diff --git a/SupportStack/demo/AGENTS.md b/SupportStack/demo/AGENTS.md
index 52564ac..afca7f8 100644
--- a/SupportStack/demo/AGENTS.md
+++ b/SupportStack/demo/AGENTS.md
@@ -1,181 +1,351 @@
-# TSYS Developer Support Stack - Agent Guidelines
+# TSYS Developer Support Stack - Development Guidelines
-## Project Intent
-The TSYS Developer Support Stack is a comprehensive Docker Compose environment providing 16 developer tools and services for TSYS Group development workflow. This stack includes:
+## ๐ฏ Development Principles
-- **Developer Tools**: Homepage (dashboard), Atuin (shell history), Wakapi (time tracking), ArchiveBox (web archiving), Tube Archivist (YouTube archiving), MailHog (email testing)
-- **Infrastructure**: PostgreSQL, Elasticsearch, Docker Socket Proxy, Pi-hole (DNS), Portainer (Docker management), Redis (cache)
-- **Monitoring**: InfluxDB (time series), Grafana (visualization)
-- **Documentation**: Draw.io (diagrams), Kroki (diagrams as code)
+### Demo-First Architecture
+- **Demo-Only Configuration**: All services configured for demonstration purposes only
+- **No Persistent Data**: Zero data persistence between demo sessions
+- **Dynamic User Handling**: Automatic UID/GID detection and application
+- **Security-First**: Docker socket proxy for all container operations
+- **Minimal Bind Mounts**: Prefer Docker volumes over host bind mounts
+- **Consistent Naming**: `tsysdevstack-supportstack-demo-` prefix everywhere
+- **One-Command Deployment**: Single script deployment with full validation
-## ๐จ STRICT QA/TESTING/AUDITING/VALIDATION GUIDELINES
+### Dynamic Environment Strategy
+- **User Detection**: Automatic current user and group ID detection
+- **Docker Group Handling**: Dynamic docker group ID resolution
+- **Variable-Driven Configuration**: All settings via environment variables
+- **Template-Based Compose**: Generate docker-compose.yml from templates
+- **Environment Isolation**: Separate demo.env for all configuration
-### ๐ MANDATORY TESTING PROTOCOL
+### FOSS Only Policy
+- Exclusively use free/libre/open source software
+- Verify license compatibility
+- Prefer official Docker images
+- Document any proprietary dependencies
-**ALL CHANGES MUST PASS THE FOLLOWING BEFORE CONSIDERATION COMPLETE:**
+### Inner Loop Focus
+- Support daily development workflows
+- Avoid project-specific dependencies
+- Prioritize developer productivity
+- Maintain workstation-local deployment
-1. **PRIMARY VALIDATION**: `./test-stack.sh` is the **ONLY** entrypoint for all testing/qa/audit/validation
- - **100% Test Coverage Required**: All end-user facing services must be tested
- - **Zero Failure Tolerance**: Any test failure = change rejected
- - **Comprehensive Validation**: Security, functionality, performance, accessibility
+### System Interference Policy
+- **NEVER interfere with existing processes**: Do not kill, stop, or modify any running processes without explicit permission
+- **Check before acting**: Always verify what processes/screen sessions are running before taking any action
+- **Use unique identifiers**: Create uniquely named sessions/processes to avoid conflicts
+- **Ask first**: Always request permission before touching any existing work on the system
+- **Respect concurrent work**: Other users/processes may be running - do not assume exclusive access
-2. **PRE-COMMIT VALIDATION**: Before any commit:
- ```bash
- # MUST run full test suite
- ./test-stack.sh
-
- # MUST verify all services healthy
- docker compose --env-file demo.env ps
-
- # MUST validate configuration
- ./test-stack.sh config
- ```
+---
-3. **SERVICE CATEGORIES**:
- - **End-User Services**: Homepage, Atuin, Wakapi, ArchiveBox, Tube Archivist, MailHog, Pi-hole, Portainer, InfluxDB, Grafana, Draw.io, Kroki
- - **Infrastructure Services**: PostgreSQL, Elasticsearch, Redis, Docker Socket Proxy
- - **Homepage Display Rule**: ONLY end-user services should appear in Homepage dashboard
+## ๐๏ธ Architecture Guidelines
-### ๐ SECURITY VALIDATION REQUIREMENTS
+### Service Categories
+- **Infrastructure Services**: Core platform services
+- **Monitoring & Observability**: Metrics and visualization
+- **Documentation & Diagramming**: Knowledge management
+- **Developer Tools**: Productivity enhancers
-1. **Docker Socket Security**:
- - โ
No direct Docker socket exposure
- - โ
All access through proxy only
- - โ
Proxy properly restricts dangerous operations
+### Design Patterns
+- **Service Discovery**: Automatic via Homepage dashboard
+- **Health Checks**: Comprehensive for all services
+- **Network Isolation**: Docker network per stack
+- **Resource Limits**: Memory and CPU constraints
-2. **Resource Limits**:
- - โ
All services have memory limits
- - โ
All services have CPU limits
- - โ
Resource usage monitored
+---
-3. **Network Security**:
- - โ
Services isolated in dedicated network
- - โ
Only necessary ports exposed
- - โ
No privileged containers
+## ๐ง Technical Standards
-### ๐งช TEST SUITE REQUIREMENTS (test-stack.sh)
+### Docker Configuration Standards
-**MUST INCLUDE THE FOLLOWING TEST CATEGORIES:**
+#### Demo Service Template
+```yaml
+# Standard service template (docker-compose.yml.template)
+services:
+ service-name:
+ image: official/image:tag
+ user: "${UID}:${GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-service-name"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_service_data:/path"
+ environment:
+ - PUID=${UID}
+ - PGID=${GID}
+ labels:
+ homepage.group: "Group Name"
+ homepage.name: "Display Name"
+ homepage.icon: "icon-name"
+ homepage.href: "http://localhost:${SERVICE_PORT}"
+ homepage.description: "Brief description"
+```
-1. **Configuration Validation**:
- - Docker Compose syntax validation
- - Environment variable validation
- - YAML file linting
- - Shell script linting
+#### Dynamic Variable Requirements
+- **UID/GID**: Current user and group detection
+- **DOCKER_GID**: Docker group ID for socket access
+- **COMPOSE_PROJECT_NAME**: `tsysdevstack-supportstack-demo`
+- **COMPOSE_NETWORK_NAME**: `tsysdevstack-supportstack-demo-network`
+- **Service Ports**: All configurable via environment variables
-2. **Service Health Validation**:
- - All end-user services accessible via HTTP
- - All health check endpoints responding
- - Proper service status reporting
- - Service discovery functionality
+### Port Assignment Strategy
+- Range: 4000-4099
+- Groups: Sequential allocation
+- Document in README.md port table
+- Avoid conflicts with host services
-3. **Security Validation**:
- - Docker socket proxy security testing
- - Port accessibility validation
- - Container privilege verification
- - Network isolation testing
+### Network Configuration
+- Network name: `tsysdevstack_supportstack`
+- IP binding: `192.168.3.6:{port}` where applicable
+- Inter-service communication via container names
+- Only necessary ports exposed to host
-4. **Functionality Validation**:
- - Homepage service discovery accuracy
- - Service grouping correctness
- - End-user interface accessibility
- - Integration testing between services
+---
-5. **Performance Validation**:
- - Resource usage monitoring
- - Startup time validation
- - Memory leak detection
- - CPU usage validation
+## ๐ Quality Assurance
-### ๐ SUCCESS CRITERIA (100% REQUIRED)
+### Testing Requirements
+- Automated health check validation
+- Port accessibility verification
+- Service discovery functionality
+- Resource usage monitoring
+- User workflow validation
-**ALL OF THE FOLLOWING MUST PASS:**
+### Code Quality Standards
+- Clear, commented configurations
+- Consistent naming conventions
+- Comprehensive documentation
+- Atomic commits with conventional messages
-1. **Container Status**:
- - โ
All 16 containers running
- - โ
All end-user services healthy
- - โ
No restart loops
- - โ
Proper startup ordering
+### Security Guidelines
-2. **Service Accessibility**:
- - โ
All end-user services accessible via designated ports
- - โ
HTTP status 200 for all web interfaces
- - โ
Health check endpoints responding
- - โ
No port conflicts
+#### Demo Security Model
+- **Demo-Hardened Configurations**: All settings optimized for demonstration
+- **No External Network Access**: Isolated except for image pulls
+- **Production Separation**: Clear distinction from production deployments
+- **Security Documentation**: All assumptions clearly documented
-3. **Homepage Dashboard**:
- - โ
Discovers exactly 12 end-user services (not 16)
- - โ
Services grouped correctly in 4 categories
- - โ
No infrastructure services displayed
- - โ
Service status accurately reported
+#### Docker Socket Security
+- **Mandatory Proxy**: All container operations through docker-socket-proxy
+- **Restricted API Access**: Minimal permissions per service requirements
+- **No Direct Socket Access**: Prevent direct Docker socket mounting
+- **Group-Based Access**: Dynamic docker group ID assignment
-4. **Security Compliance**:
- - โ
Docker socket proxy secure
- - โ
No direct socket access
- - โ
Resource limits enforced
- - โ
Network isolation maintained
+#### File System Security
+- **Dynamic User Mapping**: Automatic UID/GID detection prevents ownership issues
+- **Volume-First Storage**: Prefer Docker volumes over bind mounts
+- **Read-Only Bind Mounts**: Minimal host filesystem access
+- **Permission Validation**: Automated file ownership verification
-5. **Test Suite Coverage**:
- - โ
100% end-user service coverage
- - โ
All failure scenarios tested
- - โ
Performance benchmarks met
- - โ
Security validations complete
+---
-## Demo Environment Specifics
-- **Network**: 192.168.3.0/24
-- **Host IP**: 192.168.3.6
-- **Port Range**: 4000-4011 for services, 2375 for Docker socket proxy
-- **Docker Network**: tsysdevstack_supportstack
-- **All passwords**: demo_password (for demo environment only)
+## ๐ Development Workflow
-## ๐ WORKFLOW INTEGRATION
+### Demo-First Service Addition
+1. **Research**: Verify FOSS status and official Docker image availability
+2. **Plan**: Determine port assignment and service group
+3. **Template Configuration**: Add to docker-compose.yml.template with variables
+4. **Environment Setup**: Add service variables to demo.env
+5. **Security Integration**: Configure docker-socket-proxy permissions
+6. **Dynamic Testing**: Validate with demo-stack.sh and demo-test.sh
+7. **Documentation Update**: Update README.md, PRD.md, and AGENTS.md
+8. **Atomic Commit**: Conventional commit with detailed description
-### Before Making Changes:
-1. Run `./test-stack.sh` to establish baseline
-2. Make changes
-3. Run `./test-stack.sh` again
-4. Fix any failures
-5. Repeat until 100% pass
+### Process Management Guidelines
+- **Screen Sessions**: Use descriptive, unique names (e.g., `demo-deploy-YYYYMMDD-HHMMSS`)
+- **Background Processes**: Always use logging to track progress
+- **Process Discovery**: Use `ps aux | grep` and `screen -ls` to check existing work
+- **Safe Termination**: Only terminate processes you explicitly started
+- **Permission First**: Always ask before modifying/killing any existing process
-### Before Committing:
-1. `./test-stack.sh` must pass completely
-2. All services must be healthy
-3. Manual verification of key functionality
-4. Documentation updated if needed
+### Template-Driven Development
+- **Variable Configuration**: All settings via environment variables
+- **Naming Convention**: Consistent `tsysdevstack-supportstack-demo-` prefix
+- **User Handling**: Dynamic UID/GID detection in all services
+- **Security Integration**: Docker socket proxy for container operations
+- **Volume Strategy**: Docker volumes with dynamic naming
-### Before Declaring "Done":
-1. Full test suite execution
-2. Manual service verification
-3. Performance validation
-4. Security audit completion
-5. Documentation review
+### Service Removal Process
+1. **Deprecate**: Mark service for removal in documentation
+2. **Test**: Verify stack functionality without service
+3. **Remove**: Delete from docker-compose.yml
+4. **Update**: Clean up documentation and port assignments
+5. **Commit**: Document removal in commit message
-## Critical Configuration Files
-- `docker-compose.yml`: Main service definitions with resource limits
-- `homepage/config/settings.yaml`: Homepage configuration
-- `homepage/config/docker.yaml`: Service discovery configuration (CRITICAL for service filtering)
-- `test-stack.sh`: **PRIMARY VALIDATION TOOL** - comprehensive test suite
-- `AGENTS.md`: This file - QA guidelines and workflow requirements
+### Configuration Changes
+1. **Plan**: Document change rationale and impact
+2. **Test**: Validate in development environment
+3. **Update**: Apply changes to configuration files
+4. **Verify**: Run full test suite
+5. **Document**: Update relevant documentation
+6. **Commit**: Atomic commit with detailed description
-## ๐จ CURRENT KNOWN ISSUES (MUST BE FIXED)
+---
-1. **Homepage Service Discovery**:
- - โ Redis/Elasticsearch/PostgreSQL appearing (should be hidden)
- - โ Pi-hole not working
- - โ Atuin not working
- - โ Tube Archivist not working
- - โ Portainer showing "unknown" status
+## ๐ Monitoring & Observability
-2. **Service Health Issues**:
- - โ Multiple services restarting
- - โ Health check timing issues
- - โ Resource contention problems
+### Health Check Standards
+- All services must include health checks
+- Health checks complete within 10 seconds
+- HTTP endpoints preferred
+- Fallback to container status checks
-## Success Criteria (100% REQUIRED)
-- โ
All 16 containers running and healthy
-- โ
Homepage discovering exactly 12 end-user services in 4 groups
-- โ
All end-user ports accessible and responding with HTTP 200
-- โ
Test suite passing completely (100% coverage)
-- โ
No security vulnerabilities (Docker socket only via proxy)
-- โ
Zero infrastructure services displayed in Homepage
-- โ
All end-user services fully functional
\ No newline at end of file
+### Resource Limits
+- Memory: < 512MB per service (where applicable)
+- CPU: < 25% per service (idle)
+- Startup time: < 60 seconds for full stack
+- Disk usage: Temporary volumes only
+
+### Logging Standards
+- Structured logging where possible
+- Log levels: INFO, WARN, ERROR
+- Container logs accessible via `docker compose logs`
+- No persistent log storage in demo mode
+
+---
+
+## ๐งช Testing Guidelines
+
+### Demo Testing Framework
+```bash
+# ALWAYS check for existing work first
+screen -ls
+ps aux | grep demo-stack
+
+# Dynamic deployment and testing (use unique session names)
+screen -S demo-deploy-$(date +%Y%m%d-%H%M%S) -dm -L -Logfile deploy-$(date +%Y%m%d-%H%M%S).log ./demo-stack.sh deploy
+./demo-test.sh full # Comprehensive QA/validation
+./demo-test.sh security # Security compliance validation
+./demo-test.sh permissions # File ownership validation
+./demo-test.sh network # Network isolation validation
+```
+
+### Automated Validation Suite
+- **File Ownership**: Verify no root-owned files on host
+- **User Mapping**: Validate UID/GID detection and application
+- **Docker Group**: Confirm docker group access for socket proxy
+- **Service Health**: All services passing health checks
+- **Port Accessibility**: Verify all ports accessible from host
+- **Network Isolation**: Confirm services isolated in demo network
