Initial import: live state on api.qbirr.com (server v0.6.3)

deploy/docker-compose.coolify.yml

@@ -0,0 +1,40 @@
+# wpide-server deployed behind Coolify's existing Traefik proxy.
+# Traefik (coolify-proxy) auto-discovers this container via the labels below
+# because it's attached to the external `coolify` network. HTTPS is issued by
+# Coolify's `letsencrypt` cert resolver (HTTP-01 challenge on :80).
+#
+# Deploy:  docker compose -f docker-compose.yml up -d --build
+# Domain is set via the DOMAIN env var (defaults to api.qbirr.com).
+
+services:
+  wpide-server:
+    build: .
+    image: wpide-server:latest
+    container_name: wpide-server
+    restart: unless-stopped
+    env_file: .env
+    volumes:
+      - wpide-data:/app/data
+    networks:
+      - coolify
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=coolify
+      # --- HTTPS router ---
+      - "traefik.http.routers.wpide.rule=Host(`api.qbirr.com`)"
+      - traefik.http.routers.wpide.entrypoints=https
+      - traefik.http.routers.wpide.tls=true
+      - traefik.http.routers.wpide.tls.certresolver=letsencrypt
+      - traefik.http.services.wpide.loadbalancer.server.port=3017
+      # --- HTTP -> HTTPS redirect ---
+      - "traefik.http.routers.wpide-http.rule=Host(`api.qbirr.com`)"
+      - traefik.http.routers.wpide-http.entrypoints=http
+      - traefik.http.routers.wpide-http.middlewares=wpide-redirect
+      - traefik.http.middlewares.wpide-redirect.redirectscheme.scheme=https
+
+volumes:
+  wpide-data:
+
+networks:
+  coolify:
+    external: true

deploy/vps-bootstrap.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# One-time VPS prep for a Coolify-managed box (Ubuntu 24.04).
+# Coolify installs Docker + its reverse proxy itself, so we keep this minimal:
+# system update, firewall, base tools. Idempotent. Run as root.
+set -euo pipefail
+export DEBIAN_FRONTEND=noninteractive
+
+echo "### [1/4] needrestart -> automatic (no interactive prompts)"
+if [ -f /etc/needrestart/needrestart.conf ]; then
+  sed -i "s/#\$nrconf{restart} = .*/\$nrconf{restart} = 'a';/" /etc/needrestart/needrestart.conf || true
+fi
+
+echo "### [2/4] apt update + upgrade"
+apt-get update -y
+apt-get upgrade -y
+
+echo "### [3/4] base packages"
+apt-get install -y curl ca-certificates gnupg lsb-release ufw jq
+
+echo "### [4/4] firewall (ufw)"
+ufw allow OpenSSH        # 22 - keep our key login alive
+ufw allow 80/tcp         # http (Coolify proxy / ACME)
+ufw allow 443/tcp        # https (Coolify proxy)
+ufw allow 8000/tcp       # Coolify dashboard
+ufw --force enable
+ufw status verbose
+
+echo "BOOTSTRAP_DONE"