dev_arc_aws/docker-compose.yml

services:
  archnest:
    build: .
    image: archnest:latest
    container_name: archnest
    restart: unless-stopped
    ports:
      - "8080:8080"
    depends_on:
      - archnest-backend

  archnest-backend:
    build: ./backend
    image: archnest-backend:latest
    container_name: archnest-backend
    restart: unless-stopped
    environment:
      - PORT=4000
      - ARCHNEST_DB_PATH=/data/archnest.db
      - ARCHNEST_JWT_SECRET=${ARCHNEST_JWT_SECRET}
      - ARCHNEST_SECRET_KEY=${ARCHNEST_SECRET_KEY}
      - ARCHNEST_CORS_ORIGIN=${ARCHNEST_CORS_ORIGIN:-https://archnest.snsnetlabs.com}
      # Remote Desktop (RDP/VNC/Telnet via Guacamole). The crypt key must be exactly
      # 32 bytes (AES-256-CBC); guacd runs as the sidecar service below.
      - ARCHNEST_GUAC_CRYPT_KEY=${ARCHNEST_GUAC_CRYPT_KEY}
      - ARCHNEST_GUACD_HOST=guacd
      - ARCHNEST_GUACD_PORT=4822
    volumes:
      - archnest-data:/data
    ports:
      - "4000:4000"
    depends_on:
      - guacd

  # guacd is the Guacamole proxy daemon that actually speaks RDP/VNC/Telnet to
  # target hosts; the backend's /api/guacamole websocket route connects to it.
  guacd:
    image: guacamole/guacd:1.5.5
    container_name: archnest-guacd
    restart: unless-stopped
    # No published port: only the backend (same compose network) needs to reach
    # it on 4822. Exposed internally via the service name "guacd".

volumes:
  archnest-data:
Add Docker deployment and GitHub Actions workflow for racknerd1 Builds the Vite app, serves it via nginx in a Docker container, and deploys via SSH/SCP to racknerd1 on push to main. Also syncs the out-of-date package-lock.json so npm ci works in CI/Docker builds. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF 2026-06-18 14:18:00 +00:00			`services:`
			`archnest:`
			`build: .`
			`image: archnest:latest`
			`container_name: archnest`
			`restart: unless-stopped`
			`ports:`
			`- "8080:8080"`
Add backend skeleton: Fastify + SQLite API with auth and integrations - Single-user JWT auth with a first-run /api/setup endpoint, gated by GET /api/system/setup-status, to back an upcoming enrollment page - SQLite schema for users, integrations, secrets (AES-256-GCM encrypted), bookmarks, and bookmark categories - Integration adapter registry with real health-check adapters for Uptime Kuma and Docker, stubs for the rest, wired to POST /api/integrations/:id/test - CRUD routes for integrations and bookmarks - backend/ as its own Docker service in docker-compose.yml, Vite dev proxy for /api, .env.example for required secrets Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF 2026-06-18 19:04:48 +00:00			`depends_on:`
			`- archnest-backend`

			`archnest-backend:`
			`build: ./backend`
			`image: archnest-backend:latest`
			`container_name: archnest-backend`
			`restart: unless-stopped`
			`environment:`
			`- PORT=4000`
			`- ARCHNEST_DB_PATH=/data/archnest.db`
			`- ARCHNEST_JWT_SECRET=${ARCHNEST_JWT_SECRET}`
			`- ARCHNEST_SECRET_KEY=${ARCHNEST_SECRET_KEY}`
			`- ARCHNEST_CORS_ORIGIN=${ARCHNEST_CORS_ORIGIN:-https://archnest.snsnetlabs.com}`
Wire guacd sidecar into docker-compose for Remote Desktop deployment Adds a guacamole/guacd service to docker-compose.yml and points the backend at it (ARCHNEST_GUACD_HOST/PORT) plus passes through ARCHNEST_GUAC_CRYPT_KEY, with depends_on ordering. Documents ARCHNEST_GUACD_* in backend/.env.example. Closes the Phase 5 deployment gap. Compose validated via `docker compose config`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF 2026-06-19 16:03:40 +00:00			`# Remote Desktop (RDP/VNC/Telnet via Guacamole). The crypt key must be exactly`
			`# 32 bytes (AES-256-CBC); guacd runs as the sidecar service below.`
			`- ARCHNEST_GUAC_CRYPT_KEY=${ARCHNEST_GUAC_CRYPT_KEY}`
			`- ARCHNEST_GUACD_HOST=guacd`
			`- ARCHNEST_GUACD_PORT=4822`
Add backend skeleton: Fastify + SQLite API with auth and integrations - Single-user JWT auth with a first-run /api/setup endpoint, gated by GET /api/system/setup-status, to back an upcoming enrollment page - SQLite schema for users, integrations, secrets (AES-256-GCM encrypted), bookmarks, and bookmark categories - Integration adapter registry with real health-check adapters for Uptime Kuma and Docker, stubs for the rest, wired to POST /api/integrations/:id/test - CRUD routes for integrations and bookmarks - backend/ as its own Docker service in docker-compose.yml, Vite dev proxy for /api, .env.example for required secrets Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF 2026-06-18 19:04:48 +00:00			`volumes:`
			`- archnest-data:/data`
			`ports:`
			`- "4000:4000"`
Wire guacd sidecar into docker-compose for Remote Desktop deployment Adds a guacamole/guacd service to docker-compose.yml and points the backend at it (ARCHNEST_GUACD_HOST/PORT) plus passes through ARCHNEST_GUAC_CRYPT_KEY, with depends_on ordering. Documents ARCHNEST_GUACD_* in backend/.env.example. Closes the Phase 5 deployment gap. Compose validated via `docker compose config`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF 2026-06-19 16:03:40 +00:00			`depends_on:`
			`- guacd`

			`# guacd is the Guacamole proxy daemon that actually speaks RDP/VNC/Telnet to`
			`# target hosts; the backend's /api/guacamole websocket route connects to it.`
			`guacd:`
			`image: guacamole/guacd:1.5.5`
			`container_name: archnest-guacd`
			`restart: unless-stopped`
			`# No published port: only the backend (same compose network) needs to reach`
			`# it on 4822. Exposed internally via the service name "guacd".`
Add backend skeleton: Fastify + SQLite API with auth and integrations - Single-user JWT auth with a first-run /api/setup endpoint, gated by GET /api/system/setup-status, to back an upcoming enrollment page - SQLite schema for users, integrations, secrets (AES-256-GCM encrypted), bookmarks, and bookmark categories - Integration adapter registry with real health-check adapters for Uptime Kuma and Docker, stubs for the rest, wired to POST /api/integrations/:id/test - CRUD routes for integrations and bookmarks - backend/ as its own Docker service in docker-compose.yml, Vite dev proxy for /api, .env.example for required secrets Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF 2026-06-18 19:04:48 +00:00
			`volumes:`
			`archnest-data:`