mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 17:41:09 +02:00
7b29dcc23c
Some checks failed
CD Mac Mini / Detect Changes (push) Has been cancelled
Mirror to Forgejo / Push to Forgejo (push) Has been cancelled
CI / Detect Changes (push) Has been cancelled
CI / Validate (push) Has been cancelled
CD Mac Mini / Deploy (push) Has been cancelled
CI / Build mana-search (push) Has been cancelled
CI / Build mana-sync (push) Has been cancelled
CI / Build mana-api-gateway (push) Has been cancelled
CI / Build mana-crawler (push) Has been cancelled
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
306 lines
12 KiB
YAML
306 lines
12 KiB
YAML
# Cloudflare Tunnel Configuration for the Mac Mini production server.
|
|
#
|
|
# This file is the SINGLE SOURCE OF TRUTH for which public hostnames
|
|
# the tunnel exposes. The cloudflared launchd plist is started with
|
|
# `--config <this-file> run` so any change here is one `git pull` +
|
|
# `launchctl kickstart -k gui/501/com.cloudflare.cloudflared` away
|
|
# from being live in production.
|
|
#
|
|
# Adding a new public hostname:
|
|
# 1. Append the hostname / service line below in the matching section
|
|
# 2. Make sure the corresponding Cloudflare DNS record exists (the
|
|
# tunnel needs the hostname pointing at its CNAME — see
|
|
# `cloudflared tunnel route dns <tunnel-id> <hostname>` if not)
|
|
# 3. Run `./scripts/mac-mini/sync-tunnel-config.sh` to copy this file
|
|
# onto the Mac Mini and reload cloudflared
|
|
# 4. Verify with `curl -sI https://<hostname>/health` (or the route's
|
|
# equivalent) — expect a non-404 status line
|
|
#
|
|
# Removing a hostname: same steps, just delete the lines.
|
|
#
|
|
# Catch-all at the bottom returns http_status:404 for any hostname
|
|
# Cloudflare routes here that we don't have an explicit ingress rule
|
|
# for. This is the desired failure mode.
|
|
|
|
tunnel: 1435166a-0e3f-4222-8de6-744f32cea5c9
|
|
credentials-file: /Users/mana/.cloudflared/1435166a-0e3f-4222-8de6-744f32cea5c9.json
|
|
|
|
ingress:
|
|
# ============================================
|
|
# SSH (requires cloudflared on the client)
|
|
# ============================================
|
|
- hostname: ssh.mana.how
|
|
service: ssh://localhost:22
|
|
|
|
# ============================================
|
|
# Unified Mana Web App (Port 5000)
|
|
# ============================================
|
|
# Every per-product subdomain points at the same SvelteKit container.
|
|
# The container's hooks.server.ts reads the host header and renders
|
|
# the matching module surface. mana.how itself is the dashboard.
|
|
- hostname: mana.how
|
|
service: http://localhost:5000
|
|
- hostname: verein.mana.how
|
|
service: http://localhost:3088
|
|
|
|
- hostname: design.mana.how
|
|
service: http://localhost:3089
|
|
|
|
# ============================================
|
|
# mana e.V. Verein-Landing (öffentliche Domains)
|
|
# mana-ev.ch ist die kanonische Domain (Schweizer Verein in Gründung).
|
|
# .com/.de/.at + alle www-Varianten 301-Redirect zu https://mana-ev.ch
|
|
# via mana-infra-landings (nginx :4400). DNS-Routes pro Hostname
|
|
# einmalig via `cloudflared tunnel route dns 1435166a-... <hostname>`.
|
|
# ============================================
|
|
- hostname: mana-ev.ch
|
|
service: http://localhost:3088
|
|
- hostname: www.mana-ev.ch
|
|
service: http://localhost:4400
|
|
- hostname: mana-ev.com
|
|
service: http://localhost:4400
|
|
- hostname: www.mana-ev.com
|
|
service: http://localhost:4400
|
|
- hostname: mana-ev.de
|
|
service: http://localhost:4400
|
|
- hostname: www.mana-ev.de
|
|
service: http://localhost:4400
|
|
- hostname: mana-ev.at
|
|
service: http://localhost:4400
|
|
- hostname: www.mana-ev.at
|
|
service: http://localhost:4400
|
|
- hostname: chat.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: todo.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: calendar.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: clock.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: contacts.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: quotes.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: skilltree.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: plants.mana.how
