@aaricchen1991/deploy 0.1.0

package/dist/lib/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../../src/lib/paths.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE/D,MAAM,UAAU,aAAa,CAAC,MAAc,OAAO,CAAC,GAAG,EAAE;IACvD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IACjD,IAAI,MAAM,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACrD,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;QACpD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,sEAAsE;IACtE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAChE,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@aaricchen1991/deploy",
+  "version": "0.1.0",
+  "description": "CLI for server init, nginx config, and SSL certificate management",
+  "type": "module",
+  "bin": {
+    "n2-deploy": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "cli": "node dist/cli.js",
+    "dev": "tsc && node dist/cli.js"
+  },
+  "dependencies": {
+    "commander": "^12.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.0.3",
+    "typescript": "~5.9.3"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/src/cli.ts

@@ -0,0 +1,122 @@
+#!/usr/bin/env node
+/**
+ * n2-deploy CLI: server init, nginx config, SSL management.
+ */
+
+import { Command } from "commander";
+import { runInit } from "./commands/init.js";
+import { runNginx } from "./commands/nginx.js";
+import { runSslLogs } from "./commands/ssl-logs.js";
+import { runSsl } from "./commands/ssl.js";
+
+const program = new Command();
+
+program
+  .name("n2-deploy")
+  .description(
+    "Server init, nginx config generation, and SSL certificate management"
+  )
+  .version("0.1.0");
+
+program
+  .command("init")
+  .description(
+    "Initialize server (idempotent): nginx, dirs, deploy.sh, placeholder certs"
+  )
+  .option("-c, --config <path>", "Path to domains.yaml", "domains.yaml")
+  .option(
+    "--scripts-dir <path>",
+    "Path to deploy scripts (default: cwd/scripts/deploy or N2_DEPLOY_SCRIPTS_DIR)"
+  )
+  .action(async opts => {
+    try {
+      await runInit({ config: opts.config, scriptsDir: opts.scriptsDir });
+    } catch (e) {
+      console.error(e);
+      process.exit(1);
+    }
+  });
+
+program
+  .command("nginx")
+  .description(
+    "Generate nginx config from domains config; optionally install and reload"
+  )
+  .option("-c, --config <path>", "Path to domains.yaml", "domains.yaml")
+  .option(
+    "-o, --output <path>",
+    "Output path for nginx config",
+    "nginx/n2.conf"
+  )
+  .option("-i, --install", "Install to system nginx dir and reload")
+  .action(async opts => {
+    try {
+      await runNginx({
+        config: opts.config,
+        output: opts.output,
+        install: opts.install,
+      });
+    } catch (e) {
+      console.error(e);
+      process.exit(1);
+    }
+  });
+
+program
+  .command("ssl")
+  .description(
+    "Setup/renew SSL certificates for all domains (acme.sh + Aliyun DNS)"
+  )
+  .option("-c, --config <path>", "Path to domains.yaml", "domains.yaml")
+  .option(
+    "--ali-key <key>",
+    "Aliyun Access Key ID (or set ALIYUN_ACCESS_KEY_ID)"
+  )
+  .option(
+    "--ali-secret <secret>",
+    "Aliyun Access Key Secret (or set ALIYUN_ACCESS_KEY_SECRET)"
+  )
+  .option("--log-file <path>", "SSL log file path", "/opt/deploy/logs/ssl.log")
+  .option("--scripts-dir <path>", "Path to deploy scripts")
+  .action(async opts => {
+    try {
+      await runSsl({
+        config: opts.config,
+        aliKey: opts.aliKey,
+        aliSecret: opts.aliSecret,
+        logFile: opts.logFile,
+        scriptsDir: opts.scriptsDir,
+      });
+    } catch (e) {
+      console.error(e);
+      process.exit(1);
+    }
+  });
+
+program
+  .command("ssl-logs")
+  .description("View SSL log (create, renew, success, failure)")
+  .option("--log-file <path>", "SSL log file path", "/opt/deploy/logs/ssl.log")
+  .option("-n, --lines <n>", "Number of lines to show", "50")
+  .option("-f, --follow", "Follow log (tail -f)")
+  .option(
+    "--action <action>",
+    "Filter by action: create | renew | success | failure | run"
+  )
+  .option("--result <result>", "Filter by result: ok | fail")
+  .action(async opts => {
+    try {
+      await runSslLogs({
+        logFile: opts.logFile,
+        lines: parseInt(opts.lines, 10) || 50,
+        follow: opts.follow,
+        action: opts.action,
+        result: opts.result,
+      });
+    } catch (e) {
+      console.error(e);
+      process.exit(1);
+    }
+  });
+
+program.parse();

