initial commit

.env.example

@@ -0,0 +1,7 @@
+DB_HOST=
+DB_USER=
+DB_PASS=
+API_TOKEN=
+VAULT_ADDR=https://vault.nexus.local
+VAULT_TOKEN=
+AWS_REGION=eu-central-1

.gitignore

@@ -0,0 +1,5 @@
+.env
+*.log
+dist/
+tmp/
+.DS_Store

README.md

@@ -0,0 +1,26 @@
+# nexus/tooling
+
+Internal deployment and maintenance scripts for Nexus Corp infrastructure.
+
+## Scripts
+
+| Script | Description |
+|--------|-------------|
+| `scripts/deploy.sh` | Deploy build artifacts to production |
+| `scripts/rollback.sh` | Roll back to previous release |
+| `scripts/health-check.sh` | Check service health endpoints |
+| `scripts/db-backup.sh` | Trigger manual database backup |
+| `scripts/rotate-certs.sh` | Renew and deploy TLS certificates |
+
+## Configuration
+
+Copy `.env.example` to `.env` and fill in your credentials.
+**Never commit `.env` to version control.**
+
+Secrets are managed via HashiCorp Vault at `https://vault.nexus.local`.
+
+## Requirements
+
+- bash >= 5.0
+- curl, rsync, awscli v2
+- Vault CLI (for secret retrieval)

scripts/deploy.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# Deploy build artifacts to production
+set -euo pipefail
+
+VERSION="${1:-latest}"
+DEPLOY_USER="deploy"
+DEPLOY_HOST="prod.nexus.local"
+DEPLOY_PATH="/opt/app"
+
+echo "[deploy] Starting deployment of version $VERSION..."
+rsync -av --delete ./dist/ "$DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/"
+ssh "$DEPLOY_USER@$DEPLOY_HOST" "systemctl restart nexus-app"
+echo "[deploy] Done."

scripts/health-check.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Check all production service health endpoints
+set -euo pipefail
+
+SERVICES=(
+    "http://app.nexus.local/health"
+    "http://api.nexus.local/health"
+    "http://auth.nexus.local/health"
+)
+
+EXIT=0
+for URL in "${SERVICES[@]}"; do
+    HTTP=$(curl -sf -o /dev/null -w "%{http_code}" "$URL" 2>/dev/null || echo "000")
+    if [ "$HTTP" = "200" ]; then
+        echo "[ok]   $URL"
+    else
+        echo "[fail] $URL (HTTP $HTTP)"
+        EXIT=1
+    fi
+done
+exit $EXIT