|
|
service: http://localhost:5000
|
|
# cardecky.mana.how → standalone Cardecky SvelteKit container (apps/cards/apps/web).
|
|
# Was pointed at :5000 (the unified mana-web) until the standalone spinoff
|
|
# landed. mana.how/cards still serves the in-mana cards module.
|
|
- hostname: cardecky.mana.how
|
|
service: http://localhost:5181
|
|
- hostname: storage.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: presi.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: food.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: photos.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: mukke.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: picture.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: calc.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: citycorners.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: inventar.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: times.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: uload.mana.how
|
|
service: http://localhost:5000
|
|
# memoro.mana.how moved off the unified mana web app (5000) to the
|
|
# Memoro Astro landing container (Code/memoro/apps/landing → :3120) on
|
|
# 2026-05-06. The standalone Memoro stack lives at memoro-api/audio
|
|
# below; the landing is the public marketing site.
|
|
# NB: keep this entry in the Memoro section, not the unified-app block.
|
|
- hostname: context.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: questions.mana.how
|
|
service: http://localhost:5000
|
|
- hostname: moodlit.mana.how
|
|
service: http://localhost:5000
|
|
|
|
# ============================================
|
|
# Auth Service (Hono/Bun)
|
|
# ============================================
|
|
- hostname: auth.mana.how
|
|
service: http://localhost:3001
|
|
|
|
# ============================================
|
|
# Unified Backend API (Hono/Bun, port 3060)
|
|
# ============================================
|
|
# apps/api hosts every product compute module (calendar, chat,
|
|
# picture, planta, news, who, …) under /api/v1/{module}/*. The
|
|
# unified web app's PUBLIC_MANA_API_URL_CLIENT points here.
|
|
- hostname: mana-api.mana.how
|
|
service: http://localhost:3060
|
|
|
|
# ============================================
|
|
# mana-ai — background AI Mission Runner
|
|
# ============================================
|
|
# Serves the user-facing decrypt-audit endpoint
|
|
# /api/v1/me/ai-audit that powers the Workbench "Datenzugriff" tab.
|
|
# The background tick loop + /metrics stay internal; only the
|
|
# JWT-gated user endpoint is public.
|
|
|
|
# ============================================
|
|
# API Gateway (Go)
|
|
# ============================================
|
|
# Older gateway in front of the per-service compute layer. New
|
|
# services should go directly through mana-api above; this gateway
|
|
# only handles legacy entry points.
|
|
- hostname: api.mana.how
|
|
service: http://localhost:3016
|
|
|
|
# ============================================
|
|
# Forgejo (Git + CI/CD)
|
|
# ============================================
|
|
- hostname: git.mana.how
|
|
service: http://localhost:3030
|
|
|
|
# ============================================
|
|
# Standalone microservices
|
|
# ============================================
|
|
- hostname: uload-api.mana.how
|
|
service: http://localhost:3070
|
|
- hostname: media.mana.how
|
|
service: http://localhost:3011
|
|
- hostname: llm.mana.how
|
|
service: http://localhost:3025
|
|
- hostname: sync.mana.how
|
|
service: http://localhost:3010
|
|
- hostname: credits.mana.how
|
|
service: http://localhost:3002
|
|
- hostname: subscriptions.mana.how
|
|
service: http://localhost:3063
|
|
- hostname: events.mana.how
|
|
service: http://localhost:3065
|
|
# Föderations-Backbone (Phase F deployed 2026-05-08)
|
|
- hostname: share.mana.how
|
|
service: http://localhost:3072
|
|
- hostname: mcp.mana.how
|
|
service: http://localhost:3069
|
|
|
|
- hostname: cardecky-api.mana.how
|
|
service: http://localhost:3191
|
|
- hostname: feedback.mana.how
|
|
service: http://localhost:3064
|
|
|
|
# ============================================
|
|
# mana e.V. platform (Code/mana, separate repo)
|
|
# Lives under ~/projects/mana-platform/ on the Mac Mini, deployed via
|
|
# infrastructure/docker-compose.macmini.yml. Coexists with this stack.
|
|
# ============================================
|
|
- hostname: admin.mana.how
|
|
service: http://localhost:3071
|
|
|
|