+- **Volume Permissions**: Validate Docker volume permissions
+- **Security Compliance**: Docker socket proxy restrictions enforced
+
+### Manual Testing Checklist
+- [ ] All web interfaces accessible via browser
+- [ ] Demo credentials work correctly
+- [ ] Service discovery functional in Homepage
+- [ ] Inter-service communication working through proxy
+- [ ] Resource usage within defined limits
+- [ ] No port conflicts on host system
+- [ ] All health checks passing
+- [ ] No root-owned files created on host
+- [ ] Docker socket proxy functioning correctly
+- [ ] Dynamic user detection working properly
+
+### Performance Testing
+- Startup time measurement
+- Memory usage monitoring
+- CPU usage validation
+- Network connectivity testing
+- Resource leak detection
+
+---
+
+## ๐ Documentation Standards
+
+### README.md Requirements
+- Quick start instructions
+- Service overview table
+- Technical configuration details
+- Troubleshooting guide
+- Security notes and warnings
+
+### PRD.md Requirements
+- Product vision and goals
+- Functional requirements
+- User experience requirements
+- Acceptance criteria
+- Success metrics
+
+### AGENTS.md Requirements
+- Development principles
+- Technical standards
+- Quality assurance guidelines
+- Development workflow
+- Testing procedures
+
+---
+
+## ๐ Security Considerations
+
+### Demo Security Model
+- Hardcoded credentials clearly marked
+- No encryption or security hardening
+- Network isolation within Docker
+- No external access except image pulls
+
+### Security Checklist
+- [ ] All services use demo credentials
+- [ ] No persistent sensitive data
+- [ ] Network properly isolated
+- [ ] Only necessary ports exposed
+- [ ] Security warnings documented
+- [ ] Production deployment guidance included
+
+---
+
+## ๐ Deployment Guidelines
+
+### Local Development
+```bash
+# Check for existing work BEFORE starting
+screen -ls
+ps aux | grep demo-stack
+
+# Start development stack with unique session name
+screen -S demo-deploy-$(date +%Y%m%d-%H%M%S) -dm -L -Logfile deploy-$(date +%Y%m%d-%H%M%S).log ./demo-stack.sh deploy
+
+# Monitor startup
+docker compose logs -f
+
+# Validate deployment
+./test-stack.sh
+```
+
+### Demo Preparation
+1. Clean all containers and volumes
+2. Pull latest images
+3. Verify all health checks
+4. Test complete user workflows
+5. Document any known issues
+
+### Production Migration
+- Replace demo credentials with secure ones
+- Implement persistent data storage
+- Add encryption and security hardening
+- Configure backup and recovery
+- Set up monitoring and alerting
+
+---
+
+## ๐ Development Support
+
+### Getting Help
+1. Check troubleshooting section in README.md
+2. Review service logs: `docker compose logs {service}`
+3. Consult individual service documentation
+4. Check health status: `docker compose ps`
+5. **CRITICAL**: Always check for existing processes before starting new ones: `screen -ls` and `ps aux | grep demo-stack`
+
+### Issue Reporting
+- Include full error messages
+- Provide system information
+- Document reproduction steps
+- Include relevant configuration snippets
+- Specify demo vs production context
+
+---
+
+*Last updated: 2025-11-13*
\ No newline at end of file
diff --git a/SupportStack/demo/PRD.md b/SupportStack/demo/PRD.md
index 16508d1..7ef02e2 100644
--- a/SupportStack/demo/PRD.md
+++ b/SupportStack/demo/PRD.md
@@ -1,6 +1,757 @@
-# TSYS Developer Support Stack - Product Requirements Document (Demo Version)
+# ๐ TSYS Developer Support Stack - Product Requirements Document
-## ๐ Document Overview
+
+
+[](#)
+[](#)
+[](#)
+[](#)
+[](#)
+
+**Demo Version - Product Requirements Document**
+
+
+
+---
+
+## ๐ Table of Contents
+
+- [๐ฏ Product Vision](#-product-vision)
+- [๐๏ธ Architecture Overview](#๏ธ-architecture-overview)
+- [๐ Functional Requirements](#-functional-requirements)
+- [๐ง Technical Requirements](#-technical-requirements)
+- [๐จ User Experience Requirements](#-user-experience-requirements)
+- [๐ Security Requirements](#-security-requirements)
+- [๐ Non-Functional Requirements](#-non-functional-requirements)
+- [๐งช Testing Requirements](#-testing-requirements)
+- [๐ Documentation Requirements](#-documentation-requirements)
+- [โ
Acceptance Criteria](#-acceptance-criteria)
+- [๐ Success Metrics](#-success-metrics)
+- [๐
Implementation Timeline](#-implementation-timeline)
+- [๐ Change Management](#-change-management)
+- [๐ Support & Maintenance](#-support--maintenance)
+- [๐ Appendix](#-appendix)
+
+---
+
+## ๐ฏ Product Vision
+
+> **To create a comprehensive, demo-ready developer support services stack that enhances developer productivity and quality of life for the TSYS engineering team.**
+
+This stack is designed to:
+- ๐ **Run locally** on every developer workstation
+- โก **Support daily development workflows** with essential services
+- ๐ **Maintain security** and simplicity
+- ๐ **Adhere to free/libre/open source principles**
+- ๐ฏ **Focus on inner loop development** rather than project-specific dependencies
+
+---
+
+## ๐๏ธ Architecture Overview
+
+### ๐จ Design Principles
+
+
+
+```mermaid
+graph LR
+ A[Demo-First] --> E[TSYS Support Stack]
+ B[Service Discovery] --> E
+ C[FOSS Only] --> E
+ D[Inner Loop Focus] --> E
+ F[Workstation Local] --> E
+ G[Security Conscious] --> E
+
+ style A fill:#ffeb3b
+ style B fill:#4caf50
+ style C fill:#2196f3
+ style D fill:#ff9800
+ style F fill:#9c27b0
+ style G fill:#f44336
+ style E fill:#e1f5fe
+```
+
+
+
+| Principle | Description | Priority |
+|-----------|-------------|----------|
+| **๐ญ Demo-First Architecture** | Demonstration-only deployment with dynamic user detection, no persistence, one-command deployment | ๐ฅ High |
+| **๐ Service Discovery** | Automatic discovery via Homepage dashboard with Docker labels | ๐ฅ High |
+| **๐ FOSS Only** | Exclusively use free/libre/open source software | ๐ฅ High |
+| **โก Inner Loop Focus** | Support daily development workflows, not project-specific dependencies | ๐ฅ High |
+| **๐ Workstation Local** | Run locally on developer machines, not centralized infrastructure | ๐ฅ High |
+| **๐ Security Conscious** | Demo-hardened configurations with clear production separation | ๐ฅ High |
+
+### ๐ฆ Service Categories
+
+| Category | Purpose | Services |
+|----------|---------|----------|
+| **๐๏ธ Infrastructure Services** | Core platform and management services | DNS Management, Container Socket Proxy, Container Management |
+| **๐ Monitoring & Observability** | Data collection and visualization services | Time Series Database, Visualization Platform |
+| **๐ Documentation & Diagramming** | Knowledge management and creation tools | Diagramming Server, Diagrams as a Service |
+| **๐ ๏ธ Developer Tools** | Productivity and workflow enhancement services | Homepage, Time Tracking, Archiving, Email Testing, Habit Tracking |
+
+---
+
+## ๐ Functional Requirements
+
+### ๐๏ธ FR-001: Infrastructure Services
+
+#### FR-001.1: DNS Management Service
+
+
+```mermaid
+graph TD
+ A[DNS Management Service] --> B[Web Administration]
+ A --> C[DNS Filtering]
+ A --> D[Network Monitoring]
+ A --> E[Demo Configuration]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#e3f2fd
+ style B fill:#bbdefb
+ style C fill:#bbdefb
+ style D fill:#bbdefb
+ style E fill:#fff3e0
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐ Web Interface** | Browser-based administration interface | โ
Required |
+| **๐ก๏ธ DNS Filtering** | Ad blocking and content filtering capabilities | โ
Required |
+| **๐ Network Monitoring** | Traffic analysis and reporting | โ
Required |
+| **๐ญ Demo Configuration** | Default settings for demonstration | โ
Required |
+| **๐ Web Access** | Assigned port for web interface | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Infrastructure group | โ
Required |
+
+#### FR-001.2: Container Socket Proxy
+
+
+```mermaid
+graph TD
+ A[Container Socket Proxy] --> B[API Access Control]
+ A --> C[Request Filtering]
+ A --> D[Security Restrictions]
+ A --> E[Permission Management]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#ffebee
+ style B fill:#ffcdd2
+ style C fill:#ffcdd2
+ style D fill:#ffcdd2
+ style E fill:#fff3e0
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐ก๏ธ API Access Control** | Restrict Docker socket API endpoints | โ
Required |
+| **๐ Request Filtering** | Block dangerous operations by default | โ
Required |
+| **๐ Security Restrictions** | Granular permission management | โ
Required |
+| **โ๏ธ Permission Management** | Environment-based access control | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Infrastructure group | โ
Required |
+
+#### FR-001.3: Container Management Service
+
+
+```mermaid
+graph TD
+ A[Container Management Service] --> B[Container Lifecycle]
+ A --> C[Image Management]
+ A --> D[Volume & Network Management]
+ A --> E[User Authentication]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#f3e5f5
+ style B fill:#e1bee7
+ style C fill:#e1bee7
+ style D fill:#e1bee7
+ style E fill:#fff3e0
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐ Container Lifecycle** | Start/stop/restart container operations | โ
Required |
+| **๐ฆ Image Management** | Registry integration and image operations | โ
Required |
+| **๐พ Volume & Network** | Storage and network configuration | โ
Required |
+| **๐ Authentication** | User authentication with demo credentials | โ
Required |
+| **๐ Web Access** | Assigned port for web interface | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Infrastructure group | โ
Required |
+
+### ๐ FR-002: Monitoring & Observability
+
+#### FR-002.1: Time Series Database
+
+
+```mermaid
+graph TD
+ A[Time Series Database] --> B[HTTP API]
+ A --> C[Web Administration]
+ A --> D[Demo Database]
+ A --> E[Data Access]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#e8f5e8
+ style B fill:#c8e6c9
+ style C fill:#c8e6c9
+ style D fill:#fff3e0
+ style E fill:#bbdefb
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐ HTTP API** | Data ingestion and querying interface | โ
Required |
+| **๐ฅ๏ธ Web Interface** | Browser-based administration | โ
Required |
+| **๐ญ Demo Database** | Sample data for demonstration | โ
Required |
+| **๐ Data Access** | Assigned port for API and web access | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Monitoring group | โ
Required |
+
+#### FR-002.2: Visualization Platform
+
+
+```mermaid
+graph TD
+ A[Visualization Platform] --> B[Data Source Connection]
+ A --> C[Demo Dashboards]
+ A --> D[Dashboard Creation]
+ A --> E[Admin Authentication]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#fff3e0
+ style B fill:#ffe0b2
+ style C fill:#ffe0b2
+ style D fill:#ffe0b2
+ style E fill:#fff3e0
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐ Data Connection** | Pre-configured connection to time series database | โ
Required |
+| **๐ Demo Dashboards** | System metrics visualization | โ
Required |
+| **๐จ Dashboard Creation** | Web-based dashboard editing | โ
Required |
+| **๐ Admin Authentication** | Authentication with demo credentials | โ
Required |
+| **๐ Web Access** | Assigned port for web interface | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Monitoring group | โ
Required |
+
+### ๐ ๏ธ FR-003: Developer Tools
+
+#### FR-003.1: Habit Tracking Service
+
+
+```mermaid
+graph TD
+ A[Habit Tracking Service] --> B[Personal Dashboard]
+ A --> C[Habit Management]
+ A --> D[Progress Tracking]
+ A --> E[Gamification System]
+ A --> F[Integrations Support]
+ A --> G[Health Monitoring]
+ A --> H[Service Discovery]
+
+ style A fill:#fff3e0
+ style B fill:#ffe0b2
+ style C fill:#ffe0b2
+ style D fill:#ffe0b2
+ style E fill:#ffe0b2
+ style F fill:#e8f5e8
+ style G fill:#e8f5e8
+ style H fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐ Personal Dashboard** | Visual overview of habits and progress | โ
Required |
+| **๐ฏ Habit Management** | Create, edit, and delete habits | โ
Required |
+| **๐ Progress Tracking** | Track consistency and improvements | โ
Required |
+| **๐ฎ Gamification** | Points system and achievement tracking | โ
Required |
+| **๐ Integrations** | Support for external data providers | โ
Optional |
+| **๐ Web Access** | Assigned port for web interface | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Developer Tools group | โ
Required |
+
+### ๐ FR-004: Documentation & Diagramming
+
+#### FR-004.1: Diagramming Server
+
+
+```mermaid
+graph TD
+ A[Diagramming Server] --> B[Browser-based Editing]
+ A --> C[Multiple Export Formats]
+ A --> D[Cloud Storage Integration]
+ A --> E[No Authentication]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#fce4ec
+ style B fill:#f8bbd9
+ style C fill:#f8bbd9
+ style D fill:#fff3e0
+ style E fill:#e8f5e8
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐จ Browser Editing** | Diagram creation and editing in browser | โ
Required |
+| **๐ค Export Formats** | PNG, SVG, PDF export capabilities | โ
Required |
+| **โ๏ธ Cloud Integration** | Optional cloud storage integration | โ
Optional |
+| **๐ No Authentication** | Demo mode without login requirements | โ
Required |
+| **๐ Web Access** | Assigned port for web interface | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Documentation group | โ
Required |
+
+#### FR-004.2: Diagrams as a Service
+
+
+```mermaid
+graph TD
+ A[Diagrams as a Service] --> B[Multiple Diagram Types]
+ A --> C[HTTP API]
+ A --> D[Web Interface]
+ A --> E[No Authentication]
+ A --> F[Health Monitoring]
+ A --> G[Service Discovery]
+
+ style A fill:#e0f2f1
+ style B fill:#b2dfdb
+ style C fill:#b2dfdb
+ style D fill:#b2dfdb
+ style E fill:#e8f5e8
+ style F fill:#e8f5e8
+ style G fill:#fce4ec
+```
+
+
+
+| Requirement | Description | Acceptance |
+|-------------|-------------|------------|
+| **๐จ Diagram Types** | PlantUML, Mermaid, GraphViz support | โ
Required |
+| **๐ HTTP API** | Programmatic diagram generation | โ
Required |
+| **๐ฅ๏ธ Web Interface** | Simple testing interface | โ
Required |
+| **๐ No Authentication** | Demo mode without login requirements | โ
Required |
+| **๐ API Access** | Assigned port for API and web access | โ
Required |
+| **โค๏ธ Health Check** | Endpoint for service monitoring | โ
Required |
+| **๐ท๏ธ Service Discovery** | Integration with Documentation group | โ
Required |
+
+---
+
+## ๐ง Technical Requirements
+
+### ๐ณ TR-001: Containerization Standards
+
+| Requirement | Description | Priority |
+|-------------|-------------|----------|
+| **๐ฆ Official Images** | Use official Docker images only | ๐ฅ High |
+| **โค๏ธ Health Checks** | Comprehensive health monitoring | ๐ฅ High |
+| **๐ Service Discovery** | Automatic dashboard integration | ๐ฅ High |
+| **๐ Restart Policies** | Appropriate recovery mechanisms | ๐ฅ High |
+
+### ๐ TR-002: Network Architecture
+
+| Requirement | Description | Priority |
+|-------------|-------------|----------|
+| **๐ Dedicated Network** | Isolated network environment | ๐ฅ High |
+| **๐ข Port Consistency** | Sequential numbering pattern | ๐ฅ High |
+| **๐ Web Access** | Standard browser interfaces | ๐ฅ High |
+| **๐ค Inter-service Communication** | Required service interactions | ๐ฅ High |
+
+### ๐พ TR-003: Data Strategy
+
+| Requirement | Description | Priority |
+|-------------|-------------|----------|
