# Phase 6: TAK Server Implementation

## Goal
Implement the selected TAK-compatible server as a Docker service integrated with the existing NixOS infrastructure.

## Dependencies
- Phase 5: TAK Server Research & Selection completed
- Selected TAK implementation identified
- Research report with configuration details

## Implementation Plan

### 1. Docker Compose Configuration

Create `/home/gortium/infra/assets/compose/tak/compose.yml` following existing patterns:

```yaml
version: "3.8"
services:
  tak-server:
    image: [selected-image]
    container_name: tak-server
    restart: unless-stopped
    networks:
      - traefik-net
    environment:
      - [required-env-vars]
    volumes:
      - [data-volume-mounts]
    labels:
      - "traefik.enable=true"
      # HTTP router with redirect
      - "traefik.http.routers.tak-http.rule=Host(`tak.lazyworkhorse.net`)"
      - "traefik.http.routers.tak-http.entrypoints=web"
      - "traefik.http.routers.tak-http.middlewares=redirect-to-https"
      # HTTPS router with TLS
      - "traefik.http.routers.tak-https.rule=Host(`tak.lazyworkhorse.net`)"
      - "traefik.http.routers.tak-https.entrypoints=websecure"
      - "traefik.http.routers.tak-https.tls=true"
      - "traefik.http.routers.tak-https.tls.certresolver=njalla"
      # Service configuration
      - "traefik.http.services.tak.loadbalancer.server.port=[service-port]"

networks:
  traefik-net:
    external: true
```

### 2. Service Integration

Update `/home/gortium/infra/hosts/lazyworkhorse/configuration.nix` to include TAK service in the `services.dockerStacks` section:

```nix
services.dockerStacks = {
  versioncontrol = {
    path = self + "/assets/compose/versioncontrol";
    ports = [ 2222 ];
  };

  network = {
    path = self + "/assets/compose/network";
    envFile = config.age.secrets.containers_env.path;
    ports = [ 80 443 ];
  };

  passwordmanager = {
    path = self + "/assets/compose/passwordmanager";
  };

  ai = {
    path = self + "/assets/compose/ai";
    envFile = config.age.secrets.containers_env.path;
  };

  cloudstorage = {
    path = self + "/assets/compose/cloudstorage";
    envFile = config.age.secrets.containers_env.path;
  };

  homeautomation = {
    path = self + "/assets/compose/homeautomation";
    envFile = config.age.secrets.containers_env.path;
  };

  tak = {
    path = self + "/assets/compose/tak";
    ports = [ [service-port] ];
  };
};
```

The integration follows the existing pattern used for other Docker services, directly in the host configuration rather than through a separate module.

### 3. Persistent Storage

Set up persistent storage volume:
- Location: `/mnt/HoardingCow_docker_data/TAK/`
- Subdirectories: `data`, `config`, `logs`
- Permissions: Read/write for TAK service user

### 4. Environment Configuration

Create environment file for sensitive configuration:
- Database credentials (if applicable)
- Authentication secrets
- API keys
- Encryption keys

### 5. Firewall Configuration

Update firewall to allow required ports:
- TAK service port (typically 8080)
- WebSocket port if separate
- Any additional required ports

## Testing Plan

### Basic Functionality
1. Verify container starts successfully
2. Test web interface accessibility
3. Validate Traefik routing and TLS
4. Confirm persistent storage working

### Core Features
1. COT message transmission/reception
2. Geospatial mapping functionality
3. User authentication (if applicable)
4. Message persistence

### Integration Tests
1. Verify with existing Docker services
2. Test network connectivity
3. Validate firewall rules
4. Confirm logging and monitoring

## Rollback Plan

If implementation issues arise:
1. Stop TAK service: `systemctl stop tak_stack`
2. Remove containers: `docker-compose down`
3. Revert configuration changes
4. Review logs and diagnostics
5. Address issues before retry

## Documentation Requirements

1. **Configuration Guide**
   - Environment variables
   - Volume mounts
   - Port mappings
   - Firewall requirements

2. **Usage Guide**
   - Web interface access
   - COT protocol usage
   - Geospatial features
   - Authentication (if applicable)

3. **Troubleshooting**
   - Common issues
   - Log locations
   - Diagnostic commands

## Timeline

- Configuration complete: [Estimated date]
- Testing completed: [Estimated date]
- Ready for validation: [Estimated date]
- Move to Phase 7: [Estimated date]

## Notes

- Follow existing patterns from other services (n8n, Bitwarden, etc.)
- Ensure proper Traefik integration with existing middleware
- Document all configuration decisions
- Test thoroughly before moving to validation phase