Hartmut/Nexus
1
0
Fork 0
Code Issues 11 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
2c2f4417c65eefaa77c06434ec183667fc6bd1d7
Nexus/docs/installation.md
T
Hartmut 4a5edeef3e
CI / Unit Tests (pull_request) Successful in 5m46s
Details
CI / Lint (pull_request) Failing after 3m49s
Details
CI / E2E Tests (pull_request) Has been skipped
Details
CI / Fresh-Linux Docker Deploy (pull_request) Has been skipped
Details
CI / Assistant Split Regression (pull_request) Failing after 35s
Details
CI / Architecture Guardrails (pull_request) Failing after 2m14s
Details
CI / Typecheck (pull_request) Successful in 4m22s
Details
CI / Build (pull_request) Has been skipped
Details
CI / Release Images (pull_request) Has been skipped
Details
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI 
- @capakraken/* → @nexus/* across 12 packages (root + 11 workspaces),
  1551 import lines migrated via codemod
- User-visible brand strings renamed (emails, page titles, PWA
  manifest, mobile header, MFA backup-codes header, tooltips, signin
  page, invite page, weekly digest, install prompt)
- TOTP issuer "CapaKraken" → "Nexus" (existing secrets still valid;
  re-enrollment relabels them in users' authenticator apps)
- Function rename: assertCapaKrakenDbTarget → assertNexusDbTarget
- LocalStorage migration shim in apps/web/src/app/layout.tsx copies
  capakraken_* → nexus_* on first load (guarded by nexus_migrated_v1
  sentinel; runs once per browser, then never again)
- Service-worker cache name capakraken-v2 → nexus-v2 with one-time
  caches.delete('capakraken-v2') from the same shim
- Email-domain fixtures @capakraken.{dev,app} → @nexus.{dev,app} in
  seed data, e2e specs, SMTP default fallback
- Dockerfile.dev / Dockerfile.prod / all .github/workflows/*.yml
  pnpm --filter @capakraken/* → @nexus/*
- README, CLAUDE.md, LEARNINGS.md, all docs/*.md, .env.example,
  tooling/deploy/.env.production.example brand sweep

Phase 1 deliberately leaves untouched (handled in Phase 3 cutover):
- PostgreSQL DB name "capakraken" and POSTGRES_USER "capakraken"
- Volume names capakraken_pgdata etc.
- Compose project name "capakraken" / "capakraken-prod"
- db-target-guard default expectedDatabase
- env-var CAPAKRAKEN_EXPECTED_DB_NAME
- Container DNS names in docker-compose.ci.yml

Quality gates green: pnpm typecheck (7/7), pnpm test:unit (7/7),
pnpm lint (0 errors), check:exports/imports/architecture all pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 15:10:44 +02:00

3.7 KiB
Raw Blame History

Installation Guide

This guide covers everything needed to get Nexus running from a fresh clone.

1. Prerequisites

Before you begin, ensure the following are installed on your machine:

  • Docker Desktop (macOS / Windows) or Docker Engine + Compose plugin (Linux)
    • Minimum version: Docker Engine 24, Compose 2.20
  • Git — to clone the repository
  • openssl — to generate a secure secret (usually pre-installed on macOS and Linux)

You do not need Node.js or pnpm installed locally; the application runs entirely inside Docker.

2. Clone & Configure

git clone https://github.com/your-org/nexus.git
cd nexus
cp .env.example .env

Open .env and fill in the required values:

Variable Description Example
NEXTAUTH_SECRET Random secret for session signing see command below
NEXTAUTH_URL Full URL the app is served from http://localhost:3100
DATABASE_URL PostgreSQL connection string already set in .env.example

Generate a secure NEXTAUTH_SECRET:

openssl rand -base64 32

Paste the output into .env:

NEXTAUTH_SECRET=<paste output here>
NEXTAUTH_URL=http://localhost:3100

3. Start

docker compose --profile full up -d

Wait for the app to become healthy (usually 3060 seconds):

curl -s http://localhost:3100/api/health | grep '"status"'
# Expected: "status": "ok"

You can also watch the logs:

docker compose logs -f app

4. First-Run: Web Wizard (recommended)

Open your browser and navigate to:

http://localhost:3100/setup

Fill in your administrator name, email, and password, then click Create admin account.

The wizard automatically redirects to the sign-in page once the account is created. If the setup page redirects you to sign-in immediately, an administrator account already exists.

5. First-Run: CLI (alternative)

If you prefer the command line, run the setup script inside the running container:

docker exec nexus-app-1 \
  node scripts/setup-admin.mjs \
  --email admin@example.com \
  --name "Admin" \
  --password changeme123

Replace nexus-app-1 with your actual container name if different (check with docker ps).

Expected output on success:

Admin user created: admin@example.com

If an administrator already exists:

Admin user already exists. Skipping.

The script exits with code 0 in both cases.

Running on the host (advanced): If you have Node.js and pnpm installed locally and DATABASE_URL is reachable from your host, you can also run:

pnpm --filter @nexus/db exec prisma generate   # ensure Prisma client is built
node scripts/setup-admin.mjs --email admin@example.com --name "Admin" --password changeme123

6. Verify

Confirm the API is healthy:

curl -s http://localhost:3100/api/health
# {"status":"ok","db":"ok"}

Sign in at:

http://localhost:3100/auth/signin

Use the email and password you created in step 4 or 5.

7. Production Notes

For production deployments:

  • Use docker-compose.prod.yml together with the base docker-compose.yml: 
    docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
  • Set NEXTAUTH_URL to your real HTTPS domain: 
    NEXTAUTH_URL=https://nexus.yourdomain.com
  • See tooling/deploy/README.md for reverse-proxy configuration and TLS setup.
  • Never commit .env to version control — it contains secrets.
  • Rotate NEXTAUTH_SECRET by updating the value and restarting the app; existing sessions will be invalidated.
Reference in New Issue View Git Blame Copy Permalink