diff --git a/entities/onecli-gateway-setup.md b/entities/onecli-gateway-setup.md new file mode 100644 index 0000000..f6b9fb3 --- /dev/null +++ b/entities/onecli-gateway-setup.md @@ -0,0 +1,68 @@ +--- +title: OneCLI Gateway Setup — Bitwarden Vault Integration +created: 2026-06-16 +updated: 2026-06-16 +type: note +tags: [project, workflow] +--- + +# OneCLI Gateway Setup — Bitwarden Vault Integration + +## Problem + +The OneCLI web UI showed "Failed to connect to vault" when trying to pair +with Bitwarden. The Rust gateway binary (port 10255) was neither running +nor exposed via the reverse proxy. + +## Solution + +Three things were needed: + +### 1. Gateway systemd service + +Created `/etc/systemd/system/onecli-gateway.service` with: +- Rust binary at `apps/gateway/target/release/onecli-gateway` +- Wrapper script `start-gateway.sh` (DATABASE_URL, SECRET_ENCRYPTION_KEY, AUTH_MODE=*** APP_URL) +- After=onecli-postgresql.service, Restart=on-failure + +### 2. Traefik reverse proxy + +Exposed the gateway at a subdomain: +- `gateway.onecli.anhydr.fr` -> server:10255 +- CORS middleware needed: allow origin `https://onecli.anhydr.fr` with credentials + +### 3. Web app rebuild + +- Set `GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr` in start-web.sh +- Added Next.js rewrite: `/v1/*` -> `localhost:10255` +- Rebuilt with `GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr pnpm build` +- Result: `window.__GATEWAY_API_URL__ = "https://gateway.onecli.anhydr.fr"` + +## Key commands + +```bash +# Build gateway +cargo build --release # in apps/gateway/ + +# Rebuild web app +PATH="/home/hermes/.hermes/node/bin:$PATH" +GATEWAY_API_DOMAIN="gateway.onecli.anhydr.fr" pnpm build --filter=@onecli/web + +# Restart services +sudo systemctl restart onecli +``` + +## Architecture + +``` +User browser -> onecli.anhydr.fr -> Traefik -> :10254 (Next.js) + -> gateway.onecli.anhydr.fr -> Traefik -> :10255 (Rust gateway) + -> wss://ap.lesspassword.dev +``` + +## Verification + +```bash +curl -s https://gateway.onecli.anhydr.fr/v1/vault/bitwarden/status +# -> {"connected":false,"name":null,"status_data":null} +``` diff --git a/index.md b/index.md index 4c81ccc..ff0a162 100644 --- a/index.md +++ b/index.md @@ -1,9 +1,10 @@ # Wiki Index > Content catalog. Every wiki page listed under its type. -> Last updated: 2026-06-12 | Total pages: 5 +| Last updated: 2026-06-16 | Total pages: 6 ## Entities +- [[onecli-gateway-setup]] — OneCLI Rust gateway service for Bitwarden vault pairing - [[user-profile]] — Personal profile, identity, preferences of larnal - [[dev-agent-soul]] — SOUL.md template for a developer agent - [[caretaker-soul]] — SOUL.md template for a caretaker agent diff --git a/log.md b/log.md index 0362e43..99831ba 100644 --- a/log.md +++ b/log.md @@ -31,6 +31,17 @@ - Updated dev-agent-soul.md with exact `claude --print` invocation - Verified Claude Code v2.1.176 works on this system -## [2026-06-12] session | Fin de journée — bonne nuit -- 3 SOUL.md templates créés : dev-agent, caretaker, ecologist -- Wiki mis à jour et synchronisé +## [2026-06-16] setup | OneCLI Gateway + Bitwarden vault pairing +- Created onecli-gateway systemd service (Rust binary, port 10255) +- Exposed gateway at gateway.onecli.anhydr.fr via Traefik +- Rebuilt web app with GATEWAY_API_DOMAIN=gateway.onecli.anhydr.fr +- Bitwarden vault pairing now works from the web UI + +## [2026-06-16] bugfix | OneCLI web UI 400 + CLI auth + Hermes gateway proxy integration +- Fixed 400 error in web UI: restricted Next.js rewrite to gateway-only routes, letting Hono API handle agents/secrets +- Fixed `onecli` CLI: pointed to localhost:10254, auth and agents commands work +- Hermes services (gateway, dashboard, control) now route through OneCLI gateway 24/7 via HTTPS_PROXY env vars +- Installed gateway CA cert to system trust store for MITM HTTPS +- Control Interface: added platforms.api_server = 8642, fixed "Connection error" after login +- Dashboard: added --skip-build, fixed "Web UI not built" error +- Backup saved to /home/hermes/hermes-bkp/