mehmed/teOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe305f6fc81b0516de2704770f7bc83a703e9839
teOS/.claude/agent-memory/devops-infrastructure-expert/MEMORY.md
Flexomatic81 fe305f6fc8 feat: complete tOS project with HR, LEAN, Dashboard and Integrations modules 
Full enterprise web operating system including:
- Next.js 14 frontend with App Router, i18n (DE/EN), shadcn/ui
- NestJS 10 backend with Prisma, JWT auth, Swagger docs
- Keycloak 24 SSO with role-based access control
- HR module (employees, time tracking, absences, org chart)
- LEAN module (3S planning, morning meeting SQCDM, skill matrix)
- Integrations module (PlentyONE, Zulip, Todoist, FreeScout, Nextcloud, ecoDMS, GembaDocs)
- Dashboard with customizable drag & drop widget grid
- Docker Compose infrastructure (PostgreSQL 16, Redis 7, Keycloak 24)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 19:37:55 +01:00

1.8 KiB
Raw Blame History

tOS Infrastructure Memory

Docker Stack

  • Location: /home/mehmed/Entwicklung/githubProjekte/tOS/docker/
  • Compose file: docker-compose.yml (name: tos)
  • Services: PostgreSQL 16, Redis 7, Keycloak 24.0
  • Network: tos-network (bridge)
  • Volumes: tos-postgres-data, tos-redis-data

Ports (Default)

Service Port
PostgreSQL 5432
Redis 6379
Keycloak 8080
API 3001
Frontend 3000

Keycloak Configuration

  • Realm: tOS
  • Clients: tos-frontend (public), tos-backend (confidential)
  • Roles Hierarchy:
    • admin -> hr-manager, manager, department_head, team-lead, employee
    • hr-manager -> employee
    • manager -> department_head, employee
    • department_head -> team-lead, employee
    • team-lead -> employee
  • Test Users: admin, manager, depthead, employee, hrmanager, teamlead
  • Default passwords: <username>123 (temporary)

Environment Variables

  • Root .env.example: Application config (NextAuth, Keycloak, API keys)
  • Docker .env.example: Container config (ports, credentials)
  • Critical Production Secrets:
    • ENCRYPTION_KEY - 32 bytes for credential encryption
    • JWT_SECRET - API token signing
    • NEXTAUTH_SECRET - Session encryption
    • KEYCLOAK_BACKEND_CLIENT_SECRET

Package Scripts

pnpm docker:up     # Start infrastructure
pnpm docker:down   # Stop infrastructure
pnpm docker:logs   # View logs
pnpm docker:reset  # Destroy volumes and restart
pnpm dev           # Start dev servers

Known Issues / Lessons Learned

  • Keycloak 24+ (UBI9) has no curl; use bash TCP redirect for health checks
  • Realm import: file must be at /opt/keycloak/data/import/ with --import-realm flag
  • Health check start_period should be 90s+ for Keycloak (Java startup)
Reference in New Issue View Git Blame Copy Permalink