+| **๐ซ No Persistence** | Demo simplicity focus | ๐ฅ High |
+| **โฐ Temporary Data** | Service functionality support | ๐ฅ High |
+| **๐ Session Reset** | Clean state between demos | ๐ฅ High |
+| **๐ Demo Credentials** | Simplified authentication | ๐ฅ High |
+
+### ๐ TR-004: Service Integration
+
+| Requirement | Description | Priority |
+|-------------|-------------|----------|
+| **๐ท๏ธ Dashboard Discovery** | Centralized service visibility | ๐ฅ High |
+| **๐ Consistent Metadata** | Standardized service information | ๐ฅ High |
+| **๐จ Unified Access** | Consistent user experience | ๐ฅ High |
+| **๐ Standard Interfaces** | Common interaction patterns | ๐ฅ High |
+
+---
+
+## ๐จ User Experience Requirements
+
+### ๐ UX-001: Unified Dashboard
+
+
+
+```mermaid
+graph LR
+ A[Single Entry Point] --> B[Automatic Discovery]
+ A --> C[Intuitive Organization]
+ A --> D[Consistent Design]
+ A --> E[Real-time Status]
+
+ style A fill:#e1f5fe
+ style B fill:#b3e5fc
+ style C fill:#b3e5fc
+ style D fill:#b3e5fc
+ style E fill:#b3e5fc
+```
+
+
+
+| Requirement | Description | Success Metric |
+|-------------|-------------|----------------|
+| **๐ช Single Entry Point** | One dashboard for all services | 100% service visibility |
+| **๐ Automatic Discovery** | No manual configuration required | Zero-touch setup |
+| **๐ Intuitive Organization** | Logical service grouping | User satisfaction > 90% |
+| **๐จ Consistent Design** | Unified visual experience | Design consistency > 95% |
+| **๐ Real-time Status** | Live service health indicators | Status accuracy > 99% |
+
+### โก UX-002: Zero-Configuration Access
+
+| Requirement | Description | Success Metric |
+|-------------|-------------|----------------|
+| **๐ Browser Access** | Immediate web interface availability | 100% browser compatibility |
+| **๐ซ No Manual Setup** | Eliminate configuration steps | Setup time < 30 seconds |
+| **๐ Pre-configured Auth** | Default authentication where needed | Login success rate > 95% |
+| **๐ก Clear Error Messages** | Intuitive troubleshooting guidance | Issue resolution < 2 minutes |
+
+### ๐ญ UX-003: Instant Demo Experience
+
+| Requirement | Description | Success Metric |
+|-------------|-------------|----------------|
+| **โก Single Command** | One-command deployment | Deployment time < 60 seconds |
+| **๐ Rapid Initialization** | Fast service startup | All services ready < 60 seconds |
+| **๐ฏ Immediate Features** | No setup delays for functionality | Feature availability = 100% |
+| **๐ Clean Sessions** | Fresh state between demos | Data reset success = 100% |
+
+---
+
+## ๐ Security Requirements
+
+### ๐ก๏ธ SEC-001: Demo-Only Security Model
+
+| Requirement | Description | Implementation |
+|-------------|-------------|----------------|
+| **๐ญ Demo Configuration** | Development/demo use only | Clear documentation warnings |
+| **๐ Hardcoded Credentials** | Clearly marked demo credentials | Obvious demo-only labeling |
+| **๐ซ No External Access** | Isolated from external networks | Docker network isolation |
+| **๐ No Hardening** | No encryption or security features | Simplified demo setup |
+
+### ๐ SEC-002: Network Isolation
+
+| Requirement | Description | Implementation |
+|-------------|-------------|----------------|
+| **๐ Docker Isolation** | Services contained within Docker network | Dedicated network configuration |
+| **๐ Minimal Exposure** | Only necessary ports exposed | Port access control |
+| **๐ซ No Privilege Escalation** | Prevent container privilege escalation | Security context configuration |
+| **๐ Secure API Access** | Container socket proxy for API access | Proxy service implementation |
+
+---
+
+## ๐ Non-Functional Requirements
+
+### โก NFR-001: Performance
+
+| Metric | Requirement | Target |
+|--------|-------------|--------|
+| **๐ Startup Time** | All services must start within | 60 seconds |
+| **โค๏ธ Health Check Speed** | Health checks must complete within | 10 seconds |
+| **๐พ Memory Usage** | Per service memory limit | < 512MB |
+| **๐ฅ๏ธ CPU Usage** | Per service CPU usage (idle) | < 25% |
+
+### ๐ NFR-002: Reliability
+
+| Requirement | Description | Implementation |
+|-------------|-------------|----------------|
+| **โค๏ธ Health Checks** | All services include health monitoring | Comprehensive health endpoints |
+| **๐ Auto Restart** | Automatic recovery on failure | Restart policy configuration |
+| **โน๏ธ Graceful Shutdown** | Proper service termination handling | Signal handling implementation |
+| **๐ Dependency Management** | Service startup order management | Dependency configuration |
+
+### ๐ง NFR-003: Maintainability
+
+| Requirement | Description | Standard |
+|-------------|-------------|----------|
+| **๐ Clear Configuration** | Well-documented setup | Commented configurations |
+| **๐ท๏ธ Consistent Naming** | Standardized service organization | Naming conventions |
+| **๐ Comprehensive Docs** | Complete documentation coverage | Documentation standards |
+| **โ Easy Service Management** | Simple addition/removal processes | Modular architecture |
+
+---
+
+## ๐งช Testing Requirements
+
+### ๐ค TST-001: Automated Testing
+
+
+
+```mermaid
+graph TD
+ A[Automated Testing] --> B[Health Validation]
+ A --> C[Port Verification]
+ A --> D[Service Discovery]
+ A --> E[Resource Monitoring]
+ A --> F[Comprehensive Suite]
+
+ style A fill:#e8f5e8
+ style B fill:#c8e6c9
+ style C fill:#c8e6c9
+ style D fill:#c8e6c9
+ style E fill:#c8e6c9
+ style F fill:#c8e6c9
+```
+
+
+
+| Test Type | Description | Tool/Script |
+|-----------|-------------|-------------|
+| **โค๏ธ Health Validation** | Service health check verification | `test-stack.sh` |
+| **๐ Port Accessibility** | Port availability and response testing | `test-stack.sh` |
+| **๐ Service Discovery** | Dashboard integration verification | `test-stack.sh` |
+| **๐ Resource Monitoring** | Memory and CPU usage validation | `test-stack.sh` |
+| **๐ Comprehensive Suite** | Full integration testing | `test-stack.sh` |
+
+### โ TST-002: Manual Testing
+
+| Test Area | Description | Success Criteria |
+|-----------|-------------|------------------|
+| **๐ Web Interfaces** | Browser interface functionality | All interfaces accessible |
+| **๐ Demo Credentials** | Authentication verification | Login success = 100% |
+| **๐ Service Integration** | Cross-service functionality | Integration tests pass |
+| **๐ค User Workflows** | End-to-end user scenarios | Workflow completion = 100% |
+
+---
+
+## ๐ Documentation Requirements
+
+### ๐ DOC-001: Technical Documentation
+
+| Requirement | Description | Location |
+|-------------|-------------|----------|
+| **๐ README Updates** | Complete service documentation | `README.md` |
+| **๐ Access Information** | Service URLs and credentials | `README.md` |
+| **โ๏ธ Configuration Details** | Technical setup specifications | `README.md` |
+| **๐ง Troubleshooting Guide** | Common issue resolution | `README.md` |
+
+### ๐ฅ DOC-002: User Documentation
+
+| Requirement | Description | Location |
+|-------------|-------------|----------|
+| **๐ Quick Start** | Rapid deployment instructions | `README.md` |
+| **๐ Service Descriptions** | Feature and use case documentation | `README.md` |
+| **๐ Credential Reference** | Demo credential information | `README.md` |
+| **โ FAQ Section** | Common questions and answers | `README.md` |
+
+---
+
+## โ
Acceptance Criteria
+
+### ๐ AC-001: Deployment Success
+
+| Criteria | Description | Status |
+|----------|-------------|--------|
+| **โก Service Startup** | All services start with `docker compose up -d` | โ
Required |
+| **โค๏ธ Health Validation** | All services pass health checks within 60 seconds | โ
Required |
+| **๐ Service Discovery** | Homepage discovers and displays all services | โ
Required |
+| **๐ Web Access** | All interfaces accessible via browser | โ
Required |
+
+### ๐ง AC-002: Functionality Verification
+
+| Criteria | Description | Status |
+|----------|-------------|--------|
+| **๐ก๏ธ DNS Management** | Web interface loads and functions correctly | โ
Required |
+| **๐ Container Management** | Container operations work properly | โ
Required |
+| **๐ Database Operations** | Data storage and retrieval functional | โ
Required |
+| **๐ Visualization** | Dashboards display and update correctly | โ
Required |
+| **๐จ Diagramming** | Creation and export functions work | โ
Required |
+| **๐ Diagram Service** | Text-to-diagram conversion functional | โ
Required |
+
+### ๐ AC-003: Integration Testing
+
+| Criteria | Description | Status |
+|----------|-------------|--------|
+| **๐ Service Discovery** | Automatic discovery works correctly | โ
Required |
+| **๐ค Inter-service Communication** | Required communications function | โ
Required |
+| **โค๏ธ Health Monitoring** | Health checks trigger appropriately | โ
Required |
+| **๐ Resource Management** | Usage remains within defined limits | โ
Required |
+
+---
+
+## ๐ Success Metrics
+
+### ๐ Deployment Metrics
+
+| Metric | Target | Measurement |
+|--------|--------|-------------|
+| **โฑ๏ธ Stack Readiness** | < 2 minutes | Time to full functionality |
+| **โ
Service Success Rate** | 100% | Services starting successfully |
+| **โค๏ธ Health Check Pass Rate** | 100% | Services passing health checks |
+
+### ๐ฅ User Experience Metrics
+
+| Metric | Target | Measurement |
+|--------|--------|-------------|
+| **โก Deployment Success** | 100% | Single-command deployment success |
+| **๐ Dashboard Accessibility** | 100% | Services accessible via Homepage |
+| **๐ซ Configuration Required** | None | Zero configuration for basic use |
+
+---
+
+## ๐
Implementation Timeline
+
+
+
+```mermaid
+gantt
+ title TSYS Developer Support Stack Implementation
+ dateFormat YYYY-MM-DD
+ section Phase 1: Core Infrastructure
+ DNS Management Service :active, p1-1, 2025-11-13, 3d
+ Container Management :p1-2, after p1-1, 2d
+ Service Discovery Validation :p1-3, after p1-2, 2d
+
+ section Phase 2: Monitoring Stack
+ Time Series Database :p2-1, after p1-3, 2d
+ Visualization Platform :p2-2, after p2-1, 3d
+ Dashboard Creation :p2-3, after p2-2, 2d
+
+ section Phase 3: Documentation Tools
+ Diagramming Server :p3-1, after p2-3, 2d
+ Diagram Service :p3-2, after p3-1, 2d
+ Integration Testing :p3-3, after p3-2, 2d
+
+ section Phase 4: Testing & Documentation
+ Comprehensive Test Suite :p4-1, after p3-3, 3d
+ Documentation Updates :p4-2, after p4-1, 2d
+ Final Validation :p4-3, after p4-2, 2d
+```
+
+
+
+### ๐
Phase Details
+
+| Phase | Duration | Focus | Deliverables |
+|-------|----------|-------|--------------|
+| **๐๏ธ Phase 1** | Week 1 | Core Infrastructure | DNS Management, Container Management, Service Discovery |
+| **๐ Phase 2** | Week 1 | Monitoring Stack | Time Series Database, Visualization Platform, Dashboards |
+| **๐ Phase 3** | Week 2 | Documentation Tools | Diagramming Server, Diagram Service, Integration |
+| **๐งช Phase 4** | Week 2 | Testing & Documentation | Test Suite, Documentation, Validation |
+
+---
+
+## ๐ Change Management
+
+### ๐ Version Control Strategy
+
+| Practice | Description | Standard |
+|----------|-------------|----------|
+| **๐ Comprehensive Tracking** | All changes tracked via Git | 100% change coverage |
+| **๐ Structured Messages** | Conventional commit formatting | Commit message standards |
+| **โ๏ธ Atomic Changes** | Small, focused commits | Single-purpose commits |
+| **๐ Detailed Descriptions** | Clear change documentation | Comprehensive commit messages |
+
+### ๐ Quality Assurance Process
+
+| Step | Description | Tool/Process |
+|------|-------------|--------------|
+| **๐ค Automated Validation** | Automated testing on all changes | Test suite execution |
+| **โ Manual Testing** | Manual validation for new services | User acceptance testing |
+| **๐ Documentation Updates** | Synchronized documentation updates | Documentation review |
+| **โ
Requirements Validation** | Continuous validation against PRD | Requirements traceability |
+
+---
+
+## ๐ Support & Maintenance
+
+### ๐ง Troubleshooting Framework
+
+| Component | Description | Implementation |
+|-----------|-------------|----------------|
+| **๐ Comprehensive Logging** | Service logging and diagnostics | Docker log integration |
+| **๐ Real-time Monitoring** | Live health and status reporting | Health check endpoints |
+| **๐ Documented Procedures** | Resolution procedures for common issues | Troubleshooting guides |
+
+### ๐ Maintenance Strategy
+
+| Activity | Description | Frequency |
+|----------|-------------|----------|
+| **๐ฆ Image Updates** | Regular service image updates | Weekly |
+| **โ๏ธ Configuration Management** | Change tracking and validation | Continuous |
+| **๐ Compatibility Preservation** | Maintain backward compatibility | During updates |
+| **๐ Continuous Improvement** | User feedback-based enhancements | Ongoing |
+
+---
+
+## ๐ Appendix
+
+### ๐ฆ A. Service Categories
+
+| Category | Purpose | Example Services |
+|----------|---------|-----------------|
+| **๐๏ธ Infrastructure Services** | Core platform and management tools | DNS Management, Container Socket Proxy, Container Management |
+| **๐ Monitoring & Observability** | Data collection and visualization | Time Series Database, Visualization Platform |
+| **๐ Documentation & Diagramming** | Knowledge management and creation | Diagramming Server, Diagrams as a Service |
+| **๐ ๏ธ Developer Tools** | Productivity and workflow enhancement | Homepage, Time Tracking, Archiving, Habit Tracking |
+
+### ๐ B. Integration Requirements
+
+| Requirement | Description | Implementation |
+|-------------|-------------|----------------|
+| **๐ท๏ธ Dashboard Discovery** | Centralized service visibility | Homepage integration |
+| **๐ค Inter-service Communication** | Required service interactions | Network configuration |
+| **๐ Consistent Authentication** | Unified access patterns | Demo credential strategy |
+| **โค๏ธ Unified Monitoring** | Standardized health checking | Health check standards |
+
+### โ
C. Success Criteria
+
+| Criteria | Description | Measurement |
+|----------|-------------|-------------|
+| **๐ Service Discoverability** | All services accessible from central dashboard | 100% service visibility |
+| **โก Rapid Demonstration** | Complete functionality demonstration within 2 minutes | Time-to-demo < 120 seconds |
+| **๐ฏ Intuitive Experience** | Minimal training required for basic use | User satisfaction > 90% |
+| **๐ Cross-Platform Reliability** | Consistent operation across development environments | Platform compatibility > 95% |
+
+---
+
+
+
+---
+
+## ๐ Document Information
**Document ID**: PRD-SUPPORT-DEMO-001
**Version**: 1.0
@@ -10,356 +761,6 @@
---
-## ๐ฏ Product Vision
+*This PRD serves as the source of truth for the TSYS Developer Support Stack demo implementation and will be used for audit and quality assurance purposes.*
-To create a comprehensive, demo-ready developer support services stack that enhances developer productivity and quality of life for the TSYS engineering team. This stack is designed to run locally on every developer workstation, providing essential services for inner loop development workflows while maintaining security, simplicity, and adherence to free/libre/open source principles.
