ronnibaslund/dezky
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
41af70d57b6a38cf6e88a5f78419176c2ba72f93
dezky/docs/SERVICES.md
T
Ronni Baslund 22b2583f0b chore(services): rename services/provisioning -> services/platform-api 
O.0 prep from OPERATOR-PLAN.md. Mechanical refactor before adding partner
management and operator-specific endpoints. The service now owns more than
just provisioning orchestration (it'll soon own partners, tenant lifecycle
actions, multi-audience JWT validation), so the name 'platform-api' reflects
its scope better.

What changed:
- Directory: services/provisioning/ -> services/platform-api/
- Package: @dezky/provisioning -> @dezky/platform-api
- Docker: container_name dezky-provisioning -> dezky-platform-api;
  compose service key 'provisioning' -> 'platform-api'; volume
  provisioning_node_modules -> platform_api_node_modules
- Portal: PROVISIONING_INTERNAL_URL env var -> PLATFORM_API_INTERNAL_URL,
  default URL http://provisioning:3001 -> http://platform-api:3001 in all
  three proxy routes (me.get.ts, tenants/index.post.ts, tenants/[slug]/
  reconcile.post.ts), plus NUXT_API_BASE updated
- Health endpoint service identifier and main.ts log lines updated to
  'dezky-platform-api'
- Docs swept: README, CLAUDE.md, SERVICES.md, AUTHENTIK-SETUP.md,
  NEXT-STEPS.md, TROUBLESHOOTING.md, OPERATOR-PLAN.md, traefik/dynamic.yml

What deliberately stays:
- Internal module names ProvisioningService / ProvisioningModule (those
  describe an orchestration sub-concern, not the service's purpose)
- Tenant.provisioningStatus / provisioningErrors field names (state
  per integration, not service name)
- File services/platform-api/src/tenants/provisioning.service.ts
- 'Hetzner provisioning' references in production-prep docs (infrastructure
  provisioning, unrelated)

Verified end-to-end after rename: /api/me returns 200 with profile + 2
tenants + subscription, /api/tenants/dezky/reconcile returns 200 with
Authentik integration still ok.

OPERATOR-PLAN.md O.0 checkboxes ticked.
2026-05-24 00:35:01 +02:00

5.6 KiB
Raw Blame History

Services Reference

Per-service details: what each one does, where its config lives, and how to debug it.

Traefik

Image: traefik:v3.2 Container: dezky-traefik URL: https://traefik.dezky.local (dashboard) Purpose: Reverse proxy, TLS termination, service discovery via Docker labels

Config:

  • Static: configs/traefik/traefik.yml
  • Dynamic: configs/traefik/dynamic.yml (TLS certs)
  • Certs: certs/dezky.local.pem + certs/dezky.local-key.pem

Debug:

docker compose logs -f traefik
# Open https://traefik.dezky.local for dashboard

PostgreSQL

Image: postgres:16-alpine Container: dezky-postgres Internal hostname: postgres Purpose: Shared RDBMS for Authentik and OCIS (future)

Databases:

  • authentik (owner: authentik)
  • ocis (owner: ocis, reserved for future use)

Debug:

# Shell access
docker compose exec postgres psql -U postgres

# Check users
\du

# Check databases
\l

# Connect to specific DB
\c authentik

MongoDB

Image: mongo:7 Container: dezky-mongo Internal hostname: mongo Purpose: Portal application data

Connection:

mongodb://root:${MONGO_ROOT_PASSWORD}@mongo:27017/dezky?authSource=admin

Debug:

docker compose exec mongo mongosh -u root -p $(grep MONGO_ROOT_PASSWORD .env | cut -d= -f2)

Redis

Image: redis:7-alpine Container: dezky-redis Internal hostname: redis Purpose: Cache and session store (used by Authentik)

Debug:

docker compose exec redis redis-cli -a $(grep REDIS_PASSWORD .env | cut -d= -f2)
> KEYS *
> INFO

Authentik

Image: ghcr.io/goauthentik/server:2025.10 Containers: dezky-authentik (server) + dezky-authentik-worker URL: https://auth.dezky.local Purpose: Identity provider, SSO, MFA

First-time setup:

API:

Debug:

docker compose logs -f authentik-server authentik-worker

# Check API health
curl https://auth.dezky.local/-/health/ready/

See docs/AUTHENTIK-SETUP.md for OIDC configuration steps.

