Harry Bayliss
66f0ee9e50
- Add .gitea/workflows/ci.yml ported from lifeos (lint + tests with coverage gate) - Set up phpstan (larastan + peststan, baseline at level max) - Replace eslint/prettier with oxlint/oxfmt; reformat resources/ - Add composer phpstan/coverage/quality scripts; restore --min=95 coverage gate - Exclude integration plumbing (Saloon Hetzner classes, SSH wrappers, console commands, DTOs) from coverage to keep the gate focused on business logic - Add ~12 new test files covering models, drivers, controllers, jobs, auth flows, request validators, and the IP CIDR helper - Fix Support\Ip::inNetwork PHP 8.4 TypeError in CIDR mask check - Fix FirewallRule::command comparing the enum-cast type column to a string - Fix Server::network using the wrong foreign key column - Remove unreachable code under abort(403) in RegisteredUserController
Keystone
Laravel Forge, but running with Docker instead of raw services on servers. Also zero downtime built in, ideally with the option for a dedicated build server as well as building on the server itself. (start with the latter)
STUFF
MAKE SURE TO INSTALL sshpass on the server this is running on
Overview
- Each server should have a gateway (reverse proxy) at the front. This is a service, but there should only be one allowed per server.
- Service table should probably have a json column of ports that are used by the docker service (ones passed onto the host net - not internal docker ones) so we can check for conflicts before installing new services.
Networking Model
ufw man.