# DrSousan — Deployment Guide

## Mirrors (Nexus at `171.22.25.73`)

### Docker
Add to Docker Engine config (`/etc/docker/daemon.json` on Linux):
```json
{
  "insecure-registries": ["171.22.25.73:8087", "171.22.25.73:8090"]
}
```
Restart Docker, then login:
```bash
docker login 171.22.25.73:8087 -u admin
```

### NuGet (for local builds)
Add nexus source to `NuGet.Config`:
```xml
<add key="nexus" value="http://171.22.25.73:8081/repository/nuget-group/index.json" />
```

---

## Update the Dockerfile to use Nexus mirrors

Replace the two `FROM` lines in `DrSousan.Api/Dockerfile`:

```dockerfile
FROM 171.22.25.73:8090/dotnet/sdk:10.0 AS build
...
FROM 171.22.25.73:8090/dotnet/aspnet:10.0 AS runtime
```

---

## First Deploy (server setup)

```bash
# 1. Copy project to server
scp -r . user@server:/opt/drsousan

# 2. SSH in
ssh user@server
cd /opt/drsousan

# 3. Create .env file
cp .env.example .env
nano .env          # fill in JWT_KEY, ADMIN_USERNAME, ADMIN_PASSWORD, HOST_PORT

# 4. Build and start
docker compose up -d --build
```

Check it's running:
```bash
docker compose ps
curl http://localhost:5000/healthz
```

---

## Redeploy (update)

```bash
cd /opt/drsousan
git pull
docker compose up -d --build
```

That's it. SQLite data and uploads are on named volumes — they survive rebuilds.

---

## .env file

```env
HOST_PORT=5000
JWT_KEY=YourSecretKeyHere32CharsMinimum!!
JWT_ISSUER=DrSousanApi
JWT_AUDIENCE=DrSousanAdmin
ADMIN_USERNAME=admin
ADMIN_PASSWORD=YourStrongPassword
```

---

## CI/CD (GitHub Actions)

Create `.github/workflows/deploy.yml`:

```yaml
name: Deploy

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build & push image
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login 171.22.25.73:8087 -u admin --password-stdin
          docker build \
            --build-arg REGISTRY=171.22.25.73:8090 \
            -t 171.22.25.73:8087/drsousan/api:latest \
            ./DrSousan.Api
          docker push 171.22.25.73:8087/drsousan/api:latest

      - name: Deploy to server
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.SERVER_HOST }}
          username: ${{ secrets.SERVER_USER }}
          key: ${{ secrets.SERVER_SSH_KEY }}
          script: |
            cd /opt/drsousan
            docker pull 171.22.25.73:8087/drsousan/api:latest
            docker compose up -d
```

**GitHub Secrets to set:**
| Secret | Value |
|--------|-------|
| `REGISTRY_PASSWORD` | Nexus admin password |
| `SERVER_HOST` | Server IP |
| `SERVER_USER` | SSH user |
| `SERVER_SSH_KEY` | Private SSH key |

For the CI image pull to use Nexus, update `docker-compose.yml` to reference the pre-built image:

```yaml
api:
  image: 171.22.25.73:8087/drsousan/api:latest
  # remove build: section when using CI
```

---

## Useful commands

```bash
docker compose logs -f api       # live logs
docker compose restart api       # restart without rebuild
docker compose down              # stop (volumes preserved)
docker compose down -v           # stop + DELETE all data
docker exec -it drsousan_api sh  # shell into container
```