Phase 0 scaffold: arcadia-cloud Phoenix service

API-only Phoenix 1.8 project for cloud-ops, inventory, billing, and
provisioning sagas. Validates arcadia JWTs via shared Guardian secret
(verify-only; arcadia-app remains the issuer).

Deps beyond default Phoenix: guardian, cors_plug, oban, req.
Postgres on local port 5433 per arcadia stack convention.
Endpoint runs on :4005.

Endpoints:
- GET /api/health         — public, returns service identifier
- GET /api/v1/inventory   — auth-gated, returns empty list (phase 0 stub)

Oban configured with the queues phase 1+ will need:
provisioning / cloud_sync_fast|full|slow / cloud_billing / metering.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-19 21:51:11 +10:00
commit 5959479ce1
36 changed files with 1348 additions and 0 deletions

55
config/config.exs Normal file
View File

@@ -0,0 +1,55 @@
# This file is responsible for configuring your application
# and its dependencies with the aid of the Config module.
#
# This configuration file is loaded before any dependency and
# is restricted to this project.
# General application configuration
import Config
config :arcadia_cloud,
ecto_repos: [ArcadiaCloud.Repo],
generators: [timestamp_type: :utc_datetime, binary_id: true]
# Configure the endpoint
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
url: [host: "localhost"],
adapter: Bandit.PhoenixAdapter,
render_errors: [
formats: [json: ArcadiaCloudWeb.ErrorJSON],
layout: false
],
pubsub_server: ArcadiaCloud.PubSub,
live_view: [signing_salt: "4W6q5pDB"]
# Configure Elixir's Logger
config :logger, :default_formatter,
format: "$time $metadata[$level] $message\n",
metadata: [:request_id]
# Use Jason for JSON parsing in Phoenix
config :phoenix, :json_library, Jason
# Guardian — JWTs are issued by arcadia-app. arcadia-cloud only verifies them.
# Issuer and secret_key MUST match arcadia-app's Arcadia.Guardian config.
config :arcadia_cloud, ArcadiaCloud.Guardian,
issuer: "arcadia",
verify_issuer: true
# Oban — provisioning, sync, billing, gateway-event consumption queues
config :arcadia_cloud, Oban,
engine: Oban.Engines.Basic,
queues: [
provisioning: 5,
cloud_sync_fast: 5,
cloud_sync_full: 3,
cloud_sync_slow: 1,
cloud_billing: 1,
metering: 2,
default: 5
],
repo: ArcadiaCloud.Repo
# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{config_env()}.exs"

64
config/dev.exs Normal file
View File

@@ -0,0 +1,64 @@
import Config
# Configure your database — uses the shared local Postgres on port 5433
# (arcadia stack convention; see project_arcadia_local_dev memory).
config :arcadia_cloud, ArcadiaCloud.Repo,
username: "postgres",
password: "postgres",
hostname: "localhost",
port: 5433,
database: "arcadia_cloud_dev",
stacktrace: true,
show_sensitive_data_on_connection_error: true,
pool_size: 10
# For development, we disable any cache and enable
# debugging and code reloading.
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
http: [ip: {127, 0, 0, 1}, port: 4005],
check_origin: false,
code_reloader: true,
debug_errors: true,
secret_key_base: "FkyzbvuBWWUEnx/M5KDYyEQdPVbxAiFIkNFbSUK+/DCFvRM+W0NGCnE0bGW6NnCk",
watchers: []
# Guardian — must match arcadia-app's Arcadia.Guardian dev secret_key
# (shared verbatim with arcadia-social and arcadia-voice).
config :arcadia_cloud, ArcadiaCloud.Guardian,
secret_key: "DuMkIRN3Qcxk8VqOu8nHj5i7a7a7YgBHF4oXqKwDI4A="
# ## SSL Support
#
# In order to use HTTPS in development, a self-signed
# certificate can be generated by running the following
# Mix task:
#
# mix phx.gen.cert
#
# Run `mix help phx.gen.cert` for more information.
#
# The `http:` config above can be replaced with:
#
# https: [
# port: 4001,
# cipher_suite: :strong,
# keyfile: "priv/cert/selfsigned_key.pem",
# certfile: "priv/cert/selfsigned.pem"
# ],
#
# If desired, both `http:` and `https:` keys can be
# configured to run both http and https servers on
# different ports.
# Enable dev routes for dashboard and mailbox
config :arcadia_cloud, dev_routes: true
# Do not include metadata nor timestamps in development logs
config :logger, :default_formatter, format: "[$level] $message\n"
# Set a higher stacktrace during development. Avoid configuring such
# in production as building large stacktraces may be expensive.
config :phoenix, :stacktrace_depth, 20
# Initialize plugs at runtime for faster development compilation
config :phoenix, :plug_init_mode, :runtime

19
config/prod.exs Normal file
View File

@@ -0,0 +1,19 @@
import Config
# Force using SSL in production. This also sets the "strict-security-transport" header,
# known as HSTS. If you have a health check endpoint, you may want to exclude it below.
# Note `:force_ssl` is required to be set at compile-time.
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
force_ssl: [
rewrite_on: [:x_forwarded_proto],
exclude: [
# paths: ["/health"],
hosts: ["localhost", "127.0.0.1"]
]
]
# Do not print debug messages in production
config :logger, level: :info
# Runtime production configuration, including reading
# of environment variables, is done on config/runtime.exs.

