d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4f85e0bf0e59e78511998aefc5d2076ed13b0a14
proxmox/docs/04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md

195 lines
9.5 KiB
Markdown
Raw Normal View History

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00
# Dev / Codespaces (76.53.10.40) — Complete Next Steps Checklist
**Purpose:** Ordered list of every step to complete the dev VM, fourth NPMplus, Cloudflare tunnel, and access via 76.53.10.40.
**References:** [DEV_CODESPACES_76_53_10_40.md](DEV_CODESPACES_76_53_10_40.md) | [DEV_VM_GITOPS_PLAN.md](DEV_VM_GITOPS_PLAN.md) | [NPMPLUS_FOUR_INSTANCES_MASTER.md](NPMPLUS_FOUR_INSTANCES_MASTER.md)
---
## Phase 1 — Fourth NPMplus (192.168.11.170)
- [ ] **1.1** Reserve IP **192.168.11.170** on your LAN (no other device uses it). Gateway 192.168.11.1.
- [ ] **1.2** Create LXC for fourth NPMplus (VMID **10236**) on a Proxmox host (e.g. r630-01). From repo root:
```bash
bash scripts/npmplus/create-npmplus-fourth-container.sh
```
Optional overrides: `NPMPLUS_FOURTH_VMID=10236`, `PROXMOX_HOST_R630_01=192.168.11.11`, `STORAGE=thin1`. Or run the `pct create` command manually on the host (see script source for exact options).
- [ ] **1.3** Install NPMplus (Nginx Proxy Manager + Docker) inside the container. Use the same method as the third NPMplus (e.g. [scripts/npmplus/install-npmplus-alltra-hybx.sh](../../scripts/npmplus/install-npmplus-alltra-hybx.sh) as reference; adapt for VMID 10236 and IP 192.168.11.170). Ensure NPM listens on 80, 81 (admin), 443.
- [ ] **1.4** Log in to NPMplus admin: **https://192.168.11.170:81** — set admin email/password; save the password (e.g. in `.env` as `NPM_PASSWORD_FOURTH` or `NPM_PASSWORD` when targeting this instance).
- [ ] **1.5** Install **cloudflared** (Cloudflare Tunnel connector) on the same container or on a host that can reach 192.168.11.170. You will need the tunnel token in the next phase.
---
## Phase 2 — Dev VM (192.168.11.60, VMID 5700)
- [ ] **2.1** From repo root, create the dev VM LXC:
```bash
cd /path/to/proxmox
bash scripts/create-dev-vm-5700.sh
```
Optional overrides: `PROXMOX_HOST=192.168.11.11`, `STORAGE=thin1`, `DEV_VM_DISK_GB=500`.
- [ ] **2.2** Run the setup script (users + Gitea) inside the container:
```bash
ssh root@192.168.11.11 "pct exec 5700 -- bash -s" < scripts/setup-dev-vm-users-and-gitea.sh
```
Or copy the script in and run:
`pct push 5700 scripts/setup-dev-vm-users-and-gitea.sh /tmp/setup.sh` then `pct exec 5700 -- bash /tmp/setup.sh`.
- [ ] **2.3** Add SSH public keys for dev1dev4 (so Cursor Remote SSH works):
```bash
# Example for dev1 (repeat for dev2, dev3, dev4)
pct exec 5700 -- bash -c 'echo "PASTE_PUBLIC_KEY_HERE" >> /home/dev1/.ssh/authorized_keys'
pct exec 5700 -- chown dev1:dev1 /home/dev1/.ssh/authorized_keys
```
- [ ] **2.4** Open Gitea first-run in browser: **http://192.168.11.60:3000** — complete installer, create admin user, then create repositories as needed (or do this after tunnel is up at https://gitea.d-bis.org).