-
----
-
-## ๐๏ธ Architecture Overview
-
-### Design Principles
-
-1. **Demo-First**: All services configured for easy demonstration with no persistent data, hardcoded credentials, and minimal setup complexity
-2. **Service Discovery**: Automatic service discovery via Homepage dashboard with Docker labels
-3. **FOSS Only**: Exclusively use free/libre/open source software
-4. **Inner Loop Focus**: Support daily development workflows, not project-specific dependencies
-5. **Workstation Local**: Run locally on developer machines, not centralized infrastructure
-6. **Security Conscious**: Demo-hardened configurations with clear separation from production
-
-### Service Categories
-
-- **Infrastructure Services**: Core platform services (Pi-hole, Portainer)
-- **Monitoring & Observability**: Metrics and visualization (InfluxDB, Grafana)
-- **Documentation & Diagramming**: Knowledge management tools (Draw.io, Kroki)
-- **Developer Tools**: Productivity and workflow enhancers
-
----
-
-## ๐ Functional Requirements
-
-### FR-001: Infrastructure Services
-
-#### FR-001.1: Pi-hole DNS Management
-- **Description**: DNS-based ad blocking and network monitoring
-- **Requirements**:
- - Web-based administration interface
- - DNS filtering capabilities
- - Network traffic monitoring
- - Demo configuration with default settings
- - Port assignment: 4006
- - Health check endpoint: HTTP GET /
- - Homepage integration with Infrastructure group
-
-#### FR-001.2: Portainer Container Management
-- **Description**: Web-based Docker container management interface
-- **Requirements**:
- - Container lifecycle management (start/stop/restart)
- - Image management and registry integration
- - Volume and network management
- - User authentication (demo credentials)
- - Port assignment: 4007
- - Health check endpoint: HTTP GET /
- - Homepage integration with Infrastructure group
-
-### FR-002: Monitoring & Observability
-
-#### FR-002.1: InfluxDB Time Series Database
-- **Description**: High-performance time series database for metrics storage
-- **Requirements**:
- - HTTP API for data ingestion and querying
- - Web-based administration interface
- - Demo database with sample data
- - Port assignment: 4008
- - Health check endpoint: HTTP GET /ping
- - Homepage integration with Monitoring group
-
-#### FR-002.2: Grafana Visualization Platform
-- **Description**: Analytics and visualization platform for time series data
-- **Requirements**:
- - Pre-configured data source connection to InfluxDB
- - Demo dashboards for system metrics
- - Web-based dashboard creation and editing
- - Admin credentials: admin/demo_password
- - Port assignment: 4009
- - Health check endpoint: HTTP GET /api/health
- - Homepage integration with Monitoring group
-
-### FR-003: Documentation & Diagramming
-
-#### FR-003.1: Draw.io Diagramming Server
-- **Description**: Web-based diagramming and flowchart application
-- **Requirements**:
- - Browser-based diagram creation and editing
- - Export to multiple formats (PNG, SVG, PDF)
- - Integration with cloud storage (optional)
- - No authentication required (demo mode)
- - Port assignment: 4010
- - Health check endpoint: HTTP GET /
- - Homepage integration with Documentation group
-
-#### FR-003.2: Kroki Diagrams as a Service
-- **Description**: Service for converting text diagrams to images
-- **Requirements**:
- - Support for multiple diagram types (PlantUML, Mermaid, GraphViz)
- - HTTP API for diagram generation
- - Simple web interface for testing
- - No authentication required (demo mode)
- - Port assignment: 4011
- - Health check endpoint: HTTP GET /health
- - Homepage integration with Documentation group
-
----
-
-## ๐ง Technical Requirements
-
-### TR-001: Docker Integration
-- All services must be containerized using official Docker images
-- Services must use consistent naming convention: `tsysdevstack-supportstack-{service}`
-- All services must include comprehensive health checks
-- Services must include proper Homepage labels for auto-discovery
-- Restart policy: `unless-stopped`
-
-### TR-002: Network Configuration
-- All services must use the `tsysdevstack_supportstack` network
-- Port assignments must follow the 4000+ range pattern
-- Services must be accessible via `192.168.3.6:{port}`
-- Inter-service communication via container names
-
-### TR-003: Data Management
-- No persistent data storage (demo mode)
-- Use Docker volumes for temporary data only
-- All data must be reset on container restart
-- Hardcoded demo credentials only
-- No encryption or security hardening
-
-### TR-004: Service Discovery
-- All services must include Homepage labels:
- - `homepage.group`: Service category
- - `homepage.name`: Display name
- - `homepage.icon`: Appropriate icon
- - `homepage.href`: Full URL
- - `homepage.description`: Brief service description
-
----
-
-## ๐จ User Experience Requirements
-
-### UX-001: Homepage Dashboard
-- Single entry point for all services via Homepage at port 4000
-- Automatic service discovery and organization
-- Consistent visual design and navigation
-- Real-time service status indicators
-
-### UX-002: Service Accessibility
-- All services accessible via web browser
-- No complex setup or configuration required
-- Default credentials where authentication is needed
-- Clear error messages and troubleshooting guidance
-
-### UX-003: Demo Experience
-- One-command deployment: `docker compose up -d`
-- Services ready within 60 seconds
-- All features immediately accessible
-- No data persistence between sessions
-
----
-
-## ๐ Security Requirements
-
-### SEC-001: Demo Security Model
-- All services configured for demo/development use only
-- Hardcoded credentials clearly marked as demo-only
-- No external network access except for image pulls
-- No encryption or security hardening
-
-### SEC-002: Network Isolation
-- Services isolated within Docker network
-- Only necessary ports exposed to host
-- No inter-container privilege escalation
-- Docker socket proxy for secure API access
-
----
-
-## ๐ Non-Functional Requirements
-
-### NFR-001: Performance
-- All services must start within 60 seconds
-- Health checks must complete within 10 seconds
-- Memory usage per service: < 512MB (where applicable)
-- CPU usage: < 25% per service (idle)
-
-### NFR-002: Reliability
-- All services must include health checks
-- Automatic restart on failure
-- Graceful shutdown handling
-- Dependency management between services
-
-### NFR-003: Maintainability
-- Clear, commented Docker Compose configuration
-- Consistent service naming and organization
-- Comprehensive documentation
-- Easy service addition/removal
-
----
-
-## ๐งช Testing Requirements
-
-### TST-001: Automated Testing
-- Comprehensive test suite (`test-stack.sh`)
-- Service health validation
-- Port accessibility verification
-- Service discovery functionality
-- Resource usage monitoring
-
-### TST-002: Manual Testing
-- All web interfaces accessible and functional
-- Demo credentials work correctly
-- Service integration testing
-- User workflow validation
-
----
-
-## ๐ Documentation Requirements
-
-### DOC-001: Technical Documentation
-- Updated README.md with all services
-- Service access information
-- Configuration details
-- Troubleshooting guide
-
-### DOC-002: User Documentation
-- Quick start guide
-- Service descriptions and use cases
-- Demo credentials reference
-- FAQ section
-
----
-
-## โ
Acceptance Criteria
-
-### AC-001: Deployment Success
-- [ ] All services start successfully with `docker compose up -d`
-- [ ] All services pass health checks within 60 seconds
-- [ ] Homepage discovers and displays all services
-- [ ] All web interfaces accessible via browser
-
-### AC-002: Functionality Verification
-- [ ] Pi-hole web interface loads and functions
-- [ ] Portainer manages containers correctly
-- [ ] InfluxDB accepts data and responds to queries
-- [ ] Grafana connects to InfluxDB and displays dashboards
-- [ ] Draw.io creates and exports diagrams
-- [ ] Kroki generates diagrams from text
-
-### AC-003: Integration Testing
-- [ ] Service discovery works correctly
-- [ ] Inter-service communication functions
-- [ ] Health checks trigger appropriately
-- [ ] Resource usage remains within limits
-
----
-
-## ๐ Success Metrics
-
-### Deployment Metrics
-- Time to full stack readiness: < 2 minutes
-- Service success rate: 100%
-- Health check pass rate: 100%
-
-### User Experience Metrics
-- Single-command deployment success
-- All services accessible via Homepage
-- No configuration required for basic use
-
----
-
-## ๐
Implementation Timeline
-
-### Phase 1: Core Infrastructure (Week 1)
-- Pi-hole implementation
-- Portainer integration
-- Basic service discovery validation
-
-### Phase 2: Monitoring Stack (Week 1)
-- InfluxDB deployment
-- Grafana configuration
-- Dashboard creation
-
-### Phase 3: Documentation Tools (Week 2)
-- Draw.io server setup
-- Kroki service implementation
-- Integration testing
-
-### Phase 4: Testing & Documentation (Week 2)
-- Comprehensive test suite
-- Documentation updates
-- Final validation
-
----
-
-## ๐ Change Management
-
-### Version Control
-- All changes tracked via Git
-- Conventional commit messages
-- Atomic commits with clear descriptions
-
-### Quality Assurance
-- Automated testing on all changes
-- Manual validation of new services
-- Documentation updates with each change
-
----
-
-## ๐ Support & Maintenance
-
-### Troubleshooting
-- Service logs accessible via `docker compose logs`
-- Health check status via `docker compose ps`
-- Common issues documented in README
-
-### Updates
-- Regular image updates via Docker Hub
-- Configuration changes tracked in Git
-- Backward compatibility maintained where possible
-
----
-
-## ๐ Appendix
-
-### A. Port Assignments
-| Service | Port | Group |
-|---------|------|-------|
-| Homepage | 4000 | Developer Tools |
-| Atuin | 4001 | Developer Tools |
-| Wakapi | 4002 | Developer Tools |
-| ArchiveBox | 4003 | Developer Tools |
-| Tube Archivist | 4004 | Developer Tools |
-| MailHog | 4005 | Developer Tools |
-| Pi-hole | 4006 | Infrastructure |
-| Portainer | 4007 | Infrastructure |
-| InfluxDB | 4008 | Monitoring |
-| Grafana | 4009 | Monitoring |
-| Draw.io | 4010 | Documentation |
-| Kroki | 4011 | Documentation |
-
-### B. Demo Credentials
-| Service | Username | Password |
-|---------|----------|----------|
-| Grafana | admin | demo_password |
-| Portainer | admin | demo_password |
-
-### C. Service Dependencies
-- Pi-hole: No dependencies
-- Portainer: Docker Socket Proxy
-- InfluxDB: No dependencies
-- Grafana: InfluxDB
-- Draw.io: No dependencies
-- Kroki: No dependencies
-
----
-
-**Document End**
-
-*This PRD serves as the source of truth for the TSYS Developer Support Stack demo implementation and will be used for audit and quality assurance purposes.*
\ No newline at end of file
+
\ No newline at end of file
diff --git a/SupportStack/demo/README.md b/SupportStack/demo/README.md
index 9bdb525..a858274 100644
--- a/SupportStack/demo/README.md
+++ b/SupportStack/demo/README.md
@@ -1,399 +1,411 @@
+# ๐ TSYS Developer Support Stack - Demo
+
-# ๐ TSYS Developer Support Stack
+[](https://opensource.org/licenses/MIT)
+[](https://www.docker.com/)
+[](https://www.fsf.org/)
+[](#)
-[](https://www.docker.com/)
-[](https://gethomepage.dev/)
-[](https://wakapi.dev/)
-[](https://archivebox.io/)
-[](https://github.com/mailhog/MailHog)
-
-> **A comprehensive developer support services stack with automatic service discovery**
-
----
+*A comprehensive, demo-ready developer support services stack that enhances productivity and quality of life for the TSYS engineering team.*
-## ๐ Table of Contents
+---
-- [๐ Overview](#-overview)
-- [๐๏ธ Architecture](#๏ธ-architecture)
-- [โก Quick Start](#-quick-start)
-- [๐ง Services](#-services)
-- [๐ Service Access](#-service-access)
-- [๐ ๏ธ Configuration](#๏ธ-configuration)
-- [๐ Health Checks](#-health-checks)
-- [๐ Development](#-development)
-- [๐จ Important Notes](#-important-notes)
+## ๐ Table of Contents
+
+- [๐ Quick Start](#-quick-start)
+- [๐ Services Overview](#-services-overview)
+- [๐ง Technical Configuration](#-technical-configuration)
+- [๐ Demo Credentials](#-demo-credentials)
+- [๐ Service Dependencies](#-service-dependencies)
+- [๐งช Testing](#-testing)
+- [๐ Troubleshooting](#-troubleshooting)
+- [๐ Data Management](#-data-management)
+- [๐ Updates & Maintenance](#-updates--maintenance)
+- [๐ Documentation](#-documentation)
+- [๐จ Security Notes](#-security-notes)
+- [๐ Support](#-support)
---
-## ๐ Overview
+## ๐ Quick Start
-The TSYS Developer Support Stack provides a comprehensive suite of developer tools designed to enhance productivity and streamline development workflows. This demo-ready stack includes:
+
-- **๐ Homepage** - A beautiful, customizable dashboard with automatic service discovery
-- **โฑ๏ธ Wakapi** - Self-hosted time tracking for developers
-- **๐๏ธ ArchiveBox** - Web archiving solution for saving web content
-- **๐ง MailHog** - Email testing service for development
-- **๐ณ Docker Socket Proxy** - Secure Docker API access
-- **๐๏ธ PostgreSQL** - Reliable database backend (ready for additional services)
-- **๐ก๏ธ Pi-hole** - DNS-based ad blocking and network monitoring
-- **๐ Portainer** - Web-based Docker container management
-- **๐ InfluxDB** - Time series database for metrics storage
-- **๐ Grafana** - Analytics and visualization platform
-- **๐จ Draw.io** - Web-based diagramming and flowchart application
-- **๐ Kroki** - Service for converting text diagrams to images
+```bash
+# ๐ฏ Demo deployment with dynamic user detection
+./demo-stack.sh deploy
+
+# ๐ง Comprehensive testing and validation
+./demo-test.sh full
+```
+
+
+
+๐ **Access all services via the Homepage dashboard at** **[http://localhost:${HOMEPAGE_PORT}](http://localhost:${HOMEPAGE_PORT})**
+
+> โ ๏ธ **Demo Configuration Only** - This stack is designed for demonstration purposes with no data persistence.
