# ๐ TSYS Developer Support Stack - Demo
[](https://opensource.org/licenses/MIT)
[](https://www.docker.com/)
[](https://www.fsf.org/)
[](#)
*A comprehensive, demo-ready developer support services stack that enhances productivity and quality of life for the TSYS engineering team.*
---
## ๐ Table of Contents
- [๐ Quick Start](#-quick-start)
- [๐ Services Overview](#-services-overview)
- [๐ง Technical Configuration](#-technical-configuration)
- [๐ Demo Credentials](#-demo-credentials)
- [๐ Service Dependencies](#-service-dependencies)
- [๐งช Testing](#-testing)
- [๐ Troubleshooting](#-troubleshooting)
- [๐ Data Management](#-data-management)
- [๐ Updates & Maintenance](#-updates--maintenance)
- [๐ Documentation](#-documentation)
- [๐จ Security Notes](#-security-notes)
- [๐ Support](#-support)
---
## ๐ Quick Start
```bash
# ๐ฏ Demo deployment with dynamic user detection
./demo-stack.sh deploy
# ๐ง Comprehensive testing and validation
./demo-test.sh full
```
๐ **Access all services via the Homepage dashboard at** **[http://localhost:${HOMEPAGE_PORT}](http://localhost:${HOMEPAGE_PORT})**
> โ ๏ธ **Demo Configuration Only** - This stack is designed for demonstration purposes with no data persistence.
---
## ๐ง Dynamic Deployment Architecture
### ๐ Environment Variables
All configuration is managed through `demo.env` and dynamic detection:
| Variable | Description | Default |
|-----------|-------------|----------|
| **COMPOSE_PROJECT_NAME** | Consistent naming prefix | `tsysdevstack-supportstack-demo` |
| **UID** | Current user ID | Auto-detected |
| **GID** | Current group ID | Auto-detected |
| **DOCKER_GID** | Docker group ID | Auto-detected |
| **COMPOSE_NETWORK_NAME** | Docker network name | `tsysdevstack-supportstack-demo-network` |
### ๐ฏ Deployment Scripts
| Script | Purpose | Usage |
|---------|---------|--------|
| **demo-stack.sh** | Dynamic deployment with user detection | `./demo-stack.sh [deploy|stop|restart]` |
| **demo-test.sh** | Comprehensive QA and validation | `./demo-test.sh [full|security|permissions]` |
| **demo.env** | All environment variables | Source of configuration |
---
## ๐ Services Overview
### ๐ ๏ธ Developer Tools
| Service | Port | Description | ๐ Access |
|---------|------|-------------|-----------|
| **Homepage** | 4000 | Central dashboard for service discovery | [Open](http://192.168.3.6:4000) |
| **Atomic Tracker** | 4012 | Habit tracking and personal dashboard | [Open](http://192.168.3.6:4012) |
| **Wakapi** | 4015 | Open-source WakaTime alternative for time tracking | [Open](http://192.168.3.6:4015) |
| **MailHog** | 4017 | Web and API based SMTP testing tool | [Open](http://192.168.3.6:4017) |
### ๐ Archival & Content Management
| Service | Port | Description | ๐ Access |
|---------|------|-------------|-----------|
| **ArchiveBox** | 4013 | Web archiving solution | [Open](http://192.168.3.6:4013) |
| **Tube Archivist** | 4014 | YouTube video archiving | [Open](http://192.168.3.6:4014) |
### ๐๏ธ Infrastructure Services
| Service | Port | Description | ๐ Access |
|---------|------|-------------|-----------|
| **Pi-hole** | 4006 | DNS-based ad blocking and monitoring | [Open](http://192.168.3.6:4006) |
| **Portainer** | 4007 | Web-based container management | [Open](http://192.168.3.6:4007) |
### ๐ Monitoring & Observability
| Service | Port | Description | ๐ Access |
|---------|------|-------------|-----------|
| **InfluxDB** | 4008 | Time series database for metrics | [Open](http://192.168.3.6:4008) |
| **Grafana** | 4009 | Analytics and visualization platform | [Open](http://192.168.3.6:4009) |
### ๐ Documentation & Diagramming
| Service | Port | Description | ๐ Access |
|---------|------|-------------|-----------|
| **Draw.io** | 4010 | Web-based diagramming application | [Open](http://192.168.3.6:4010) |
