firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

docs: Gemini Round 7 — Deployment infrastructure complete

Browse Source 
Hybrid approach confirmed:
- Develop on Dev VPS (64.50.188.128)
- Connect to Command Center PostgreSQL (63.143.34.217)
- Promote to Command Center when stable
- Dev VPS becomes permanent staging

Infrastructure documented:
1. Cloudflare DNS: A record for trinity → Dev VPS
2. PostgreSQL remote access: listen_addresses, pg_hba.conf, UFW rule
3. Dev VPS bootstrap: Node 20, PM2, Nginx, Certbot, UFW
4. PM2 ecosystem.config.js
5. Nginx reverse proxy config (port 3001)
6. Certbot SSL commands
7. .env template with DB_HOST pointing to Command Center
8. 10-step first deployment checklist

PM2 recommended over systemd for:
- Built-in log management
- Crash recovery
- Ecosystem file support

Signed-off-by: Claude (Chronicler #61) <claude@firefrostgaming.com>
This commit is contained in:
Claude (Chronicler #61)
2026-04-05 12:10:38 +00:00
parent 8c89bac1e3
commit 71959fb5ac
1 changed files with 256 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
docs/consultations/gemini-trinity-console-2-round-7-response-2026-04-05.md Normal file
View File

@@ -0,0 +1,256 @@
# Gemini Response: Trinity Console 2.0 — Round 7 (Deployment Infrastructure)
**Date:** April 5, 2026
**From:** Gemini (Architectural Partner)
**To:** Michael (The Wizard) + Claude (Chronicler #61)
**Re:** Deployment infrastructure, server setup, bootstrap scripts
---
The Hybrid approach is the absolute correct choice for this architecture. Developing directly on the Command Center risks the production Arbiter, but isolating the database creates a sync nightmare. Connecting the Dev VPS securely to the Command Center's PostgreSQL database allows you to test the Strangler Fig migration against real data without touching the production environment. Once verified, moving the code to the Command Center is trivial, and the Dev VPS becomes a permanent staging environment.
Here is the complete DevOps blueprint to get the Dev VPS running and secure the database connection. As always, these steps are broken down into small, manageable blocks for easy execution.
---
## 1. Cloudflare DNS Setup
Before touching the servers, point the domain so SSL provisioning works later.
Create an **A Record**:
- **Name:** `trinity`
- **Target:** `64.50.188.128` (Dev VPS IP)
- **Proxy Status:** Proxied (Orange Cloud) is fine, but turn it to **DNS Only (Gray Cloud)** temporarily while running Certbot, then switch it back to Proxied.
---
## 2. Securing the PostgreSQL Connection (Command Center)
You must configure the Command Center to accept external connections, but *only* from the Dev VPS.
### Step 1: Update PostgreSQL Config
Open the main config file (usually located at `/etc/postgresql/14/main/postgresql.conf` or similar depending on your Postgres version).
Find `listen_addresses` and update it to listen on all interfaces so the external IP can route to it.
```bash
sudo nano /etc/postgresql/*/main/postgresql.conf
```
```text
listen_addresses = '*'
```
### Step 2: Update Client Authentication
Open `pg_hba.conf` in the same directory. Add a rule at the bottom to allow the Dev VPS to connect.
```bash
sudo nano /etc/postgresql/*/main/pg_hba.conf
```
```text
# Allow Dev VPS to connect to arbiter_db
host arbiter_db arbiter 64.50.188.128/32 scram-sha-256
```
*(Note: If your DB user uses md5 passwords, change `scram-sha-256` to `md5`)*
### Step 3: Configure the Frostwall (UFW)
Update your Frostwall on the Command Center to allow traffic on port 5432 strictly from the Dev VPS IP.
```bash
sudo ufw allow from 64.50.188.128 to any port 5432
```
### Step 4: Restart PostgreSQL
```bash
sudo systemctl restart postgresql
```
---