---
-## ๐๏ธ Architecture
+## ๐ง Dynamic Deployment Architecture
+
+### ๐ Environment Variables
+
+All configuration is managed through `demo.env` and dynamic detection:
+
+| Variable | Description | Default |
+|-----------|-------------|----------|
+| **COMPOSE_PROJECT_NAME** | Consistent naming prefix | `tsysdevstack-supportstack-demo` |
+| **UID** | Current user ID | Auto-detected |
+| **GID** | Current group ID | Auto-detected |
+| **DOCKER_GID** | Docker group ID | Auto-detected |
+| **COMPOSE_NETWORK_NAME** | Docker network name | `tsysdevstack-supportstack-demo-network` |
+
+### ๐ฏ Deployment Scripts
+
+| Script | Purpose | Usage |
+|---------|---------|--------|
+| **demo-stack.sh** | Dynamic deployment with user detection | `./demo-stack.sh [deploy|stop|restart]` |
+| **demo-test.sh** | Comprehensive QA and validation | `./demo-test.sh [full|security|permissions]` |
+| **demo.env** | All environment variables | Source of configuration |
+
+---
+
+## ๐ Services Overview
+
+### ๐ ๏ธ Developer Tools
+| Service | Port | Description | ๐ Access |
+|---------|------|-------------|-----------|
+| **Homepage** | 4000 | Central dashboard for service discovery | [Open](http://localhost:4000) |
+| **Atuin** | 4001 | Shell history synchronization | [Open](http://localhost:4001) |
+| **Wakapi** | 4002 | Time tracking for developers | [Open](http://localhost:4002) |
+| **ArchiveBox** | 4003 | Web archiving solution | [Open](http://localhost:4003) |
+| **Tube Archivist** | 4004 | YouTube video archiving | [Open](http://localhost:4004) |
+| **MailHog** | 4005 | Email testing for development | [Open](http://localhost:4005) |
+
+### ๐๏ธ Infrastructure Services
+| Service | Port | Description | ๐ Access |
+|---------|------|-------------|-----------|
+| **Pi-hole** | 4006 | DNS-based ad blocking and monitoring | [Open](http://localhost:4006) |
+| **Docker Socket Proxy** | 4013 | Infrastructure | Secure Docker socket API proxy | [Internal](#) |
+| **Portainer** | 4007 | Web-based container management | [Open](http://localhost:4007) |
+
+### ๐ Monitoring & Observability
+| Service | Port | Description | ๐ Access |
+|---------|------|-------------|-----------|
+| **InfluxDB** | 4008 | Time series database for metrics | [Open](http://localhost:4008) |
+| **Grafana** | 4009 | Analytics and visualization platform | [Open](http://localhost:4009) |
+
+### ๐ Documentation & Diagramming
+| Service | Port | Description | ๐ Access |
+|---------|------|-------------|-----------|
+| **Draw.io** | 4010 | Web-based diagramming application | [Open](http://localhost:4010) |
+| **Kroki** | 4011 | Diagrams as a service | [Open](http://localhost:4011) |
+
+---
+
+## ๐ง Technical Configuration
+
+### ๐ณ Docker Integration
+
+
+
+```yaml
+# Demo service template (docker-compose.yml.template)
+services:
+ service-name:
+ image: official/image:tag
+ user: "${UID}:${GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-service-name"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_service_data:/path"
+ environment:
+ - PUID=${UID}
+ - PGID=${GID}
+ labels:
+ homepage.group: "Group Name"
+ homepage.name: "Display Name"
+ homepage.icon: "icon-name"
+ homepage.href: "http://localhost:${SERVICE_PORT}"
+ homepage.description: "Brief description"
+```
+
+
+
+### โ๏ธ Dynamic Configuration
+
+| Setting | Variable | Description |
+|---------|-----------|-------------|
+| **Service Naming** | `${COMPOSE_PROJECT_NAME}-{service}` | Dynamic container naming |
+| **Network** | `${COMPOSE_NETWORK_NAME}` | Dedicated Docker network |
+| **User Mapping** | `${UID}:${GID}` | Dynamic user detection |
+| **Docker Group** | `${DOCKER_GID}` | Docker socket access |
+| **Volume Naming** | `${COMPOSE_PROJECT_NAME}_{service}_data` | Consistent volumes |
+| **Restart Policy** | `unless-stopped` | Automatic recovery |
+
+### ๐ Health Check Endpoints
+
+| Service | Health Check Path | Status |
+|---------|-------------------|--------|
+| **Pi-hole** (DNS Management) | `HTTP GET /` | โ
Active |
+| **Portainer** (Container Management) | `HTTP GET /` | โ
Active |
+| **InfluxDB** (Time Series Database) | `HTTP GET /ping` | โ
Active |
+| **Grafana** (Visualization Platform) | `HTTP GET /api/health` | โ
Active |
+| **Draw.io** (Diagramming Server) | `HTTP GET /` | โ
Active |
+| **Kroki** (Diagrams as a Service) | `HTTP GET /health` | โ
Active |
+
+### ๐ท๏ธ Service Discovery Labels
+
+All services include Homepage labels for auto-discovery:
+
+```yaml
+labels:
+ homepage.group: "Service category"
+ homepage.name: "Display name"
+ homepage.icon: "Appropriate icon"
+ homepage.href: "Full URL"
+ homepage.description: "Brief service description"
+```
+
+---
+
+## ๐ Demo Credentials
+
+> โ ๏ธ **Demo Configuration Only** - Reset all credentials before production use
+
+| Service | Username | Password | ๐ Access |
+|---------|----------|----------|-----------|
+| **Grafana** | `admin` | `demo_password` | [Login](http://localhost:4009) |
+| **Portainer** | `admin` | `demo_password` | [Login](http://localhost:4007) |
+
+---
+
+## ๐ Service Dependencies
```mermaid
-graph TB
- subgraph "TSYS Developer Support Stack"
- A[Homepage Dashboard
Port: 4000]
- C[Wakapi Time Tracking
Port: 4002]
- D[ArchiveBox
Port: 4003]
- F[MailHog
Port: 4005]
- G[Docker Socket Proxy
Port: 2375]
- H[PostgreSQL
Internal]
- I[Pi-hole
Port: 4006]
- J[Portainer
Port: 4007]
- K[InfluxDB
Port: 4008]
- L[Grafana
Port: 4009]
- M[Draw.io
Port: 4010]
- N[Kroki
Port: 4011]
- end
+graph TD
+ A[Homepage Dashboard] --> B[All Services]
+ C[Container Management] --> D[Container Socket Proxy]
+ E[Visualization Platform] --> F[Time Series Database]
+ G[All Other Services] --> H[No Dependencies]
- A --> C
- A --> D
- A --> F
- A --> G
- A --> I
- A --> J
- A --> K
- A --> L
- A --> M
- A --> N
-
- subgraph "External Access"
- O[Developer Browser
192.168.3.6]
- end
-
- O --> A
- O --> C
- O --> D
- O --> F
- O --> I
- O --> J
- O --> K
- O --> L
- O --> M
- O --> N
+ style A fill:#e1f5fe
+ style C fill:#f3e5f5
+ style E fill:#e8f5e8
+ style G fill:#fff3e0
```
+| Service | Dependencies | Status |
+|---------|--------------|--------|
+| **Container Management** (Portainer) | Container Socket Proxy | ๐ Required |
+| **Visualization Platform** (Grafana) | Time Series Database (InfluxDB) | ๐ Required |
+| **All Other Services** | None | โ
Standalone |
+
---
-## โก Quick Start
+## ๐งช Testing & Validation
-### ๐ฏ Prerequisites
+### ๐ค Automated Demo Testing
-- [Docker](https://www.docker.com/) 20.10+
-- [Docker Compose](https://docs.docker.com/compose/) 2.0+
-- Git
-
-### ๐ One-Command Deployment
+
```bash
-# Clone the repository
-git clone
-cd TSYSDevStack/Support
+# ๐ฏ Full deployment and validation
+./demo-stack.sh deploy && ./demo-test.sh full
-# Start all services
-docker compose -f docker-compose-simple.yml up -d
+# ๐ Security compliance validation
+./demo-test.sh security
-# Wait for services to be healthy (optional)
-docker compose -f docker-compose-simple.yml ps
+# ๐ค File ownership validation
+./demo-test.sh permissions
+
+# ๐ Network isolation validation
+./demo-test.sh network
```
-That's it! ๐ All services will be available within 60 seconds.
+
----
-
-## ๐ง Services
-
-| Service | Description | Port | Health Check | Status |
-|---------|-------------|------|--------------|--------|
-| **Homepage** | Developer dashboard with service discovery | `4000` | โ
HTTP Check | ๐ข Active |
-| **Atuin** | Synced shell history database | `4001` | โ
HTTP Check | ๐ข Active |
-| **Wakapi** | Time tracking for developers | `4002` | โ
HTTP Check | ๐ข Active |
-| **ArchiveBox** | Web archiving solution | `4003` | โ
HTTP Check | ๐ข Active |
-| | **Tube Archivist** | YouTube media archiving | `4004` | โ
HTTP Check | ๐ก Starting |
-| | **MailHog** | Email testing service | `4005` | โ
HTTP Check | ๐ข Active |
-| | **Docker Socket Proxy** | Secure Docker API access | `2375` | โ
HTTP Check | ๐ก Starting |
-| | **PostgreSQL** | Database for Atuin | `5432` | โ
DB Check | ๐ข Active |
-| | **Elasticsearch** | Search engine for Tube Archivist | `9200` | โ
HTTP Check | ๐ข Active |
-| | **Pi-hole** | DNS management and network monitoring | `4006` | โ
HTTP Check | ๐ข Active |
-| | **Portainer** | Web-based Docker container management | `4007` | โ
HTTP Check | ๐ข Active |
-| | **InfluxDB** | Time series database for metrics | `4008` | โ
HTTP Check | ๐ข Active |
-| | **Grafana** | Analytics and visualization platform | `4009` | โ
HTTP Check | ๐ข Active |
-| | **Draw.io** | Web-based diagramming application | `4010` | โ
HTTP Check | ๐ข Active |
-| | **Kroki** | Diagrams as a service | `4011` | โ
HTTP Check | ๐ข Active |
-
----
-
-## ๐ Service Access
-
-### ๐ Homepage Dashboard
-```
-http://192.168.3.6:4000
-```
-- **Features**: Service discovery, system monitoring, quick links
-- **Auto-discovery**: All services automatically detected via Docker labels
-- **Widgets**: Resource monitoring, search, datetime
-
-
-
-### โฑ๏ธ Wakapi Time Tracking
-```
-http://192.168.3.6:4002
-```
-
-### ๐๏ธ ArchiveBox Web Archiving
-```
-http://192.168.3.6:4003
-```
-- **Features**: Save web pages, full-text search, tag organization
-- **Demo Mode**: Open access for testing web archiving
-- **Storage**: File-based archive with SQLite metadata
-
-
-
-### ๐ง MailHog Email Testing
-```
-http://192.168.3.6:4005
-```
-- **Features**: Web interface for email testing, SMTP capture
-- **SMTP Port**: 1025 for application testing
-- **Demo**: Open access for email development
-
-### ๐ก๏ธ Pi-hole DNS Management
-```
-http://192.168.3.6:4006/admin/index.php
-```
-- **Features**: DNS-based ad blocking and network monitoring
-- **Demo Credentials**: admin / demo_password
-- **DNS Ports**: 53 (TCP/UDP) for DNS resolution
-
-### ๐ Portainer Container Management
-```
-http://192.168.3.6:4007
-```
-- **Features**: Web-based Docker container management
-- **Demo Credentials**: admin / demo_password
-- **Capabilities**: Container lifecycle, image management, volumes
-
-### ๐ InfluxDB Time Series Database
-```
-http://192.168.3.6:4008
-```
-- **Features**: High-performance time series data storage
-- **Demo Credentials**: admin / demo_password
-- **Organization**: tsysdemo, Bucket: demo_metrics
-
-### ๐ Grafana Analytics Platform
-```
-http://192.168.3.6:4009
-```
-- **Features**: Analytics and visualization for time series data
-- **Demo Credentials**: admin / demo_password
-- **Data Source**: Pre-configured InfluxDB connection
-
-### ๐จ Draw.io Diagramming
-```
-http://192.168.3.6:4010
-```
-- **Features**: Web-based diagramming and flowchart creation
-- **Export Options**: PNG, SVG, PDF, and more
-- **Demo Mode**: No authentication required
-
-### ๐ Kroki Diagrams as a Service
-```
-http://192.168.3.6:4011
-```
-- **Features**: Convert text diagrams to images
-- **Supported Formats**: PlantUML, Mermaid, GraphViz, and more
-- **API**: RESTful interface for diagram generation
-
----
-
-## ๐ ๏ธ Configuration
-
-### ๐ Directory Structure
-
-```
-Support/
-โโโ docker-compose-simple.yml # Simplified orchestration file
-โโโ demo.env # Environment configuration file (rename from demo.env if needed)
-โโโ start-stack.sh # Startup script
-โโโ test-stack.sh # Test suite
-โโโ homepage/
-โ โโโ config/
-โ โโโ settings.yaml # Homepage configuration
-โ โโโ docker.yaml # Docker integration
-โ โโโ bookmarks.yaml # Quick links
-โโโ README.md # This file
-```
-
-### ๐งช Environment Configuration
-
-The stack uses the `demo.env` file for configuration. To customize settings:
-
-1. Review the default settings in `demo.env`
-2. Make changes as needed (especially PUID, PGID, and passwords)
-3. The startup scripts will use this file directly
-
-### ๐ Demo Credentials
-
-> โ ๏ธ **WARNING**: These are demo credentials only. Do not use in production!
