Productionize EventSphere platform

2026-04-25 21:02:19 +01:00
commit 1f1d30a9f5
171 changed files with 18682 additions and 0 deletions
--- a/deploy/Caddyfile
+++ b/deploy/Caddyfile
@@ -0,0 +1,13 @@
+{
+  email {$LETSENCRYPT_EMAIL}
+}
+
+event.brainshare.ng {
+  encode gzip
+  reverse_proxy web:3000
+}
+
+api.event.brainshare.ng {
+  encode gzip
+  reverse_proxy api:4000
+}
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -0,0 +1,115 @@
+services:
+  caddy:
+    image: caddy:2-alpine
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - web
+      - api
+
+  web:
+    build:
+      context: ..
+      dockerfile: apps/web/Dockerfile
+      args:
+        NEXT_PUBLIC_API_URL: https://api.event.brainshare.ng/api/v1
+    restart: unless-stopped
+    environment:
+      NODE_ENV: production
+
+  api:
+    build:
+      context: ..
+      dockerfile: apps/api/Dockerfile
+    restart: unless-stopped
+    environment:
+      NODE_ENV: production
+      PORT: 4000
+      PUBLIC_API_URL: https://api.event.brainshare.ng
+      CORS_ORIGINS: https://event.brainshare.ng
+      DATABASE_URL: ${DATABASE_URL}
+      REDIS_URL: redis://redis:6379
+      JWT_SECRET: ${JWT_SECRET}
+      JWT_ACCESS_TTL: ${JWT_ACCESS_TTL}
+      JWT_REFRESH_TTL: ${JWT_REFRESH_TTL}
+      AUTO_BOOTSTRAP: ${AUTO_BOOTSTRAP}
+      DEFAULT_TENANT_NAME: ${DEFAULT_TENANT_NAME}
+      DEFAULT_TENANT_SLUG: ${DEFAULT_TENANT_SLUG}
+      DEFAULT_SUPERADMIN_FULL_NAME: ${DEFAULT_SUPERADMIN_FULL_NAME}
+      DEFAULT_SUPERADMIN_EMAIL: ${DEFAULT_SUPERADMIN_EMAIL}
+      DEFAULT_SUPERADMIN_PASSWORD: ${DEFAULT_SUPERADMIN_PASSWORD}
+      SMTP_HOST: ${SMTP_HOST}
+      SMTP_PORT: ${SMTP_PORT}
+      SMTP_USER: ${SMTP_USER}
+      SMTP_PASS: ${SMTP_PASS}
+      SMTP_FROM: ${SMTP_FROM}
+      AFRICASTALKING_USERNAME: ${AFRICASTALKING_USERNAME}
+      AFRICASTALKING_API_KEY: ${AFRICASTALKING_API_KEY}
+      AFRICASTALKING_SENDER_ID: ${AFRICASTALKING_SENDER_ID}
+      AFRICASTALKING_WHATSAPP_URL: ${AFRICASTALKING_WHATSAPP_URL}
+      PAYSTACK_SECRET_KEY: ${PAYSTACK_SECRET_KEY}
+      UPLOADS_DIR: /app/uploads
+    volumes:
+      - uploads:/app/uploads
+    depends_on:
+      - postgres
+      - redis
+
+  worker:
+    build:
+      context: ..
+      dockerfile: apps/worker/Dockerfile
+    restart: unless-stopped
+    environment:
+      NODE_ENV: production
+      PROCESS_QUEUES: "1"
+      PUBLIC_API_URL: https://api.event.brainshare.ng
+      DATABASE_URL: ${DATABASE_URL}
+      REDIS_URL: redis://redis:6379
+      JWT_SECRET: ${JWT_SECRET}
+      JWT_ACCESS_TTL: ${JWT_ACCESS_TTL}
+      JWT_REFRESH_TTL: ${JWT_REFRESH_TTL}
+      SMTP_HOST: ${SMTP_HOST}
+      SMTP_PORT: ${SMTP_PORT}
+      SMTP_USER: ${SMTP_USER}
+      SMTP_PASS: ${SMTP_PASS}
+      SMTP_FROM: ${SMTP_FROM}
+      AFRICASTALKING_USERNAME: ${AFRICASTALKING_USERNAME}
+      AFRICASTALKING_API_KEY: ${AFRICASTALKING_API_KEY}
+      AFRICASTALKING_SENDER_ID: ${AFRICASTALKING_SENDER_ID}
+      AFRICASTALKING_WHATSAPP_URL: ${AFRICASTALKING_WHATSAPP_URL}
+      PAYSTACK_SECRET_KEY: ${PAYSTACK_SECRET_KEY}
+    depends_on:
+      - postgres
+      - redis
+
+  postgres:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - redisdata:/data
+
+volumes:
+  pgdata:
+  redisdata:
+  uploads:
+  caddy_data:
+  caddy_config:
--- a/deploy/install.sh
+++ b/deploy/install.sh
@@ -0,0 +1,125 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+if [[ "$(id -u)" -ne 0 ]]; then
+  echo "Run as root (sudo)."
