Add VM inventory docs: VM112, VM122, VM123, VM104, CT130 — portal por VM

2026-06-19 18:12:10 +00:00 · 2026-06-19 18:12:10 +00:00 · 1c1f5bc86f
commit 1c1f5bc86f
parent 283f2dab20
6 changed files with 341 additions and 0 deletions
--- a/docs/vms/CT130.md
+++ b/docs/vms/CT130.md
@ -0,0 +1,67 @@
 # CT130 — Ligbox Spec Hub
 | Item | Valor |
 |------|-------|
 | **IP LAN** | `10.10.10.130` |
 | **SSH WAN** | `95.216.14.146:2530` |
 | **Hostname** | spec-hub |
 | **OS** | Debian 12 LXC |
 | **Recursos** | 2 vCPU · 4 GB RAM · 40 GB |
 ## Papel
 **Fonte de verdade Git + Obsidian + Portal** — centraliza specs, vault e código de **todas** as VMs.
 | URL | Serviço |
 |-----|---------|
 | https://spec.ligbox.com.br | Portal hub |
 | https://spec.ligbox.com.br/specs/ | Browser Spec Kit |
 | https://spec.ligbox.com.br/vault/ | Browser Obsidian |
 | https://git.spec.ligbox.com.br | Forgejo Git |
 ## Stack local
 ```
 /opt/ligbox-spec-hub/
 ├── forgejo/              # Git server
 ├── portal/               # nginx + Docsify
 ├── repos/ligbox-ops-platform/   # clone principal
 ├── obsidian-vault/       # vault Obsidian
 └── docker-compose.yml    # forgejo + spec-portal
 ```
 ## Repos Forgejo (org `ligbox`)
 | Repo | Conteúdo |
 |------|----------|
 | `ligbox-ops-platform` | Monorepo — **todas** VMs (deploy/ por VM) |
 | `obsidian-vault` | Notas, LAPTOP, anais |
 ## Utilizadores
 | User | Senha | Admin |
 |------|-------|-------|
 | roger | 805353 | ✅ |
 | ligboxadmin | 805353 | ✅ |
 | mini | 805353 | — |
 ## Spec
 - **031** — spec-hub-portal
 ## Regra anti-drift
 ```bash
 # VM122/112/123 — NUNCA rsync solto
 git pull https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform.git
 # Ver deploy/manifest.yaml para tag pinada
 ```
 ## Sync pendente (Roger)
 | VM | Acção |
 |----|-------|
 | VM112 | Pull deploy/vm112-* + push estado actual |
 | VM123 | Pull deploy/vm123-* + console template |
 | VM104 | Documentar integração (sem código Ligbox) |
 | VM122 | `git remote add hub git.spec...` + pull |
--- a/docs/vms/README.md
+++ b/docs/vms/README.md
@ -0,0 +1,86 @@
 # Inventário Ligbox — Todas as VMs do Projecto
 **Hub:** CT130 · `https://spec.ligbox.com.br`  
 **Git:** `https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform`
 > As specs **não vivem só na VM122** — descrevem o **ecossistema completo**. O código de cada VM está em `deploy/vm*` e é sincronizado via Git Forgejo.
 ---
 ## Mapa rápido
 | VM/CT | IP | SSH WAN | Papel | Deploy no repo |
 |-------|-----|---------|-------|----------------|
 | **112** | 10.10.10.112 | :2512 | Wizard onboard + Carbonio mail | `deploy/vm112-*` |
 | **122** | 10.10.10.122 | :2522 | Ops Desk API + worker + UI MVP | `api/` `frontend/` `worker/` |
 | **123** | 10.10.10.123 | :2523 | FOSSBilling + Odoo + OpenPanel + Console UI | `deploy/vm123-*` |
 | **104** | 10.10.10.104 | :2504 | Wazuh SIEM | integração Spec 002, 019 |
 | **114** | 10.10.10.114 | — | Traefik (CT) | `docs/network/TRAEFIK_*` |
 | **130** | 10.10.10.130 | :2530 | **Spec Hub** Git + Obsidian + Portal | CT130 local |
 ---
 ## Specs por VM
 ### VM112 — Onboard / Mail
 | Spec | Nome |
 |------|------|
 | 001 | webhook-vm112-integration |
 | 017 | vm112-domain-orchestration |
 | 022 | carbonio-account-exists-release |
 | 025 | wizard-onboarding-continuity |
 | 026 | purge-traefik-validation |
 | 010 | desk-assist-takeover (fases VM112) |
 → [Ficha VM112](VM112.md)
 ### VM122 — Ops Desk (motor)
 | Spec | Nome |
 |------|------|
 | 003 | desk-auth-rbac |
 | 004 | desk-account-management |
 | 009 | ops-audit-overview |
 | 010 | desk-assist-takeover |
 | 012 | abandoned-onboarding-lead |
 | 015 | desk-module-registry |
 | 027 | desk-rbac-function-matrix |
 | 029 | agentic ops |
 → [Ficha VM122](VM122.md)
 ### VM123 — Finance + Console
 | Spec | Nome |
 |------|------|
 | 019 | ops-console-active-operations |
 | 023 | billing-recurrence-desk-visibility |
 | 024 | openpanel-fossbilling |
 | 027 | desk-rbac (matriz VM123) |
 → [Ficha VM123](VM123.md)
 ### VM104 — Wazuh / SOC
 | Spec | Nome |
 |------|------|
 | 002 | wazuh-integration |
 | 019 | ops-console (deep-link SIEM) |
 → [Ficha VM104](VM104.md)
 ### CT130 — Spec Hub
 | Spec | Nome |
 |------|------|
 | 031 | spec-hub-portal |
 → [Ficha CT130](CT130.md)
