matt/central
1
0
Fork 0
mirror of https://github.com/zvx-echo6/central.git synced 2026-05-21 18:14:44 +02:00
Code Issues Projects Releases Packages Wiki Activity
central/docs/environment.md
Matt Johnson f059f982bc feat(gui): add auth core, setup gate, and first-run operator creation 
- Add migrations 007-010 for system config, operators, sessions, audit_log
- Implement argon2id password hashing via argon2-cffi
- Implement session-based authentication with database-stored tokens
- Add SetupGateMiddleware to redirect to /setup until first operator created
- Add SessionMiddleware to load session from cookie and attach operator
- Create /setup, /login, /logout, /change-password routes with CSRF protection
- Add periodic session cleanup task (hourly)
- Add audit logging for auth events
- Update systemd unit with EnvironmentFile for /etc/central/central.env
- Add comprehensive tests for auth, middleware, and audit modules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-17 05:30:49 +00:00

124 lines
2.9 KiB
Markdown
Raw Blame History

# Central Data Hub - Environment Reference
## Development Locations
### Active Development: CT104 (Central LXC)
All development work happens on the Central LXC container:
| Property | Value |
|----------|-------|
| **Hostname** | `central` |
| **Tailscale IP** | `100.64.0.12` |
| **LAN IP** | `192.168.1.104` |
| **SSH access** | `zvx@central` or `zvx@100.64.0.12` |
| **Repository path** | `/opt/central` |
| **Python venv** | `/opt/central/.venv` |
| **Services** | `central-supervisor`, `central-archive` |
### Parked Clone: Cortex
The cortex VM at `/home/zvx/projects/central` contains a clone that is
**not actively used for development**. It may be retired in the future.
Do not make changes there.
### Local Workstation: matt-desktop
The Windows workstation (matt-desktop) has no Central repository clones.
The directory `C:\Users\mtthw\central_work\` is scratch space only and
should not be used for commits.
## Repository
| Property | Value |
|----------|-------|
| **Origin** | `git@github.com:zvx-echo6/central.git` |
| **Main branch** | `main` |
| **Default user** | `central` (on CT104) |
## Services
### central-supervisor
The main adapter scheduler and event publisher. Polls upstream APIs,
normalizes events, and publishes to NATS JetStream.
```bash
# Status
systemctl status central-supervisor
# Logs
journalctl -u central-supervisor -f
# Restart (requires sudo)
sudo systemctl restart central-supervisor
```
### central-archive
Consumes events from NATS JetStream and archives to PostgreSQL/TimescaleDB.
```bash
# Status
systemctl status central-archive
# Logs
journalctl -u central-archive -f
```
## Database
## Environment Variables
Environment variables are stored in `/etc/central/central.env` and loaded by
systemd services via `EnvironmentFile=`.
| Variable | Required | Description |
|----------|----------|-------------|
| `CENTRAL_CSRF_SECRET` | Yes (for GUI) | Secret key for CSRF token signing. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(32))"` |
### Generating CSRF Secret
```bash
python3 -c "import secrets; print(secrets.token_urlsafe(32))"
```
Add the generated value to `/etc/central/central.env`:
```bash
CENTRAL_CSRF_SECRET=<generated-secret>
```
Ensure the file has restricted permissions:
```bash
sudo chmod 640 /etc/central/central.env
sudo chown central:central /etc/central/central.env
```
PostgreSQL 16 with TimescaleDB runs on CT104:
```bash
# Connect as central user
psql -h localhost -U central -d central
# Check adapter config
SELECT name, cadence_s, enabled FROM config.adapters;
# Check recent events
SELECT id, time, category FROM events ORDER BY time DESC LIMIT 10;
```
## SSH Access from Windows
From matt-desktop, connect via Tailscale:
```bash
# Direct connection
ssh zvx@100.64.0.12
# Using hostname (if Tailscale DNS configured)
ssh zvx@central
```
Note: The `zvx` user requires password for sudo operations.
Reference in a new issue View git blame Copy permalink