add klaus as more full front-end

diff --git a/Makefile b/Makefile
index 511059b7c885a859316b4f06184bba664d9872dc..d91b17abeaad32e6c0a79f1dc6b65f0d7f85690a 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -62,6 +62,23 @@ test/nginx: ##H @Remote Test staged configuration without deploying
        @echo "Testing staged config on $(VPS_HOST)..."
        ssh -t $(VPS) "bash ~/.nginx-staging/deploy.sh test"
 
+.PHONY: deploy/klaus
+deploy/klaus: ##H @Remote Deploy Klaus (systemd + nginx) and install deps
+       @echo "Uploading deployment bundle..."
+       tar cz -C etc/systemd/system klaus.service -C ../../nginx/conf.d klaus.conf | ssh $(VPS) "cat > /tmp/klaus-deploy.tgz"
+       @echo "Installing on $(VPS_HOST)..."
+       ssh -t $(VPS) "cd /tmp && tar xz -f klaus-deploy.tgz && \
+               sudo pip3 install klaus gunicorn && \
+               sudo mv klaus.service /etc/systemd/system/klaus.service && \
+               sudo systemctl daemon-reload && \
+               sudo systemctl enable --now klaus && \
+               sudo mv /etc/nginx/conf.d/git-http.conf /etc/nginx/conf.d/git-http.conf.disabled 2>/dev/null || true && \
+               sudo mv klaus.conf /etc/nginx/conf.d/klaus.conf && \
+               sudo nginx -t && \
+               sudo systemctl reload nginx && \
+               rm klaus-deploy.tgz"
+       @echo "Klaus deployed!"
+
 .PHONY: certbot/nginx
 certbot/nginx: ##H @Remote Run certbot on remote VPS
        @echo "Running certbot on $(VPS_HOST)..."

diff --git a/etc/nginx/conf.d/git-http.conf b/etc/nginx/conf.d/git-http.conf
index 4696b79f8b61004c78d437f49752a51e63b3c0f0..4c330b6316d25b03c98c7ec7f6ed8d2b98fd0b62 100644 (file)
--- a/etc/nginx/conf.d/git-http.conf
+++ b/etc/nginx/conf.d/git-http.conf
@@ -66,8 +66,6 @@ server {
     http2 on;
     http3 on;
 
-    server_name git.nutra.tk;
-
     # Advertise HTTP/3 availability to browsers
     add_header Alt-Svc 'h3=":443"; ma=86400' always;
 

diff --git a/etc/nginx/conf.d/klaus.conf b/etc/nginx/conf.d/klaus.conf
new file mode 100644 (file)
index 0000000..a4691d4
--- /dev/null
+++ b/etc/nginx/conf.d/klaus.conf
@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name git.nutra.tk;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen 443 quic;
+    listen [::]:443 ssl;
+    listen [::]:443 quic;
+    http2 on;
+    http3 on;
+    add_header Alt-Svc 'h3=":443"; ma=86400' always;
+    server_name git.nutra.tk;
+
+    ssl_certificate /etc/letsencrypt/live/earthyenergy.mooo.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/earthyenergy.mooo.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    
+    # Password Protection (Uncomment to enable)
+    # sudo apt-get install apache2-utils
+    # sudo htpasswd -c /etc/nginx/.htpasswd username
+    # auth_basic "Restricted Access";
+    # auth_basic_user_file /etc/nginx/.htpasswd;
+    
+    location / {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Optional: Serve static files directly if we locate where klaus installed them
+    # location /static {
+    #     alias /usr/local/lib/python3.x/dist-packages/klaus/static;
+    # }
+}

diff --git a/etc/systemd/system/klaus.service b/etc/systemd/system/klaus.service
new file mode 100644 (file)
index 0000000..61c9a8c
Binary files /dev/null and b/etc/systemd/system/klaus.service differ