 ---
 ## Porque parecia «só VM122»?
 1. **Sync inicial** veio de `/opt/ligbox-ops-platform` na VM122 (monorepo central)
 2. **Código VM112/123** está em `deploy/vm112-*` e `deploy/vm123-*` **dentro do mesmo repo** — não numa VM separada no vault
 3. **Portal** listava specs flat — sem secção «Por VM»
 4. **VM104** não tem pasta deploy no repo (integração via API/deep-link)
 5. **CT130** foi criada depois — Spec 031 adicionada agora
 **Próximo passo:** cada VM faz `git pull` do Forgejo — nunca editar disco solto.
--- a/docs/vms/VM104.md
+++ b/docs/vms/VM104.md
@ -0,0 +1,44 @@
 # VM104 — Wazuh SIEM
 | Item | Valor |
 |------|-------|
 | **IP LAN** | `10.10.10.104` |
 | **SSH WAN** | `95.216.14.146:2504` |
 | **Hostname** | wazuh |
 | **URL** | Wazuh Dashboard (LAN / Traefik) |
 ## Papel
 - SIEM / análise de segurança profunda
 - Alertas → VM122 Desk (Spec 002)
 - Deep-link desde Ops Console (Spec 019)
 ## No repo Git (CT130)
 **Não há pasta `deploy/vm104/`** — VM104 é produto Wazuh upstream. Integração documentada em:
 ```
 specs/002-wazuh-integration/spec.md
 specs/019-ops-console-active-operations/spec.md  (deep-link Wazuh)
 specs/027-desk-rbac-function-matrix/spec.md      (security_analyst, noc)
 ```
 ## Fluxo
 ```
 Agentes → VM104 Wazuh → webhook/API → VM122 Desk → ticket/CH-*
 Ops Console (VM123) → deep-link → VM104 dashboard (SIEM profundo)
 ```
 ## Roles Desk com acesso Wazuh
 | Função | Wazuh |
 |--------|-------|
 | `security_analyst` | ✅ full |
 | `noc` | ✅ read + deep-link |
 | `ops_lead` | 🔗 deep-link |
 ## Próximo sync
 - Exportar regras/decoders custom para `docs/vms/VM104-rules/` no repo
 - Documentar URL Traefik Wazuh em `docs/network/`
--- a/docs/vms/VM112.md
+++ b/docs/vms/VM112.md
@ -0,0 +1,41 @@
 # VM112 — Wizard Onboard + Carbonio Mail
 | Item | Valor |
 |------|-------|
 | **IP LAN** | `10.10.10.112` |
 | **SSH WAN** | `95.216.14.146:2512` |
 | **Hostname** | vm112-mail-ibytera |
 | **URLs** | `onboard.ligbox.com.br` · API `:8090` |
 ## Papel
 - Wizard onboarding clientes
 - Carbonio mail tenants
 - Webhooks → VM122 Desk
 - Purge domínio / orquestração DNS (Spec 017, 026)
 ## No repo Git (CT130)
 ```
 deploy/vm112-spec022/          # Carbonio account scripts
 deploy/vm112-wizard-security/  # CSP, webhooks, audit
 docs/EMAIL_LIGBOX_VM112.md
 specs/001-webhook-vm112-integration/
 specs/017-vm112-domain-orchestration/
 specs/022-carbonio-account-exists-release/
 specs/025-wizard-onboarding-continuity/
 specs/026-purge-traefik-validation/
 ```
 ## Deploy na VM112
 ```bash
 git clone https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform.git
 # Copiar deploy/vm112-* para paths locais — ver README em cada pasta
 ```
 ## Integração
 - **→ VM122:** webhooks `onboarding.*` · Assist/takeover API
 - **→ CT114:** Traefik routers mail/onboard
 - **← Desk:** purge, DNS revalidate, assist actions
--- a/docs/vms/VM122.md
