Convex Self‑Hosted — Configurar env e testar provisionamento (Arquivo) Nota: este documento foi arquivado. O fluxo atual de deploy/ops está em `docs/operations.md`. Pré‑requisitos - Rodar na VPS com Docker. - Projeto em `/srv/apps/sistema`. - Admin Key do Convex (já obtida): `convex-self-hosted|011c148069bd37e4a3f1c10b41b19459427a20e6d7ba81f53b659861f7658cd4985c8936e9` 1) Exportar variáveis da sessão (URL + Admin Key) export CONVEX_SELF_HOSTED_URL="https://convex.esdrasrenan.com.br" export CONVEX_SELF_HOSTED_ADMIN_KEY='convex-self-hosted|011c148069bd37e4a3f1c10b41b19459427a20e6d7ba81f53b659861f7658cd4985c8936e9' 2) Definir MACHINE_PROVISIONING_SECRET no Convex (obrigatório) docker run --rm -it \ -v /srv/apps/sistema:/app -w /app \ -e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \ node:20-bullseye bash -lc "set -euo pipefail; \ corepack enable && corepack prepare pnpm@10.20.0 --activate && pnpm i --frozen-lockfile --prod=false; \ unset CONVEX_DEPLOYMENT; \ pnpm exec convex env set MACHINE_PROVISIONING_SECRET '71daa9ef54cb224547e378f8121ca898b614446c142a132f73c2221b4d53d7d6' -y; \ pnpm exec convex env list" 3) (Opcional) Definir MACHINE_TOKEN_TTL_MS (padrão 30 dias) docker run --rm -it \ -v /srv/apps/sistema:/app -w /app \ -e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \ node:20-bullseye bash -lc "set -euo pipefail; \ corepack enable && corepack prepare pnpm@10.20.0 --activate && pnpm i --frozen-lockfile --prod=false; \ unset CONVEX_DEPLOYMENT; \ pnpm exec convex env set MACHINE_TOKEN_TTL_MS '2592000000' -y; \ pnpm exec convex env list" 4) (Opcional) Definir FLEET_SYNC_SECRET docker run --rm -it \ -v /srv/apps/sistema:/app -w /app \ -e CONVEX_SELF_HOSTED_URL -e CONVEX_SELF_HOSTED_ADMIN_KEY \ node:20-bullseye bash -lc "set -euo pipefail; \ corepack enable && corepack prepare pnpm@10.20.0 --activate && pnpm i --frozen-lockfile --prod=false; \ unset CONVEX_DEPLOYMENT; \ pnpm exec convex env set FLEET_SYNC_SECRET '' -y; \ pnpm exec convex env list" 5) Testar registro (gera machineToken) — substitua o hostname se quiser HOST="vm-teste-$(date +%s)"; \ curl -sS -o resp.json -w "%{http_code}\n" -X POST 'https://tickets.esdrasrenan.com.br/api/machines/register' \ -H 'Content-Type: application/json' \ -d '{"provisioningSecret":"71daa9ef54cb224547e378f8121ca898b614446c142a132f73c2221b4d53d7d6","tenantId":"tenant-atlas","hostname":"'"$HOST"'","os":{"name":"Linux","version":"6.1.0","architecture":"x86_64"},"macAddresses":["AA:BB:CC:DD:EE:FF"],"serialNumbers":[],"metadata":{"inventario":{"cpu":"i7","ramGb":16}},"registeredBy":"manual-test"}'; \ echo; tail -c 400 resp.json || true 6) (Opcional) Enviar heartbeat com o token retornado TOKEN=$(node -e 'try{const j=require("fs").readFileSync("resp.json","utf8");process.stdout.write(JSON.parse(j).machineToken||"");}catch(e){process.stdout.write("")}' ); \ [ -n "$TOKEN" ] && curl -sS -o /dev/null -w "%{http_code}\n" -X POST 'https://tickets.esdrasrenan.com.br/api/machines/heartbeat' \ -H 'Content-Type: application/json' \ -d '{"machineToken":"'"$TOKEN"'","status":"online","metrics":{"cpuPct":12,"memFreePct":61}}'