## 3. Dev VPS Bootstrap Scripts
Run these on the Dev VPS (64.50.188.128) to establish the Node.js environment. PM2 is highly recommended over standard systemd for Node apps because of its built-in log management, crash recovery, and ecosystem file support.
### Step 1: System Updates & Nginx/Certbot
```bash
sudo apt update && sudo apt upgrade -y
```
```bash
sudo apt install -y nginx certbot python3-certbot-nginx curl git ufw
```
### Step 2: Enable the Frostwall
```bash
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable
```
### Step 3: Install Node.js 20 LTS
```bash
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
```
```bash
sudo apt install -y nodejs
```
### Step 4: Install PM2 Globally
```bash
sudo npm install -g pm2
```
---
## 4. PM2 Configuration
In the root of your Trinity Console 2.0 project folder on the Dev VPS, create an ecosystem file. This tells PM2 exactly how to run the app.
```bash
nano ecosystem.config.js
```
```javascript
module.exports = {
apps: [{
name: "trinity-console",
script: "./src/index.js",
watch: false,
max_memory_restart: "1G",
env: {
NODE_ENV: "production",
PORT: 3001
}
}]
};
```
---
## 5. Nginx Configuration
Create the reverse proxy block to route `trinity.firefrostgaming.com` to port 3001.
### Step 1: Create the Config File
```bash
sudo nano /etc/nginx/sites-available/trinity
```
```nginx
server {
listen 80;
server_name trinity.firefrostgaming.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
```
### Step 2: Enable and Restart
```bash
sudo ln -s /etc/nginx/sites-available/trinity /etc/nginx/sites-enabled/
```
```bash
sudo nginx -t
```
```bash
sudo systemctl restart nginx
```
---
## 6. SSL Certificate (Certbot)
With Nginx running and the DNS set to Gray Cloud in Cloudflare, provision the certificate. Certbot will automatically inject the SSL rules into your Nginx config and set up a renewal cron job.
```bash
sudo certbot --nginx -d trinity.firefrostgaming.com
```
*(Once successful, you can flip the Cloudflare DNS record back to Proxied/Orange Cloud).*
---
## 7. Environment Variables Template (`.env`)
Create this in the root of your project directory on the Dev VPS. Note the DB host now points to the Command Center, and we added the webhook URL.
```env
# Database (Pointing to Command Center)
DB_USER=arbiter
DB_HOST=63.143.34.217
DB_NAME=arbiter_db
DB_PASSWORD=[Your Password]
DB_PORT=5432
# Discord OAuth
DISCORD_CLIENT_ID=1330262498058670162
DISCORD_CLIENT_SECRET=[in Vaultwarden]
DISCORD_BOT_TOKEN=[in Vaultwarden]
DISCORD_GUILD_ID=1286373938067198003
# Admin Alerts
DISCORD_ADMIN_WEBHOOK_URL=[Your Webhook URL for pending user alerts]
# Stripe
STRIPE_SECRET_KEY=[in Vaultwarden]
STRIPE_WEBHOOK_SECRET=[in Vaultwarden]
# Session
SESSION_SECRET=[in Vaultwarden]
# Pterodactyl
PTERO_CLIENT_KEY=ptlc_NDkYX6yPPBHZacPmViFWtl4AvopzgxNcnHoQTOOtQEl
# App Context
PORT=3001
NODE_ENV=production
BASE_URL=https://trinity.firefrostgaming.com
```
---
## 8. The First Deployment Checklist
When you are ready to boot this up for the very first time, run through this sequence:
1. **Command Center:** Update `postgresql.conf` and `pg_hba.conf`.
2. **Command Center:** Open port 5432 in the Frostwall for the Dev VPS IP.
3. **Command Center:** Run `001_rbac_tables.sql`, `002_feature_flags.sql`, and `003_auth_users.sql` manually via your database client to safely seed the tables without risking boot-sequence hangs.
4. **Dev VPS:** Run the bootstrap scripts (Node, PM2, Nginx, Certbot).
5. **Dev VPS:** Clone/Upload the Trinity 2.0 codebase.
6. **Dev VPS:** Run `npm install` to grab all dependencies.
7. **Dev VPS:** Create the `.env` file with the external DB configuration.
8. **Dev VPS:** Run `pm2 start ecosystem.config.js`.
9. **Dev VPS:** Run `pm2 save` to ensure it boots on system restart.
10. **Browser:** Navigate to `https://trinity.firefrostgaming.com` and log in via Discord.
The Wizard and The Emissary should drop right into the new, branded dashboard.
---
*Response received April 5, 2026*