Hartmut/Nexus
1
0
Fork 0
Code Issues 11 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
4a5edeef3e42c3f837985daa9b14f1f1cde11acd
Nexus/docs/installation.md
T
Hartmut 4a5edeef3e
CI / Unit Tests (pull_request) Successful in 5m46s
Details
CI / Lint (pull_request) Failing after 3m49s
Details
CI / E2E Tests (pull_request) Has been skipped
Details
CI / Fresh-Linux Docker Deploy (pull_request) Has been skipped
Details
CI / Assistant Split Regression (pull_request) Failing after 35s
Details
CI / Architecture Guardrails (pull_request) Failing after 2m14s
Details
CI / Typecheck (pull_request) Successful in 4m22s
Details
CI / Build (pull_request) Has been skipped
Details
CI / Release Images (pull_request) Has been skipped
Details
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI 
- @capakraken/* → @nexus/* across 12 packages (root + 11 workspaces),
  1551 import lines migrated via codemod
- User-visible brand strings renamed (emails, page titles, PWA
  manifest, mobile header, MFA backup-codes header, tooltips, signin
  page, invite page, weekly digest, install prompt)
- TOTP issuer "CapaKraken" → "Nexus" (existing secrets still valid;
  re-enrollment relabels them in users' authenticator apps)
- Function rename: assertCapaKrakenDbTarget → assertNexusDbTarget
- LocalStorage migration shim in apps/web/src/app/layout.tsx copies
  capakraken_* → nexus_* on first load (guarded by nexus_migrated_v1
  sentinel; runs once per browser, then never again)
- Service-worker cache name capakraken-v2 → nexus-v2 with one-time
  caches.delete('capakraken-v2') from the same shim
- Email-domain fixtures @capakraken.{dev,app} → @nexus.{dev,app} in
  seed data, e2e specs, SMTP default fallback
- Dockerfile.dev / Dockerfile.prod / all .github/workflows/*.yml
  pnpm --filter @capakraken/* → @nexus/*
- README, CLAUDE.md, LEARNINGS.md, all docs/*.md, .env.example,
  tooling/deploy/.env.production.example brand sweep

Phase 1 deliberately leaves untouched (handled in Phase 3 cutover):
- PostgreSQL DB name "capakraken" and POSTGRES_USER "capakraken"
- Volume names capakraken_pgdata etc.
- Compose project name "capakraken" / "capakraken-prod"
- db-target-guard default expectedDatabase
- env-var CAPAKRAKEN_EXPECTED_DB_NAME
- Container DNS names in docker-compose.ci.yml

Quality gates green: pnpm typecheck (7/7), pnpm test:unit (7/7),
pnpm lint (0 errors), check:exports/imports/architecture all pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 15:10:44 +02:00

157 lines
3.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Installation Guide
This guide covers everything needed to get Nexus running from a fresh clone.
---
## 1. Prerequisites
Before you begin, ensure the following are installed on your machine:
- **Docker Desktop** (macOS / Windows) or **Docker Engine + Compose plugin** (Linux)
- Minimum version: Docker Engine 24, Compose 2.20
- **Git** — to clone the repository
- **openssl** — to generate a secure secret (usually pre-installed on macOS and Linux)
You do **not** need Node.js or pnpm installed locally; the application runs entirely inside Docker.
---
## 2. Clone & Configure
```bash
git clone https://github.com/your-org/nexus.git
cd nexus
cp .env.example .env
```
Open `.env` and fill in the required values:
| Variable | Description | Example |
| ----------------- | --------------------------------- | ----------------------------- |
| `NEXTAUTH_SECRET` | Random secret for session signing | see command below |
| `NEXTAUTH_URL` | Full URL the app is served from | `http://localhost:3100` |
| `DATABASE_URL` | PostgreSQL connection string | already set in `.env.example` |
Generate a secure `NEXTAUTH_SECRET`:
```bash
openssl rand -base64 32
```
Paste the output into `.env`:
```dotenv
NEXTAUTH_SECRET=<paste output here>
NEXTAUTH_URL=http://localhost:3100
```
---
## 3. Start
```bash
docker compose --profile full up -d
```
Wait for the app to become healthy (usually 3060 seconds):
```bash
curl -s http://localhost:3100/api/health | grep '"status"'
# Expected: "status": "ok"
```
You can also watch the logs:
```bash
docker compose logs -f app
```
---
## 4. First-Run: Web Wizard (recommended)
Open your browser and navigate to:
```
http://localhost:3100/setup
```
Fill in your administrator name, email, and password, then click **Create admin account**.
The wizard automatically redirects to the sign-in page once the account is created. If the setup page redirects you to sign-in immediately, an administrator account already exists.
---
## 5. First-Run: CLI (alternative)
If you prefer the command line, run the setup script inside the running container:
```bash
docker exec nexus-app-1 \
node scripts/setup-admin.mjs \
--email admin@example.com \
--name "Admin" \
--password changeme123
```
Replace `nexus-app-1` with your actual container name if different (check with `docker ps`).
Expected output on success:
```
Admin user created: admin@example.com
```
If an administrator already exists:
```
Admin user already exists. Skipping.
```
The script exits with code 0 in both cases.
**Running on the host** (advanced): If you have Node.js and pnpm installed locally and `DATABASE_URL` is reachable from your host, you can also run:
```bash
pnpm --filter @nexus/db exec prisma generate # ensure Prisma client is built
node scripts/setup-admin.mjs --email admin@example.com --name "Admin" --password changeme123
```
---
## 6. Verify
Confirm the API is healthy:
```bash
curl -s http://localhost:3100/api/health
# {"status":"ok","db":"ok"}
```
Sign in at:
```
http://localhost:3100/auth/signin
```
Use the email and password you created in step 4 or 5.
---
## 7. Production Notes
For production deployments:
- Use `docker-compose.prod.yml` together with the base `docker-compose.yml`:
```bash
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
```
- Set `NEXTAUTH_URL` to your real HTTPS domain:
```dotenv
NEXTAUTH_URL=https://nexus.yourdomain.com
```
- See `tooling/deploy/README.md` for reverse-proxy configuration and TLS setup.
- Never commit `.env` to version control — it contains secrets.
- Rotate `NEXTAUTH_SECRET` by updating the value and restarting the app; existing sessions will be invalidated.
Reference in New Issue View Git Blame Copy Permalink