28 Commits

Author	SHA1	Message	Date
Disco DeDisco	68239ac5d4	coturn: wire COTURN_* into app env template (gamearray.env.j2) ... COTURN_SHARED_SECRET={{ coturn_secret }} (vault) + literal host/realm. Only the shared secret is sensitive; it must equal the coturn droplet's static-auth-secret. Host/realm are public. Code architected by Disco DeDisco <discodedisco@outlook.com> Git commit message Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 14:16:33 -04:00
Disco DeDisco	c9a61e5614	coturn: optional dual-stack TURN via guarded coturn_public_ip6 ... Set coturn_public_ip6 in inventory to advertise IPv6 relay candidates (2nd external-ip) AND emit matching v6 denied-peer-ip ranges (::1, fe80::/10, fc00::/7) for SSRF parity with the v4 lockdown. Unset → byte-identical pure-IPv4 config as before, so it's zero-risk opt-in. Droplet now has IPv6 on; this makes the conf dual-stack-ready. Code architected by Disco DeDisco <discodedisco@outlook.com> Git commit message Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 14:10:28 -04:00
Disco DeDisco	41217d5438	my-sea voice Phase C: WebRTC mesh signaling app + TURN endpoint + voice-btn wiring + coturn infra — TDD ... Phase C (final) of the my-sea invite → spectator → voice blueprint. Self- hosted WebRTC mesh voice, built room-general but wired for my-sea only; epic 6-seat rooms reuse the same consumer later (key on Room.id). Media never touches the server — only signaling is relayed. Built from the blueprint's distilled spec (disco-voice-mesh.pdf unreadable in-env: no poppler/pypdf). - C1: new apps/voice/ — RoomVoiceConsumer (AsyncJsonWebsocketConsumer): signaling-only relay (room group voice.<room_id> + per-peer peer.<uuid>; hello→present handshake, offer/answer/ice routed by target/source, left on disconnect). room_id is a STRING kwarg (mysea-<owner_id> now). _can_join gates: mysea → owner OR present invitee (token deposited, not left); epic UUID → seated gamer (later). routing.py ws/voice/<str:room_id>/; asgi.py aggregates epic + voice urlpatterns under AuthMiddlewareStack. voice-mesh.js: VoiceRoom client (getUserMedia AEC/NS/AGC, mesh RTCPeerConnection, newcomer-offers handshake, tuneOpus SDP munge = inbandfec+dtx+40kbps cap, mute via getAudioTracks().enabled), lazy-loaded. - C2: apps/api VoiceTURNCredentialsAPI at /api/voice/turn-credentials/ — coturn use-auth-secret REST scheme: username=<expiry>:<user_id>, credential=base64(HMAC-SHA1(username, COTURN_SHARED_SECRET)) + stun/turn iceServers + ttl. Authenticated-only. 4 ITs (HMAC shape, auth gate). - C3: settings COTURN_SHARED_SECRET / COTURN_TURN_HOST / COTURN_REALM / COTURN_TTL env block. - C4: #id_voice_btn wiring — _burger.html renders .active + data-room-id when voice_active; burger-btn.js bindVoiceBtn (active click → lazy-load voice-mesh.js → join / toggle-mute; inactive → existing 2-pulse flash). my_sea (owner) + my_sea_visit (spectator) views compute voice_active (open 24h window) + voice_room_id=mysea-<owner_id>; spectator page now includes the burger. 4 voice-context ITs. - C5: infra/coturn.conf.j2 (use-auth-secret, the external-ip footgun, relay port range, TLS 5349, peer-IP lockdown) + infra/coturn-playbook.yaml (dedicated droplet, PySwiss-style split: install coturn, template conf, ufw 3478/5349/49152-65535, systemd enable) + [coturn] inventory placeholder. *** Manual ops step: provision the droplet + fill inventory before voice works on staging/prod; CI/local need none of it. *** - C6: 8 channels ITs (@tag channels) — connect/auth/_can_join gate (owner, present invitee, stranger, not-present, anon) + hello/present handshake + offer routing + left-on-disconnect. Scope-injected; TransactionTestCase. - JS: VoiceMeshSpec.js (tuneOpus) + voice-mesh.js registered in SpecRunner. 1440 IT/UT green; voice channels IT + full Jasmine + voice-btn FT green. Voice infra is code-complete — provision the coturn droplet to go live. Code architected by Disco DeDisco <discodedisco@outlook.com> Git commit message Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 13:57:09 -04:00
Disco DeDisco	bd9a2fdae3	pyswiss_url env var added to more places throughout ansible vault architecture; staging now has working astro wheel	2026-04-16 12:04:46 -04:00
Disco DeDisco	4f8e52890b	forgot PYSWISS_URL in live server env, preventing Sky selection from generating an astro wheel	2026-04-16 11:22:52 -04:00
Disco DeDisco	4e63323019	a pair of small fixes to infra/nginx.conf.j2, to ensure WebSockets functionality; & to role-select.js, to fix the inventory from not updating to that of the new position when a gamer passed the Role cards to the next position when he also occupies that position; separate inventories now ensured	2026-03-18 21:42:59 -04:00
Disco DeDisco	67697fa90e	established parallel CI pipeline for quicker testing after DO droplet upsizing; ensured gamearray (docker) and gamearray_celery services restart automatically when not purposefully powered off	2026-03-18 20:24:02 -04:00
