176 lines
4.5 KiB
Markdown
176 lines
4.5 KiB
Markdown
# Phase 6: TAK Server Implementation
|
|
|
|
## Goal
|
|
Implement the selected TAK-compatible server as a Docker service integrated with the existing NixOS infrastructure.
|
|
|
|
## Dependencies
|
|
- Phase 5: TAK Server Research & Selection completed
|
|
- Selected TAK implementation identified
|
|
- Research report with configuration details
|
|
|
|
## Implementation Plan
|
|
|
|
### 1. Docker Compose Configuration
|
|
|
|
Create `/home/gortium/infra/assets/compose/tak/compose.yml` following existing patterns:
|
|
|
|
```yaml
|
|
version: "3.8"
|
|
services:
|
|
tak-server:
|
|
image: [selected-image]
|
|
container_name: tak-server
|
|
restart: unless-stopped
|
|
networks:
|
|
- traefik-net
|
|
environment:
|
|
- [required-env-vars]
|
|
volumes:
|
|
- [data-volume-mounts]
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# HTTP router with redirect
|
|
- "traefik.http.routers.tak-http.rule=Host(`tak.lazyworkhorse.net`)"
|
|
- "traefik.http.routers.tak-http.entrypoints=web"
|
|
- "traefik.http.routers.tak-http.middlewares=redirect-to-https"
|
|
# HTTPS router with TLS
|
|
- "traefik.http.routers.tak-https.rule=Host(`tak.lazyworkhorse.net`)"
|
|
- "traefik.http.routers.tak-https.entrypoints=websecure"
|
|
- "traefik.http.routers.tak-https.tls=true"
|
|
- "traefik.http.routers.tak-https.tls.certresolver=njalla"
|
|
# Service configuration
|
|
- "traefik.http.services.tak.loadbalancer.server.port=[service-port]"
|
|
|
|
networks:
|
|
traefik-net:
|
|
external: true
|
|
```
|
|
|
|
### 2. Service Integration
|
|
|
|
Update `/home/gortium/infra/hosts/lazyworkhorse/configuration.nix` to include TAK service in the `services.dockerStacks` section:
|
|
|
|
```nix
|
|
services.dockerStacks = {
|
|
versioncontrol = {
|
|
path = self + "/assets/compose/versioncontrol";
|
|
ports = [ 2222 ];
|
|
};
|
|
|
|
network = {
|
|
path = self + "/assets/compose/network";
|
|
envFile = config.age.secrets.containers_env.path;
|
|
ports = [ 80 443 ];
|
|
};
|
|
|
|
passwordmanager = {
|
|
path = self + "/assets/compose/passwordmanager";
|
|
};
|
|
|
|
ai = {
|
|
path = self + "/assets/compose/ai";
|
|
envFile = config.age.secrets.containers_env.path;
|
|
};
|
|
|
|
cloudstorage = {
|
|
path = self + "/assets/compose/cloudstorage";
|
|
envFile = config.age.secrets.containers_env.path;
|
|
};
|
|
|
|
homeautomation = {
|
|
path = self + "/assets/compose/homeautomation";
|
|
envFile = config.age.secrets.containers_env.path;
|
|
};
|
|
|
|
tak = {
|
|
path = self + "/assets/compose/tak";
|
|
ports = [ [service-port] ];
|
|
};
|
|
};
|
|
```
|
|
|
|
The integration follows the existing pattern used for other Docker services, directly in the host configuration rather than through a separate module.
|
|
|
|
### 3. Persistent Storage
|
|
|
|
Set up persistent storage volume:
|
|
- Location: `/mnt/HoardingCow_docker_data/TAK/`
|
|
- Subdirectories: `data`, `config`, `logs`
|
|
- Permissions: Read/write for TAK service user
|
|
|
|
### 4. Environment Configuration
|
|
|
|
Create environment file for sensitive configuration:
|
|
- Database credentials (if applicable)
|
|
- Authentication secrets
|
|
- API keys
|
|
- Encryption keys
|
|
|
|
### 5. Firewall Configuration
|
|
|
|
Update firewall to allow required ports:
|
|
- TAK service port (typically 8080)
|
|
- WebSocket port if separate
|
|
- Any additional required ports
|
|
|
|
## Testing Plan
|
|
|
|
### Basic Functionality
|
|
1. Verify container starts successfully
|
|
2. Test web interface accessibility
|
|
3. Validate Traefik routing and TLS
|
|
4. Confirm persistent storage working
|
|
|
|
### Core Features
|
|
1. COT message transmission/reception
|
|
2. Geospatial mapping functionality
|
|
3. User authentication (if applicable)
|
|
4. Message persistence
|
|
|
|
### Integration Tests
|
|
1. Verify with existing Docker services
|
|
2. Test network connectivity
|
|
3. Validate firewall rules
|
|
4. Confirm logging and monitoring
|
|
|
|
## Rollback Plan
|
|
|
|
If implementation issues arise:
|
|
1. Stop TAK service: `systemctl stop tak_stack`
|
|
2. Remove containers: `docker-compose down`
|
|
3. Revert configuration changes
|
|
4. Review logs and diagnostics
|
|
5. Address issues before retry
|
|
|
|
## Documentation Requirements
|
|
|
|
1. **Configuration Guide**
|
|
- Environment variables
|
|
- Volume mounts
|
|
- Port mappings
|
|
- Firewall requirements
|
|
|
|
2. **Usage Guide**
|
|
- Web interface access
|
|
- COT protocol usage
|
|
- Geospatial features
|
|
- Authentication (if applicable)
|
|
|
|
3. **Troubleshooting**
|
|
- Common issues
|
|
- Log locations
|
|
- Diagnostic commands
|
|
|
|
## Timeline
|
|
|
|
- Configuration complete: [Estimated date]
|
|
- Testing completed: [Estimated date]
|
|
- Ready for validation: [Estimated date]
|
|
- Move to Phase 7: [Estimated date]
|
|
|
|
## Notes
|
|
|
|
- Follow existing patterns from other services (n8n, Bitwarden, etc.)
|
|
- Ensure proper Traefik integration with existing middleware
|
|
- Document all configuration decisions
|
|
- Test thoroughly before moving to validation phase |