-
-| Service | Username | Password | Database |
-|---------|----------|----------|----------|
-| PostgreSQL | `atuin` | `demo_password` | `atuin` |
-| Pi-hole | `admin` | `demo_password` | - |
-| Portainer | `admin` | `demo_password` | - |
-| InfluxDB | `admin` | `demo_password` | tsysdemo/demo_metrics |
-| Grafana | `admin` | `demo_password` | - |
-| Wakapi | - | - | SQLite |
-| ArchiveBox | - | - | SQLite |
-| Draw.io | - | - | - |
-| Kroki | - | - | - |
-
----
-
-## ๐ Health Checks
-
-All services include comprehensive health checks:
-
-### ๐ Check Service Status
-```bash
-# View all services and their health
-docker-compose ps
-
-# Check logs for any service
-docker-compose logs
-
-# Monitor health in real-time
-watch docker-compose ps
-```
-
-### ๐ฉบ Health Check Details
-
-| Service | Check Type | Interval | Timeout | Retries |
-|---------|------------|----------|---------|---------|
-| Homepage | HTTP GET `/` | 30s | 10s | 3 |
-| Wakapi | HTTP GET `/` | 30s | 10s | 3 |
-| ArchiveBox | HTTP GET `/` | 30s | 10s | 3 |
-| MailHog | HTTP GET `/` | 30s | 10s | 3 |
-| Pi-hole | HTTP GET `/admin/index.php` | 30s | 10s | 3 |
-| Portainer | HTTP GET `/` | 30s | 10s | 3 |
-| InfluxDB | HTTP GET `/ping` | 30s | 10s | 3 |
-| Grafana | HTTP GET `/api/health` | 30s | 10s | 3 |
-| Draw.io | HTTP GET `/` | 30s | 10s | 3 |
-| Kroki | HTTP GET `/health` | 30s | 10s | 3 |
-| Docker Socket Proxy | HTTP GET `/` | 30s | 10s | 3 |
-| PostgreSQL | `pg_isready` | 30s | 10s | 3 |
-
----
-
-## ๐ Development
-
-### ๐ง Customization
-
-#### Adding New Services
-1. Add service to `docker-compose.yml`
-2. Add Homepage labels for auto-discovery
-3. Update `homepage/config/docker.yaml`
-4. Include health checks
-
-#### Modifying Homepage
-Edit files in `homepage/config/`:
-- `settings.yaml` - Main configuration
-- `docker.yaml` - Container monitoring
-- `bookmarks.yaml` - Quick links
-
-### ๐ Common Commands
+### โ
Manual Validation Commands
```bash
-# Start all services
-docker compose -f docker-compose-simple.yml up -d
+# ๐ Check service status with dynamic naming
+docker compose ps
-# Stop all services
-docker compose -f docker-compose-simple.yml down
+# ๐ View service logs
+docker compose logs {service-name}
-# View logs
-docker compose -f docker-compose-simple.yml logs -f
+# ๐ Test individual endpoints with variables
+curl -f http://localhost:${HOMEPAGE_PORT}/
+curl -f http://localhost:${INFLUXDB_PORT}/ping
+curl -f http://localhost:${GRAFANA_PORT}/api/health
-# Rebuild services
-docker compose -f docker-compose-simple.yml up -d --build
-
-# Clean up volumes (โ ๏ธ destroys data)
-docker compose -f docker-compose-simple.yml down -v
+# ๐ Validate user permissions
+ls -la /var/lib/docker/volumes/${COMPOSE_PROJECT_NAME}_*/
```
---
-## ๐จ Important Notes
+## ๐ Troubleshooting
-### โ ๏ธ Demo Environment
+### ๐จ Common Issues
-- **Purpose**: Demonstration and testing only
-- **Data Persistence**: None! All data is stored in ephemeral Docker volumes that are destroyed when the stack is removed
-- **Security**: Hardcoded credentials, no encryption, bind mounts removed for security
-- **Network**: All services exposed to localhost only
+#### Services not starting
+```bash
+# ๐ง Check Docker daemon
+docker info
-### ๐ Production Considerations
+# ๐ Check network
+docker network ls | grep tsysdevstack_supportstack
-For production deployment, consider:
-- ๐ Secure credential management
-- ๐ HTTPS/TLS encryption
-- ๐ก๏ธ Network isolation
-- ๐พ Persistent storage solutions
-- ๐ Monitoring and alerting
-- ๐ High availability
-- ๐๏ธ Backup strategies for important data
+# ๐ Recreate network
+docker network create tsysdevstack_supportstack
+```
-### ๐ Troubleshooting
+#### Port conflicts
+```bash
+# ๐ Check port usage
+netstat -tulpn | grep :400
-| Issue | Solution |
-|-------|----------|
-| Services not starting | Check Docker daemon, verify ports |
-| Health checks failing | Review logs, check resource availability |
-| Cannot access services | Verify firewall, check port binding |
-| Data not persisting | Ensure volumes are properly mounted |
+# ๐๏ธ Kill conflicting processes
+sudo fuser -k {port}/tcp
+```
+
+#### Health check failures
+```bash
+# ๐ Check individual service health
+docker compose exec {service} curl -f http://localhost:{internal-port}/health
+
+# ๐ Restart specific service
+docker compose restart {service}
+```
+
+### ๐ ๏ธ Service-Specific Issues
+
+| Issue | Service | Solution |
+|-------|---------|----------|
+| **DNS issues** | Pi-hole | Ensure Docker DNS settings allow custom DNS servers
Check that port 53 is available on the host |
+| **Database connection** | Grafana-InfluxDB | Verify both services are on the same network
Check database connectivity: `curl http://localhost:4008/ping` |
+| **Container access** | Portainer | Ensure container socket is properly mounted
Check Container Socket Proxy service if used |
+
+---
+
+## ๐ Data Management
+
+### ๐ญ Demo Mode Configuration
+
+> ๐ก **No persistent data storage** - All data resets on container restart
+
+| Feature | Configuration |
+|---------|---------------|
+| **Data Persistence** | โ Disabled (demo mode) |
+| **Storage Type** | Docker volumes (temporary) |
+| **Data Reset** | โ
Automatic on restart |
+| **Credentials** | ๐ Hardcoded demo only |
+
+### ๐๏ธ Volume Management
+
+```bash
+# ๐ List volumes
+docker volume ls | grep tsysdevstack
+
+# ๐๏ธ Clean up all data
+docker compose down -v
+```
+
+---
+
+## ๐ Updates & Maintenance
+
+### ๐ฆ Image Updates
+
+
+
+```bash
+# ๐ Pull latest images
+docker compose pull
+
+# ๐ Recreate with new images
+docker compose up -d --force-recreate
+```
+
+
+
+### โ๏ธ Configuration Changes
+
+1. **Edit** `docker-compose.yml`
+2. **Apply** changes: `docker compose up -d`
+3. **Verify** with `docker compose ps`
+4. **Test** functionality
+
+---
+
+## ๐ Documentation
+
+| Document | Purpose | Link |
+|----------|---------|------|
+| **๐ Product Requirements** | Business requirements and specifications | [PRD.md](PRD.md) |
+| **๐ค Development Guidelines** | Development principles and standards | [AGENTS.md](AGENTS.md) |
+| **๐ Service Documentation** | Individual service guides | Service web interfaces |
+
+---
+
+## ๐จ Security Notes
+
+> โ ๏ธ **Demo Configuration Only - Production Use Prohibited**
+
+### ๐ Demo Security Model
+- ๐ **Demo Credentials**: Hardcoded for demonstration only
+- ๐ซ **No Hardening**: No encryption or security features
+- ๐ **Network Isolation**: Do not expose to external networks
+- ๐ **Ephemeral Data**: All data resets on container restart
+- ๐ก **Docker Socket Proxy**: Mandatory for all container operations
+
+### ๐ก๏ธ Security Requirements
+- **Dynamic User Detection**: Prevents root file ownership issues
+- **Docker Group Access**: Required for socket proxy functionality
+- **Volume-First Storage**: Docker volumes preferred over bind mounts
+- **Read-Only Host Access**: Minimal host filesystem interaction
+- **Network Segregation**: Services isolated in demo network
+
+### โ ๏ธ Production Migration Warning
+- Reset all credentials before production deployment
+- Implement persistent data storage
+- Add encryption and security hardening
+- Configure proper backup and recovery
+- Set up monitoring and alerting
---
## ๐ Support
-For issues and questions:
+### ๐ Getting Help
-1. Check service logs: `docker-compose logs `
-2. Verify health status: `docker-compose ps`
-3. Review configuration files
-4. Check port availability
+1. **๐ Check** troubleshooting section above
+2. **๐ Review** service logs: `docker compose logs`
+3. **๐ Consult** individual service documentation
+4. **๐ Check** health status: `docker compose ps`
+
+### ๐ Issue Reporting
+
+When reporting issues, please include:
+- ๐ Full error messages
+- ๐ป System information
+- ๐ Reproduction steps
+- โ๏ธ Configuration snippets
+- ๐ญ Demo vs production context
---
-**๐ Happy Developing! ๐**
+**๐ Happy Developing!**
-*Built with โค๏ธ for the TSYS Development Team*
-
----
-
-[](https://github.com/your-org/TSYSDevStack)
+*Last updated: 2025-11-13*
\ No newline at end of file
diff --git a/SupportStack/demo/config/homepage/docker.yaml b/SupportStack/demo/config/homepage/docker.yaml
new file mode 100644
index 0000000..2d7477f
--- /dev/null
+++ b/SupportStack/demo/config/homepage/docker.yaml
@@ -0,0 +1,10 @@
+---
+# Docker service discovery for Homepage
+# Using docker socket for service discovery
+
+docker:
+ socket: /var/run/docker.sock
+ # Filter to only show services with homepage labels
+ filter:
+ include:
+ - "homepage.*"
\ No newline at end of file
diff --git a/SupportStack/demo/demo-stack.sh b/SupportStack/demo/demo-stack.sh
new file mode 100755
index 0000000..6084943
--- /dev/null
+++ b/SupportStack/demo/demo-stack.sh
@@ -0,0 +1,160 @@
+#!/bin/bash
+
+# =============================================================================
+# TSYS Developer Support Stack - Demo Deployment Script
+# =============================================================================
+#
+# This script dynamically detects user environment and deploys the demo stack
+# with proper permissions, naming conventions, and security settings.
+#
+# Usage: ./demo-stack.sh [deploy|stop|restart|status]
+# =============================================================================
+
+set -euo pipefail
+
+# =============================================================================
+# CONFIGURATION
+# =============================================================================
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Script directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+# =============================================================================
+# DYNAMIC DETECTION
+# =============================================================================
+
+echo -e "${BLUE}๐ Detecting environment...${NC}"
+
+# Load environment variables
+# shellcheck source=demo.env
+if [[ -f "demo.env" ]]; then
+ set -a
+ source demo.env
+ set +a
+ echo -e "${GREEN}โ
Loaded demo.env${NC}"
+else
+ echo -e "${RED}โ demo.env not found!${NC}"
+ exit 1
+fi
+
+# Dynamic user and group detection
+APP_UID=$(id -u)
+export APP_UID
+APP_GID=$(id -g)
+export APP_GID
+DOCKER_GID=$(getent group docker 2>/dev/null | cut -d: -f3 || echo "972")
+export DOCKER_GID
+
+echo -e "${GREEN}๐ค User ID: ${APP_UID}${NC}"
+echo -e "${GREEN}๐ฅ Group ID: ${APP_GID}${NC}"
+echo -e "${GREEN}๐ณ Docker Group ID: ${DOCKER_GID}${NC}"
+
+# Validate docker group access
+if ! groups | grep -q docker; then
+ echo -e "${YELLOW}โ ๏ธ Warning: User not in docker group${NC}"
+ echo -e "${YELLOW} Docker socket proxy may not work correctly${NC}"
+fi
+
+# =============================================================================
+# FUNCTIONS
+# =============================================================================
+
+deploy_stack() {
+ echo -e "${BLUE}๐ Deploying TSYS Developer Support Stack Demo...${NC}"
+
+ # Generate docker-compose.yml from template
+ if [[ -f "docker-compose.yml.template" ]]; then
+ echo -e "${BLUE}๐ Generating docker-compose.yml...${NC}"
+ envsubst < docker-compose.yml.template > docker-compose.yml
+ echo -e "${GREEN}โ
docker-compose.yml generated${NC}"
+ else
+ echo -e "${RED}โ docker-compose.yml.template not found!${NC}"
+ exit 1
+ fi
+
+ # Network will be created by docker compose
+ echo -e "${BLUE}๐ Docker network will be created by compose...${NC}"
+
+ # Deploy services
+ echo -e "${BLUE}๐ณ Starting services...${NC}"
+ docker compose up -d
+
+ echo -e "${GREEN}โ
Stack deployed successfully!${NC}"
+ echo -e "${BLUE}๐ Access Homepage at: http://localhost:${HOMEPAGE_PORT}${NC}"
+}
+
+stop_stack() {
+ echo -e "${YELLOW}๐ Stopping TSYS Developer Support Stack Demo...${NC}"
+ docker compose down
+ echo -e "${GREEN}โ
Stack stopped${NC}"
+}
+
+restart_stack() {
+ echo -e "${BLUE}๐ Restarting TSYS Developer Support Stack Demo...${NC}"
+ stop_stack
+ sleep 2
+ deploy_stack
+}
+
+show_status() {
+ echo -e "${BLUE}๐ Stack Status:${NC}"
+ docker compose ps
+
+ echo -e "${BLUE}๐ Service URLs:${NC}"
+ echo -e "${GREEN} Homepage: http://localhost:${HOMEPAGE_PORT}${NC}"
+ echo -e "${GREEN} Atomic Tracker: http://localhost:${ATOMIC_TRACKER_PORT}${NC}"
+ echo -e "${GREEN} Grafana: http://localhost:${GRAFANA_PORT}${NC}"
+ echo -e "${GREEN} Portainer: http://localhost:${PORTAINER_PORT}${NC}"
+}
+
+show_help() {
+ echo -e "${BLUE}TSYS Developer Support Stack - Demo Deployment${NC}"
+ echo ""
+ echo -e "${YELLOW}Usage:${NC} $0 [command]"
+ echo ""
+ echo -e "${YELLOW}Commands:${NC}"
+ echo -e " ${GREEN}deploy${NC} Deploy the demo stack"
+ echo -e " ${GREEN}stop${NC} Stop all services"
+ echo -e " ${GREEN}restart${NC} Restart all services"
+ echo -e " ${GREEN}status${NC} Show service status and URLs"
+ echo -e " ${GREEN}help${NC} Show this help message"
+ echo ""
+ echo -e "${YELLOW}Examples:${NC}"
+ echo -e " $0 deploy"
+ echo -e " $0 status"
+}
+
+# =============================================================================
+# MAIN EXECUTION
+# =============================================================================
+
+case "${1:-help}" in
+ deploy)
+ deploy_stack
+ ;;
+ stop)
+ stop_stack
+ ;;
+ restart)
+ restart_stack
+ ;;
+ status)
+ show_status
+ ;;
+ help|--help|-h)
+ show_help
+ ;;
+ *)
+ echo -e "${RED}โ Unknown command: $1${NC}"
+ show_help
+ exit 1
+ ;;
+esac
\ No newline at end of file
diff --git a/SupportStack/demo/demo-test.sh b/SupportStack/demo/demo-test.sh
new file mode 100755
index 0000000..f5a348d
--- /dev/null
+++ b/SupportStack/demo/demo-test.sh
@@ -0,0 +1,653 @@
+#!/bin/bash
+
+# =============================================================================
+# TSYS Developer Support Stack - Demo Testing & Validation Script
+# =============================================================================
+#
+# This script performs comprehensive QA, security compliance, and validation
+# of demo stack deployment using Docker containers only.
+#
+# Usage: ./demo-test.sh [full|security|permissions|network|health]
+# =============================================================================
+
+set -euo pipefail
+
+# =============================================================================
+# CONFIGURATION
+# =============================================================================
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Script directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+# Test counters
+TOTAL_TESTS=0
+PASSED_TESTS=0
+FAILED_TESTS=0
+
+# =============================================================================
+# UTILITY FUNCTIONS
+# =============================================================================
+
+print_header() {
+ echo -e "\n${BLUE}============================================================================${NC}"
+ echo -e "${BLUE}$1${NC}"
+ echo -e "${BLUE}============================================================================${NC}"
+}
+
+print_success() {
+ echo -e "${GREEN}โ
$1${NC}"
+ ((PASSED_TESTS++))
+}
+
+print_error() {
+ echo -e "${RED}โ $1${NC}"
+ ((FAILED_TESTS++))
+}
+
+print_warning() {
+ echo -e "${YELLOW}โ ๏ธ $1${NC}"
+}
+
+print_info() {
+ echo -e "${BLUE}โน๏ธ $1${NC}"
+}
+
+test_result() {
+ local condition="$1"
+ local description="$2"
+
+ ((TOTAL_TESTS++))
+
+ if eval "$condition"; then
+ print_success "$description"
+ else
+ print_error "$description"
+ fi
+}
+
+# =============================================================================
+# DOCKER-BASED QA FUNCTIONS
+# =============================================================================
+
+run_shellcheck() {
+ print_header "๐ SHELLCHECK VALIDATION"
+
+ local shellcheck_failed=0
+
+ for script in demo-stack.sh demo-test.sh; do
+ if [[ -f "$script" ]]; then
+ print_info "Checking $script with ShellCheck..."
+
+ if docker run --rm \
+ -v "$(pwd):/workdir" \
+ -w /workdir \
+ koalaman/shellcheck:stable \
+ --severity=warning \
+ "$script"; then
+ print_success "$script passed ShellCheck validation"
+ else
+ print_error "$script failed ShellCheck validation"
+ shellcheck_failed=1
+ fi
+ else
+ print_warning "$script not found"
+ fi
+ done
+
+ return $shellcheck_failed
+}
+
+run_yamllint() {
+ print_header "๐ YAML VALIDATION"
+
+ local yamllint_failed=0
+
+ if [[ -f "docker-compose.yml.template" ]]; then
+ print_info "Checking docker-compose.yml.template with YAMLLint..."
+
+ # Create a minimal yamllint config
+ cat > .yamllint.yml << 'EOF'
+---
+extends: default
+rules:
+ line-length:
+ max: 120
+ comments:
+ min-spaces-from-content: 1
+EOF
+
+ if docker run --rm \
+ -v "$(pwd):/workdir" \
+ -w /workdir \
+ cytopia/yamllint:latest \
+ -c .yamllint.yml \
+ docker-compose.yml.template; then
+ print_success "YAML files passed YAMLLint validation"
+ else
+ print_error "YAML files failed YAMLLint validation"
+ yamllint_failed=1
+ fi
+
+ # Clean up config
+ rm -f .yamllint.yml
+ else
+ print_warning "docker-compose.yml.template not found"
+ yamllint_failed=1
+ fi
+
+ return $yamllint_failed
+}
+
+run_proselint() {
+ print_header "๐ PROSELINT VALIDATION"
+
+ local proselint_failed=0
+
+ for doc_file in PRD.md README.md AGENTS.md; do
+ if [[ -f "$doc_file" ]]; then
+ print_info "Checking $doc_file with Proselint..."
+
+ # Create temporary proselint config to ignore false positives
+ cat > .proselint-config.json << 'EOF'
+{
+ "flags": [
+ "typography.symbols.curly_quotes",
+ "leonard.exclamation.30ppm"
+ ]
+}
+EOF
+
+ proselint_output=$(docker run --rm \
+ -v "$(pwd):/workdir" \
+ -w /workdir \
+ ghcr.io/pycqa/proselint:latest \
+ --config .proselint-config.json \
+ "$doc_file" 2>/dev/null || true)
+
+ # Clean up config
+ rm -f .proselint-config.json
+
+ if [[ -z "$proselint_output" ]]; then
+ print_success "$doc_file passed Proselint validation"
+ else
+ print_warning "$doc_file has prose issues:"
+ echo "$proselint_output" | head -10
+ proselint_failed=1
+ fi
+ else
+ print_warning "$doc_file not found"
+ fi
+ done
+
+ return $proselint_failed
+}
+
+run_vale() {
+ print_header "๐ VALE VALIDATION"
+
+ local vale_failed=0
+
+ # Create Vale config
+ cat > .vale.ini << EOF
+[*.md]
+BasedOnStyles = Vale
+Vocab = TSYS
+
+[TSYS]
+Terms = TSYS, Docker, Kubernetes, demo
+IgnoreCase = true
+EOF
+
+ for doc_file in PRD.md README.md AGENTS.md; do
+ if [[ -f "$doc_file" ]]; then
+ print_info "Checking $doc_file with Vale..."