package/src/commands/init.ts

@@ -0,0 +1,127 @@
+/**
+ * Server init (idempotent): nginx, dirs, deploy.sh, placeholder certs.
+ * Uses server-setup.sh from scripts dir when available.
+ */
+
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { getAllDomains, parseDomainsYaml } from "../lib/domains.js";
+import { error, info, warn } from "../lib/logger.js";
+import { generateNginxConf } from "../lib/nginx.js";
+import { getScriptsDir } from "../lib/paths.js";
+
+const DEFAULT_SSL_LOG = "/opt/deploy/logs/ssl.log";
+
+export interface InitOptions {
+  config: string;
+  scriptsDir?: string;
+}
+
+export async function runInit(opts: InitOptions): Promise<void> {
+  const configPath = path.resolve(process.cwd(), opts.config);
+  if (!fs.existsSync(configPath)) {
+    error(`Domains config not found: ${configPath}`);
+    process.exit(1);
+  }
+
+  const yaml = fs.readFileSync(configPath, "utf8");
+  const config = parseDomainsYaml(yaml);
+  const domains = getAllDomains(config);
+  const nginxConf = generateNginxConf(config);
+
+  const scriptsDir =
+    opts.scriptsDir ||
+    process.env.N2_DEPLOY_SCRIPTS_DIR ||
+    getScriptsDir(process.cwd());
+
+  if (!scriptsDir || !fs.existsSync(path.join(scriptsDir, "server-setup.sh"))) {
+    error(
+      "Deploy scripts directory not found. Set N2_DEPLOY_SCRIPTS_DIR or run from repo root (scripts/deploy must exist)."
+    );
+    process.exit(1);
+  }
+
+  info("Using scripts directory: " + scriptsDir);
+
+  const tmpDir = path.join(
+    process.env.TMPDIR || "/tmp",
+    `n2-deploy-init-${Date.now()}`
+  );
+  fs.mkdirSync(path.join(tmpDir, "nginx"), { recursive: true });
+  fs.mkdirSync(path.join(tmpDir, "ssl"), { recursive: true });
+
+  try {
+    fs.writeFileSync(path.join(tmpDir, "nginx", "n2.conf"), nginxConf);
+
+    const deploySh = path.join(scriptsDir, "deploy.sh");
+    if (fs.existsSync(deploySh)) {
+      fs.copyFileSync(deploySh, path.join(tmpDir, "deploy.sh"));
+      fs.chmodSync(path.join(tmpDir, "deploy.sh"), 0o755);
+    } else {
+      error("deploy.sh not found in scripts directory");
+      process.exit(1);
+    }
+
+    const setupSh = path.join(scriptsDir, "server-setup.sh");
+    fs.copyFileSync(setupSh, path.join(tmpDir, "server-setup.sh"));
+    fs.chmodSync(path.join(tmpDir, "server-setup.sh"), 0o755);
+
+    const sslDir = path.join(scriptsDir, "ssl");
+    if (fs.existsSync(sslDir)) {
+      const sslDest = path.join(tmpDir, "ssl");
+      for (const name of fs.readdirSync(sslDir)) {
+        const src = path.join(sslDir, name);
+        if (fs.statSync(src).isFile()) {
+          fs.copyFileSync(src, path.join(sslDest, name));
+          fs.chmodSync(path.join(sslDest, name), 0o755);
+        }
+      }
+    }
+    fs.writeFileSync(
+      path.join(tmpDir, "ssl", "domains.txt"),
+      domains.join("\n") + "\n"
+    );
+
+    const libDir = path.join(scriptsDir, "lib");
+    if (fs.existsSync(libDir)) {
+      const libDest = path.join(tmpDir, "lib");
+      fs.mkdirSync(libDest, { recursive: true });
+      for (const name of fs.readdirSync(libDir)) {
+        fs.copyFileSync(path.join(libDir, name), path.join(libDest, name));
+      }
+    }
+
+    info("Running server-setup.sh (may require sudo)...");
+    await new Promise<void>((resolve, reject) => {
+      const child = spawn("bash", [path.join(tmpDir, "server-setup.sh")], {
+        cwd: tmpDir,
+        stdio: "inherit",
+        env: { ...process.env, SCRIPT_DIR: tmpDir },
+      });
+      child.on("close", code => {
+        if (code === 0) resolve();
+        else reject(new Error(`server-setup.sh exited with ${code}`));
+      });
+      child.on("error", reject);
+    });
+
+    const logDir = path.dirname(DEFAULT_SSL_LOG);
+    if (logDir && !fs.existsSync(logDir)) {
+      try {
+        fs.mkdirSync(logDir, { recursive: true });
+        info("Created log directory: " + logDir);
+      } catch {
+        warn("Could not create log directory: " + logDir);
+      }
+    }
+
+    info("Server initialization completed.");
+  } finally {
+    try {
+      fs.rmSync(tmpDir, { recursive: true, force: true });
+    } catch {
+      // ignore
+    }
+  }
+}