# Verdaccio @mana/* npm-Registry. Standalone-Compose-Project unter
|
|
# ~/projects/verdaccio/ auf dem Mini (storage + htpasswd survive im
|
|
# bind-mount). Phase 2f-1 hatte das nach GPU verlagert, aber das
|
|
# Storage-Volume kam dort nie an — am 2026-05-07 zurueckgerollt,
|
|
# Mini bleibt Single-Source.
|
|
- hostname: npm.mana.how
|
|
service: http://localhost:4873
|
|
|
|
# ============================================
|
|
# Memoro (Code/memoro, separate repo)
|
|
# ~/projects/memoro-deploy/ on the Mac Mini.
|
|
# ============================================
|
|
- hostname: memoro.mana.how
|
|
service: http://localhost:3120
|
|
# Web-App (SvelteKit static SPA). Lives next to memoro-api/memoro-audio
|
|
# at first-level subdomain depth so Cloudflare Universal SSL covers it.
|
|
- hostname: memoro-app.mana.how
|
|
service: http://localhost:3130
|
|
- hostname: memoro-api.mana.how
|
|
service: http://localhost:3110
|
|
- hostname: memoro-audio.mana.how
|
|
service: http://localhost:3101
|
|
|
|
# ============================================
|
|
# Zitare (Code/zitare, separate repo)
|
|
# ~/projects/zitare-deploy/ on the Mac Mini (planned — Phase 1.6).
|
|
# Ports per mana/docs/PORTS.md: 3083 api / 3084 app / 3085 com.
|
|
# zitare.com is a separate Cloudflare zone; tunnel route for that
|
|
# hostname must be added via `cloudflared tunnel route dns
|
|
# 1435166a-0e3f-4222-8de6-744f32cea5c9 zitare.com` (one-time).
|
|
# ============================================
|
|
- hostname: zitare.com
|
|
service: http://localhost:3085
|
|
- hostname: zitare.mana.how
|
|
service: http://localhost:3084
|
|
- hostname: zitare-api.mana.how
|
|
service: http://localhost:3083
|
|
|
|
# Nutriphi (Code/nutriphi, separate repo)
|
|
# ~/projects/nutriphi/ on the Mac Mini.
|
|
# Ports per mana/docs/PORTS.md: 3086 api / 3087 web.
|
|
- hostname: nutriphi.mana.how
|
|
service: http://localhost:3087
|
|
- hostname: nutriphi-api.mana.how
|
|
service: http://localhost:3086
|
|
|
|
# ============================================
|
|
# Standalone web apps (separate containers)
|
|
# ============================================
|
|
- hostname: playground.mana.how
|
|
service: http://localhost:5050
|
|
- hostname: manavoxel.mana.how
|
|
service: http://localhost:5028
|
|
# ============================================
|
|
# Who? Game (Standalone-Bun-Stack, native auf Mac Mini unter PM2)
|
|
# Source: ~/projects/who/, Deploy-Doc: who/docs/MAC_MINI_DEPLOY.md
|
|
# ============================================
|
|
- hostname: who.mana.how
|
|
service: http://localhost:5092
|
|
- hostname: who-api.mana.how
|
|
service: http://localhost:3092
|
|
|
|
# ============================================
|
|
# Self-hosted landing pages (Nginx on port 4400)
|
|
# ============================================
|
|
# Cardecky-Migration: alte Hostnames → Nginx 301-Redirect (2026-05-08).
|
|
- hostname: cards.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: cards-api.mana.how
|
|
service: http://localhost:4400
|
|
# cardecky.com Marketing-Landing — DNS zeigt am Cloudflare-Zone von
|
|
# cardecky.com auf diesen Tunnel; nginx-Block in docker/nginx/landings.conf.
|
|
- hostname: cardecky.com
|
|
service: http://localhost:4400
|
|
- hostname: it.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: chats.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: pics.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: quotess.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: presis.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: clocks.mana.how
|
|
service: http://localhost:4400
|
|
- hostname: docs.mana.how
|
|
service: http://localhost:4400
|
|
|
|
# ============================================
|
|
# Monitoring & observability
|
|
# ============================================
|
|
|
|
# ============================================
|
|
# GPU services (NOT in this tunnel)
|
|
# ============================================
|
|
# gpu-llm / gpu-stt / gpu-tts / gpu-img / gpu-video / gpu-ollama
|
|
# are served by a SEPARATE cloudflared tunnel running on the Windows
|
|
# GPU box itself (`mana-gpu-server` tunnel ID 83454e8e-...). Routing
|
|
# them via the Mac Mini's tunnel would cause DNS routing conflicts
|
|
# because each Cloudflare DNS CNAME can only point at one tunnel.
|
|
|
|
# ============================================
|
|
# Catch-all (returns 404 for any unmapped hostname)
|
|
# ============================================
|
|
- service: http_status:404
|