From 0ab2345926cb67633c9c1a03a3620169ed5ce1dd Mon Sep 17 00:00:00 2001 From: "m.shahid" Date: Wed, 18 Mar 2026 01:41:03 +0500 Subject: [PATCH 1/2] feat: add INT-M02 automation manifests (IaC) #SHD_2026-W12_005 --- _INSTANCE_/INT-M02/manifest/Caddyfile | 11 +++++ .../INT-M02/manifest/docker-compose.yml | 40 +++++++++++++++++++ _INSTANCE_/INT-M02/manifest/setup.sh | 17 ++++++++ 3 files changed, 68 insertions(+) create mode 100644 _INSTANCE_/INT-M02/manifest/Caddyfile create mode 100644 _INSTANCE_/INT-M02/manifest/docker-compose.yml create mode 100644 _INSTANCE_/INT-M02/manifest/setup.sh diff --git a/_INSTANCE_/INT-M02/manifest/Caddyfile b/_INSTANCE_/INT-M02/manifest/Caddyfile new file mode 100644 index 0000000..2229842 --- /dev/null +++ b/_INSTANCE_/INT-M02/manifest/Caddyfile @@ -0,0 +1,11 @@ +# INT-M02 AnythingLLM Instance Proxy +# Domain: meta-qwen.weown.tools + +meta-qwen.weown.tools { + # Direct Bridge to Internal IP to resolve 502 Gateway Errors + reverse_proxy 172.18.0.2:3001 + + log { + output file /data/access.log + } +} \ No newline at end of file diff --git a/_INSTANCE_/INT-M02/manifest/docker-compose.yml b/_INSTANCE_/INT-M02/manifest/docker-compose.yml new file mode 100644 index 0000000..0d93db4 --- /dev/null +++ b/_INSTANCE_/INT-M02/manifest/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3.8' + +services: + anythingllm: + image: mintplexlabs/anythingllm + container_name: anythingllm + restart: always + ports: + - "3001:3001" + volumes: + - ./storage:/app/server/storage + environment: + - STORAGE_DIR=/app/server/storage + networks: + backend_bridge: + ipv4_address: 172.18.0.2 + + caddy: + image: caddy:latest + container_name: caddy + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - ./caddy_data:/data + - ./caddy_config:/config + networks: + backend_bridge: + ipv4_address: 172.18.0.3 + depends_on: + - anythingllm + +networks: + backend_bridge: + driver: bridge + ipam: + config: + - subnet: 172.18.0.0/16 \ No newline at end of file diff --git a/_INSTANCE_/INT-M02/manifest/setup.sh b/_INSTANCE_/INT-M02/manifest/setup.sh new file mode 100644 index 0000000..8d70739 --- /dev/null +++ b/_INSTANCE_/INT-M02/manifest/setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# CCC-ID: SHD_2026-W12_005 +# Purpose: L-149 Permission Hardening for AnythingLLM + +echo "🚀 Starting L-149 Infrastructure Hardening..." + +# Create necessary persistence directories +mkdir -p storage +mkdir -p caddy_data +mkdir -p caddy_config + +# Apply Recursive UID Synchronization (Standard: 1000:1000) +echo "🔒 Applying L-149 Recursive UID Sync..." +chown -R 1000:1000 ./storage +chmod -R 777 ./storage + +echo "✅ Infrastructure Ready. Run 'docker-compose up -d' to start services." \ No newline at end of file From b270a16c76853deb77385e95ffadcf4c0a374c49 Mon Sep 17 00:00:00 2001 From: "m.shahid" Date: Thu, 19 Mar 2026 00:20:32 +0500 Subject: [PATCH 2/2] feat: PRJ-013 Paperless-ngx Hub Live Deployment (IaC) #SHD_2026-W12_006 --- _INSTANCE_/PRJ-013/manifest/Caddyfile | 11 ++++ .../PRJ-013/manifest/docker-compose.yml | 65 +++++++++++++++++++ _INSTANCE_/PRJ-013/manifest/setup.sh | 21 ++++++ 