infracloud/vps/nc1/nc1.md

# NC1 VPS - Documentação de Infraestrutura

## Informações do Sistema

| Propriedade | Valor |
|-------------|-------|
| **Hostname** | v2202508247812376908 |
| **IP Público** | 185.194.141.70 |
| **Sistema Operacional** | AlmaLinux 10.1 (Heliotrope) |
| **Kernel** | Linux 5.x x86_64 |
| **CPU** | AMD EPYC-Rome Processor |
| **Memória RAM** | 7.5 GB |
| **Disco** | 254 GB (31 GB usado, ~13%) |

---

## Arquitetura de Containers

```mermaid
flowchart LR
    T[Traefik]
    PG[(PostgreSQL)]
    RD[(Redis)]
    FG[Forgejo]
    VW[Vaultwarden]
    
    subgraph Core
        CIG[Identity Gateway]
        CPP[Platform Projects]
        CDB[Core Dashboard]
    end
    
    subgraph SaveInMed
        SIMB[Backend]
        SIMM[Marketplace]
    end
    
    subgraph Invent["Invent Finance"]
        INVBE[Backend]
        INVFE[Frontend]
    end
    
    subgraph Q1["Q1 Total/Food/Store"]
        Q1BE[Total Backend]
        Q1DB[Total Dashboard]
        Q1FOOD[Food Backend]
        Q1VEST[Vestuario Backend]
    end
    
    subgraph Q1Agenda ["Q1 Agenda"]
        Q1ABE[Backend]
        Q1AFE[Frontend]
    end
    
    subgraph Sextando
        SXBE[Backend]
        SXFE[Frontend]
    end

    subgraph VirtualFashion
        VFBE[Backend]
        VFFE[Frontend]
        VFMIN[MinIO]
    end

    subgraph InvoiceNinja
        INWEB[Web]
        INAPP[App]
        INDB[(MariaDB)]
    end
    
    T --> VW
    T --> FG
    T --> CIG
    T --> CPP
    T --> CDB
    T --> SIMB
    T --> SIMM
    T --> INVBE
    T --> INVFE
    T --> Q1BE
    T --> Q1DB
    T --> Q1FOOD
    T --> Q1VEST
    T --> Q1ABE
    T --> Q1AFE
    T --> SXBE
    T --> SXFE
    T --> VFBE
    T --> VFFE
    T --> VFMIN
    T --> INWEB
    
    CIG --> PG
    CPP --> PG
    INVBE --> PG
    Q1BE --> PG
    Q1FOOD --> PG
    Q1VEST --> PG
    Q1ABE --> PG
    SXBE --> PG
    SIMB --> PG
    SIMB --> RD
    VFBE --> PG
    INAPP --> INDB
```

> **Nota:** O cluster **Redis** é utilizado principalmente pelo **SaveInMed Backend** e outros serviços que requerem cache. Todos compartilham a mesma instância do **PostgreSQL**.

---

## Mapeamento de Domínios (HML/Dev)

| Serviço | URL / Domínio | Porta Interna |
|---------|---------------|---------------|
| **Core Identity** | `ig-dev.rede5.com.br` | 4000 |
| **Core Platform** | `platform-projects-core-dev.rede5.com.br` | 8080 |
| **SaveInMed Backend** | `api-dev.saveinmed.com.br` | 8214 |
| **SaveInMed Market** | `marketplace-dev.saveinmed.com.br` | 5173 |
| **Invent Backend** | `invent-api-dev.rede5.com.br` | 4763 |
| **Invent Frontend** | `invent-dev.rede5.com.br` | 3785 |
| **Q1 Total Backend** | `api-dev.q1-total.com.br` | 8000 |
| **Q1 Total Dash** | `dashboard-dev.q1-total.com.br` | 5173 |
| **Q1 Food Backend** | `api-dev.q1food.com` | 8003 |
| **Q1 Store/Vest** | `api-dev.q1store.me` | 8002 |
| **Q1 Agenda Backend** | `api-dev.q1agenda.com.br` | 8000* |
| **Q1 Agenda Frontend**| `dev.q1agenda.com.br` | 3000 |
| **Sextando API** | `api-dev.sextando.com.br` | 8080 |
| **Sextando Web** | `dev.sextando.com.br` | 3001 |
| **Virtual Fashion API** | `api.virtualfashion.com.br` | 8000 |
| **Virtual Fashion Web** | `virtualfashion.com.br` | 3000 |
| **Virtual Fashion MinIO**| `minio.virtualfashion.com.br` | 9000 |
| **Invoice Ninja** | `invoiceninja.nc1.rede5.com.br` | 80 |
| **Vaultwarden** | `vault.rede5.com.br` | 80 |

