🏗️ Sardonic Architektúra
sardonicrepulsion.com · aarch64 · Ubuntu · Dokku 0.37.6
🌍 Internet
▼ port 80/443
☁️ Caddy Docker Proxy
Auto SSL (Let's Encrypt) · Docker labels routing · 1 kontajner
Nahradil nginx (2026-03-06) · žiadny certbot
▼ Docker network
📦 Dokku Kontajnery (51 apps)
Caddy Static (25) — 64 MB:
books
cdn
coin
cyberpunk
decoy
devops
dish
docs
drive
education
example
fast
gear
homepage
mikes
pool
pulsecraft
reprint
roadmap
tools
vortexpwm
vva
waver
workflow
executive-css
PHP-FPM + Caddy (12) — 128 MB:
app
calendar
contact
dl
drums
evolver
expenses
finances
ideas
microq
prophecy
eshop
PHP Apache (1) — 128 MB:
antiliberal
Node.js (11) — 128 MB:
chat
deployer
errors
files
login
platform
projects
rating
status
tasks
youloop
Iné (2) — 128 MB:
adminer
search
▼
🗄️ MySQL 8.0 (Docker)
dokku-services network · 512 MB limit · utf8mb4 · slow query log (1s threshold)
🚀 CI/CD Flow
git push origin main → GitHub webhook → Deployer (SQLite queue, retry + backoff) → Dokku build → smoke test (/health + hlavná stránka) → Playwright test → live
Fail → rollback + Telegram alert
Fallback: git:from-archive ak git push zlyhá
📦 Deployer
- deploy.sardonicrepulsion.com — Dokku app (Node.js)
- GitHub webhooks → SQLite queue s retry + exponential backoff
- Smoke test:
/health + hlavná stránka
- Playwright E2E testy (
/opt/playwright-tests/smoke-test.js)
- Telegram notifikácie (success/fail)
- Fallback:
git:from-archive pri Permission denied
- Monitorovaný endpoint:
/queue
🔐 Autentifikácia
- Login app — SSO centrum, JWT cookie na
*.sardonicrepulsion.com
- 4 užívatelia: peter (admin), edo/michal/juraj (user)
- Role-based dashboard: admin = všetko, user = bez
internal projektov
- JWT_SECRET v Dokku env vars
📊 Monitoring & Alerting
- sardonic-monitor — bash, cron */15, health checks + auto-fix, Telegram pri incidente
- Loki + Promtail — centrálne Docker logy, 7d retencia, 256 MB limit
- container-resource-alert — bash, cron */10, memory/CPU monitoring
- ssl-expiry-check — bash, daily 7:00, SSL certifikáty
- daily-health-report — bash, cron 6:00, Telegram report
- pre-report-check — bash, cron 5:30, auto-fix pred reportom
- alerts.json → Rayan (AI) heartbeat číta a reaguje
🐳 Docker Infraštruktúra
- Registry mirror — pull-through cache na localhost:5000, weekly GC
- docker-prune — nedeľa 4:00, images + build cache > 7 dní
- Loki kontajner — centrálny log aggregátor
- Promtail kontajner — log shipper
- MySQL kontajner — databáza
- Redis kontajner — SearXNG cache (dokku.redis.searxng-cache)
💾 Zálohovanie
- Daily o 2:00 (Bratislava) —
/var/backups/sardonic/backup.sh
- Retencia: 7 dní
- Offsite: automatický (rclone → S3-compatible, daily 3:00 UTC, 30d retencia)
- Verifikácia: AI cron daily 3:30
⏰ Cron Jobs
Systémové (bash):
| Schedule | Job |
|---|
| */15 * * * * | sardonic-monitor (health + auto-fix) |
| */10 * * * * | container-resource-alert |
| 0 2 * * * | backup |
| 30 5 * * * | pre-report-check |
| 15 5 * * * | container-restart-check |
| 25 5 * * * | mysql-slow-query-check |
| 0 6 * * * | daily-health-report → Telegram |
| 0 7 * * * | ssl-expiry-check |
| 0 4 * * 0 | docker-prune (images + build cache) |
AI (OpenClaw):
| Schedule | Job |
|---|
| */30 * * * * | tasks-check (ready tasks z DB) |
| */30 * * * * | deployer-failure-auto-triage |
| daily 3:30 | backup-verify |
| daily 20:00 | git-sync-check |
| daily 5:20 | db-network-guardrail |
| Mon 9:00 | ssl-monitor |
🤖 AI Agenti
- Rayan 🧠 — Claude Opus 4, manažér/orchestrátor. Hlavná session, deleguje sub-agentom. Nekóduje priamo.
- Claudio 👨💻 — Claude Opus 4, náročné/komplexné úlohy (architektúra, skripty, infraštruktúra)
- Cosmo 🚀 — Claude Sonnet 3.5, implementácia a rutinné tasky (deploy, setup, konfigurácia)
- Son 🔍 — Claude Sonnet 3.5, code review. Výhradne review, nekóduje, nedeployuje.
- Guard 🛡️ — Claude Sonnet 3.5, verifikácia a security (health check, HTTPS, headers)
- Plake 🎭 — Claude Sonnet 3.5, Playwright testing (screenshoty, UI testy, deploy verifikácia)
- Agent-to-agent komunikácia cez OpenClaw sessions
- Heartbeat monitoring: alerts.json, email, calendar
📏 Container Resources
- Static apps: 64 MB
- Node.js / PHP / Apache: 128 MB
- MySQL: 512 MB
- Loki: 256 MB
🛡️ Bezpečnosť
- CSP headers na všetkých appkách
- Secrets v env vars (
/root/.sardonic-env, chmod 600)
- HttpOnly cookies pre JWT
- Parameterized SQL queries
- Firewall na úrovni hostingu
- Adminer len za SSH
- Auto SSL (Caddy + Let's Encrypt)
static (25)
PHP-FPM (12)
Apache (1)
Node (11)
Iné (2)
Caddy = jediný reverse proxy · auto Let's Encrypt · žiadny nginx · posledná aktualizácia: 2026-03-27