3 files changed, 97 insertions(+) create mode 100644 _INSTANCE_/PRJ-013/manifest/Caddyfile create mode 100644 _INSTANCE_/PRJ-013/manifest/docker-compose.yml create mode 100644 _INSTANCE_/PRJ-013/manifest/setup.sh diff --git a/_INSTANCE_/PRJ-013/manifest/Caddyfile b/_INSTANCE_/PRJ-013/manifest/Caddyfile new file mode 100644 index 0000000..62ee321 --- /dev/null +++ b/_INSTANCE_/PRJ-013/manifest/Caddyfile @@ -0,0 +1,11 @@ +# PRJ-013 Paperless-ngx Hub +# Domain: docs.weown.net + +docs.weown.net { + # Direct Bridge to Internal IP to resolve 502 Gateway Errors + reverse_proxy 172.18.0.2:8000 + + log { + output file /data/access.log + } +} \ No newline at end of file diff --git a/_INSTANCE_/PRJ-013/manifest/docker-compose.yml b/_INSTANCE_/PRJ-013/manifest/docker-compose.yml new file mode 100644 index 0000000..9e393eb --- /dev/null +++ b/_INSTANCE_/PRJ-013/manifest/docker-compose.yml @@ -0,0 +1,65 @@ +version: "3.8" +services: + broker: + image: redis:7 + restart: always + networks: + backend_bridge: + ipv4_address: 172.18.0.4 + + db: + image: postgres:16 + restart: always + volumes: + - ./pgdata:/var/lib/postgresql/data + environment: + - POSTGRES_DB=paperless + - POSTGRES_USER=paperless + - POSTGRES_PASSWORD=paperless + networks: + backend_bridge: + ipv4_address: 172.18.0.5 + + webserver: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: always + depends_on: + - db + - broker + ports: + - "8000:8000" + volumes: + - ./data:/usr/src/paperless/data + - ./media:/usr/src/paperless/media + - ./export:/usr/src/paperless/export + - ./consume:/usr/src/paperless/consume + environment: + - PAPERLESS_REDIS=redis://172.18.0.4:6379 + - PAPERLESS_DBHOST=172.18.0.5 + - PAPERLESS_URL=https://docs.weown.net + - USER_ID=1000 + - GROUP_ID=1000 + networks: + backend_bridge: + ipv4_address: 172.18.0.2 + + caddy: + image: caddy:latest + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - ./caddy_data:/data + - ./caddy_config:/config + networks: + backend_bridge: + ipv4_address: 172.18.0.3 + +networks: + backend_bridge: + driver: bridge + ipam: + config: + - subnet: 172.18.0.0/16 \ No newline at end of file diff --git a/_INSTANCE_/PRJ-013/manifest/setup.sh b/_INSTANCE_/PRJ-013/manifest/setup.sh new file mode 100644 index 0000000..d90ddb7 --- /dev/null +++ b/_INSTANCE_/PRJ-013/manifest/setup.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# CCC-ID: SHD_2026-W12_006 +# Purpose: L-149 Permission Hardening for PRJ-013 Paperless-ngx + +echo "🚀 Starting L-149 Infrastructure Hardening for Paperless-ngx..." + +# Create all necessary persistence directories +mkdir -p data +mkdir -p media +mkdir -p export +mkdir -p consume +mkdir -p pgdata +mkdir -p caddy_data +mkdir -p caddy_config + +# Apply Recursive UID Synchronization (Standard: 1000:1000) +echo "🔒 Applying L-149 Recursive UID Sync (Standard: 1000:1000)..." +chown -R 1000:1000 ./data ./media ./export ./consume ./pgdata ./caddy_data ./caddy_config +chmod -R 777 ./data ./media ./export ./consume ./pgdata ./caddy_data ./caddy_config + +echo "✅ Infrastructure Ready. Run 'docker-compose up -d' to start Paperless-ngx." \ No newline at end of file