From 6529b5cd8b39ea16894d4e06377950d69f6a1eb5 Mon Sep 17 00:00:00 2001
From: Tiago Yamamoto <japa@rede5.com.br>
Date: Sat, 14 Feb 2026 12:23:56 -0600
Subject: [PATCH] feat: add infrastructure container definitions and update
 documentation

---
 containers/gohorse-backend.service         | 12 +++++++
 containers/gohorse-backoffice.service      | 12 +++++++
 containers/gohorse-frontend.service        | 12 +++++++
 containers/postgres-nc2.container          | 29 +++++++++++++++++
 containers/postgres.container              | 28 ++++++++++++++++
 containers/q1-backend-dev.container        | 15 +++++++++
 containers/q1-dashboard-dev.container      | 15 +++++++++
 containers/traefik.container               | 15 +++++++++
 containers/uptime-kuma.container           | 14 ++++++++
 containers/vaultwarden.container           | 25 +++++++++++++++
 containers/virtual-fashion-minio.container | 37 ++++++++++++++++++++++
 11 files changed, 214 insertions(+)
 create mode 100644 containers/gohorse-backend.service
 create mode 100644 containers/gohorse-backoffice.service
 create mode 100644 containers/gohorse-frontend.service
 create mode 100644 containers/postgres-nc2.container
 create mode 100644 containers/postgres.container
 create mode 100644 containers/q1-backend-dev.container
 create mode 100644 containers/q1-dashboard-dev.container
 create mode 100644 containers/traefik.container
 create mode 100644 containers/uptime-kuma.container
 create mode 100644 containers/vaultwarden.container
 create mode 100644 containers/virtual-fashion-minio.container

diff --git a/containers/gohorse-backend.service b/containers/gohorse-backend.service
new file mode 100644
index 0000000..0c12800
--- /dev/null
+++ b/containers/gohorse-backend.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=GoHorseJobs Backend Dev
+After=network-online.target
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/podman rm -f gohorsejobs-backend-dev
+ExecStart=/usr/bin/podman run --name gohorsejobs-backend-dev --rm --network web_proxy -v /mnt/data/gohorsejobs/backend:/app:Z -w /app -p 8080:8080 -e PORT=8080 -e DB_HOST=postgres-main -e DB_PORT=5432 -e DB_USER=saveinmed -e DB_PASSWORD=4J4ZTLY4Ks34geDVvjOiLWKor8n4J4 -e DB_NAME=gohorsejobs -e DB_SSLMODE=disable --label traefik.enable=true --label "traefik.http.routers.gohorse-backend.rule=Host(`api-local.gohorsejobs.com`)" --label traefik.http.routers.gohorse-backend.entrypoints=websecure --label traefik.http.routers.gohorse-backend.tls.certresolver=main --label traefik.http.services.gohorse-backend.loadbalancer.server.port=8080 golang:1.24 go run ./cmd/api/main.go
+ExecStop=/usr/bin/podman stop -t 10 gohorsejobs-backend-dev
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/gohorse-backoffice.service b/containers/gohorse-backoffice.service
new file mode 100644
index 0000000..d8e256f
--- /dev/null
+++ b/containers/gohorse-backoffice.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=GoHorseJobs Backoffice Dev
+After=network-online.target
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/podman rm -f gohorsejobs-backoffice-dev
+ExecStart=/usr/bin/podman run --name gohorsejobs-backoffice-dev --rm --network web_proxy -v /mnt/data/gohorsejobs/backoffice:/app:Z -w /app -p 3001:3001 -e PORT=3001 -e DATABASE_URL=postgresql://saveinmed:4J4ZTLY4Ks34geDVvjOiLWKor8n4J4@postgres-main:5432/gohorsejobs --label traefik.enable=true --label "traefik.http.routers.gohorse-backoffice.rule=Host(`b-local.gohorsejobs.com`)" --label traefik.http.routers.gohorse-backoffice.entrypoints=websecure --label traefik.http.routers.gohorse-backoffice.tls.certresolver=main --label traefik.http.services.gohorse-backoffice.loadbalancer.server.port=3001 node:20 npm run start:dev
+ExecStop=/usr/bin/podman stop -t 10 gohorsejobs-backoffice-dev
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/gohorse-frontend.service b/containers/gohorse-frontend.service
new file mode 100644
index 0000000..3bec67d
--- /dev/null
+++ b/containers/gohorse-frontend.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=GoHorseJobs Frontend Dev
+After=network-online.target
+
+[Service]
+Restart=always