+
+ vale_output=$(docker run --rm \
+ -v "$(pwd):/workdir" \
+ -w /workdir \
+ jdkato/vale:latest \
+ --minAlertLevel=error \
+ --config=.vale.ini \
+ "$doc_file" 2>/dev/null || true)
+
+ if [[ -z "$vale_output" ]]; then
+ print_success "$doc_file passed Vale validation"
+ else
+ print_warning "$doc_file has Vale issues:"
+ echo "$vale_output" | head -10
+ vale_failed=1
+ fi
+ else
+ print_warning "$doc_file not found"
+ fi
+ done
+
+ # Clean up config
+ rm -f .vale.ini
+
+ return $vale_failed
+}
+
+run_hadolint() {
+ print_header "๐ณ DOCKERFILE VALIDATION"
+
+ local hadolint_failed=0
+
+ # Check if we have any Dockerfiles (exclude toolchain files)
+ while IFS= read -r -d '' dockerfile; do
+ print_info "Checking $dockerfile with Hadolint..."
+
+ if docker run --rm \
+ -v "$(pwd):/workdir" \
+ -w /workdir \
+ hadolint/hadolint:latest-alpine \
+ "$dockerfile"; then
+ print_success "$dockerfile passed Hadolint validation"
+ else
+ print_error "$dockerfile failed Hadolint validation"
+ hadolint_failed=1
+ fi
+ done < <(find . -name "Dockerfile*" -type f ! -name "Dockerfile.*" -print0 2>/dev/null)
+
+ if ! find . -name "Dockerfile*" -type f ! -name "Dockerfile.*" -print0 2>/dev/null | grep -qz .; then
+ print_info "No Dockerfiles found to validate"
+ fi
+
+ return $hadolint_failed
+}
+
+check_image_versions() {
+ print_header "๐ท๏ธ IMAGE VERSION VALIDATION"
+
+ local version_failed=0
+
+ print_info "Checking for 'latest' tags in docker-compose.yml.template..."
+
+ if grep -q ":latest" docker-compose.yml.template; then
+ print_error "Found 'latest' tags in docker-compose.yml.template:"
+ grep -n ":latest" docker-compose.yml.template
+ version_failed=1
+ else
+ print_success "No 'latest' tags found in docker-compose.yml.template"
+ fi
+
+ return $version_failed
+}
+
+check_file_permissions() {
+ print_header "๐ FILE PERMISSIONS VALIDATION"
+
+ local permission_failed=0
+
+ # Check script permissions
+ if [[ -f "demo-stack.sh" ]]; then
+ if [[ -x "demo-stack.sh" ]]; then
+ print_success "demo-stack.sh is executable"
+ else
+ print_error "demo-stack.sh is not executable"
+ permission_failed=1
+ fi
+ fi
+
+ if [[ -f "demo-test.sh" ]]; then
+ if [[ -x "demo-test.sh" ]]; then
+ print_success "demo-test.sh is executable"
+ else
+ print_error "demo-test.sh is not executable"
+ permission_failed=1
+ fi
+ fi
+
+ # Check for world-writable files
+ local world_writable
+ world_writable=$(find . -type f -perm -002 2>/dev/null | wc -l)
+ if [[ "$world_writable" -eq 0 ]]; then
+ print_success "No world-writable files found"
+ else
+ print_error "Found $world_writable world-writable files"
+ permission_failed=1
+ fi
+
+ return $permission_failed
+}
+
+validate_environment() {
+ print_header "๐ ENVIRONMENT VALIDATION"
+
+ local env_failed=0
+
+ # Load environment variables
+ # shellcheck source=demo.env
+ if [[ -f "demo.env" ]]; then
+ set -a
+ source demo.env
+ set +a
+ fi
+
+ # Check if demo.env exists
+ if [[ -f "demo.env" ]]; then
+ print_success "demo.env exists"
+ else
+ print_error "demo.env not found"
+ env_failed=1
+ fi
+
+ # Check if docker-compose.yml.template exists
+ if [[ -f "docker-compose.yml.template" ]]; then
+ print_success "docker-compose.yml.template exists"
+ else
+ print_error "docker-compose.yml.template not found"
+ env_failed=1
+ fi
+
+ # Check if required scripts exist
+ for script in demo-stack.sh demo-test.sh; do
+ if [[ -f "$script" ]]; then
+ print_success "$script exists"
+ else
+ print_error "$script not found"
+ env_failed=1
+ fi
+ done
+
+ return $env_failed
+}
+
+# =============================================================================
+# SECURITY VALIDATION FUNCTIONS
+# =============================================================================
+
+validate_user_mapping() {
+ print_header "๐ค USER MAPPING VALIDATION"
+
+ # Get current user info
+ current_uid=$(id -u)
+ local current_uid
+ current_gid=$(id -g)
+ local current_gid
+ current_user=$(id -un)
+ local current_user
+
+ print_info "Current user: $current_user (UID: $current_uid, GID: $current_gid)"
+
+ # Check for root-owned files in project directory
+ root_files=$(find . -user root 2>/dev/null | wc -l)
+ local root_files
+ test_result "[[ $root_files -eq 0 ]]" "No root-owned files in project directory"
+
+ # Verify demo scripts use current user
+ if [[ -f "demo-stack.sh" ]]; then
+ test_result "[[ -r \"demo-stack.sh\" ]]" "demo-stack.sh readable by current user"
+ fi
+
+ # Check docker group access
+ user_groups=$(id -Gn 2>/dev/null | tr ' ' '\n' | grep -E '^docker$' || echo "")
+ local user_groups
+
+ test_result "[[ -n \"$user_groups\" ]]" "Current user in docker group"
+}
+
+validate_docker_socket_security() {
+ print_header "๐ DOCKER SOCKET SECURITY VALIDATION"
+
+ # Check if docker-socket-proxy is running
+ proxy_running=$(docker compose ps -q docker-socket-proxy 2>/dev/null)
+ local proxy_running
+ test_result "[[ -n \"$proxy_running\" ]]" "Docker socket proxy running"
+
+ if [[ -n "$proxy_running" ]]; then
+ # Check if proxy container has proper restrictions
+ proxy_container="${COMPOSE_PROJECT_NAME}-docker-socket-proxy"
+ test_result=$(docker exec "$proxy_container" curl -s -o /dev/null -w "%{http_code}" http://localhost:2375/containers/json 2>/dev/null || echo "000")
+ local test_result
+ test_result "[[ \"$test_result\" == \"403\" ]]" "Docker socket proxy security restrictions"
+
+ # Check if any service has direct docker socket access
+ exposed_socket=$(docker compose ps --format "{{.Ports}}" portainer 2>/dev/null | grep -o "/var/run/docker.sock" || echo "")
+ local exposed_socket
+ test_result "[[ -z \"$exposed_socket\" ]]" "Docker socket not directly exposed"
+ fi
+}
+
+validate_network_isolation() {
+ print_header "๐ NETWORK ISOLATION VALIDATION"
+
+ # Check if demo network exists
+ network_exists=$(docker network ls -q -f name="${COMPOSE_NETWORK_NAME}" 2>/dev/null)
+ local network_exists
+ test_result "[[ -n \"$network_exists\" ]]" "Demo network exists"
+
+ if [[ -n "$network_exists" ]]; then
+ # Check network driver
+ network_driver=$(docker network inspect "${COMPOSE_NETWORK_NAME}" -f '{{.Driver}}' 2>/dev/null)
+ local network_driver
+ test_result "[[ \"$network_driver\" == \"bridge\" ]]" "Network isolation (bridge driver)"
+ fi
+}
+
+# =============================================================================
+# HEALTH CHECK FUNCTIONS
+# =============================================================================
+
+check_service_health() {
+ local service_name="$1"
+ local url="$2"
+
+ print_info "Checking $service_name health..."
+
+ http_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$url" 2>/dev/null || echo "000")
+ local http_code
+
+ if [[ "$http_code" =~ ^[23] ]]; then
+ print_success "$service_name is healthy (HTTP $http_code)"
+ return 0
+ else
+ print_error "$service_name is unhealthy (HTTP $http_code)"
+ return 1
+ fi
+}
+
+validate_service_health() {
+ print_header "๐ฅ SERVICE HEALTH VALIDATION"
+
+ local health_failed=0
+
+ # Load environment variables
+ # shellcheck source=demo.env
+ if [[ -f "demo.env" ]]; then
+ set -a
+ source demo.env
+ set +a
+ fi
+
+ # Check core services
+ if check_service_health "Homepage" "http://localhost:${HOMEPAGE_PORT}/"; then
+ : # Homepage is healthy
+ else
+ health_failed=1
+ fi
+
+ # Check other services if ports are defined
+ if [[ -n "${GRAFANA_PORT:-}" ]]; then
+ check_service_health "Grafana" "http://localhost:${GRAFANA_PORT}/" || health_failed=1
+ fi
+
+ if [[ -n "${PORTAINER_PORT:-}" ]]; then
+ check_service_health "Portainer" "http://localhost:${PORTAINER_PORT}/" || health_failed=1
+ fi
+
+ return $health_failed
+}
+
+# =============================================================================
+# DEMO CONFIGURATION VALIDATION
+# =============================================================================
+
+validate_demo_configuration() {
+ print_header "๐ฏ DEMO CONFIGURATION VALIDATION"
+
+ # Load environment variables
+ # shellcheck source=demo.env
+ if [[ -f "demo.env" ]]; then
+ set -a
+ source demo.env
+ set +a
+ fi
+
+ # Check demo credentials
+ test_result "[[ \"$GRAFANA_ADMIN_PASSWORD\" == \"demo_password\" ]]" "Grafana demo credentials"
+ test_result "[[ \"$ATOMIC_TRACKER_USE_DUMMY_DATA\" == \"1\" ]]" "Atomic Tracker demo configuration"
+
+ # Check project naming
+ test_result "[[ \"$COMPOSE_PROJECT_NAME\" == \"tsysdevstack-supportstack-demo\" ]]" "Project naming convention"
+
+ # Check port ranges
+ if [[ -n "${HOMEPAGE_PORT:-}" ]]; then
+ test_result "[[ $HOMEPAGE_PORT -ge 4000 && $HOMEPAGE_PORT -le 4099 ]]" "Homepage port in allowed range (4000-4099)"
+ fi
+}
+
+# =============================================================================
+# PERFORMANCE VALIDATION
+# =============================================================================
+
+validate_performance() {
+ print_header "๐ PERFORMANCE VALIDATION"
+
+ # Check resource usage
+ print_info "Checking resource usage..."
+
+ # Get memory usage
+ memory_usage=$(docker stats --no-stream --format "table {{.Container}}\t{{.MemUsage}}" 2>/dev/null | grep -E "(homepage|pihole|portainer|influxdb|grafana)" | awk '{sum+=$2} END {print sum}' || echo "0")
+ local memory_usage
+
+ # Get container count
+ container_count=$(docker compose ps -q 2>/dev/null | wc -l)
+ local container_count
+
+ print_info "Memory usage: ${memory_usage}B"
+ print_info "Container count: $container_count"
+
+ # Performance thresholds
+ test_result "[[ $container_count -le 10 ]]" "Container count within limits (โค10)"
+ test_result "[[ ${memory_usage%.*} -le 1048576 ]]" "Memory usage within limits (โค1GB)"
+}
+
+# =============================================================================
+# MAIN EXECUTION
+# =============================================================================
+
+show_usage() {
+ echo "Usage: $0 [full|security|permissions|network|health|qa]"
+ echo ""
+ echo "Options:"
+ echo " full - Run all validations"
+ echo " security - Security validation only"
+ echo " permissions- File permissions validation only"
+ echo " network - Network isolation validation only"
+ echo " health - Service health checks only"
+ echo " qa - QA tools validation only"
+ echo ""
+ echo "Examples:"
+ echo " $0 full # Run complete validation"
+ echo " $0 security # Security checks only"
+ echo " $0 qa # QA tools only"
+}
+
+run_qa_validation() {
+ print_header "๐ COMPREHENSIVE QA VALIDATION"
+ print_info "Running all QA checks using Docker containers only..."
+
+ local overall_failed=0
+
+ # Run all QA validations
+ validate_environment || overall_failed=1
+ run_shellcheck || overall_failed=1
+ run_yamllint || overall_failed=1
+ run_proselint || overall_failed=1
+ run_vale || overall_failed=1
+ run_hadolint || overall_failed=1
+ check_image_versions || overall_failed=1
+ check_file_permissions || overall_failed=1
+
+ # Final result
+ print_header "๐ QA SUMMARY"
+
+ if [[ $overall_failed -eq 0 ]]; then
+ print_success "All QA checks passed! โจ"
+ echo -e "\n${GREEN}The project is ready for deployment.${NC}"
+ else
+ print_error "Some QA checks failed. Please fix issues above."
+ echo -e "\n${RED}The project is not ready for deployment.${NC}"
+ fi
+
+ return $overall_failed
+}
+
+main() {
+ case "${1:-full}" in
+ "full")
+ print_header "๐ COMPREHENSIVE DEMO STACK VALIDATION"
+ validate_environment
+ run_qa_validation
+ validate_user_mapping
+ validate_docker_socket_security
+ validate_network_isolation
+ validate_service_health
+ validate_demo_configuration
+ validate_performance
+
+ print_header "๐ FINAL SUMMARY"
+ echo -e "${BLUE}Total Tests:${NC} $TOTAL_TESTS"
+ echo -e "${GREEN}Passed:${NC} $PASSED_TESTS"
+ echo -e "${RED}Failed:${NC} $FAILED_TESTS"
+
+ if [[ $FAILED_TESTS -eq 0 ]]; then
+ echo -e "\n${GREEN}๐ All validations passed! The demo stack is ready.${NC}"
+ exit 0
+ else
+ echo -e "\n${RED}โ Some validations failed. Please review the issues above.${NC}"
+ exit 1
+ fi
+ ;;
+ "security")
+ validate_user_mapping
+ validate_docker_socket_security
+ validate_network_isolation
+ ;;
+ "permissions")
+ validate_user_mapping
+ check_file_permissions
+ ;;
+ "network")
+ validate_network_isolation
+ ;;
+ "health")
+ validate_service_health
+ ;;
+ "qa")
+ run_qa_validation
+ ;;
+ "help"|"-h"|"--help")
+ show_usage
+ exit 0
+ ;;
+ *)
+ echo -e "${RED}Error: Unknown option '$1'${NC}"
+ echo ""
+ show_usage
+ exit 1
+ ;;
+ esac
+}
+
+# Run main function with all arguments
+main "$@"
\ No newline at end of file
diff --git a/SupportStack/demo/demo.env b/SupportStack/demo/demo.env
index 0cbeeb8..ff83942 100644
--- a/SupportStack/demo/demo.env
+++ b/SupportStack/demo/demo.env
@@ -1,36 +1,159 @@
-# TSYS Developer Support Stack - Environment Configuration
-# Copy this file to .env and customize for your system
+# =============================================================================
+# TSYS Developer Support Stack - Demo Environment Variables
+# =============================================================================
+# This file contains all configuration variables for the demo stack
+# These values are used by demo-stack.sh and docker-compose.yml.template
+# =============================================================================
-# User/Group ID for container processes
-# Run 'id -u' and 'id -g' on your host to get correct values
-PUID=1000
-PGID=1000
+# =============================================================================
+# PROJECT CONFIGURATION
+# =============================================================================
-# Network Configuration
-HOST_IP=192.168.3.6
-NETWORK_SUBNET=192.168.3.0/24
+# Project naming - MUST use tsysdevstack-supportstack-demo prefix everywhere
+COMPOSE_PROJECT_NAME=tsysdevstack-supportstack-demo
+COMPOSE_NETWORK_NAME=tsysdevstack-supportstack-demo-network
-# Demo Environment Passwords
-# CHANGE THESE IN PRODUCTION!
