first commit

deploy/nginx.conf

@@ -0,0 +1,30 @@
+# Nginx reverse proxy configuration for stock-data-backend
+# Domain: signal.thiessen.io → localhost:8000 (uvicorn)
+#
+# Installation:
+#   sudo cp deploy/nginx.conf /etc/nginx/sites-available/stock-data-backend
+#   sudo ln -s /etc/nginx/sites-available/stock-data-backend /etc/nginx/sites-enabled/
+#   sudo nginx -t && sudo systemctl reload nginx
+#
+# SSL/TLS (recommended):
+#   sudo apt install certbot python3-certbot-nginx
+#   sudo certbot --nginx -d signal.thiessen.io
+#   Certbot will automatically modify this file to add SSL directives.
+
+server {
+    listen 80;
+    server_name signal.thiessen.io;
+
+    # Redirect all HTTP to HTTPS (uncomment after certbot setup)
+    # return 301 https://$host$request_uri;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 120s;
+        proxy_connect_timeout 10s;
+    }
+}

deploy/setup_db.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# Idempotent database setup script for stock-data-backend
+# Creates PostgreSQL user and database if they don't exist, then runs migrations.
+# Safe to run multiple times.
+#
+# Usage:
+#   chmod +x deploy/setup_db.sh
+#   ./deploy/setup_db.sh
+#
+# Customize these via environment variables:
+#   DB_NAME=stock_data_backend DB_USER=stock_backend DB_PASS=changeme ./deploy/setup_db.sh
+
+set -e
+
+DB_NAME="${DB_NAME:-stock_data_backend}"
+DB_USER="${DB_USER:-stock_backend}"
+DB_PASS="${DB_PASS:-changeme}"
+
+echo "Setting up database: ${DB_NAME} with user: ${DB_USER}"
+
+# Create role and database if they don't exist
+sudo -u postgres psql <<EOF
+DO \$\$
+BEGIN
+  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${DB_USER}') THEN
+    CREATE ROLE ${DB_USER} WITH LOGIN PASSWORD '${DB_PASS}';
+    RAISE NOTICE 'Created role ${DB_USER}';
+  ELSE
+    RAISE NOTICE 'Role ${DB_USER} already exists';
+  END IF;
+END \$\$;
+
+SELECT 'CREATE DATABASE ${DB_NAME} OWNER ${DB_USER}'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '${DB_NAME}')\gexec
+
+GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} TO ${DB_USER};
+EOF
+
+echo "Database setup complete. Running migrations..."
+
+# Run Alembic migrations
+alembic upgrade head
+
+echo "Migrations complete."

deploy/stock-data-backend.service

@@ -0,0 +1,29 @@
+# systemd service for stock-data-backend
+#
+# Installation:
+#   sudo cp deploy/stock-data-backend.service /etc/systemd/system/
+#   sudo systemctl daemon-reload
+#   sudo systemctl enable stock-data-backend
+#   sudo systemctl start stock-data-backend
+#
+# Customize:
+#   - User/Group: create with `sudo useradd -r -s /usr/sbin/nologin stockdata`
+#   - WorkingDirectory: adjust if installed elsewhere
+#   - EnvironmentFile: ensure .env exists at the specified path
+
+[Unit]
+Description=Stock Data Backend
+After=network.target postgresql.service
+
+[Service]
+Type=exec
+User=stockdata
+Group=stockdata
+WorkingDirectory=/opt/stock-data-backend
+EnvironmentFile=/opt/stock-data-backend/.env
+ExecStart=/opt/stock-data-backend/.venv/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000 --workers 1
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target