# CarPass Deploy ## First Install ```bash sudo mkdir -p /opt/carpass sudo chown "$USER":"$USER" /opt/carpass git clone /opt/carpass/app cd /opt/carpass/app cp .env.example .env ``` Edit `.env` and set real secrets: - `BOT_TOKEN` - `BOT_USERNAME` - `PUBLIC_WEBAPP_URL` - `CORS_ORIGINS` - `INTERNAL_API_TOKEN` - `SECRET_KEY` - `REDIS_URL` if Redis is external - `VAPID_PUBLIC_KEY` / `VAPID_PRIVATE_KEY` when browser push is enabled - `ADMIN_TELEGRAM_IDS` Production must use public HTTPS URLs and `ALLOW_DEV_AUTH=false`. ## Start ```bash docker compose up -d --build docker compose exec api alembic upgrade head python -m scripts.bootstrap_admin curl -fsS http://127.0.0.1:8000/ready ``` The default compose stack includes Postgres, Redis, API and bot services with health checks, restart policies and log rotation. ## Git-Based Update The server directory must remain a git clone. The main update path is: ```bash APP_DIR=/opt/carpass/app DEPLOY_BRANCH=main ./scripts/deploy.sh ``` The script runs: - `git fetch` - `git pull --ff-only` - optional DB backup with `BACKUP_BEFORE_DEPLOY=true` - Docker build/up - `alembic upgrade head` - Python smoke compile - `/ready` health check Do not use rsync as the primary deploy mechanism. ## Rollback ```bash cd /opt/carpass/app git log --oneline -20 git checkout docker compose up -d --build curl -fsS http://127.0.0.1:8000/ready ``` Be careful with database migrations: code rollback does not automatically downgrade data. ## Backups Create a compressed custom-format dump before risky deploys: ```bash BACKUP_DIR=/opt/carpass/backups ./scripts/backup_db.sh ``` Restore only during a maintenance window: ```bash ./scripts/restore_db.sh /opt/carpass/backups/carpass-drivers-YYYYMMDDTHHMMSSZ.dump ``` For volume-level recovery, back up the Docker named volumes `pgdata` and `redisdata` according to the host backup policy. ## Logs ```bash docker compose ps docker compose logs -f api docker compose logs -f bot docker compose logs -f db ``` ## Migration Smoke Check For a configured Postgres database: ```bash ./scripts/check_migrations.sh ``` ## Cleanup Jobs Run periodic cleanup from cron or systemd timer: ```bash docker compose exec -T api python scripts/cleanup_jobs.py ``` It expires stale employee invites, marks exhausted notifications as abandoned, removes old abandoned notifications and clears old draft work orders.