-DEMO_PASSWORD=demo_password
+# =============================================================================
+# DYNAMIC USER DETECTION (auto-populated by demo-stack.sh)
+# =============================================================================
-# Service Ports
+# These will be automatically detected and set by demo-stack.sh
+# UID=1000
+# GID=1000
+# DOCKER_GID=972
+
+# =============================================================================
+# SERVICE PORT ASSIGNMENTS (4000-4099 range)
+# =============================================================================
+
+# Developer Tools
HOMEPAGE_PORT=4000
-ATUIN_PORT=4001
-WAKAPI_PORT=4002
-ARCHIVEBOX_PORT=4003
-MAILHOG_PORT=4005
+ATOMIC_TRACKER_PORT=4012
+
+# Archival & Content Management
+ARCHIVEBOX_PORT=4013
+TUBE_ARCHIVIST_PORT=4014
+
+# Infrastructure Services
PIHOLE_PORT=4006
PORTAINER_PORT=4007
+
+# Monitoring & Observability
INFLUXDB_PORT=4008
GRAFANA_PORT=4009
+
+# Documentation & Diagramming
DRAWIO_PORT=4010
KROKI_PORT=4011
-DOCKER_PROXY_PORT=2375
+
+# =============================================================================
+# DEMO CREDENTIALS (for demonstration purposes only)
+# =============================================================================
+
+# Grafana
+GRAFANA_ADMIN_USER=admin
+GRAFANA_ADMIN_PASSWORD=demo_password
+
+# Portainer
+PORTAINER_ADMIN_USER=admin
+PORTAINER_ADMIN_PASSWORD=demo_password
+
+# Pi-hole
+PIHOLE_WEBPASSWORD=demo_password
+
+# =============================================================================
+# SERVICE CONFIGURATION
+# =============================================================================
# Timezone
TZ=UTC
-# Feature Flags
-ENABLE_TELEMETRY=false
-ENABLE_DEBUG_LOGGING=false
\ No newline at end of file
+# InfluxDB Configuration
+INFLUXDB_USERNAME=demo_user
+INFLUXDB_PASSWORD=demo_password
+INFLUXDB_ORG=demo_org
+INFLUXDB_BUCKET=demo_bucket
+
+# Atomic Tracker Configuration
+ATOMIC_TRACKER_CONFIG_DIR=/config
+ATOMIC_TRACKER_LISTENING_PORT=8080
+ATOMIC_TRACKER_BYPASS_LOGIN=1
+ATOMIC_TRACKER_USE_DUMMY_DATA=1
+
+# ArchiveBox Configuration
+ARCHIVEBOX_DATA_DIR=/data
+
+# Tube Archivist Configuration
+TUBE_ARCHIVIST_MEDIA_DIR=/youtube
+TUBE_ARCHIVIST_CACHE_DIR=/cache
+TUBE_ARCHIVIST_ELASTICSEARCH_URL=http://elasticsearch:9200
+TUBE_ARCHIVIST_REDIS_URL=redis://redis:6379
+
+# Elasticsearch Configuration
+ELASTICSEARCH_DISCOVERY_TYPE=single-node
+ELASTICSEARCH_SECURITY_ENABLED=false
+ELASTICSEARCH_JAVA_OPTS="-Xms512m -Xmx512m"
+
+# Redis Configuration
+REDIS_DATA_DIR=/data
+
+# =============================================================================
+# DOCKER SOCKET PROXY CONFIGURATION
+# =============================================================================
+
+# Security permissions (0=disabled, 1=enabled)
+# Only essential permissions enabled for demo
+PROXY_CONTAINERS=1
+PROXY_POST=0
+PROXY_PUT=0
+PROXY_DELETE=0
+PROXY_BUILD=0
+PROXY_COMMIT=0
+PROXY_CONFIGS=0
+PROXY_EXEC=0
+PROXY_GRPC=0
+PROXY_IMAGES=0
+PROXY_INFO=0
+PROXY_NETWORKS=0
+PROXY_NODES=0
+PROXY_PLUGINS=0
+PROXY_SECRETS=0
+PROXY_SERVICES=0
+PROXY_SESSION=0
+PROXY_SWARM=0
+PROXY_SYSTEM=0
+PROXY_TASKS=0
+PROXY_VOLUMES=1
+
+# =============================================================================
+# SECURITY SETTINGS
+# =============================================================================
+
+# Docker group access (auto-detected by demo-stack.sh)
+# DOCKER_GID=972
+
+# =============================================================================
+# DEVELOPMENT SETTINGS
+# =============================================================================
+
+# Enable debug mode for troubleshooting
+DEBUG_MODE=false
+
+# Log level for services
+LOG_LEVEL=info
+
+# =============================================================================
+# PRODUCTION MIGRATION NOTES
+# =============================================================================
+#
+# โ ๏ธ DEMO CONFIGURATION ONLY - DO NOT USE IN PRODUCTION โ ๏ธ
+#
+# Before production deployment:
+# 1. Change all default passwords above
+# 2. Replace demo credentials with secure ones
+# 3. Enable persistent data storage
+# 4. Add encryption and security hardening
+# 5. Configure backup and recovery
+# 6. Set up monitoring and alerting
+# 7. Review and update all security settings
+# =============================================================================
\ No newline at end of file
diff --git a/SupportStack/demo/docker-compose.yml.template b/SupportStack/demo/docker-compose.yml.template
new file mode 100644
index 0000000..9df56ba
--- /dev/null
+++ b/SupportStack/demo/docker-compose.yml.template
@@ -0,0 +1,371 @@
+---
+# =============================================================================
+# This template uses environment variables for dynamic configuration
+# Generate docker-compose.yml with: envsubst < docker-compose.yml.template > docker-compose.yml
+# =============================================================================
+
+services:
+ # =============================================================================
+ # INFRASTRUCTURE SERVICES
+ # =============================================================================
+
+ homepage:
+ image: ghcr.io/gethomepage/homepage:v0.9.13
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-homepage"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_homepage_config:/app/config"
+ - "${COMPOSE_PROJECT_NAME}_homepage_images:/app/public/images"
+ ports:
+ - "${HOMEPAGE_PORT}:3000"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ - TZ=UTC
+ - ADMIN_USERNAME=admin
+ - ADMIN_PASSWORD=admin
+ labels:
+ com.docker.compose.project: "tsysdevstack-supportstack-demo"
+
+ docker-socket-proxy:
+ image: tecnativa/docker-socket-proxy:0.3.0
+ container_name: "${COMPOSE_PROJECT_NAME}-docker-socket-proxy"
+ group_add:
+ - "${DOCKER_GID}"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ environment:
+ - CONTAINERS=1
+ - POST=0
+ - PUT=0
+ - DELETE=0
+ - BUILD=0
+ - COMMIT=0
+ - CONFIGS=0
+ - EXEC=0
+ - IMAGES=1
+ - INFO=1
+ - NETWORKS=1
+ - PLUGINS=1
+ - SECRETS=0
+ - SERVICES=1
+ - SESSION=1
+ - SWARM=0
+ - SYSTEM=1
+ - TASKS=1
+ - VOLUMES=1
+ labels:
+ com.docker.compose.project: "tsysdevstack-supportstack-demo"
+
+ pihole:
+ image: pihole/pihole:2024.07.0
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-pihole"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_pihole_etc:/etc/pihole"
+ - "${COMPOSE_PROJECT_NAME}_pihole_dnsmasq:/etc/dnsmasq.d"
+ ports:
+ - "${PIHOLE_PORT}:80"
+ - "53:53/tcp"
+ - "53:53/udp"
+ - "67:67/udp"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ - TZ=UTC
+ - WEBPASSWORD=demo_password
+ - PIHOLE_DNS_=1.1.1.1;1.0.0.1;8.8.8.8
+ labels:
+ homepage.group: "Infrastructure"
+ homepage.name: "Pi-hole"
+ homepage.icon: "pihole.png"
+ homepage.href: "http://192.168.3.6:${PIHOLE_PORT}/admin"
+ homepage.description: "DNS-based ad blocking and network monitoring"
+
+ portainer:
+ image: portainer/portainer-ce:2.21.4
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-portainer"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_portainer_data:/data"
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ ports:
+ - "${PORTAINER_PORT}:9000"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ labels:
+ homepage.group: "Infrastructure"
+ homepage.name: "Portainer"
+ homepage.icon: "portainer.png"
+ homepage.href: "http://192.168.3.6:${PORTAINER_PORT}"
+ homepage.description: "Web-based Docker container management"
+
+ # =============================================================================
+ # MONITORING & OBSERVABILITY
+ # =============================================================================
+
+ influxdb:
+ image: influxdb:1.8.10
+ container_name: "${COMPOSE_PROJECT_NAME}-influxdb"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_influxdb_data:/var/lib/influxdb"
+ ports:
+ - "${INFLUXDB_PORT}:8086"
+ environment:
+ - DOCKER_INFLUXDB_INIT_MODE=setup
+ - DOCKER_INFLUXDB_INIT_USERNAME=demo_user
+ - DOCKER_INFLUXDB_INIT_PASSWORD=demo_password
+ - DOCKER_INFLUXDB_INIT_ORG=demo_org
+ - DOCKER_INFLUXDB_INIT_BUCKET=demo_bucket
+ - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=demo_token
+ labels:
+ homepage.group: "Monitoring"
+ homepage.name: "InfluxDB"
+ homepage.icon: "influxdb.png"
+ homepage.href: "http://192.168.3.6:${INFLUXDB_PORT}"
+ homepage.description: "Time series database for metrics"
+
+ grafana:
+ image: grafana/grafana:10.4.2
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-grafana"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_grafana_data:/var/lib/grafana"
+ ports:
+ - "${GRAFANA_PORT}:3000"
+ environment:
+ - GF_SECURITY_ADMIN_USER=admin
+ - GF_SECURITY_ADMIN_PASSWORD=demo_password
+ - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource
+ - GF_INSTALL_PLUGINS=grafana-influxdb-flux-datasource
+ labels:
+ homepage.group: "Monitoring"
+ homepage.name: "Grafana"
+ homepage.icon: "grafana.png"
+ homepage.href: "http://192.168.3.6:${GRAFANA_PORT}"
+ homepage.description: "Analytics and visualization platform"
+
+ # =============================================================================
+ # DOCUMENTATION & DIAGRAMMING
+ # =============================================================================
+
+ drawio:
+ image: jgraph/drawio:24.7.17
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-drawio"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ ports:
+ - "${DRAWIO_PORT}:8080"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ labels:
+ homepage.group: "Documentation"
+ homepage.name: "Draw.io"
+ homepage.icon: "drawio.png"
+ homepage.href: "http://192.168.3.6:${DRAWIO_PORT}"
+ homepage.description: "Web-based diagramming application"
+
+ kroki:
+ image: yuzutech/kroki:0.25.0
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-kroki"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ ports:
+ - "${KROKI_PORT}:8000"
+ environment:
+ - KROKI_SAFE_MODE=secure
+ healthcheck:
+ test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
+ interval: 30s
+ timeout: 10s
+ retries: 3
+ start_period: 40s
+ labels:
+ homepage.group: "Documentation"
+ homepage.name: "Kroki"
+ homepage.icon: "kroki.png"
+ homepage.href: "http://192.168.3.6:${KROKI_PORT}"
+ homepage.description: "Diagrams as a service"
+
+ # =============================================================================
+ # DEVELOPER TOOLS
+ # =============================================================================
+
+ atomic-tracker:
+ image: ghcr.io/majorpeter/atomic-tracker:v1.2.0
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-atomic-tracker"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_atomic_tracker_config:/config"
+ ports:
+ - "${ATOMIC_TRACKER_PORT}:8080"
+ environment:
+ - CONFIG_DIR=/config
+ - LISTENING_PORT=8080
+ - BYPASS_LOGIN=1
+ - USE_DUMMY_DATA=1
+ labels:
+ homepage.group: "Developer Tools"
+ homepage.name: "Atomic Tracker"
+ homepage.icon: "atomic-tracker.png"
+ homepage.href: "http://192.168.3.6:${ATOMIC_TRACKER_PORT}"
+ homepage.description: "Habit tracking and personal dashboard"
+
+ # =============================================================================
+ # ARCHIVAL & CONTENT MANAGEMENT
+ # =============================================================================
+
+ archivebox:
+ image: archivebox/archivebox:latest
+ container_name: "${COMPOSE_PROJECT_NAME}-archivebox"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_archivebox_data:/data"
+ ports:
+ - "${ARCHIVEBOX_PORT}:8000"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ - TZ=UTC
+ labels:
+ homepage.group: "Archival"
+ homepage.name: "ArchiveBox"
+ homepage.icon: "archivebox.png"
+ homepage.href: "http://192.168.3.6:${ARCHIVEBOX_PORT}"
+ homepage.description: "Self-hosted internet archiving solution"
+
+ tube-archivist:
+ image: bbilly1/tubearchivist:latest
+ container_name: "${COMPOSE_PROJECT_NAME}-tube-archivist"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_tube_archivist_media:/youtube"
+ - "${COMPOSE_PROJECT_NAME}_tube_archivist_data:/cache"
+ ports:
+ - "${TUBE_ARCHIVIST_PORT}:8000"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ - TZ=UTC
+ - ELASTICSEARCH_URL=http://elasticsearch:9200
+ - REDIS_URL=redis://redis:6379
+ - TA_USERNAME=tubearchivist
+ - TA_PASSWORD=tubearchivist
+ - TA_HOST=http://192.168.3.6:${TUBE_ARCHIVIST_PORT}
+ - ELASTIC_PASSWORD=changeme
+ depends_on:
+ - elasticsearch
+ - redis
+ labels:
+ homepage.group: "Archival"
+ homepage.name: "Tube Archivist"
+ homepage.icon: "tube-archivist.png"
+ homepage.href: "http://192.168.3.6:${TUBE_ARCHIVIST_PORT}"
+ homepage.description: "YouTube media archiving and management"
+
+ elasticsearch:
+ image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-elasticsearch"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_elasticsearch_data:/usr/share/elasticsearch/data"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ - discovery.type=single-node
+ - xpack.security.enabled=false
+ - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+ - ELASTIC_PASSWORD=changeme
+ labels:
+ com.docker.compose.project: "tsysdevstack-supportstack-demo"
+
+ redis:
+ image: redis:7.2-alpine
+ user: "${APP_UID}:${APP_GID}"
+ container_name: "${COMPOSE_PROJECT_NAME}-redis"
+ restart: unless-stopped
+ networks:
+ - ${COMPOSE_NETWORK_NAME}
+ volumes:
+ - "${COMPOSE_PROJECT_NAME}_redis_data:/data"
+ environment:
+ - PUID=${APP_UID}
+ - PGID=${APP_GID}
+ labels:
+ com.docker.compose.project: "tsysdevstack-supportstack-demo"
+
+# =============================================================================
+# NETWORKS
+# =============================================================================
+
+networks:
+ ${COMPOSE_NETWORK_NAME}:
+ driver: bridge
+ name: ${COMPOSE_NETWORK_NAME}
+
+
+# =============================================================================
+# VOLUMES
+# =============================================================================
+
+volumes:
+ ${COMPOSE_PROJECT_NAME}_homepage_config:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_homepage_images:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_pihole_etc:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_pihole_dnsmasq:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_portainer_data:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_influxdb_data:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_grafana_data:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_atomic_tracker_config:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_archivebox_data:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_tube_archivist_media:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_tube_archivist_data:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_elasticsearch_data:
+ driver: local
+ ${COMPOSE_PROJECT_NAME}_redis_data:
+ driver: local