may be blocked via Tailscale
|
||||
|
||||
## Build & Run
|
||||
```
|
||||
|
|
@ -22,12 +49,14 @@ CSS and SVG changes require rebuild (embedded at compile time). Template changes
|
|||
- Square shapes for permanent UI elements. Circles only for transient animations (pulses, "You" dot)
|
||||
- Fonts: Figtree (body), JetBrains Mono (code/monospace)
|
||||
- No inline styles, no CSS in templates. Everything in clavitor.css.
|
||||
- Always capitalize "Clavitor" in prose. Lowercase in code/paths/commands.
|
||||
|
||||
## Encryption Terminology
|
||||
- **Vault Encryption** — whole vault at rest
|
||||
- **Credential Encryption** — per-field, server-side (AI agents can read via MCP)
|
||||
- **Credential Encryption** — per-field, server-side (AI agents can read via CLI)
|
||||
- **Identity Encryption** — per-field, client-side via WebAuthn PRF (Touch ID only, server cannot decrypt)
|
||||
- Never use "sealed fields", "agent fields", "L1", "L2", "L3"
|
||||
- Agents use CLI, NOT MCP (MCP exposes plaintext; CLI is scoped)
|
||||
|
||||
## POPs (Points of Presence)
|
||||
- Stored in `pops` table in clavitor.db — the single source of truth
|
||||
|
|
@ -55,5 +84,4 @@ CSS and SVG changes require rebuild (embedded at compile time). Template changes
|
|||
- LightNode: Santiago, Bogotá, Manila, Dhaka
|
||||
- ishosting: Istanbul, Almaty
|
||||
- HostAfrica: Lagos, Nairobi
|
||||
- Voyager NZ → switched to AWS for Auckland
|
||||
- Rackmill: Perth
|
||||
|
|
|
|||
|
|
@ -0,0 +1,58 @@
|
|||
BINARY = clavitor-web
|
||||
PROD_HOST = root@zurich.inou.com
|
||||
PROD_DIR = /opt/clavitor-web
|
||||
PROD_PORT = 8099
|
||||
|
||||
.PHONY: build dev deploy-dev deploy-prod setup-prod
|
||||
|
||||
# Build for local (dev)
|
||||
build:
|
||||
CGO_ENABLED=1 go build -o $(BINARY) .
|
||||
|
||||
# Run locally (dev mode — templates reload from disk)
|
||||
dev: build
|
||||
pkill -f $(BINARY) 2>/dev/null || true
|
||||
sleep 0.5
|
||||
./$(BINARY) &
|
||||
@echo "→ http://localhost:$(PROD_PORT)"
|
||||
|
||||
# Deploy to dev (localhost — just rebuild and restart)
|
||||
deploy-dev: build
|
||||
pkill -f $(BINARY) 2>/dev/null || true
|
||||
sleep 0.5
|
||||
./$(BINARY) &
|
||||
@echo "✓ dev deployed → http://localhost:$(PROD_PORT)"
|
||||
|
||||
# Build for prod (linux/amd64 for Zürich)
|
||||
build-prod:
|
||||
GOOS=linux GOARCH=amd64 CGO_ENABLED=1 go build -o $(BINARY)-linux-amd64 .
|
||||
|
||||
# Deploy to prod (Zürich)
|
||||
deploy-prod: build-prod
|
||||
scp $(BINARY)-linux-amd64 clavitor.db $(PROD_HOST):$(PROD_DIR)/
|
||||
ssh $(PROD_HOST) "cd $(PROD_DIR) && mv $(BINARY)-linux-amd64 $(BINARY) && systemctl restart clavitor-web"
|
||||
@echo "✓ prod deployed → https://clavitor.ai"
|
||||
|
||||
# First-time prod setup: create dir, systemd service, update Caddy
|
||||
setup-prod:
|
||||
ssh $(PROD_HOST) "mkdir -p $(PROD_DIR)"
|
||||
scp $(BINARY)-linux-amd64 clavitor.db $(PROD_HOST):$(PROD_DIR)/
|
||||
ssh $(PROD_HOST) "mv $(PROD_DIR)/$(BINARY)-linux-amd64 $(PROD_DIR)/$(BINARY)"
|
||||
ssh $(PROD_HOST) 'cat > /etc/systemd/system/clavitor-web.service << EOF\n\
|
||||
[Unit]\n\
|
||||
Description=clavitor-web\n\
|
||||
After=network.target\n\
|
||||
\n\
|
||||
[Service]\n\
|
||||
Type=simple\n\
|
||||
WorkingDirectory=$(PROD_DIR)\n\
|
||||
ExecStart=$(PROD_DIR)/$(BINARY)\n\
|
||||
Restart=always\n\
|
||||
RestartSec=5\n\
|
||||
Environment=PORT=$(PROD_PORT)\n\
|
||||
\n\
|
||||
[Install]\n\
|
||||
WantedBy=multi-user.target\n\
|
||||
EOF'
|
||||
ssh $(PROD_HOST) "systemctl daemon-reload && systemctl enable --now clavitor-web"
|
||||
@echo "✓ prod setup complete — now update Caddyfile to reverse_proxy localhost:$(PROD_PORT)"
|
||||
Loading…
Reference in New Issue