From 1c1f5bc86f05fbb699cc3150ecbbeec0c38a819f Mon Sep 17 00:00:00 2001 From: Ligbox Spec Hub Date: Fri, 19 Jun 2026 18:12:10 +0000 Subject: [PATCH] =?UTF-8?q?Add=20VM=20inventory=20docs:=20VM112,=20VM122,?= =?UTF-8?q?=20VM123,=20VM104,=20CT130=20=E2=80=94=20portal=20por=20VM?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/vms/CT130.md | 67 ++++++++++++++++++++++++++++++++++++ docs/vms/README.md | 86 ++++++++++++++++++++++++++++++++++++++++++++++ docs/vms/VM104.md | 44 ++++++++++++++++++++++++ docs/vms/VM112.md | 41 ++++++++++++++++++++++ docs/vms/VM122.md | 50 +++++++++++++++++++++++++++ docs/vms/VM123.md | 53 ++++++++++++++++++++++++++++ 6 files changed, 341 insertions(+) create mode 100644 docs/vms/CT130.md create mode 100644 docs/vms/README.md create mode 100644 docs/vms/VM104.md create mode 100644 docs/vms/VM112.md create mode 100644 docs/vms/VM122.md create mode 100644 docs/vms/VM123.md diff --git a/docs/vms/CT130.md b/docs/vms/CT130.md new file mode 100644 index 0000000..f51c85d --- /dev/null +++ b/docs/vms/CT130.md @@ -0,0 +1,67 @@ +# CT130 — Ligbox Spec Hub + +| Item | Valor | +|------|-------| +| **IP LAN** | `10.10.10.130` | +| **SSH WAN** | `95.216.14.146:2530` | +| **Hostname** | spec-hub | +| **OS** | Debian 12 LXC | +| **Recursos** | 2 vCPU · 4 GB RAM · 40 GB | + +## Papel + +**Fonte de verdade Git + Obsidian + Portal** — centraliza specs, vault e código de **todas** as VMs. + +| URL | Serviço | +|-----|---------| +| https://spec.ligbox.com.br | Portal hub | +| https://spec.ligbox.com.br/specs/ | Browser Spec Kit | +| https://spec.ligbox.com.br/vault/ | Browser Obsidian | +| https://git.spec.ligbox.com.br | Forgejo Git | + +## Stack local + +``` +/opt/ligbox-spec-hub/ +├── forgejo/ # Git server +├── portal/ # nginx + Docsify +├── repos/ligbox-ops-platform/ # clone principal +├── obsidian-vault/ # vault Obsidian +└── docker-compose.yml # forgejo + spec-portal +``` + +## Repos Forgejo (org `ligbox`) + +| Repo | Conteúdo | +|------|----------| +| `ligbox-ops-platform` | Monorepo — **todas** VMs (deploy/ por VM) | +| `obsidian-vault` | Notas, LAPTOP, anais | + +## Utilizadores + +| User | Senha | Admin | +|------|-------|-------| +| roger | 805353 | ✅ | +| ligboxadmin | 805353 | ✅ | +| mini | 805353 | — | + +## Spec + +- **031** — spec-hub-portal + +## Regra anti-drift + +```bash +# VM122/112/123 — NUNCA rsync solto +git pull https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform.git +# Ver deploy/manifest.yaml para tag pinada +``` + +## Sync pendente (Roger) + +| VM | Acção | +|----|-------| +| VM112 | Pull deploy/vm112-* + push estado actual | +| VM123 | Pull deploy/vm123-* + console template | +| VM104 | Documentar integração (sem código Ligbox) | +| VM122 | `git remote add hub git.spec...` + pull | diff --git a/docs/vms/README.md b/docs/vms/README.md new file mode 100644 index 0000000..4508616 --- /dev/null +++ b/docs/vms/README.md @@ -0,0 +1,86 @@ +# Inventário Ligbox — Todas as VMs do Projecto + +**Hub:** CT130 · `https://spec.ligbox.com.br` +**Git:** `https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform` + +> As specs **não vivem só na VM122** — descrevem o **ecossistema completo**. O código de cada VM está em `deploy/vm*` e é sincronizado via Git Forgejo. + +--- + +## Mapa rápido + +| VM/CT | IP | SSH WAN | Papel | Deploy no repo | +|-------|-----|---------|-------|----------------| +| **112** | 10.10.10.112 | :2512 | Wizard onboard + Carbonio mail | `deploy/vm112-*` | +| **122** | 10.10.10.122 | :2522 | Ops Desk API + worker + UI MVP | `api/` `frontend/` `worker/` | +| **123** | 10.10.10.123 | :2523 | FOSSBilling + Odoo + OpenPanel + Console UI | `deploy/vm123-*` | +| **104** | 10.10.10.104 | :2504 | Wazuh SIEM | integração Spec 002, 019 | +| **114** | 10.10.10.114 | — | Traefik (CT) | `docs/network/TRAEFIK_*` | +| **130** | 10.10.10.130 | :2530 | **Spec Hub** Git + Obsidian + Portal | CT130 local | + +--- + +## Specs por VM + +### VM112 — Onboard / Mail +| Spec | Nome | +|------|------| +| 001 | webhook-vm112-integration | +| 017 | vm112-domain-orchestration | +| 022 | carbonio-account-exists-release | +| 025 | wizard-onboarding-continuity | +| 026 | purge-traefik-validation | +| 010 | desk-assist-takeover (fases VM112) | + +→ [Ficha VM112](VM112.md) + +### VM122 — Ops Desk (motor) +| Spec | Nome | +|------|------| +| 003 | desk-auth-rbac | +| 004 | desk-account-management | +| 009 | ops-audit-overview | +| 010 | desk-assist-takeover | +| 012 | abandoned-onboarding-lead | +| 015 | desk-module-registry | +| 027 | desk-rbac-function-matrix | +| 029 | agentic ops | + +→ [Ficha VM122](VM122.md) + +### VM123 — Finance + Console +| Spec | Nome | +|------|------| +| 019 | ops-console-active-operations | +| 023 | billing-recurrence-desk-visibility | +| 024 | openpanel-fossbilling | +| 027 | desk-rbac (matriz VM123) | + +→ [Ficha VM123](VM123.md) + +### VM104 — Wazuh / SOC +| Spec | Nome | +|------|------| +| 002 | wazuh-integration | +| 019 | ops-console (deep-link SIEM) | + +→ [Ficha VM104](VM104.md) + +### CT130 — Spec Hub +| Spec | Nome | +|------|------| +| 031 | spec-hub-portal | + +→ [Ficha CT130](CT130.md) + +--- + +## Porque parecia «só VM122»? + +1. **Sync inicial** veio de `/opt/ligbox-ops-platform` na VM122 (monorepo central) +2. **Código VM112/123** está em `deploy/vm112-*` e `deploy/vm123-*` **dentro do mesmo repo** — não numa VM separada no vault +3. **Portal** listava specs flat — sem secção «Por VM» +4. **VM104** não tem pasta deploy no repo (integração via API/deep-link) +5. **CT130** foi criada depois — Spec 031 adicionada agora + +**Próximo passo:** cada VM faz `git pull` do Forgejo — nunca editar disco solto. diff --git a/docs/vms/VM104.md b/docs/vms/VM104.md new file mode 100644 index 0000000..96b9def --- /dev/null +++ b/docs/vms/VM104.md @@ -0,0 +1,44 @@ +# VM104 — Wazuh SIEM + +| Item | Valor | +|------|-------| +| **IP LAN** | `10.10.10.104` | +| **SSH WAN** | `95.216.14.146:2504` | +| **Hostname** | wazuh | +| **URL** | Wazuh Dashboard (LAN / Traefik) | + +## Papel + +- SIEM / análise de segurança profunda +- Alertas → VM122 Desk (Spec 002) +- Deep-link desde Ops Console (Spec 019) + +## No repo Git (CT130) + +**Não há pasta `deploy/vm104/`** — VM104 é produto Wazuh upstream. Integração documentada em: + +``` +specs/002-wazuh-integration/spec.md +specs/019-ops-console-active-operations/spec.md (deep-link Wazuh) +specs/027-desk-rbac-function-matrix/spec.md (security_analyst, noc) +``` + +## Fluxo + +``` +Agentes → VM104 Wazuh → webhook/API → VM122 Desk → ticket/CH-* +Ops Console (VM123) → deep-link → VM104 dashboard (SIEM profundo) +``` + +## Roles Desk com acesso Wazuh + +| Função | Wazuh | +|--------|-------| +| `security_analyst` | ✅ full | +| `noc` | ✅ read + deep-link | +| `ops_lead` | 🔗 deep-link | + +## Próximo sync + +- Exportar regras/decoders custom para `docs/vms/VM104-rules/` no repo +- Documentar URL Traefik Wazuh em `docs/network/` diff --git a/docs/vms/VM112.md b/docs/vms/VM112.md new file mode 100644 index 0000000..3909200 --- /dev/null +++ b/docs/vms/VM112.md @@ -0,0 +1,41 @@ +# VM112 — Wizard Onboard + Carbonio Mail + +| Item | Valor | +|------|-------| +| **IP LAN** | `10.10.10.112` | +| **SSH WAN** | `95.216.14.146:2512` | +| **Hostname** | vm112-mail-ibytera | +| **URLs** | `onboard.ligbox.com.br` · API `:8090` | + +## Papel + +- Wizard onboarding clientes +- Carbonio mail tenants +- Webhooks → VM122 Desk +- Purge domínio / orquestração DNS (Spec 017, 026) + +## No repo Git (CT130) + +``` +deploy/vm112-spec022/ # Carbonio account scripts +deploy/vm112-wizard-security/ # CSP, webhooks, audit +docs/EMAIL_LIGBOX_VM112.md +specs/001-webhook-vm112-integration/ +specs/017-vm112-domain-orchestration/ +specs/022-carbonio-account-exists-release/ +specs/025-wizard-onboarding-continuity/ +specs/026-purge-traefik-validation/ +``` + +## Deploy na VM112 + +```bash +git clone https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform.git +# Copiar deploy/vm112-* para paths locais — ver README em cada pasta +``` + +## Integração + +- **→ VM122:** webhooks `onboarding.