+  exit 1
+fi
+
+if ! command -v docker >/dev/null 2>&1; then
+  if command -v apt-get >/dev/null 2>&1; then
+    apt-get update -y
+    apt-get install -y ca-certificates curl gnupg
+    install -m 0755 -d /etc/apt/keyrings
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+    chmod a+r /etc/apt/keyrings/docker.gpg
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
+    apt-get update -y
+    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+    systemctl enable --now docker
+  else
+    echo "Docker is not installed and this installer only supports apt-based systems."
+    exit 1
+  fi
+fi
+
+if ! docker compose version >/dev/null 2>&1; then
+  echo "Docker Compose plugin is required (docker compose)."
+  exit 1
+fi
+
+ENV_FILE="$SCRIPT_DIR/.env"
+
+rand_hex() {
+  if command -v openssl >/dev/null 2>&1; then
+    openssl rand -hex 24
+  else
+    head -c 32 /dev/urandom | od -An -tx1 | tr -d " \n"
+  fi
+}
+
+load_env() {
+  while IFS= read -r line || [[ -n "$line" ]]; do
+    line="${line%$'\r'}"
+    line="${line#"${line%%[![:space:]]*}"}"
+    [[ -z "$line" ]] && continue
+    [[ "$line" =~ ^[[:space:]]*# ]] && continue
+    if [[ "$line" =~ ^export[[:space:]]+([A-Za-z_][A-Za-z0-9_]*)=(.*)$ ]]; then
+      key="${BASH_REMATCH[1]}"
+      val="${BASH_REMATCH[2]}"
+      if [[ "$val" =~ ^\"(.*)\"$ ]]; then val="${BASH_REMATCH[1]}"; fi
+      if [[ "$val" =~ ^\'(.*)\'$ ]]; then val="${BASH_REMATCH[1]}"; fi
+      export "$key=$val"
+    elif [[ "$line" =~ ^([A-Za-z_][A-Za-z0-9_]*)=(.*)$ ]]; then
+      key="${BASH_REMATCH[1]}"
+      val="${BASH_REMATCH[2]}"
+      if [[ "$val" =~ ^\"(.*)\"$ ]]; then val="${BASH_REMATCH[1]}"; fi
+      if [[ "$val" =~ ^\'(.*)\'$ ]]; then val="${BASH_REMATCH[1]}"; fi
+      export "$key=$val"
+    fi
+  done < "$ENV_FILE"
+}
+
+if [[ ! -f "$ENV_FILE" ]]; then
+  POSTGRES_PASSWORD="$(rand_hex)"
+  JWT_SECRET="$(rand_hex)"
+  DEFAULT_SUPERADMIN_PASSWORD="$(rand_hex)"
+
+  cat > "$ENV_FILE" <<EOF
+LETSENCRYPT_EMAIL=admin@brainshare.ng
+
+POSTGRES_DB=eventsphere
+POSTGRES_USER=eventsphere
+POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+DATABASE_URL=postgresql://eventsphere:${POSTGRES_PASSWORD}@postgres:5432/eventsphere
+
+JWT_SECRET=${JWT_SECRET}
+JWT_ACCESS_TTL=15m
+JWT_REFRESH_TTL=30d
+
+AUTO_BOOTSTRAP=1
+DEFAULT_TENANT_NAME="BrainShare"
+DEFAULT_TENANT_SLUG=brainshare
+DEFAULT_SUPERADMIN_FULL_NAME="Super Admin"
+DEFAULT_SUPERADMIN_EMAIL=superadmin@brainshare.ng
+DEFAULT_SUPERADMIN_PASSWORD=${DEFAULT_SUPERADMIN_PASSWORD}
+
+SMTP_HOST=
+SMTP_PORT=587
+SMTP_USER=
+SMTP_PASS=
+SMTP_FROM=
+
+AFRICASTALKING_USERNAME=
+AFRICASTALKING_API_KEY=
+AFRICASTALKING_SENDER_ID=
+AFRICASTALKING_WHATSAPP_URL=
+
+PAYSTACK_SECRET_KEY=
+EOF
+
+  chmod 600 "$ENV_FILE"
+  echo "Created deploy/.env"
+  echo "Superadmin credentials:"
+  echo "  email: superadmin@brainshare.ng"
+  echo "  password: ${DEFAULT_SUPERADMIN_PASSWORD}"
+  echo "Update deploy/.env (LETSENCRYPT_EMAIL and any integration keys) before continuing if needed."
+fi
+
+load_env
+
+if [[ -z "${LETSENCRYPT_EMAIL:-}" ]]; then
+  echo "LETSENCRYPT_EMAIL is required (set it in deploy/.env)."
+  exit 1
+fi
+
+docker compose --env-file "$ENV_FILE" pull
+docker compose --env-file "$ENV_FILE" build
+docker compose --env-file "$ENV_FILE" up -d
+
+echo "Deployment started."
+echo "Web: https://even.brainshare.ng"
+echo "API: https://apil.event.brainshare.ng/api/v1/health"