feat(infra): Phase 0 provisioning + dev status dashboard

- scripts/phase0-provision.sh: idempotent root setup (nginx, PostgreSQL, Redis, certbot/TLS, UFW). Opens 22/2222/80/443 before enabling UFW so SSH and Gitea git-SSH can't be locked out. Redis/Postgres stay localhost-only. - infra/nginx/feedthepyre.com.conf: vhost serving the status page; commented web(:3000)/api(:4000) reverse-proxy blocks ready for app deploy. - infra/status/: data-driven dev status dashboard (status.json + gen-status.mjs + prebuilt index.html), served at feedthepyre.com. - ecosystem.config.cjs (PM2), infra/systemd/pm2-pyre.service, infra/logrotate/pyre, scripts/backup.sh — process mgmt + ops (inert until apps are built). Built by 4 parallel agents, reviewed by 2 audit agents; audit fixes applied (logs dir creation, port-citation accuracy, status truthfulness). pm2 installed user-level. Privileged steps gated on `sudo bash scripts/phase0-provision.sh`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 02:34:13 +00:00
parent c20094ab56
commit 571e5d04d2
13 changed files with 1629 additions and 0 deletions
--- a/infra/systemd/pm2-pyre.service
+++ b/infra/systemd/pm2-pyre.service
@@ -0,0 +1,40 @@
+# PYRE / Prometheus Protocol — systemd unit to resurrect PM2 on boot.
+#
+# INERT until apps are deployed AND `pm2 save` has been run at least once:
+#   `pm2 resurrect` only restores processes from the saved dump
+#   (~/.pm2/dump.pm2). Without that dump it starts nothing.
+#
+# Install (run as a privileged user, once):
+#   sudo cp /home/pyre/pyre/infra/systemd/pm2-pyre.service /etc/systemd/system/pm2-pyre.service
+#   sudo systemctl daemon-reload
+#   sudo systemctl enable pm2-pyre
+#
+# Then, after the apps are built and started:
+#   pm2 start /home/pyre/pyre/ecosystem.config.cjs
+#   pm2 save            # <-- REQUIRED: writes the dump that resurrect reads
+#
+# This unit runs PM2 as the unprivileged `pyre` user (no root daemon).
+
+[Unit]
+Description=PM2 process manager for PYRE (user pyre)
+Documentation=https://pm2.keymetrics.io/
+After=network-online.target postgresql.service redis-server.service
+Wants=network-online.target
+
+[Service]
+Type=forking
+User=pyre
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+Environment=PATH=/home/pyre/.local/share/pnpm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+Environment=PM2_HOME=/home/pyre/.pm2
+PIDFile=/home/pyre/.pm2/pm2.pid
+Restart=on-failure
+
+ExecStart=/home/pyre/.local/share/pnpm/bin/pm2 resurrect
+ExecReload=/home/pyre/.local/share/pnpm/bin/pm2 reload all
+ExecStop=/home/pyre/.local/share/pnpm/bin/pm2 kill
+
+[Install]
+WantedBy=multi-user.target