gortium/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13dbf18f677cbf628a1fd38ed74eb7d38f35c603
infra/.planning/phases/06-tak-implementation/PLAN.md

4.5 KiB
Raw Blame History

Phase 6: TAK Server Implementation

Goal

Implement the selected TAK-compatible server as a Docker service integrated with the existing NixOS infrastructure.

Dependencies

  • Phase 5: TAK Server Research & Selection completed
  • Selected TAK implementation identified
  • Research report with configuration details

Implementation Plan

1. Docker Compose Configuration

Create /home/gortium/infra/assets/compose/tak/compose.yml following existing patterns:

version: "3.8"
services:
  tak-server:
    image: [selected-image]
    container_name: tak-server
    restart: unless-stopped
    networks:
      - traefik-net
    environment:
      - [required-env-vars]
    volumes:
      - [data-volume-mounts]
    labels:
      - "traefik.enable=true"
      # HTTP router with redirect
      - "traefik.http.routers.tak-http.rule=Host(`tak.lazyworkhorse.net`)"
      - "traefik.http.routers.tak-http.entrypoints=web"
      - "traefik.http.routers.tak-http.middlewares=redirect-to-https"
      # HTTPS router with TLS
      - "traefik.http.routers.tak-https.rule=Host(`tak.lazyworkhorse.net`)"
      - "traefik.http.routers.tak-https.entrypoints=websecure"
      - "traefik.http.routers.tak-https.tls=true"
      - "traefik.http.routers.tak-https.tls.certresolver=njalla"
      # Service configuration
      - "traefik.http.services.tak.loadbalancer.server.port=[service-port]"

networks:
  traefik-net:
    external: true

2. Service Integration

Update /home/gortium/infra/hosts/lazyworkhorse/configuration.nix to include TAK service in the services.dockerStacks section:

services.dockerStacks = {
  versioncontrol = {
    path = self + "/assets/compose/versioncontrol";
    ports = [ 2222 ];
  };

  network = {
    path = self + "/assets/compose/network";
    envFile = config.age.secrets.containers_env.path;
    ports = [ 80 443 ];
  };

  passwordmanager = {
    path = self + "/assets/compose/passwordmanager";
  };

  ai = {
    path = self + "/assets/compose/ai";
    envFile = config.age.secrets.containers_env.path;
  };

  cloudstorage = {
    path = self + "/assets/compose/cloudstorage";
    envFile = config.age.secrets.containers_env.path;
  };

  homeautomation = {
    path = self + "/assets/compose/homeautomation";
    envFile = config.age.secrets.containers_env.path;
  };

  tak = {
    path = self + "/assets/compose/tak";
    ports = [ [service-port] ];
  };
};

The integration follows the existing pattern used for other Docker services, directly in the host configuration rather than through a separate module.

3. Persistent Storage

Set up persistent storage volume:

  • Location: /mnt/HoardingCow_docker_data/TAK/
  • Subdirectories: data, config, logs
  • Permissions: Read/write for TAK service user

4. Environment Configuration

Create environment file for sensitive configuration:

  • Database credentials (if applicable)
  • Authentication secrets
  • API keys
  • Encryption keys

5. Firewall Configuration

Update firewall to allow required ports:

  • TAK service port (typically 8080)
  • WebSocket port if separate
  • Any additional required ports

Testing Plan

Basic Functionality

  1. Verify container starts successfully
  2. Test web interface accessibility
  3. Validate Traefik routing and TLS
  4. Confirm persistent storage working

Core Features

  1. COT message transmission/reception
  2. Geospatial mapping functionality
  3. User authentication (if applicable)
  4. Message persistence

Integration Tests

  1. Verify with existing Docker services
  2. Test network connectivity
  3. Validate firewall rules
  4. Confirm logging and monitoring

Rollback Plan

If implementation issues arise:

  1. Stop TAK service: systemctl stop tak_stack
  2. Remove containers: docker-compose down
  3. Revert configuration changes
  4. Review logs and diagnostics
  5. Address issues before retry

Documentation Requirements

  1. Configuration Guide

    • Environment variables
    • Volume mounts
    • Port mappings
    • Firewall requirements

  2. Usage Guide

    • Web interface access
    • COT protocol usage
    • Geospatial features
    • Authentication (if applicable)

  3. Troubleshooting

    • Common issues
    • Log locations
    • Diagnostic commands

Timeline

  • Configuration complete: [Estimated date]
  • Testing completed: [Estimated date]
  • Ready for validation: [Estimated date]
  • Move to Phase 7: [Estimated date]

Notes

  • Follow existing patterns from other services (n8n, Bitwarden, etc.)
  • Ensure proper Traefik integration with existing middleware
  • Document all configuration decisions
  • Test thoroughly before moving to validation phase