102
config/runtime.exs Normal file
View File

@@ -0,0 +1,102 @@
import Config
# config/runtime.exs is executed for all environments, including
# during releases. It is executed after compilation and before the
# system starts, so it is typically used to load production configuration
# and secrets from environment variables or elsewhere. Do not define
# any compile-time configuration in here, as it won't be applied.
# The block below contains prod specific runtime configuration.
# ## Using releases
#
# If you use `mix release`, you need to explicitly enable the server
# by passing the PHX_SERVER=true when you start it:
#
# PHX_SERVER=true bin/arcadia_cloud start
#
# Alternatively, you can use `mix phx.gen.release` to generate a `bin/server`
# script that automatically sets the env var above.
if System.get_env("PHX_SERVER") do
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint, server: true
end
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
http: [port: String.to_integer(System.get_env("PORT", "4005"))]
if config_env() == :prod do
database_url =
System.get_env("DATABASE_URL") ||
raise """
environment variable DATABASE_URL is missing.
For example: ecto://USER:PASS@HOST/DATABASE
"""
maybe_ipv6 = if System.get_env("ECTO_IPV6") in ~w(true 1), do: [:inet6], else: []
config :arcadia_cloud, ArcadiaCloud.Repo,
# ssl: true,
url: database_url,
pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
# For machines with several cores, consider starting multiple pools of `pool_size`
# pool_count: 4,
socket_options: maybe_ipv6
# The secret key base is used to sign/encrypt cookies and other secrets.
# A default value is used in config/dev.exs and config/test.exs but you
# want to use a different value for prod and you most likely don't want
# to check this value into version control, so we use an environment
# variable instead.
secret_key_base =
System.get_env("SECRET_KEY_BASE") ||
raise """
environment variable SECRET_KEY_BASE is missing.
You can generate one by calling: mix phx.gen.secret
"""
host = System.get_env("PHX_HOST") || "example.com"
config :arcadia_cloud, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
url: [host: host, port: 443, scheme: "https"],
http: [
# Enable IPv6 and bind on all interfaces.
# Set it to {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
# See the documentation on https://hexdocs.pm/bandit/Bandit.html#t:options/0
# for details about using IPv6 vs IPv4 and loopback vs public addresses.
ip: {0, 0, 0, 0, 0, 0, 0, 0}
],
secret_key_base: secret_key_base
# ## SSL Support
#
# To get SSL working, you will need to add the `https` key
# to your endpoint configuration:
#
# config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
# https: [
# ...,
# port: 443,
# cipher_suite: :strong,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")
# ]
#
# The `cipher_suite` is set to `:strong` to support only the
# latest and more secure SSL ciphers. This means old browsers
# and clients may not be supported. You can set it to
# `:compatible` for wider support.
#
# `:keyfile` and `:certfile` expect an absolute path to the key
# and cert in disk or a relative path inside priv, for example
# "priv/ssl/server.key". For all supported SSL configuration
# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
#
# We also recommend setting `force_ssl` in your config/prod.exs,
# ensuring no data is ever sent via http, always redirecting to https:
#
# config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
# force_ssl: [hsts: true]
#
# Check `Plug.SSL` for all available options in `force_ssl`.
end

31
config/test.exs Normal file
View File

@@ -0,0 +1,31 @@
import Config
# Configure your database
#
# The MIX_TEST_PARTITION environment variable can be used
# to provide built-in test partitioning in CI environment.
# Run `mix help test` for more information.
config :arcadia_cloud, ArcadiaCloud.Repo,
username: "postgres",
password: "postgres",
hostname: "localhost",
database: "arcadia_cloud_test#{System.get_env("MIX_TEST_PARTITION")}",
pool: Ecto.Adapters.SQL.Sandbox,
pool_size: System.schedulers_online() * 2
# We don't run a server during test. If one is required,
# you can enable the server option below.
config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
http: [ip: {127, 0, 0, 1}, port: 4002],
secret_key_base: "ZzGlsnmuVC9wkMb6PaYLDsuiL71jzgbDOvIFe3TyxGah3lDHO+dxmrEDJyz6mFe6",
server: false
# Print only warnings and errors during test
config :logger, level: :warning
# Initialize plugs at runtime for faster test compilation
config :phoenix, :plug_init_mode, :runtime
# Sort query params output of verified routes for robust url comparisons
config :phoenix,
sort_verified_routes_query_params: true