# NODE.DC Platform Infra Эта папка предназначена для локального и staging infra слоя: - Authentik; - reverse proxy; - локальные домены; - shared env examples; - будущие docker compose файлы. Первый local dev слой проксирует текущие локальные приложения без физического переноса репозиториев: - `auth.local.nodedc` -> `authentik-server:9000`; - `launcher.local.nodedc` -> `host.docker.internal:5173`; - `task.local.nodedc` -> `host.docker.internal:8090`. Authentik построен по актуальной официальной Docker Compose схеме 2026.2: PostgreSQL 16, server и worker. Redis для Authentik в этой версии официального compose не используется. Reverse proxy использует `PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru`, потому что этот локальный образ уже содержит Caddy и не требует отдельного pull с Docker Hub. На чистой машине можно заменить значение на `caddy:2-alpine`. ## Expected files ```text infra/ .env.example scripts/init-dev-env.sh docker-compose.dev.yml docker-compose.staging.yml reverse-proxy/ authentik/ ``` ## Local start 1. Add local domains to `/etc/hosts`: ```text 127.0.0.1 auth.local.nodedc 127.0.0.1 launcher.local.nodedc 127.0.0.1 task.local.nodedc ``` This requires admin rights on macOS. 2. Generate local secrets: ```bash ./infra/scripts/init-dev-env.sh ``` 3. Start infra: ```bash docker compose --env-file infra/.env -f infra/docker-compose.dev.yml up -d ``` 4. Check services: ```bash docker compose --env-file infra/.env -f infra/docker-compose.dev.yml ps curl -I -H 'Host: auth.local.nodedc' http://127.0.0.1/ curl -I -H 'Host: launcher.local.nodedc' http://127.0.0.1/ curl -I -H 'Host: task.local.nodedc' http://127.0.0.1/ ``` Generated Authentik bootstrap credentials are stored only in `infra/.env`. 5. Bootstrap local Authentik groups and OIDC applications: ```bash NODEDC_BOOTSTRAP_ADMIN_EMAIL=dcctouch@gmail.com infra/scripts/bootstrap-authentik-dev.sh ``` The script is idempotent. It creates NODE.DC groups, Launcher and Task Manager OAuth2 providers, application tiles, group access bindings and local OIDC client secrets in `infra/.env`. ## Current local status This stack was verified locally with `PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru`: - `auth.local.nodedc` returns `302` to the Authentik authentication flow through Caddy; - `launcher.local.nodedc` returns `200` from the current Vite launcher through Caddy; - `task.local.nodedc` returns `200` from the current Plane runtime through Caddy; - Authentik server, Authentik worker and PostgreSQL report healthy in Docker Compose. - Authentik login via `auth.local.nodedc` has been verified manually with the local admin user. Browser testing still requires `/etc/hosts` entries on the host machine. ## Troubleshooting If Docker Hub pulls hang on `caddy:2-alpine`, keep `PLATFORM_PROXY_IMAGE=nodedc/plane-proxy:ru` on this workstation. If the local Plane proxy image is unavailable on a clean machine, set: ```bash PLATFORM_PROXY_IMAGE=caddy:2-alpine ``` ## Current decision Текущий Plane runtime не переносится в compose платформы до backup и отдельного шага миграции.