disclosure-bureau/infra/README.md

# Infrastructure — Disclosure Bureau

Self-hosted stack on a single VPS (16 GB / 4 CPU / 200 GB NVMe) managed via **Coolify**.

```
                   Internet (443/80)
                          │
                ┌─────────▼─────────┐
                │  Caddy (Coolify)  │ ← auto-TLS Let's Encrypt
                └────┬──────────────┘
                     │
       ┌─────────────┼──────────────────────┬──────────────────┐
       ▼             ▼                      ▼                  ▼
  ┌─────────┐   ┌──────────┐         ┌──────────┐       ┌──────────┐
  │ Next.js │   │ Supabase │         │ Supabase │       │  shared  │
  │   web   │   │ disclosure│        │ project-B │       │ services │
  │ :3000   │   │ stack    │         │  stack    │       │ Meili··· │
  └─────────┘   │  ┌─────┐ │         │  ┌─────┐ │       │ Imgproxy │
                │  │PG/GT│ │         │  │PG/GT│ │       │ Dragonfly│
                │  └─────┘ │         │  └─────┘ │       └──────────┘
                └──────────┘         └──────────┘
                disclosure.top       projeto-b.com
```

## Components

| Layer | Service | Notes |
|---|---|---|
| **Orchestration** | [Coolify](https://coolify.io) v4 | Self-hosted PaaS — manages all containers, TLS, backups |
| **Database + Auth + Storage** | Supabase self-hosted (one per project) | Each project gets own Postgres + GoTrue + Storage |
| **Frontend** | Next.js 15 (this repo's `/web`) | Deployed via Coolify Git integration |
| **Search** | Meilisearch (shared) | Full-text search across pages + entities |
| **Cache + Queue** | Dragonfly (shared) | Redis-compatible, multi-threaded |
| **Images** | Imgproxy (shared) | On-the-fly resize / WebP conversion |
| **Backups** | restic + Backblaze B2 | Nightly Postgres + Storage dumps |

## Quick path

1. **[`coolify/INSTALL.md`](coolify/INSTALL.md)** — install Coolify on the fresh VPS (~10 min)
2. **[`coolify/SUPABASE.md`](coolify/SUPABASE.md)** — create the `disclosure` Supabase project (~5 min)
3. Run [`supabase/migrations/0001_chat_schema.sql`](supabase/migrations/0001_chat_schema.sql) via Supabase Studio SQL editor
4. **[`coolify/NEXTJS.md`](coolify/NEXTJS.md)** — deploy the `/web` app pointing at the Supabase URL
5. **[`coolify/SHARED.md`](coolify/SHARED.md)** — bring up Meilisearch, Dragonfly, Imgproxy

## Adding more projects later

For each new project, repeat step 2 (new Supabase project in Coolify UI) and step 4 (new Next.js app). They get their own subdomain, own auth, own data. Total isolation.

## Local development

For dev on macOS/Linux without the VPS, see [`../web/README.md`](../web/README.md) — uses the Supabase CLI to spin up a local stack on `localhost:54321`.