Stalwart Mail

Image: stalwartlabs/mail-server:latest Container: dezky-stalwart URL: https://mail.dezky.local Purpose: Mail server (SMTP/IMAP/JMAP/CalDAV/CardDAV/ActiveSync)

Ports exposed:

  • 25 (SMTP)
  • 465 (SMTPS)
  • 587 (Submission)
  • 143 (IMAP)
  • 993 (IMAPS)
  • 4190 (ManageSieve)

Config: configs/stalwart/config.toml Data: Docker volume dezky_stalwart_data

Admin login:

  • User: admin
  • Password: STALWART_ADMIN_PASSWORD from .env

Debug:

docker compose logs -f stalwart

# Test SMTP
swaks --to test@dezky.local --from sender@example.com --server mail.dezky.local:25

# Check ports
docker compose port stalwart 25

OCIS

Image: owncloud/ocis:7.0 Container: dezky-ocis URL: https://files.dezky.local Purpose: File storage, sharing, sync

OIDC config:

  • Issuer: https://auth.dezky.local/application/o/ocis/
  • Client ID: ocis-web (configured in Authentik)
  • Auto-provision: enabled (creates OCIS user on first SSO login)

Admin login:

  • User: admin
  • Password: OCIS_ADMIN_PASSWORD from .env

Storage backend:

  • Dev: local filesystem inside volume dezky_ocis_data
  • Prod: will switch to S3 (Hetzner Object Storage)

Debug:

docker compose logs -f ocis

# Health check
curl -k https://files.dezky.local/

Collabora

Image: collabora/code:latest Container: dezky-collabora URL: https://office.dezky.local Purpose: Office document editing inside OCIS

Integration with OCIS:

  • OCIS must be configured to use Collabora as its office editor
  • See: OCIS app config → "wopiserver"

Debug:

docker compose logs -f collabora

# Discovery endpoint (used by OCIS)
curl -k https://office.dezky.local/hosting/discovery

Portal (Nuxt 3)

Container: dezky-portal URL: https://app.dezky.local Source: apps/portal/ Purpose: Customer-facing portal, launcher, custom webmail

Stack:

  • Nuxt 3
  • Vue 3 + TypeScript
  • Vite dev server
  • pnpm for dependencies

Hot reload:

  • File changes in apps/portal/ trigger HMR automatically
  • Vite watches via polling (configured in nuxt.config.ts)

Environment:

  • NUXT_PUBLIC_AUTH_URL: Authentik URL (client-side)
  • NUXT_API_BASE: platform-api URL (server-side)
  • MONGODB_URI: MongoDB connection string

Debug:

docker compose logs -f portal

# Shell into container
docker compose exec portal sh
> pnpm dev

Platform API (NestJS)

Container: dezky-platform-api Port: 3001 (also exposed via Traefik at api.dezky.local) Source: services/platform-api/ Purpose: Platform control plane — tenants, partners, users, subscriptions, provisioning orchestration, billing webhooks

Endpoints to implement:

  • POST /tenants — Create tenant
  • GET /tenants/:id — Get tenant
  • PATCH /tenants/:id — Update tenant
  • POST /tenants/:id/users — Add user to tenant
  • POST /webhooks/stripe — Billing events

Environment:

  • MONGODB_URI: Portal data store
  • AUTHENTIK_API_URL + AUTHENTIK_API_TOKEN
  • STALWART_API_URL + STALWART_ADMIN_USER/PASSWORD
  • OCIS_API_URL

Debug:

docker compose logs -f platform-api

# Test health endpoint
docker compose exec platform-api wget -qO- http://localhost:3001/health
Reference in New Issue View Git Blame Copy Permalink