mehmed/teOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe305f6fc81b0516de2704770f7bc83a703e9839
teOS/.claude/agent-memory/devops-infrastructure-expert/MEMORY.md
Flexomatic81 fe305f6fc8 feat: complete tOS project with HR, LEAN, Dashboard and Integrations modules 
Full enterprise web operating system including:
- Next.js 14 frontend with App Router, i18n (DE/EN), shadcn/ui
- NestJS 10 backend with Prisma, JWT auth, Swagger docs
- Keycloak 24 SSO with role-based access control
- HR module (employees, time tracking, absences, org chart)
- LEAN module (3S planning, morning meeting SQCDM, skill matrix)
- Integrations module (PlentyONE, Zulip, Todoist, FreeScout, Nextcloud, ecoDMS, GembaDocs)
- Dashboard with customizable drag & drop widget grid
- Docker Compose infrastructure (PostgreSQL 16, Redis 7, Keycloak 24)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 19:37:55 +01:00

53 lines
1.8 KiB
Markdown
Raw Blame History

# tOS Infrastructure Memory
## Docker Stack
- **Location**: `/home/mehmed/Entwicklung/githubProjekte/tOS/docker/`
- **Compose file**: `docker-compose.yml` (name: tos)
- **Services**: PostgreSQL 16, Redis 7, Keycloak 24.0
- **Network**: `tos-network` (bridge)
- **Volumes**: `tos-postgres-data`, `tos-redis-data`
## Ports (Default)
| Service | Port |
|------------|------|
| PostgreSQL | 5432 |
| Redis | 6379 |
| Keycloak | 8080 |
| API | 3001 |
| Frontend | 3000 |
## Keycloak Configuration
- **Realm**: `tOS`
- **Clients**: `tos-frontend` (public), `tos-backend` (confidential)
- **Roles Hierarchy**:
- admin -> hr-manager, manager, department_head, team-lead, employee
- hr-manager -> employee
- manager -> department_head, employee
- department_head -> team-lead, employee
- team-lead -> employee
- **Test Users**: admin, manager, depthead, employee, hrmanager, teamlead
- **Default passwords**: `<username>123` (temporary)
## Environment Variables
- **Root `.env.example`**: Application config (NextAuth, Keycloak, API keys)
- **Docker `.env.example`**: Container config (ports, credentials)
- **Critical Production Secrets**:
- `ENCRYPTION_KEY` - 32 bytes for credential encryption
- `JWT_SECRET` - API token signing
- `NEXTAUTH_SECRET` - Session encryption
- `KEYCLOAK_BACKEND_CLIENT_SECRET`
## Package Scripts
```bash
pnpm docker:up # Start infrastructure
pnpm docker:down # Stop infrastructure
pnpm docker:logs # View logs
pnpm docker:reset # Destroy volumes and restart
pnpm dev # Start dev servers
```
## Known Issues / Lessons Learned
- Keycloak 24+ (UBI9) has no curl; use bash TCP redirect for health checks
- Realm import: file must be at `/opt/keycloak/data/import/` with `--import-realm` flag
- Health check `start_period` should be 90s+ for Keycloak (Java startup)
Reference in New Issue View Git Blame Copy Permalink