package/src/commands/nginx.ts

@@ -0,0 +1,82 @@
+/**
+ * Generate nginx config from domains config; optionally install and reload.
+ */
+
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { parseDomainsYaml } from "../lib/domains.js";
+import { error, info, warn } from "../lib/logger.js";
+import { generateNginxConf } from "../lib/nginx.js";
+
+export interface NginxOptions {
+  config: string;
+  output: string;
+  install?: boolean;
+}
+
+const NGINX_CONF_NAME = "n2.conf";
+
+export async function runNginx(opts: NginxOptions): Promise<void> {
+  const configPath = path.resolve(process.cwd(), opts.config);
+  if (!fs.existsSync(configPath)) {
+    error(`Config not found: ${configPath}`);
+    process.exit(1);
+  }
+
+  const yaml = fs.readFileSync(configPath, "utf8");
+  const config = parseDomainsYaml(yaml);
+  const nginxConf = generateNginxConf(config);
+
+  const outPath = path.resolve(process.cwd(), opts.output);
+  const outDir = path.dirname(outPath);
+  fs.mkdirSync(outDir, { recursive: true });
+  fs.writeFileSync(outPath, nginxConf);
+  info(`Wrote ${outPath}`);
+
+  if (opts.install) {
+    const destDir = detectNginxConfDir();
+    const destPath = path.join(destDir, NGINX_CONF_NAME);
+    try {
+      fs.copyFileSync(outPath, destPath);
+      info(`Installed to ${destPath}`);
+    } catch (e) {
+      error(`Install failed (try sudo): ${e}`);
+      process.exit(1);
+    }
+    await nginxTestAndReload();
+  }
+}
+
+function detectNginxConfDir(): string {
+  if (fs.existsSync("/etc/nginx/conf.d")) return "/etc/nginx/conf.d";
+  if (fs.existsSync("/etc/nginx/sites-available"))
+    return "/etc/nginx/sites-available";
+  return "/etc/nginx/conf.d";
+}
+
+function nginxTestAndReload(): Promise<void> {
+  return new Promise((resolve, reject) => {
+    const t = spawn("nginx", ["-t"], { stdio: "inherit" });
+    t.on("close", code => {
+      if (code !== 0) {
+        reject(new Error("nginx -t failed"));
+        return;
+      }
+      const r = spawn("systemctl", ["reload", "nginx"], { stdio: "inherit" });
+      r.on("close", c => {
+        if (c === 0) {
+          info("Nginx reloaded.");
+          resolve();
+        } else {
+          warn(
+            "systemctl reload nginx failed; try: sudo systemctl reload nginx"
+          );
+          resolve();
+        }
+      });
+      r.on("error", () => resolve());
+    });
+    t.on("error", () => reject(new Error("nginx not found")));
+  });
+}

package/src/commands/ssl-logs.ts

@@ -0,0 +1,80 @@
+/**
+ * View SSL log file: tail, lines, follow, optional filter by action/result.
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import { getLogFilePath } from "../lib/logger.js";
+
+const DEFAULT_SSL_LOG = "/opt/deploy/logs/ssl.log";
+
+export interface SslLogsOptions {
+  /** Log file path (default: /opt/deploy/logs/ssl.log) */
+  logFile?: string;
+  /** Show last N lines (default: 50) */
+  lines?: number;
+  /** Follow (tail -f) */
+  follow?: boolean;
+  /** Filter: create | renew | success | failure | run */
+  action?: string;
+  /** Filter: ok | fail */
+  result?: string;
+}
+
+export async function runSslLogs(opts: SslLogsOptions): Promise<void> {
+  const logPath = opts.logFile ?? getLogFilePath() ?? DEFAULT_SSL_LOG;
+  const resolved = path.resolve(process.cwd(), logPath);
+
+  if (!fs.existsSync(resolved)) {
+    console.error("Log file not found:", resolved);
+    process.exit(1);
+  }
+
+  const lines = opts.lines ?? 50;
+  let content: string;
+  const stat = fs.statSync(resolved);
+  const fd = fs.openSync(resolved, "r");
+  try {
+    const buffer = Buffer.alloc(Math.min(stat.size, 256 * 1024));
+    const read = fs.readSync(
+      fd,
+      buffer,
+      0,
+      buffer.length,
+      Math.max(0, stat.size - buffer.length)
+    );
+    content = buffer.subarray(0, read).toString("utf8");
+  } finally {
+    fs.closeSync(fd);
+  }
+
+  const allLines = content.split(/\n/).filter(l => l.length > 0);
+  const lastLines = allLines.slice(-lines);
+
+  const filter = (line: string): boolean => {
+    if (opts.action || opts.result) {
+      const parts = line.split("\t");
+      if (parts.length >= 5) {
+        const [, , action, , result] = parts;
+        if (opts.action && action !== opts.action) return false;
+        if (opts.result && result !== opts.result) return false;
+      }
+    }
+    return true;
+  };
+
+  const filtered =
+    opts.action || opts.result ? lastLines.filter(filter) : lastLines;
+
+  for (const line of filtered) {
+    console.log(line);
+  }
+
+  if (opts.follow) {
+    const { spawn } = await import("node:child_process");
+    const tail = spawn("tail", ["-n", String(lines), "-f", resolved], {
+      stdio: "inherit",
+    });
+    tail.on("close", code => process.exit(code ?? 0));
+  }
+}

