senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1945 commits 37 branches 94 tags 1.5 GiB
Commit graph

14 commits

Author SHA1 Message Date
senke
0ff8a85684 feat(infra): blue-green deployment via HAProxy 
- HAProxy: api/stream/web backends with blue+green servers (backup)
- docker-compose.prod: backend-api-blue/green, stream-server-blue/green, web-blue/green
- haproxy-blue.cfg, haproxy-green.cfg: config variants for active stack
- scripts/deploy-blue-green.sh: switch traffic via config copy + HUP reload
 2026-02-23 19:52:19 +01:00
senke
218b4b33d6 feat(streaming): wire HLS pipeline end-to-end with serving routes 
- Add HLSEnabled and HLSStorageDir to backend config (HLS_STREAMING env)
- Register HLS serving routes (master.m3u8, quality playlist, segments)
  behind HLSEnabled feature flag on existing track routes
- Add GetHLSStatus and TriggerHLSTranscode methods to StreamService
  for stream server communication
- Update docker-compose (dev, staging, prod) with HLS env vars and
  shared hls-data volume between backend and stream-server
- Stream callback already correctly updates stream_manifest_url
 2026-02-22 21:20:35 +01:00
senke
1fb80d6c2f feat(chat): Sprint 4 -- Docker cleanup, frontend migration to Go WS 
- Remove Rust chat-server from docker-compose.yml, staging.yml, prod.yml
- Remove VITE_WS_URL from docker frontend env vars (auto-derived from API_URL)
- Update env.ts: derive WS_URL from API_URL (/api/v1/ws) when not explicitly set
- Remove 127.0.0.1:8081 dev hack from useChat.ts
- Add missing types: EditMessage, DeleteMessage, FetchHistory, SearchMessages,
  SyncMessages, MessageEdited, MessageDeleted, SearchResults, SyncChunk
- Update MSW chat/token handler to return ws_url: /api/v1/ws
- Update .env.example and .env.storybook
 2026-02-22 20:46:58 +01:00
senke
89cc015e54 feat(v0.501): Sprint 1 -- infrastructure foundations 
- Add MinIO S3-compatible storage to docker-compose (dev, staging, prod)
- Create migrations 103-108 (waveform_url, user_folders, user_files,
  user_storage_quotas, gear_items.is_public, gear_images)
- Add Go models: UserFile, UserFolder, StorageQuota, GearImage
- Add WaveformURL to Track model, IsPublic + GearImages to GearItem model
 2026-02-22 18:10:25 +01:00
senke
c6db1da25e fix(infra): add JWT_SECRET to stream-server in production compose 
SEC-05: stream-server was missing JWT_SECRET while chat-server had it.
Both services need the shared secret to validate tokens.
 2026-02-22 17:28:37 +01:00
senke
3ad4699e80 fix(infra): add Redis authentication in production compose 2026-02-22 17:24:12 +01:00
senke
1f72854192 chore(infra): add ClamAV to docker-compose for v0.101 2026-02-18 12:03:14 +01:00
senke
b657776892 fix(infra): HAProxy HTTPS and stats security 
P1.1 - Enable HTTPS in HAProxy for production:
- HTTP to HTTPS redirect (301)
- HTTPS frontend on port 443 with veza.pem
- config/ssl/ structure with README and generate-ssl-cert.sh
- docker-compose.prod.yml volume for certs

P1.3 - Restrict HAProxy stats to internal network:
- ACL from_internal (127.0.0.1, 172.20.0.0/16)
- stats admin if from_internal

Also: remove errorfile directives (use HAProxy built-in defaults)
 2026-02-15 15:58:51 +01:00
senke
92f432fb9e chore: consolidate pending changes (Hyperswitch, PostCard, dashboard, stream server, etc.) 2026-02-14 21:45:15 +01:00
senke
8fa866baaa fix(security): harden docker-compose.prod.yml and staging -- sslmode, secrets 
Production (docker-compose.prod.yml):
- Change sslmode=disable to sslmode=require on all 3 DATABASE_URLs
- Replace JWT_SECRET fallback defaults with :? syntax (fails if unset)
- Replace DB_PASS default 'password' with :? syntax (fails if unset)
- Separate RABBITMQ_PASS from DB_PASS, require explicit setting

Staging (docker-compose.staging.yml):
- Add sslmode=require to DATABASE_URL
- Replace all default passwords with :? syntax (fails if unset)

docker-compose up with these files will now FAIL if required secrets
are not explicitly provided via environment variables.

Addresses audit findings: A02 (Cryptographic Failures), section 7 (Infra).

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:43:09 +01:00
senke
f53b7f7d8a chore: update docker-compose, make, tmt config 
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:18:57 +01:00
senke
f74b020d4b api-contracts: install openapi-generator-cli and create type generation script 
- Completed Action 1.1.2.1: Installed @openapitools/openapi-generator-cli
- Completed Action 1.1.2.2: Created generate-types.sh script
- Added swagger annotations to cmd/modern-server/main.go
- Regenerated swagger.yaml with proper info section
- Successfully generated TypeScript types to src/types/generated/

The script generates types from veza-backend-api/openapi.yaml using
typescript-axios generator and creates barrel exports.
 2026-01-11 16:30:43 +01:00
senke
8efbb97e6f stabilisation commit A 2026-01-07 19:39:21 +01:00
senke
17a04a6b2e feat: centraliser tous les logs dans /var/log/veza avec rotation 
- Configure LOG_DIR=/var/log/veza pour tous les services
- Ajoute scripts de gestion des logs (setup, view, rotate)
- Configure volume Docker partagé pour les logs
- Logs organisés par service avec fichiers séparés pour les erreurs
- Rotation automatique : 100MB, 10 backups, 30 jours, compression gzip
- Documentation dans LOGGING.md et ENV_CONFIG.md

Services configurés:
- Backend API: backend-api.log, redis.log, db.log, rabbitmq.log
- Chat Server: chat-server.log (à configurer)
- Stream Server: stream-server.log (à configurer)

Le backend API a déjà toute l'infrastructure de logging en place.
Les serveurs chat et stream utiliseront LOG_DIR depuis l'environnement.
 2026-01-04 01:44:23 +01:00