+ExecStartPre=-/usr/bin/podman rm -f gohorsejobs-frontend-dev
+ExecStart=/usr/bin/podman run --name gohorsejobs-frontend-dev --rm --network web_proxy -v /mnt/data/gohorsejobs/frontend:/app:Z -w /app -p 3000:3000 --label traefik.enable=true --label "traefik.http.routers.gohorse-frontend.rule=Host(`dev-local.gohorsejobs.com`)" --label traefik.http.routers.gohorse-frontend.entrypoints=websecure --label traefik.http.routers.gohorse-frontend.tls.certresolver=main --label traefik.http.services.gohorse-frontend.loadbalancer.server.port=3000 node:20 npm run dev
+ExecStop=/usr/bin/podman stop -t 10 gohorsejobs-frontend-dev
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/postgres-nc2.container b/containers/postgres-nc2.container
new file mode 100644
index 0000000..4c578b9
--- /dev/null
+++ b/containers/postgres-nc2.container
@@ -0,0 +1,29 @@
+[Unit]
+Description=PostgreSQL Database (NC2)
+After=network-online.target
+
+[Container]
+ContainerName=postgres
+Image=docker.io/library/postgres:16-alpine
+
+Environment=POSTGRES_USER=admin
+Environment=POSTGRES_PASSWORD=sua_senha_segura
+Environment=POSTGRES_DB=app_db
+
+# Existing volume on NC2
+Volume=/mnt/postgres/data:/var/lib/postgresql/data:Z
+
+Network=web_proxy
+NetworkAlias=postgres
+
+# External Access via Traefik (TCP Over TLS)
+Label=traefik.enable=true
+Label=traefik.tcp.routers.postgres-nc2.rule=HostSNI(`db.nc2.rede5.com.br`)
+Label=traefik.tcp.routers.postgres-nc2.entrypoints=websecure
+Label=traefik.tcp.routers.postgres-nc2.tls=true
+Label=traefik.tcp.routers.postgres-nc2.tls.certresolver=myresolver
+Label=traefik.tcp.services.postgres-nc2.loadbalancer.server.port=5432
+Label=traefik.docker.network=web_proxy
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/postgres.container b/containers/postgres.container
new file mode 100644
index 0000000..100276c
--- /dev/null
+++ b/containers/postgres.container
@@ -0,0 +1,28 @@
+[Unit]
+Description=PostgreSQL Main Database
+After=network-online.target
+
+[Container]
+ContainerName=postgres-main
+Image=docker.io/library/postgres:17-alpine
+
+Environment=POSTGRES_USER=saveinmed
+Environment=POSTGRES_PASSWORD=ZTLY4Ks34geDVvjOiLWKor8n4J4
+Environment=POSTGRES_DB=saveinmed
+
+Volume=/mnt/data/postgres:/var/lib/postgresql/data:Z
+
+Network=web_proxy
+NetworkAlias=postgres-main
+
+# External Access via Traefik (TCP Over TLS)
+Label=traefik.enable=true
+Label=traefik.tcp.routers.postgres-main.rule=HostSNI(`db.nc1.rede5.com.br`)
+Label=traefik.tcp.routers.postgres-main.entrypoints=websecure
+Label=traefik.tcp.routers.postgres-main.tls=true
+Label=traefik.tcp.routers.postgres-main.tls.certresolver=myresolver
+Label=traefik.tcp.services.postgres-main.loadbalancer.server.port=5432
+Label=traefik.docker.network=web_proxy
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/q1-backend-dev.container b/containers/q1-backend-dev.container
new file mode 100644
index 0000000..8952777
--- /dev/null
+++ b/containers/q1-backend-dev.container
@@ -0,0 +1,15 @@
+[Unit]
+Description=Q1-Total Backend Dev
+After=network-online.target
+
+[Container]
+Image=docker.io/python:3.12
+Volume=/mnt/data/q1-total-dev/backend:/app:z
+PodmanArgs=--publish=8001:8000 --env=PORT=8000
+Exec=sh -c "cd /app && pip install uv && uv sync && uv run uvicorn app.main:app --host 0.0.0.0 --port 8000"
+Label=traefik.enable=true
+Label=traefik.http.routers.q1-backend-dev.rule=Host('api-dev.q1-total.com.br')
+Label=traefik.http.services.q1-backend-dev.loadbalancer.server.port=8000
+
+[Service]
+Restart=always
diff --git a/containers/q1-dashboard-dev.container b/containers/q1-dashboard-dev.container
new file mode 100644
index 0000000..8d92976
--- /dev/null
+++ b/containers/q1-dashboard-dev.container
@@ -0,0 +1,15 @@
+[Unit]
+Description=Q1-Total Dashboard Dev
+After=network-online.target
+
+[Container]
+Image=docker.io/node:20
+Volume=/mnt/data/q1-total-dev/dashboard:/app:z
+PodmanArgs=--publish=3002:5173 --env=PORT=5173
+Exec=sh -c "cd /app && npm install && npm run dev -- --host 0.0.0.0"
+Label=traefik.enable=true
+Label=traefik.http.routers.q1-dashboard-dev.rule=Host('dashboard-dev.q1-total.com.br')
+Label=traefik.http.services.q1-dashboard-dev.loadbalancer.server.port=5173
