# Lomavuokraus infra progress (Nov 22) - Repo initialized with Next.js App Router scaffold: - Health endpoint: `app/api/health/route.ts` - Home + listings demo: `app/page.tsx`, `app/listings/[slug]/page.tsx` - Styles: `app/globals.css` - Config: `next.config.mjs`, `tsconfig.json`, `.eslintrc.json`, `.env.example` - Docker: multi-stage `Dockerfile`, `.dockerignore`, `public/robots.txt` - Deploy tooling: - `deploy/env.sh` holds registry/namespace/host/issuer/ingress config (no secrets) - Scripts: `deploy/build.sh`, `deploy/push.sh`, `deploy/deploy.sh`, `deploy/deploy-prod.sh`, `deploy/deploy-staging.sh`, `deploy/rollback-prod.sh` - K8s manifests: `k8s/app.yaml` (ConfigMap/Secret/Deployment/Service/Ingress), `k8s/namespaces.yaml`, `k8s/cert-issuers.yaml` - Cluster: - Hetzner k3s node: `lomavuokraus-k3s` hel1 cx22 IP `157.180.66.64` - k3s v1.33.5 installed; kubeconfig in `k3s.yaml` (git-ignored) and `~/.kube/config` - Namespaces: `lomavuokraus-prod`, `lomavuokraus-staging` - cert-manager v1.15.3 installed; ClusterIssuers `letsencrypt-prod`/`staging` - App deployed to both namespaces; ingress host rules in place via Traefik - DNS: `lomavuokraus.fi`, `staging.lomavuokraus.fi`, `api.lomavuokraus.fi` all A -> `157.180.66.64` (updated via Joker DYNDNS). - Registry issue (open): - Builds succeed and image `registry.halla-aho.net:443/thalla/lomavuokraus-web:1763823196` exists locally and was imported into k3s via `ctr import`. - Pushes (docker, ctr, skopeo from k3s node) fail: connection closed while uploading blobs (`http://registry.halla-aho.net:443/... use of closed network connection`). Suspect registry reverse-proxy dropping uploads/HTTPS handling. - Need to inspect registry host logs/config and retry push once fixed. - Secrets: - `APP_SECRET` removed from `deploy/env.sh`; export it in shell before deploy. - `creds/` and `k3s.yaml` are git-ignored; contains joker DYNDNS creds and registry auth. # Lomavuokraus app progress (Nov 24) - Backend/data: Added Prisma models (User/Listing/ListingTranslation/ListingImage), seed script creates sample listing; DB on Hetzner VM `46.62.203.202`, staging secrets set in `lomavuokraus-web-secrets`. - Auth: Register/login/verify flows; session cookie (`session_token`), NavBar shows email+role badge. Roles: USER, ADMIN, USER_MODERATOR (approve users), LISTING_MODERATOR (approve listings). Admin can change roles at `/admin/users`. - Listing flow: create listing (session required), pending/published with admin/moderator approvals; pages for “My listings,” “New listing,” “Profile.” Quick actions tile removed; all actions in navbar. - SMTP/DKIM: SMTP via smtp.lomavuokraus.fi (CNAME to smtp.sohva.org); DKIM key at `creds/dkim/lomavuokraus.fi/mail2025.private`, TXT needed at `mail2025._domainkey.lomavuokraus.fi`. - Deployment/secrets: Removed Secret from k8s manifest to avoid overwrites; env now from k8s secret only. ConfigMap only for public vars. Image pull secret `registry-halla` in staging. - Latest images built/pushed: `registry.halla-aho.net/thalla/lomavuokraus-web:1763993882` (approvals badge + FI/EN localization) and `:1763994382` (profile edit). Staging/prod rolled out. - Security: `npm audit --audit-level=high` runs in build (warnings only). Trivy scan run; remaining CVEs mostly in tooling (cross-spawn, glob) and base OS Debian 12.10. Further reduction would require eslint-config-next 16.x and base image updates when available. # Recent changes (Nov 24, later) - Public browse/search page with map, address filters, and EV charging amenity; listings now store street address and geocoordinates. - Amenities expanded: electric vehicle charging (free/paid) and air conditioning; cover image selectable per listing and used in cards. - Home page shows a rolling feed of latest listings; navbar + CTA link to browse. - Listing creation form captures address details, coordinates, amenities (incl. EV/AC), and cover image choice. - Documentation moved to `docs/`; PlantUML diagrams rendered to SVG and embedded in docs pages (draw.io sources kept for architecture/infra). - UI polish: navbar buttons gained icons, consistent button sizing, and form fields restyled for alignment. - Auth: added forgotten password flow (email reset link + reset page). - HTTPS redirect middleware applied to staging/prod ingress. - FI/EN localization with navbar language toggle; UI strings translated; Approvals link shows pending count badge. - Soft rejection/removal states for users/listings with timestamps; owner listing removal; login redirects home; listing visibility hides removed/not-published. - Profile page now allows editing name and password (email immutable). - Docs: Added docs in `docs/` (tracked, not shipped) with HTML + PlantUML sequences + draw.io diagrams. Ignored from deploy via runtime paths; kept in git. - Documentation pivoted to Mermaid-only diagrams (sequence + architecture/infra/pipeline), rendered in-browser; legacy draw.io/PlantUML assets removed for simplicity. - Updated docs to fix Mermaid syntax and labels; Mermaid renders cleanly across all pages. - Local Docker cleanup: removed all stale images (including registry.halla-aho.net:443 tags); only current `3a5de63` and `latest` remain. - Listing details: right rail now surfaces quick facts + amenity icons; browse map given fixed height so OpenStreetMap tiles show reliably; footer links to privacy page with version indicator. - Listing images now stored in DB (binary) with API serving `/api/images/:id`; upload limited to 6 images (5MB each) and seed pulls from `sampleimages/` if present. - Sample listings flagged via `isSample`, seeded demo listings marked, and UI badges added to identify them. - Privacy page localized (FI/EN) via i18n. - Version hash now injected via build arg (`NEXT_PUBLIC_VERSION`) and shown in footer; build scripts updated. - In-cluster Varnish cache added in Deployment to cache `/api/images/*` and static assets. - Added `generate_images.py` and committed sample image assets for reseeding/rebuilds. To resume: 1) If desired, render diagrams locally: PlantUML in `docs/plantuml`, draw.io in `docs/drawio`. 2) Keep registry health in mind; current pushes work (`1763994382` deployed). 3) Future app work: translations polish, more listing fields, admin tooling, or registry hardening.