---
## Phase 3 — UDM Pro Port Forward (76.53.10.40)
- [ ] **3.1** In **UniFi Network****Settings****Firewall & Security** (Port Forwarding), add:
| Rule Name | Destination IP | Dest Port | Forward to IP | Forward to Port | Protocol |
|---------------------------|----------------|-----------|------------------|-----------------|----------|
| NPMplus Fourth HTTP | 76.53.10.40 | 80 | 192.168.11.170 | 80 | TCP |
| NPMplus Fourth HTTPS | 76.53.10.40 | 443 | 192.168.11.170 | 443 | TCP |
| NPMplus Fourth Admin | 76.53.10.40 | 81 | 192.168.11.170 | 81 | TCP |
| Dev VM SSH (optional) | 76.53.10.40 | 22 | 192.168.11.60 | 22 | TCP |
- [ ] **3.2** Ensure **76.53.10.40** is assigned/available on the UDM Pro (or the interface that receives this traffic). Restrict port 81 (admin) to VPN or IP allowlist if possible.
Reference: [UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md](UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md).
---
## Phase 4 — Cloudflare Tunnel (Dev/Codespaces)
- [ ] **4.1** In **Cloudflare Zero Trust** dashboard: **Networks****Tunnels****Create a tunnel**. Name it e.g. `dev-codespaces` or `npmplus-fourth`.
- [ ] **4.2** Install the connector on the machine that will run cloudflared (e.g. the fourth NPMplus container). Copy the install command (with token) from the Cloudflare UI and run it there. Ensure the connector stays running (systemd service or supervisor).
- [ ] **4.3** Copy the **Tunnel ID** (UUID) from the tunnel details in Cloudflare. Add to your project `.env`:
```bash
CLOUDFLARE_TUNNEL_ID_DEV_CODESPACES=<paste-tunnel-uuid-here>
```
Also ensure `.env` has: `CLOUDFLARE_ACCOUNT_ID`, `CLOUDFLARE_ZONE_ID` (or `CLOUDFLARE_ZONE_ID_D_BIS_ORG`), and either `CLOUDFLARE_API_TOKEN` or `CLOUDFLARE_EMAIL` + `CLOUDFLARE_API_KEY`.
- [ ] **4.4** Run the tunnel + DNS script (sets tunnel ingress and CNAMEs for dev, gitea, codespaces, pve.ml110, pve.r630-01, pve.r630-02):
```bash
cd /path/to/proxmox
bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh
```
- [ ] **4.5** In Cloudflare Tunnel config (or via the script), ensure the tunnels **ingress** points to **https://192.168.11.170:443** (or https://127.0.0.1:443 if cloudflared runs on the same host as NPMplus). The script above sets this via API.
---
## Phase 5 — Fourth NPMplus Proxy Hosts
- [ ] **5.1** Add proxy hosts on fourth NPMplus (192.168.11.170:81). From repo root:
```bash
export NPM_URL=https://192.168.11.170:81
export NPM_PASSWORD='<your-fourth-npmplus-admin-password>'
# Optional: NPM_EMAIL_FOURTH=admin@example.org
bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh
```
This adds: dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org → 192.168.11.60:3000; pve.ml110.d-bis.org → 192.168.11.10:8006; pve.r630-01.d-bis.org → 192.168.11.11:8006; pve.r630-02.d-bis.org → 192.168.11.12:8006.
- [ ] **5.2** In NPMplus admin UI (https://192.168.11.170:81 or https://76.53.10.40:81): for each proxy host, request **Lets Encrypt** certificate for:
- dev.d-bis.org
- gitea.d-bis.org
- codespaces.d-bis.org
- pve.ml110.d-bis.org
- pve.r630-01.d-bis.org
- pve.r630-02.d-bis.org
Enable **SSL** / Force HTTPS for each.
---
## Phase 6 — Projects and Dotenv on Dev VM
- [ ] **6.1** Rsync projects from your workstation to the dev VM:
```bash
rsync -avz --exclude='.git' --exclude='node_modules' \
/home/intlc/projects/ dev1@192.168.11.60:/srv/projects/
```
(If using 76.53.10.40 with port 22 forwarded: `dev1@76.53.10.40`.)