+
+[Service]
+Restart=always
diff --git a/containers/traefik.container b/containers/traefik.container
new file mode 100644
index 0000000..c6706b0
--- /dev/null
+++ b/containers/traefik.container
@@ -0,0 +1,15 @@
+[Unit]
+Description=Traefik Service
+After=network-online.target
+
+[Container]
+Image=docker.io/library/traefik:latest
+PublishPort=80:80
+PublishPort=443:443
+Volume=/run/podman/podman.sock:/var/run/docker.sock:Z
+Volume=/opt/traefik/letsencrypt:/letsencrypt:Z
+Network=web_proxy
+Exec=--providers.docker=true --providers.docker.exposedbydefault=false --entrypoints.web.address=:80 --entrypoints.websecure.address=:443 --certificatesresolvers.main.acme.email=saveinmed@gmail.com --certificatesresolvers.main.acme.storage=/letsencrypt/acme.json --certificatesresolvers.main.acme.httpchallenge.entrypoint=web
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/uptime-kuma.container b/containers/uptime-kuma.container
new file mode 100644
index 0000000..5d5e1e0
--- /dev/null
+++ b/containers/uptime-kuma.container
@@ -0,0 +1,14 @@
+[Unit]
+Description=Uptime Kuma
+After=network-online.target
+
+[Container]
+Image=louislam/uptime-kuma:1
+Volume=/mnt/data/uptime-kuma:/app/data:Z
+PublishPort=3005:3001
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/vaultwarden.container b/containers/vaultwarden.container
new file mode 100644
index 0000000..726f46f
--- /dev/null
+++ b/containers/vaultwarden.container
@@ -0,0 +1,25 @@
+[Unit]
+Description=Vaultwarden Password Manager
+After=network-online.target postgres.service
+
+[Service]
+Restart=always
+
+[Container]
+Image=docker.io/vaultwarden/server:latest
+ContainerName=vaultwarden
+Volume=/mnt/data/vaultwarden:/data:Z
+Environment=DATABASE_URL=postgresql://saveinmed:ZTLYe7OIBQDVvjOiLWKor8n4J4Ks34ge@postgres-main:5432/vaultwarden
+Environment=DOMAIN=https://vault.rede5.com.br
+Environment=SIGNUPS_ALLOWED=true
+Environment=ADMIN_TOKEN=
+PublishPort=8090:80
+Network=web_proxy
+Label=traefik.enable=true
+Label=traefik.http.routers.vaultwarden.rule=Host(`vault.rede5.com.br`)
+Label=traefik.http.routers.vaultwarden.entrypoints=websecure
+Label=traefik.http.routers.vaultwarden.tls.certresolver=myresolver
+Label=traefik.http.services.vaultwarden.loadbalancer.server.port=80
+
+[Install]
+WantedBy=multi-user.target
diff --git a/containers/virtual-fashion-minio.container b/containers/virtual-fashion-minio.container
new file mode 100644
index 0000000..bcccc98
--- /dev/null
+++ b/containers/virtual-fashion-minio.container
@@ -0,0 +1,37 @@
+[Unit]
+Description=Virtual Fashion MinIO
+After=network-online.target
+
+[Container]
+Image=docker.io/minio/minio:latest
+AutoUpdate=registry
+
+Environment=MINIO_ROOT_USER=virtual_fashion_admin
+Environment=MINIO_ROOT_PASSWORD=VF_m1n10_s3cur3_p@ssw0rd_2025
+Environment=MINIO_BROWSER_REDIRECT_URL=https://minio-console.virtualfashion.com.br
+
+Volume=/mnt/data/virtual-fashion/minio:/data:Z
+
+Exec=server /data --console-address ":9001"
+
+Network=web_proxy
+NetworkAlias=minio
+
+# Traefik (API)
+Label=traefik.enable=true
+Label=traefik.http.routers.virtual-fashion-minio.rule=Host(`minio.virtualfashion.com.br`) || Host(`minio-dev.virtualfashion.com.br`)
+Label=traefik.http.routers.virtual-fashion-minio.entrypoints=websecure
+Label=traefik.http.routers.virtual-fashion-minio.tls.certresolver=myresolver
+Label=traefik.http.routers.virtual-fashion-minio.service=virtual-fashion-minio-api
+Label=traefik.http.services.virtual-fashion-minio-api.loadbalancer.server.port=9000
+
+# Traefik (Console)
+Label=traefik.http.routers.virtual-fashion-minio-console.rule=Host(`minio-console.virtualfashion.com.br`) || Host(`minio-console-dev.virtualfashion.com.br`)
+Label=traefik.http.routers.virtual-fashion-minio-console.entrypoints=websecure
+Label=traefik.http.routers.virtual-fashion-minio-console.tls.certresolver=myresolver
+Label=traefik.http.routers.virtual-fashion-minio-console.service=virtual-fashion-minio-console
+Label=traefik.http.services.virtual-fashion-minio-console.loadbalancer.server.port=9001
+Label=traefik.docker.network=web_proxy
+
+[Install]
+WantedBy=multi-user.target