| **Kroki** | 4011 | Diagrams as a service | [Open](http://192.168.3.6:4011) |
---
## ๐ง Technical Configuration
### ๐ณ Docker Integration
```yaml
# Demo service template (docker-compose.yml.template)
services:
service-name:
image: official/image:tag
user: "${UID}:${GID}"
container_name: "${COMPOSE_PROJECT_NAME}-service-name"
restart: unless-stopped
networks:
- ${COMPOSE_NETWORK_NAME}
volumes:
- "${COMPOSE_PROJECT_NAME}_service_data:/path"
environment:
- PUID=${UID}
- PGID=${GID}
labels:
homepage.group: "Group Name"
homepage.name: "Display Name"
homepage.icon: "icon-name"
homepage.href: "http://localhost:${SERVICE_PORT}"
homepage.description: "Brief description"
```
### โ๏ธ Dynamic Configuration
| Setting | Variable | Description |
|---------|-----------|-------------|
| **Service Naming** | `${COMPOSE_PROJECT_NAME}-{service}` | Dynamic container naming |
| **Network** | `${COMPOSE_NETWORK_NAME}` | Dedicated Docker network |
| **User Mapping** | `${UID}:${GID}` | Dynamic user detection |
| **Docker Group** | `${DOCKER_GID}` | Docker socket access |
| **Volume Naming** | `${COMPOSE_PROJECT_NAME}_{service}_data` | Consistent volumes |
| **Restart Policy** | `unless-stopped` | Automatic recovery |
### ๐ Health Check Endpoints
| Service | Health Check Path | Status |
|---------|-------------------|--------|
| **Pi-hole** (DNS Management) | `HTTP GET /` | โ
Active |
| **Portainer** (Container Management) | `HTTP GET /` | โ
Active |
| **InfluxDB** (Time Series Database) | `HTTP GET /ping` | โ
Active |
| **Grafana** (Visualization Platform) | `HTTP GET /api/health` | โ
Active |
| **Draw.io** (Diagramming Server) | `HTTP GET /` | โ
Active |
| **Kroki** (Diagrams as a Service) | `HTTP GET /health` | โ
Active |
### ๐ท๏ธ Service Discovery Labels
All services include Homepage labels for auto-discovery:
```yaml
labels:
homepage.group: "Service category"
homepage.name: "Display name"
homepage.icon: "Appropriate icon"
homepage.href: "Full URL"
homepage.description: "Brief service description"
```
---
## ๐ Demo Credentials
> โ ๏ธ **Demo Configuration Only** - Reset all credentials before production use
| Service | Username | Password | ๐ Access |
|---------|----------|----------|-----------|
| **Grafana** | `admin` | `demo_password` | [Login](http://localhost:4009) |
| **Portainer** | `admin` | `demo_password` | [Login](http://localhost:4007) |
---
## ๐ Service Dependencies
```mermaid
graph TD
A[Homepage Dashboard] --> B[All Services]
C[Container Management] --> D[Container Socket Proxy]
E[Visualization Platform] --> F[Time Series Database]
G[All Other Services] --> H[No Dependencies]
style A fill:#e1f5fe
style C fill:#f3e5f5
style E fill:#e8f5e8
style G fill:#fff3e0
```
| Service | Dependencies | Status |
|---------|--------------|--------|
| **Container Management** (Portainer) | Container Socket Proxy | ๐ Required |
| **Visualization Platform** (Grafana) | Time Series Database (InfluxDB) | ๐ Required |
| **All Other Services** | None | โ
Standalone |
---
## ๐งช Testing & Validation
### ๐ค Automated Demo Testing
```bash
# ๐ฏ Full deployment and validation
./demo-stack.sh deploy && ./demo-test.sh full
# ๐ Security compliance validation
./demo-test.sh security
# ๐ค File ownership validation
./demo-test.sh permissions
# ๐ Network isolation validation
./demo-test.sh network
```
### โ
Manual Validation Commands
```bash
# ๐ Check service status with dynamic naming
docker compose ps
# ๐ View service logs
docker compose logs {service-name}
# ๐ Test individual endpoints with variables
curl -f http://localhost:${HOMEPAGE_PORT}/
curl -f http://localhost:${INFLUXDB_PORT}/ping
curl -f http://localhost:${GRAFANA_PORT}/api/health
# ๐ Validate user permissions
ls -la /var/lib/docker/volumes/${COMPOSE_PROJECT_NAME}_*/
```
---
