diff --git a/docs/consultations/gemini-trinity-console-2-round-7-response-2026-04-05.md b/docs/consultations/gemini-trinity-console-2-round-7-response-2026-04-05.md new file mode 100644 index 0000000..b511f69 --- /dev/null +++ b/docs/consultations/gemini-trinity-console-2-round-7-response-2026-04-05.md @@ -0,0 +1,256 @@ +# Gemini Response: Trinity Console 2.0 — Round 7 (Deployment Infrastructure) + +**Date:** April 5, 2026 +**From:** Gemini (Architectural Partner) +**To:** Michael (The Wizard) + Claude (Chronicler #61) +**Re:** Deployment infrastructure, server setup, bootstrap scripts + +--- + +The Hybrid approach is the absolute correct choice for this architecture. Developing directly on the Command Center risks the production Arbiter, but isolating the database creates a sync nightmare. Connecting the Dev VPS securely to the Command Center's PostgreSQL database allows you to test the Strangler Fig migration against real data without touching the production environment. Once verified, moving the code to the Command Center is trivial, and the Dev VPS becomes a permanent staging environment. + +Here is the complete DevOps blueprint to get the Dev VPS running and secure the database connection. As always, these steps are broken down into small, manageable blocks for easy execution. + +--- + +## 1. Cloudflare DNS Setup + +Before touching the servers, point the domain so SSL provisioning works later. + +Create an **A Record**: +- **Name:** `trinity` +- **Target:** `64.50.188.128` (Dev VPS IP) +- **Proxy Status:** Proxied (Orange Cloud) is fine, but turn it to **DNS Only (Gray Cloud)** temporarily while running Certbot, then switch it back to Proxied. + +--- + +## 2. Securing the PostgreSQL Connection (Command Center) + +You must configure the Command Center to accept external connections, but *only* from the Dev VPS. + +### Step 1: Update PostgreSQL Config + +Open the main config file (usually located at `/etc/postgresql/14/main/postgresql.conf` or similar depending on your Postgres version). + +Find `listen_addresses` and update it to listen on all interfaces so the external IP can route to it. + +```bash +sudo nano /etc/postgresql/*/main/postgresql.conf +``` + +```text +listen_addresses = '*' +``` + +### Step 2: Update Client Authentication + +Open `pg_hba.conf` in the same directory. Add a rule at the bottom to allow the Dev VPS to connect. + +```bash +sudo nano /etc/postgresql/*/main/pg_hba.conf +``` + +```text +# Allow Dev VPS to connect to arbiter_db +host arbiter_db arbiter 64.50.188.128/32 scram-sha-256 +``` + +*(Note: If your DB user uses md5 passwords, change `scram-sha-256` to `md5`)* + +### Step 3: Configure the Frostwall (UFW) + +Update your Frostwall on the Command Center to allow traffic on port 5432 strictly from the Dev VPS IP. + +```bash +sudo ufw allow from 64.50.188.128 to any port 5432 +``` + +### Step 4: Restart PostgreSQL + +```bash +sudo systemctl restart postgresql +``` + +--- + +## 3. Dev VPS Bootstrap Scripts + +Run these on the Dev VPS (64.50.188.128) to establish the Node.js environment. PM2 is highly recommended over standard systemd for Node apps because of its built-in log management, crash recovery, and ecosystem file support. + +### Step 1: System Updates & Nginx/Certbot + +```bash +sudo apt update && sudo apt upgrade -y +``` + +```bash +sudo apt install -y nginx certbot python3-certbot-nginx curl git ufw +``` + +### Step 2: Enable the Frostwall + +```bash +sudo ufw allow OpenSSH +sudo ufw allow 'Nginx Full' +sudo ufw enable +``` + +### Step 3: Install Node.js 20 LTS + +```bash +curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - +``` + +```bash +sudo apt install -y nodejs +``` + +### Step 4: Install PM2 Globally + +```bash +sudo npm install -g pm2 +``` + +--- + +## 4. PM2 Configuration + +In the root of your Trinity Console 2.0 project folder on the Dev VPS, create an ecosystem file. This tells PM2 exactly how to run the app. + +```bash +nano ecosystem.config.js +``` + +```javascript +module.exports = { + apps: [{ + name: "trinity-console", + script: "./src/index.js", + watch: false, + max_memory_restart: "1G", + env: { + NODE_ENV: "production", + PORT: 3001 + } + }] +}; +``` + +--- + +## 5. Nginx Configuration + +Create the reverse proxy block to route `trinity.firefrostgaming.com` to port 3001. + +### Step 1: Create the Config File + +```bash +sudo nano /etc/nginx/sites-available/trinity +``` + +```nginx +server { + listen 80; + server_name trinity.firefrostgaming.com; + + location / { + proxy_pass http://localhost:3001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + } +} +``` + +### Step 2: Enable and Restart + +```bash +sudo ln -s /etc/nginx/sites-available/trinity /etc/nginx/sites-enabled/ +``` + +```bash +sudo nginx -t +``` + +```bash +sudo systemctl restart nginx +``` + +--- + +## 6. SSL Certificate (Certbot) + +With Nginx running and the DNS set to Gray Cloud in Cloudflare, provision the certificate. Certbot will automatically inject the SSL rules into your Nginx config and set up a renewal cron job. + +```bash +sudo certbot --nginx -d trinity.firefrostgaming.com +``` + +*(Once successful, you can flip the Cloudflare DNS record back to Proxied/Orange Cloud).* + +--- + +## 7. Environment Variables Template (`.env`) + +Create this in the root of your project directory on the Dev VPS. Note the DB host now points to the Command Center, and we added the webhook URL. + +```env +# Database (Pointing to Command Center) +DB_USER=arbiter +DB_HOST=63.143.34.217 +DB_NAME=arbiter_db +DB_PASSWORD=[Your Password] +DB_PORT=5432 + +# Discord OAuth +DISCORD_CLIENT_ID=1330262498058670162 +DISCORD_CLIENT_SECRET=[in Vaultwarden] +DISCORD_BOT_TOKEN=[in Vaultwarden] +DISCORD_GUILD_ID=1286373938067198003 + +# Admin Alerts +DISCORD_ADMIN_WEBHOOK_URL=[Your Webhook URL for pending user alerts] + +# Stripe +STRIPE_SECRET_KEY=[in Vaultwarden] +STRIPE_WEBHOOK_SECRET=[in Vaultwarden] + +# Session +SESSION_SECRET=[in Vaultwarden] + +# Pterodactyl +PTERO_CLIENT_KEY=ptlc_NDkYX6yPPBHZacPmViFWtl4AvopzgxNcnHoQTOOtQEl + +# App Context +PORT=3001 +NODE_ENV=production +BASE_URL=https://trinity.firefrostgaming.com +``` + +--- + +## 8. The First Deployment Checklist + +When you are ready to boot this up for the very first time, run through this sequence: + +1. **Command Center:** Update `postgresql.conf` and `pg_hba.conf`. +2. **Command Center:** Open port 5432 in the Frostwall for the Dev VPS IP. +3. **Command Center:** Run `001_rbac_tables.sql`, `002_feature_flags.sql`, and `003_auth_users.sql` manually via your database client to safely seed the tables without risking boot-sequence hangs. +4. **Dev VPS:** Run the bootstrap scripts (Node, PM2, Nginx, Certbot). +5. **Dev VPS:** Clone/Upload the Trinity 2.0 codebase. +6. **Dev VPS:** Run `npm install` to grab all dependencies. +7. **Dev VPS:** Create the `.env` file with the external DB configuration. +8. **Dev VPS:** Run `pm2 start ecosystem.config.js`. +9. **Dev VPS:** Run `pm2 save` to ensure it boots on system restart. +10. **Browser:** Navigate to `https://trinity.firefrostgaming.com` and log in via Discord. + +The Wizard and The Emissary should drop right into the new, branded dashboard. + +--- + +*Response received April 5, 2026*