- [ ] **6.2** Ensure all required **dotenv** files are present under `/srv/projects` on the dev VM (or in a secure store and symlinked). Key paths (relative to repo root):
- `.env`, `.env.example`
- `scripts/.env.r630-01`
- `dbis_core/.env`, `dbis_core/.env.example`
- `explorer-monorepo/.env`, `frontend/.env.production`, `.env.example`
- `smom-dbis-138/.env`, `frontend-dapp/.env`, `services/*/.env`
- `alltra-lifi-settlement/.env`
- `OMNIS/backend/.env`, `.env.example`
- `unifi-api/.env`, `.env.example`
- `rpc-translator-138/.env`
- `miracles_in_motion/.env.*`
- `omada-api/.env`
- Others listed in [DEV_CODESPACES_76_53_10_40.md § 6](DEV_CODESPACES_76_53_10_40.md#6-dotenv-files-include-in-dev-vm--accessibility).
Do not commit real secrets to Git; use `.env.example` as templates. See [REQUIRED_SECRETS_SUMMARY.md](REQUIRED_SECRETS_SUMMARY.md) for required vars.
- [ ] **6.3** On the dev VM, for each project under `/srv/projects` that will use Gitea: add Gitea as a remote and push (or create repos in Gitea and clone into `/srv/projects`). Then all four users can clone from Gitea (private) and use Cursor Remote SSH.
---
## Phase 7 — Verification
- [ ] **7.1** **HTTPS via hostnames:** Open in browser (through tunnel):
- https://dev.d-bis.org
- https://gitea.d-bis.org
- https://codespaces.d-bis.org
- https://pve.ml110.d-bis.org
- https://pve.r630-01.d-bis.org
- https://pve.r630-02.d-bis.org
Proxmox panels may show a certificate warning (use NPMplus LE cert for these hostnames to avoid it).
- [ ] **7.2** **Direct via 76.53.10.40:** From the internet (or as appropriate):
- https://76.53.10.40 — should hit NPMplus (default host or first proxy).
- https://76.53.10.40:81 — NPMplus admin (restrict access).
- [ ] **7.3** **SSH (Cursor):**
- From LAN: `ssh dev1@192.168.11.60` (with your key).
- If port 22 is forwarded: `ssh dev1@76.53.10.40`.
In Cursor: **Remote-SSH** → connect to `dev1@192.168.11.60` (or 76.53.10.40); open folder `/srv/projects/proxmox` (or any project).
- [ ] **7.4** **Proxmox admin:** Confirm you can open each hosts UI and that the noVNC/console (websocket) works:
- https://pve.ml110.d-bis.org
- https://pve.r630-01.d-bis.org
- https://pve.r630-02.d-bis.org
---
## Summary Table
| Phase | What |
|-------|------|
| 1 | Fourth NPMplus LXC at 192.168.11.170 (VMID 10236), install NPMplus + cloudflared |
| 2 | Dev VM 5700 at 192.168.11.60, users + Gitea, SSH keys |
| 3 | UDM Pro: 76.53.10.40 → 192.168.11.170 (80/81/443), optional 22 → 192.168.11.60 |
| 4 | Cloudflare tunnel (dev-codespaces), connector on fourth NPMplus, tunnel ID in .env, run configure-dev-codespaces-tunnel-and-dns.sh |
| 5 | NPMplus fourth: add proxy hosts (script), request Lets Encrypt for all six hostnames |
| 6 | Rsync projects to dev VM, dotenv files in place, Gitea repos created/pushed |
| 7 | Verify hostnames, 76.53.10.40, SSH/Cursor, Proxmox admin panels |
Once all steps are done, the dev/Codespaces setup is complete: access via 76.53.10.40, tunnel and fourth NPMplus in place, Proxmox admin panels and Gitea available, and dotenv/projects ready for Cursor.
Reference in New Issue Copy Permalink