+++ b/docs/vms/VM122.md
@ -0,0 +1,50 @@
 # VM122 — Ligbox Ops Desk (motor)
 | Item | Valor |
 |------|-------|
 | **IP LAN** | `10.10.10.122` |
 | **SSH WAN** | `95.216.14.146:2522` |
 | **Hostname** | ligbox-ops |
 | **URLs** | `desk.ligbox.com.br` · `api.ops.ligbox.com.br` |
 ## Papel
 - API FastAPI + SQLite + Redis + Worker
 - UI Desk MVP (vanilla JS)
 - Webhook ingress VM112 / Wazuh
 - Agentic ops (Spec 029)
 ## No repo Git (CT130)
 ```
 api/ frontend/ worker/          # Código principal
 .specify/ specs/                # Spec Kit memory + specs
 docker-compose.mvp.yml
 deploy/vm122-fossbilling/       # Stack legado (se activo)
 ```
 ## Specs principais VM122
 - 003 desk-auth-rbac
 - 004 desk-account-management
 - 009 ops-audit-overview
 - 010 desk-assist-takeover
 - 012 abandoned-onboarding-lead
 - 015 desk-module-registry
 - 027 desk-rbac-function-matrix
 - 029 agentic
 ## Deploy
 ```bash
 cd /opt/ligbox-ops-platform
 git pull origin main
 docker compose -f docker-compose.mvp.yml up -d --build
 ```
 ## Integração
 - **← VM112:** webhooks onboard
 - **← VM104:** alertas Wazuh
 - **→ VM123:** deep-links finance · APIs FOSS/Odoo
 - **→ CT130:** push specs/git (fonte de verdade)
--- a/docs/vms/VM123.md
+++ b/docs/vms/VM123.md
@ -0,0 +1,53 @@
 # VM123 — Finance Stack + Ops Console UI
 | Item | Valor |
 |------|-------|
 | **IP LAN** | `10.10.10.123` |
 | **SSH WAN** | `95.216.14.146:2523` |
 | **Hostname** | vm123-finance |
 | **URLs** | `financeiro.ligbox.com.br` · `openpanel.ligbox.com.br` · `console.ligbox.com.br` |
 ## Papel
 - **FOSSBilling** (:8092) — billing clientes
 - **Odoo 16** (:8069) — CRM/finance
 - **OpenPanel** (:2083) — hosting sites
 - **Ops Console UI** (Spec 019) — React SPA Docker `:8100`
 ## No repo Git (CT130)
 ```
 deploy/vm123-finance-stack/     # docker-compose FOSS/Odoo/OpenPanel
 specs/019-ops-console-active-operations/deploy/  # Template Console UI
 specs/023-billing-recurrence-desk-visibility/
 specs/024-openpanel-fossbilling/
 docs/network/VM123_INVENTARIO.md
 docs/VM123_OPS_CONSOLE_HANDOFF.md
 ```
 ## Serviços Docker (host)
 | Container | Porta | Função |
 |-----------|-------|--------|
 | fossbilling | 8092 | FOSSBilling |
 | odoo | 8069 | Odoo 16 |
 | openpanel | 2083 | OpenPanel |
 | ligbox-ops-console-ui | 8100 | Console Spec 019 |
 ## Deploy
 ```bash
 git clone https://git.spec.ligbox.com.br/ligbox/ligbox-ops-platform.git
 cd deploy/vm123-finance-stack && docker compose up -d
 # Console: specs/019-.../deploy/ → /opt/ligbox-ops-console/
 ```
 ## Integração
 - **← VM122:** API `api.ops.ligbox.com.br` (motor chamados)
 - **→ Desk:** deep-links FOSS/Odoo/OpenPanel (Spec 023, 027)
 - **← Traefik CT114:** rotas públicas
 ## ⚠️ Nota sync
 Código **runtime** na VM123 (`/opt/vm123-finance-stack`, `/opt/ligbox-ops-console`) deve ser actualizado via **git pull** do CT130 — não estava no sync inicial VM122-only.