feat: add INT-M02 automation manifests (IaC) #SHD_2026-W12_005

_INSTANCE_/INT-M02/manifest/Caddyfile

@@ -0,0 +1,11 @@
+# INT-M02 AnythingLLM Instance Proxy
+# Domain: meta-qwen.weown.tools
+
+meta-qwen.weown.tools {
+    # Direct Bridge to Internal IP to resolve 502 Gateway Errors
+    reverse_proxy 172.18.0.2:3001
+
+    log {
+        output file /data/access.log
+    }
+}

_INSTANCE_/INT-M02/manifest/docker-compose.yml

@@ -0,0 +1,40 @@
+version: '3.8'
+
+services:
+  anythingllm:
+    image: mintplexlabs/anythingllm
+    container_name: anythingllm
+    restart: always
+    ports:
+      - "3001:3001"
+    volumes:
+      - ./storage:/app/server/storage
+    environment:
+      - STORAGE_DIR=/app/server/storage
+    networks:
+      backend_bridge:
+        ipv4_address: 172.18.0.2
+
+  caddy:
+    image: caddy:latest
+    container_name: caddy
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./caddy_data:/data
+      - ./caddy_config:/config
+    networks:
+      backend_bridge:
+        ipv4_address: 172.18.0.3
+    depends_on:
+      - anythingllm
+
+networks:
+  backend_bridge:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.18.0.0/16

_INSTANCE_/INT-M02/manifest/setup.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# CCC-ID: SHD_2026-W12_005
+# Purpose: L-149 Permission Hardening for AnythingLLM
+
+echo "🚀 Starting L-149 Infrastructure Hardening..."
+
+# Create necessary persistence directories
+mkdir -p storage
+mkdir -p caddy_data
+mkdir -p caddy_config
+
+# Apply Recursive UID Synchronization (Standard: 1000:1000)
+echo "🔒 Applying L-149 Recursive UID Sync..."
+chown -R 1000:1000 ./storage
+chmod -R 777 ./storage
+
+echo "✅ Infrastructure Ready. Run 'docker-compose up -d' to start services."

_INSTANCE_/PRJ-013/manifest/Caddyfile

@@ -0,0 +1,11 @@
+# PRJ-013 Paperless-ngx Hub
+# Domain: docs.weown.net
+
+docs.weown.net {
+    # Direct Bridge to Internal IP to resolve 502 Gateway Errors
+    reverse_proxy 172.18.0.2:8000
+
+    log {
+        output file /data/access.log
+    }
+}

_INSTANCE_/PRJ-013/manifest/docker-compose.yml

@@ -0,0 +1,65 @@
+version: "3.8"
+services:
+  broker:
+    image: redis:7
+    restart: always
+    networks:
+      backend_bridge:
+        ipv4_address: 172.18.0.4
+
+  db:
+    image: postgres:16
+    restart: always
+    volumes:
+      - ./pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=paperless
+      - POSTGRES_USER=paperless
+      - POSTGRES_PASSWORD=paperless
+    networks:
+      backend_bridge:
+        ipv4_address: 172.18.0.5
+
+  webserver:
+    image: ghcr.io/paperless-ngx/paperless-ngx:latest
+    restart: always
+    depends_on:
+      - db
+      - broker
+    ports:
+      - "8000:8000"
+    volumes:
+      - ./data:/usr/src/paperless/data
+      - ./media:/usr/src/paperless/media
+      - ./export:/usr/src/paperless/export
+      - ./consume:/usr/src/paperless/consume
+    environment:
+      - PAPERLESS_REDIS=redis://172.18.0.4:6379
+      - PAPERLESS_DBHOST=172.18.0.5
+      - PAPERLESS_URL=https://docs.weown.net
+      - USER_ID=1000
+      - GROUP_ID=1000
+    networks:
+      backend_bridge:
+        ipv4_address: 172.18.0.2
+
+  caddy:
+    image: caddy:latest
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./caddy_data:/data
+      - ./caddy_config:/config
+    networks:
+      backend_bridge:
+        ipv4_address: 172.18.0.3
+
+networks:
+  backend_bridge:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.18.0.0/16

_INSTANCE_/PRJ-013/manifest/setup.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# CCC-ID: SHD_2026-W12_006
+# Purpose: L-149 Permission Hardening for PRJ-013 Paperless-ngx
+
+echo "🚀 Starting L-149 Infrastructure Hardening for Paperless-ngx..."
+
+# Create all necessary persistence directories
+mkdir -p data
+mkdir -p media
+mkdir -p export
+mkdir -p consume
+mkdir -p pgdata
+mkdir -p caddy_data
+mkdir -p caddy_config
+
+# Apply Recursive UID Synchronization (Standard: 1000:1000)
+echo "🔒 Applying L-149 Recursive UID Sync (Standard: 1000:1000)..."
+chown -R 1000:1000 ./data ./media ./export ./consume ./pgdata ./caddy_data ./caddy_config
+chmod -R 777 ./data ./media ./export ./consume ./pgdata ./caddy_data ./caddy_config
+
+echo "✅ Infrastructure Ready. Run 'docker-compose up -d' to start Paperless-ngx."