Built the Sentinel Tab

2026-04-12 02:02:58 +05:30
parent fb656d1443
commit 075ab280ad
526 changed files with 17646 additions and 70931 deletions
--- a/remote_bootstrap_20260401.sh
+++ b/remote_bootstrap_20260401.sh
@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+DB_PASSWORD=$(openssl rand -base64 24 | tr -dc A-Za-z0-9 | head -c 24)
+JWT_SECRET=$(openssl rand -hex 32)
+
+sudo mkdir -p /opt/dlami/nvme/pgdata/14/velocity /opt/dlami/nvme/velocity/shared/logs /opt/dlami/nvme/velocity/tls
+sudo chown -R postgres:postgres /opt/dlami/nvme/pgdata
+
+if ! pg_lsclusters | awk 'NR>1 {print $1, $2}' | grep -q '^14 velocity$'; then
+  sudo pg_createcluster 14 velocity --datadir=/opt/dlami/nvme/pgdata/14/velocity -- --auth-local=peer --auth-host=scram-sha-256
+fi
+
+sudo sed -i "s/^#\?listen_addresses.*/listen_addresses = '127.0.0.1'/" /etc/postgresql/14/velocity/postgresql.conf
+sudo pg_ctlcluster 14 velocity start
+
+if ! sudo -u postgres psql -p 5432 -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'velocity_app'" | grep -q 1; then
+  sudo -u postgres psql -p 5432 -c "CREATE ROLE velocity_app LOGIN PASSWORD '$DB_PASSWORD';"
+else
+  sudo -u postgres psql -p 5432 -c "ALTER ROLE velocity_app WITH PASSWORD '$DB_PASSWORD';"
+fi
+
+if ! sudo -u postgres psql -p 5432 -tAc "SELECT 1 FROM pg_database WHERE datname = 'velocity'" | grep -q 1; then
+  sudo -u postgres psql -p 5432 -c "CREATE DATABASE velocity OWNER velocity_app;"
+fi
+
+psql "postgresql://velocity_app:${DB_PASSWORD}@127.0.0.1:5432/velocity" -f /opt/dlami/nvme/velocity/current/backend/db/schema.sql
+psql "postgresql://velocity_app:${DB_PASSWORD}@127.0.0.1:5432/velocity" -f /opt/dlami/nvme/velocity/current/backend/db/schema_addendum.sql
+
+cat > /tmp/velocity.env <<EOF
+VELOCITY_DB_HOST=127.0.0.1
+VELOCITY_DB_PORT=5432
+VELOCITY_DB_NAME=velocity
+VELOCITY_DB_USER=velocity_app
+VELOCITY_DB_PASSWORD=${DB_PASSWORD}
+VELOCITY_JWT_SECRET=${JWT_SECRET}
+CORS_ORIGINS=http://localhost:5173,https://18.212.122.77
+VELOCITY_ASSET_DIR=/opt/dlami/nvme/assets
+OLLAMA_BASE_URL=http://127.0.0.1:11434
+NEMOCLAW_BASE_URL=http://127.0.0.1:8080
+NEMOCLAW_MODEL=qwen3.5:27b
+NEMOCLAW_TIMEOUT_S=45.0
+NEMOCLAW_TEMPERATURE=0.2
+NEMOCLAW_PROMPT_DIR=/opt/dlami/nvme/nemoclaw/prompts
+ALLOW_NVIDIA_FALLBACK=false
+EOF
+sudo mv /tmp/velocity.env /opt/dlami/nvme/velocity/env
+sudo chown root:ubuntu /opt/dlami/nvme/velocity/env
+sudo chmod 640 /opt/dlami/nvme/velocity/env
+
+cat > /tmp/velocity-backend.service <<'EOF'
+[Unit]
+Description=Project Velocity NVMe FastAPI Backend
+After=network.target postgresql@14-velocity.service ollama.service docker.service
+Wants=postgresql@14-velocity.service ollama.service docker.service
+
+[Service]
+Type=simple
+User=ubuntu
+Group=ubuntu
+WorkingDirectory=/opt/dlami/nvme/velocity/current
+Environment=PYTHONPATH=/opt/dlami/nvme/velocity/current
+EnvironmentFile=/opt/dlami/nvme/velocity/env
+ExecStart=/opt/dlami/nvme/velocity/venv/bin/python -m uvicorn backend.main:app --host 127.0.0.1 --port 8001
+Restart=always
+RestartSec=5
+StandardOutput=append:/opt/dlami/nvme/velocity/shared/logs/backend.log
+StandardError=append:/opt/dlami/nvme/velocity/shared/logs/backend.log
+
+[Install]
+WantedBy=multi-user.target
+EOF
+sudo mv /tmp/velocity-backend.service /etc/systemd/system/velocity-backend.service
+
+sudo openssl req -x509 -nodes -newkey rsa:2048 -days 365 -subj '/CN=18.212.122.77' -keyout /opt/dlami/nvme/velocity/tls/velocity.key -out /opt/dlami/nvme/velocity/tls/velocity.crt >/dev/null 2>&1
+sudo chown root:root /opt/dlami/nvme/velocity/tls/velocity.key /opt/dlami/nvme/velocity/tls/velocity.crt
+sudo chmod 600 /opt/dlami/nvme/velocity/tls/velocity.key
+
+cat > /tmp/velocity-nginx.conf <<'EOF'
+server {
+    listen 443 ssl;
+    server_name 18.212.122.77;
+
+    ssl_certificate /opt/dlami/nvme/velocity/tls/velocity.crt;
+    ssl_certificate_key /opt/dlami/nvme/velocity/tls/velocity.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+
+    location / {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+
+    location /ws/ {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
+EOF
+sudo mv /tmp/velocity-nginx.conf /etc/nginx/sites-available/velocity
+sudo rm -f /etc/nginx/sites-enabled/default
+sudo ln -sfn /etc/nginx/sites-available/velocity /etc/nginx/sites-enabled/velocity
+
+sudo systemctl daemon-reload
+sudo systemctl enable velocity-backend.service
+sudo systemctl restart velocity-backend.service
+sudo nginx -t
+sudo systemctl restart nginx