Disco DeDisco	bd72135a2f	full passing test suite w. new stripe integration across multiple project nodes; new gameboard django app; stripe in test mode on staging	2026-03-09 01:07:16 -04:00
Disco DeDisco	105b8f1e34	buttressed ansible playbook for automatic ssl certification	2026-03-03 14:18:21 -05:00
Disco DeDisco	44c335b089	added superuser support in apps.lyric.admin & new manage.py cmd ensure_superuser; .tests.integrated.test_admin & .test_management_commands green	2026-02-22 20:42:33 -05:00
Disco DeDisco	87ef197823	enabled redis alongside celery, but waiting on true caching functionality—flash messages will behave better w. cache_page after they rely on htmx library, not current full-page reload	2026-02-21 23:13:23 -05:00
Disco DeDisco	04e28b96c8	offloaded some apps.lyric.views responsibilities to new Celery depend fn in .tasks; core.celery created for celery config; CELERY_BROKER_URL added to .settings & throughout project; some lyric view IT responsibility now accordingly covered by task UT domain	2026-02-21 21:35:15 -05:00
Disco DeDisco	84fd0554bd	moved adman magic link to howdy.earthmanrpg.com, in anticipation of having to mirror the prod server location; staging server preserved, along w. gitea & woodpecker, on earthmanrpg.me	2026-02-18 23:04:21 -05:00
Disco DeDisco	55f2a043c6	postgres integration complete thru woodpecker pipeline	2026-02-18 21:12:01 -05:00
Disco DeDisco	877e3f35cf	hoping to sidestep CD permissions issue w. python call in infra/deploy.sh.j2	2026-02-17 18:21:50 -05:00
Disco DeDisco	2a9ac4c0f0	renormalized to LF end of line sequences for all files for CD compatibility; created .gitattributes @ project root to manage it; defined {{ ansible_user }} more explicitly in the ansible playbook	2026-02-17 17:48:09 -05:00
Disco DeDisco	510874b87c	created CD pipeline to complement the existing gitea/woodpecker CI pipeline: build, push to registry, deploy to staging on main	2026-02-13 15:27:59 -05:00
Disco DeDisco	b94f1f48aa	Dockerfile.ci & debug-ci now build working container for CI test image	2026-02-10 22:42:45 -05:00
Disco DeDisco	fec1cfcb30	Gitea repo init; Woodpecker pipeline init; much CI/CD structure outlined in ./infra, incl. docker-compose.yaml, cicd-playbook.yaml, new cicd vault, & config files for gitea, woodpecker & ansible	2026-02-10 21:16:00 -05:00
Disco DeDisco	8190317c21	nginx compatibility added to serve static files on server; whitenoise installed to catch static file serving in local docker container, also added to core.settings middleware; console logs & print statements removed from dashboard.js & functional_tests.container_commands; ansible playbook and nginx config file support nginx w.in deployment workflow	2026-02-08 17:55:09 -05:00
Disco DeDisco	10ba5b84e4	after many diversions and forlorn pivot from copilot to claude, new infra/ structure contains group_vars and ansible vaults; requests added to dev and prod dependencies; apps.lyric.views and core ... .settings both abandon django's send_mail(); instead incorporate requests to target Mailgun's HTTP API (DigitalOcean's SMTP blocker thwarted previous magic login link email attempts, but this issue has been resol ved with this commit)	2026-02-07 18:58:17 -05:00
Disco DeDisco	449b40e12e	new functional_tests.container_commands file discerns local from server containers; .base calls now calls reset_database() therefrom; .test_my_lists also discerns test server location for different session keys; functional_tests restored as app in core.settings	2026-02-03 22:14:55 -05:00
Disco DeDisco	55bb589f61	added functional_tests to installed apps in core.settings (but only when debug is true); created management dir to contain new django cmds & listed in .dockerignore; created management.create_session cmd; recreated container.db.sqlite3; tweaked test_server setup in functional_tests.base; added test_server failsafe to magic link login testing in .test_login	2026-02-03 14:54:37 -05:00
Disco DeDisco	c1295d671f	added subdomains of earthmanrpg.me to ansible playbook	2026-01-13 21:27:11 -05:00
Disco DeDisco	4b137db317	manage.py changed to lf; FTs tweaked to accomodate WSL2 ansible deployment	2026-01-13 20:58:05 -05:00
Disco DeDisco	d942839308	supplemented ansible playbook early w. task to build container img locally before export	2026-01-13 15:02:43 -05:00
Disco DeDisco	affbddc3cd	commented back in the 'USER: nonroot' line in the Dockerfile now that pushing to a server thru an ansible playbook has rendered all local WSL-2 considerations a nonissue; updated said deploy-playbook.yaml with new tasks to build out real docker container on server	2026-01-13 14:57:17 -05:00
Disco DeDisco	eb38722a53	ansible playbook commenced; deployment aimed at staging.earthmanrpg.me	2026-01-13 00:35:28 -05:00