package/src/commands/ssl.ts

@@ -0,0 +1,140 @@
+/**
+ * SSL certificate setup/renew for all domains from config.
+ * Runs check-and-setup-ssl.sh; all output and structured events go to SSL log file.
+ */
+
+import { spawn } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import { getAllDomains, parseDomainsYaml } from "../lib/domains.js";
+import {
+  appendRaw,
+  appendSslLog,
+  error,
+  info,
+  setLogFile,
+} from "../lib/logger.js";
+import { getScriptsDir } from "../lib/paths.js";
+
+const DEFAULT_SSL_LOG = "/opt/deploy/logs/ssl.log";
+
+export interface SslOptions {
+  config: string;
+  /** Ali key (or ALIYUN_ACCESS_KEY_ID / Ali_Key env) */
+  aliKey?: string;
+  /** Ali secret (or ALIYUN_ACCESS_KEY_SECRET / Ali_Secret env) */
+  aliSecret?: string;
+  logFile?: string;
+  /** Path to deploy scripts (default: N2_DEPLOY_SCRIPTS_DIR or cwd/scripts/deploy or assets) */
+  scriptsDir?: string;
+}
+
+export async function runSsl(opts: SslOptions): Promise<void> {
+  const configPath = path.resolve(process.cwd(), opts.config);
+  if (!fs.existsSync(configPath)) {
+    error(`Config not found: ${configPath}`);
+    process.exit(1);
+  }
+
+  const aliKey =
+    opts.aliKey ?? process.env.ALIYUN_ACCESS_KEY_ID ?? process.env.Ali_Key;
+  const aliSecret =
+    opts.aliSecret ??
+    process.env.ALIYUN_ACCESS_KEY_SECRET ??
+    process.env.Ali_Secret;
+
+  if (!aliKey || !aliSecret) {
+    error(
+      "Aliyun API credentials required. Set --ali-key/--ali-secret or ALIYUN_ACCESS_KEY_ID/ALIYUN_ACCESS_KEY_SECRET (or Ali_Key/Ali_Secret)."
+    );
+    process.exit(1);
+  }
+
+  const yaml = fs.readFileSync(configPath, "utf8");
+  const config = parseDomainsYaml(yaml);
+  const domains = getAllDomains(config);
+  const domainsTxt = domains.join("\n") + "\n";
+
+  const logPath = opts.logFile ?? DEFAULT_SSL_LOG;
+  setLogFile(logPath);
+  const logDir = path.dirname(logPath);
+  fs.mkdirSync(logDir, { recursive: true });
+
+  info("SSL log file: " + logPath);
+  info("Domains: " + domains.join(", "));
+
+  const scriptsDir =
+    opts.scriptsDir ||
+    process.env.N2_DEPLOY_SCRIPTS_DIR ||
+    getScriptsDir(process.cwd());
+
+  let scriptPath: string;
+  let domainsFilePath: string;
+
+  if (fs.existsSync("/opt/ssl/check-and-setup-ssl.sh")) {
+    scriptPath = "/opt/ssl/check-and-setup-ssl.sh";
+    domainsFilePath = "/opt/ssl/domains.txt";
+    fs.writeFileSync(domainsFilePath, domainsTxt);
+    info("Updated /opt/ssl/domains.txt");
+  } else if (
+    scriptsDir &&
+    fs.existsSync(path.join(scriptsDir, "ssl", "check-and-setup-ssl.sh"))
+  ) {
+    scriptPath = path.join(scriptsDir, "ssl", "check-and-setup-ssl.sh");
+    const tmpDomains = path.join(logDir, "domains.txt");
+    fs.writeFileSync(tmpDomains, domainsTxt);
+    domainsFilePath = tmpDomains;
+  } else {
+    error(
+      "SSL scripts not found. Run 'n2-deploy init' first or set N2_DEPLOY_SCRIPTS_DIR."
+    );
+    process.exit(1);
+  }
+
+  appendSslLog("run", "", "ok", "start");
+
+  await new Promise<void>((resolve, reject) => {
+    const child = spawn(
+      "bash",
+      [scriptPath, "--ali-key", aliKey, "--ali-secret", aliSecret],
+      {
+        env: {
+          ...process.env,
+          Ali_Key: aliKey,
+          Ali_Secret: aliSecret,
+          DOMAINS_FILE: domainsFilePath,
+        },
+        stdio: ["inherit", "pipe", "pipe"],
+      }
+    );
+
+    const appendOut = (data: Buffer | string) => {
+      const s = data.toString();
+      process.stdout.write(s);
+      appendRaw(s.trimEnd());
+    };
+
+    child.stdout?.on("data", appendOut);
+    child.stderr?.on("data", data => {
+      const s = data.toString();
+      process.stderr.write(s);
+      appendRaw(s.trimEnd());
+    });
+
+    child.on("close", (code, signal) => {
+      if (code === 0) {
+        appendSslLog("run", "", "ok", "done");
+        info("SSL certificate setup completed.");
+        resolve();
+      } else {
+        appendSslLog("run", "", "fail", `exit ${code} ${signal ?? ""}`);
+        error(`SSL script exited with code ${code}`);
+        reject(new Error(`SSL script exited with ${code}`));
+      }
+    });
+    child.on("error", err => {
+      appendSslLog("run", "", "fail", err.message);
+      reject(err);
+    });
+  });
+}