*` · Assist/takeover API +- **→ CT114:** Traefik routers mail/onboard +- **← Desk:** purge, DNS revalidate, assist actions diff --git a/docs/vms/VM122.md b/docs/vms/VM122.md new file mode 100644 index 0000000..a2454e6 --- /dev/null +++ b/docs/vms/VM122.md @@ -0,0 +1,50 @@ +# VM122 — Ligbox Ops Desk (motor) + +| Item | Valor | +|------|-------| +| **IP LAN** | `10.10.10.122` | +| **SSH WAN** | `95.216.14.146:2522` | +| **Hostname** | ligbox-ops | +| **URLs** | `desk.ligbox.com.br` · `api.ops.ligbox.com.br` | + +## Papel + +- API FastAPI + SQLite + Redis + Worker +- UI Desk MVP (vanilla JS) +- Webhook ingress VM112 / Wazuh +- Agentic ops (Spec 029) + +## No repo Git (CT130) + +``` +api/ frontend/ worker/ # Código principal +.specify/ specs/ # Spec Kit memory + specs +docker-compose.mvp.yml +deploy/vm122-fossbilling/ # Stack legado (se activo) +``` + +## Specs principais VM122 + +- 003 desk-auth-rbac +- 004 desk-account-management +- 009 ops-audit-overview +- 010 desk-assist-takeover +- 012 abandoned-onboarding-lead +- 015 desk-module-registry +- 027 desk-rbac-function-matrix +- 029 agentic + +## Deploy + +```bash +cd /opt/ligbox-ops-platform +git pull origin main +docker compose -f docker-compose.mvp.yml up -d --build +``` + +## Integração + +- **← VM112:** webhooks onboard +- **← VM104:** alertas Wazuh +- **→ VM123:** deep-links finance · APIs FOSS/Odoo +- **→ CT130:** push specs/git (fonte de verdade) diff --git a/docs/vms/VM123.md b/docs/vms/VM123.md new file mode 100644 index 0000000..632c6f1 --- /dev/null +++ b/docs/vms/VM123.md @@ -0,0 +1,53 @@ +# VM123 — Finance Stack + Ops Console UI + +| Item | Valor | +|------|-------| +| **IP LAN** | `10.10.10.123` | +| **SSH WAN** | `95.216.14.146:2523` | +| **Hostname** | vm123-finance | +| **URLs** | `financeiro.ligbox.com.br` · `openpanel.ligbox.com.br` · `console.ligbox.com.br` | + +## Papel + +- **FOSSBilling** (:8092) — billing clientes +- **Odoo 16** (:8069) — CRM/finance +- **OpenPanel** (:2083) — hosting sites +- **Ops Console UI** (Spec 019) — React SPA Docker `:8100` + +## No repo Git (CT130) + +``` +deploy/vm123-finance-stack/ # docker-compose FOSS/Odoo/OpenPanel +specs/019-ops-console-active-operations/deploy/ # Template Console UI +specs/023-billing-recurrence-desk-visibility/ +specs/024-openpanel-fossbilling/ +docs/network/VM123_INVENTARIO.md +docs/VM123_OPS_CONSOLE_HANDOFF.md +``` + +## Serviços Docker (host) + +| Container | Porta | Função | +|-----------|-------|--------| +| fossbilling | 8092 | FOSSBilling | +| odoo | 8069 | Odoo 16 | +| openpanel | 2083 | OpenPanel | +| ligbox-ops-console-ui | 8100 | Console Spec 019 | + +## Deploy + +```bash +git clone https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform.git +cd deploy/vm123-finance-stack && docker compose up -d +# Console: specs/019-.../deploy/ → /opt/ligbox-ops-console/ +``` + +## Integração + +- **← VM122:** API `api.ops.ligbox.com.br` (motor chamados) +- **→ Desk:** deep-links FOSS/Odoo/OpenPanel (Spec 023, 027) +- **← Traefik CT114:** rotas públicas + +## ⚠️ Nota sync + +Código **runtime** na VM123 (`/opt/vm123-finance-stack`, `/opt/ligbox-ops-console`) deve ser actualizado via **git pull** do CT130 — não estava no sync inicial VM122-only.