## ๐ Troubleshooting
### ๐จ Common Issues
#### Services not starting
```bash
# ๐ง Check Docker daemon
docker info
# ๐ Check network
docker network ls | grep tsysdevstack_supportstack
# ๐ Recreate network
docker network create tsysdevstack_supportstack
```
#### Port conflicts
```bash
# ๐ Check port usage
netstat -tulpn | grep :400
# ๐๏ธ Kill conflicting processes
sudo fuser -k {port}/tcp
```
#### Health check failures
```bash
# ๐ Check individual service health
docker compose exec {service} curl -f http://localhost:{internal-port}/health
# ๐ Restart specific service
docker compose restart {service}
```
### ๐ ๏ธ Service-Specific Issues
| Issue | Service | Solution |
|-------|---------|----------|
| **DNS issues** | Pi-hole | Ensure Docker DNS settings allow custom DNS servers
Check that port 53 is available on the host |
| **Database connection** | Grafana-InfluxDB | Verify both services are on the same network
Check database connectivity: `curl http://localhost:4008/ping` |
| **Container access** | Portainer | Ensure container socket is properly mounted
Check Container Socket Proxy service if used |
---
## ๐ Data Management
### ๐ญ Demo Mode Configuration
> ๐ก **No persistent data storage** - All data resets on container restart
| Feature | Configuration |
|---------|---------------|
| **Data Persistence** | โ Disabled (demo mode) |
| **Storage Type** | Docker volumes (temporary) |
| **Data Reset** | โ
Automatic on restart |
| **Credentials** | ๐ Hardcoded demo only |
### ๐๏ธ Volume Management
```bash
# ๐ List volumes
docker volume ls | grep tsysdevstack
# ๐๏ธ Clean up all data
docker compose down -v
```
---
## ๐ Updates & Maintenance
### ๐ฆ Image Updates
```bash
# ๐ Pull latest images
docker compose pull
# ๐ Recreate with new images
docker compose up -d --force-recreate
```
### โ๏ธ Configuration Changes
1. **Edit** `docker-compose.yml`
2. **Apply** changes: `docker compose up -d`
3. **Verify** with `docker compose ps`
4. **Test** functionality
---
## ๐ Documentation
| Document | Purpose | Link |
|----------|---------|------|
| **๐ Product Requirements** | Business requirements and specifications | [PRD.md](PRD.md) |
| **๐ค Development Guidelines** | Development principles and standards | [AGENTS.md](AGENTS.md) |
| **๐ Service Documentation** | Individual service guides | Service web interfaces |
---
## ๐จ Security Notes
> โ ๏ธ **Demo Configuration Only - Production Use Prohibited**
### ๐ Demo Security Model
- ๐ **Demo Credentials**: Hardcoded for demonstration only
- ๐ซ **No Hardening**: No encryption or security features
- ๐ **Network Isolation**: Do not expose to external networks
- ๐ **Ephemeral Data**: All data resets on container restart
- ๐ก **Docker Socket Proxy**: Mandatory for all container operations
### ๐ก๏ธ Security Requirements
- **Dynamic User Detection**: Prevents root file ownership issues
- **Docker Group Access**: Required for socket proxy functionality
- **Volume-First Storage**: Docker volumes preferred over bind mounts
- **Read-Only Host Access**: Minimal host filesystem interaction
- **Network Segregation**: Services isolated in demo network
### โ ๏ธ Production Migration Warning
- Reset all credentials before production deployment
- Implement persistent data storage
- Add encryption and security hardening
- Configure proper backup and recovery
- Set up monitoring and alerting
---
## ๐ Support
### ๐ Getting Help
1. **๐ Check** troubleshooting section above
2. **๐ Review** service logs: `docker compose logs`
3. **๐ Consult** individual service documentation
4. **๐ Check** health status: `docker compose ps`
### ๐ Issue Reporting
When reporting issues, please include:
- ๐ Full error messages
- ๐ป System information
- ๐ Reproduction steps
- โ๏ธ Configuration snippets
- ๐ญ Demo vs production context
---
**๐ Happy Developing!**
*Last updated: 2025-11-13*