package/src/lib/domains.ts

@@ -0,0 +1,77 @@
+/**
+ * Parse domains.yaml format (same as scripts/deploy/domains.yaml).
+ */
+
+export interface DomainsConfig {
+  api: { backend_port: number; domains: string[] };
+  admin: { domains: string[] };
+  tenant: { domains: string[] };
+  client: { domains: string[] };
+}
+
+const DEFAULT_CONFIG: DomainsConfig = {
+  api: { backend_port: 3000, domains: [] },
+  admin: { domains: [] },
+  tenant: { domains: [] },
+  client: { domains: [] },
+};
+
+export function parseDomainsYaml(content: string): DomainsConfig {
+  const result: DomainsConfig = JSON.parse(JSON.stringify(DEFAULT_CONFIG));
+  const lines = content.split(/\r?\n/);
+  let current: keyof DomainsConfig | null = null;
+  let inDomains = false;
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("#") || !trimmed) continue;
+
+    if (/^api:\s*$/.test(trimmed)) {
+      current = "api";
+      inDomains = false;
+      continue;
+    }
+    if (/^admin:\s*$/.test(trimmed)) {
+      current = "admin";
+      inDomains = false;
+      continue;
+    }
+    if (/^tenant:\s*$/.test(trimmed)) {
+      current = "tenant";
+      inDomains = false;
+      continue;
+    }
+    if (/^client:\s*$/.test(trimmed)) {
+      current = "client";
+      inDomains = false;
+      continue;
+    }
+
+    const backendPortMatch = trimmed.match(/^backend_port:\s*(\d+)\s*$/);
+    if (current === "api" && backendPortMatch) {
+      result.api.backend_port = parseInt(backendPortMatch[1], 10);
+      continue;
+    }
+    if (current && /^domains:\s*$/.test(trimmed)) {
+      inDomains = true;
+      continue;
+    }
+    const domainMatch = trimmed.match(/^-\s*(.+)$/);
+    if (current && inDomains && domainMatch) {
+      const domain = domainMatch[1].trim();
+      if (domain) result[current].domains.push(domain);
+    }
+  }
+
+  return result;
+}
+
+/** Return all domains (api + admin + tenant + client) in order. */
+export function getAllDomains(config: DomainsConfig): string[] {
+  const list: string[] = [];
+  for (const d of config.api.domains) list.push(d);
+  for (const d of config.admin.domains) list.push(d);
+  for (const d of config.tenant.domains) list.push(d);
+  for (const d of config.client.domains) list.push(d);
+  return list;
+}