---

## Containers Podman (Rodando)

| Container | Descrição |
|-----------|-----------|
| `traefik` | Reverse proxy e load balancer |
| `postgres-main` | Banco de dados PostgreSQL principal |
| `redis-saveinmed` | Cache Redis para SaveInMed |
| `forgejo` | Git server self-hosted |
| `vaultwarden` | Gerenciador de senhas |
| `core-identity-gateway-dev` | Core Identity Gateway (HML) |
| `core-platform-projects-core-dev` | Core Platform Projects (HML) |
| `core-dashboard-dev` | Core Dashboard (HML) |
| `saveinmed-backend-dev` | SaveInMed Backend (HML) |
| `saveinmed-marketplace-dev` | SaveInMed Marketplace (HML) |
| `invent-finance-backend-dev` | Invent Finance Backend (HML) |
| `invent-finance-frontend-dev` | Invent Finance Frontend (HML) |
| `sextando-backend-dev` | Sextando Backend (HML) |
| `sextando-frontend-dev` | Sextando Frontend (HML) |
| `vestuario-backend-dev` | Q1 Store/Vestuário (HML) |
| `food-backend-dev` | Q1 Food Backend (HML) |
| `q1-total-backend-dev` | Q1 Total Backend (HML) |
| `q1-total-dashboard-dev` | Q1 Total Dashboard (HML) |
| `q1agenda-backend-dev` | Q1 Agenda Backend (HML) |
| `q1agenda-frontend-dev` | Q1 Agenda Frontend (HML) |
| `virtual-fashion-backend`| Virtual Fashion Backend |
| `virtual-fashion-frontend`| Virtual Fashion Frontend |
| `virtual-fashion-minio` | Virtual Fashion Object Storage |
| `invoiceninja-app` | Invoice Ninja App (PHP) |
| `invoiceninja-web` | Invoice Ninja Web (Nginx) |
| `invoiceninja-db` | Invoice Ninja Database (MariaDB) |
| `pgadmin` | Administração PostgreSQL |
| `glances` | Monitoramento de sistema |

---

## Quadlet Files (Systemd Units)

Localização:
- Root: `/etc/containers/systemd/`
- User: `~/.config/containers/systemd/`

---

## Fluxo de Rede

```mermaid
flowchart LR
    Internet((Internet)) -->|443/80| T[Traefik]
    
    T -->|8080| VW[Vaultwarden]
    T -->|3000| FG[Forgejo]
    T -->|8214| SIMB[SaveInMed]
    T -->|8002| Q1[Q1 Services]
    
    PG[(PostgreSQL)]
    RD[(Redis)]
    
    SIMB --> PG
    SIMB --> RD
    Q1 --> PG
```

---

## Guia - Adicionar Novo Serviço (Quadlet)

Para adicionar um novo serviço nesta VPS, utilizamos o **Quadlet** (Systemd Generator para Podman). Isso garante que os containers iniciem automaticamente no boot e sejam gerenciados como serviços do sistema.

### 1. Criar arquivo .container

Crie um arquivo em `/etc/containers/systemd/` (para root) ou `~/.config/containers/systemd/` (para seu usuário). O nome do arquivo deve ser `seuservico.container`.

Exemplo: `novo-app-dev.container`
```ini
[Unit]
Description=Meu Novo App Dev
After=network-online.target

[Container]
Image=docker.io/minha-imagem:latest
# Se precisar declarar variáveis de ambiente
Environment=PORT=8080
# Conectar à rede do proxy
Network=web_proxy

# Labels para o Traefik (Expõe o serviço na web)
Label=traefik.enable=true
Label=traefik.http.routers.meu-app-dev.rule=Host(`meu-app-dev.rede5.com.br`)
Label=traefik.http.routers.meu-app-dev.entrypoints=websecure
Label=traefik.http.routers.meu-app-dev.tls.certresolver=myresolver
Label=traefik.http.services.meu-app-dev.loadbalancer.server.port=8080

[Install]
WantedBy=multi-user.target
```

### 2. Ativar o serviço

Após criar o arquivo, recarregue o daemon do systemd para gerar o arquivo de serviço, e então inicie:

```bash
# Se o arquivo estiver em /etc/containers/systemd/ (Root)
sudo systemctl daemon-reload
sudo systemctl start novo-app-dev

# Se estiver na home do usuário (Rootless)
systemctl --user daemon-reload
systemctl --user start novo-app-dev
```