@powerhousedao/ph-cli 0.41.2 → 2.5.0-dev.0

package/dist/scripts/setup-environment

@@ -0,0 +1,380 @@
+#!/usr/bin/env bash
+
+# =============================================================================
+# Configuration
+# =============================================================================
+TARGET_TAG=${1:-"latest"}
+PROJECT_NAME=${2:-"global"}
+
+# =============================================================================
+# OS Detection and Windows Handling
+# =============================================================================
+if [[ "$OSTYPE" == "msys" || "$OSTYPE" == "win32" ]]; then
+    if [ -f "$0.ps1" ]; then
+        powershell -ExecutionPolicy Bypass -File "$0.ps1" -TARGET_TAG "$TARGET_TAG"
+    else
+        echo "Error: Windows setup script (setup-environment.ps1) not found"
+        exit 1
+    fi
+else
+    # =============================================================================
+    # Package Installation
+    # =============================================================================
+    sudo apt install -y postgresql postgresql-contrib nginx
+
+    # =============================================================================
+    # Interactive Package Installation
+    # =============================================================================
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  Package Installation"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    while true; do
+        read -p "Enter package name to install (or press Enter to skip): " package_name
+        if [ -z "$package_name" ]; then
+            break
+        fi
+        ph install "$package_name"
+    done
+
+    # =============================================================================
+    # Connect Build
+    # =============================================================================
+    ph connect build
+    cp -r .ph/connect-build/dist /var/www/html/$PROJECT_NAME
+
+    # =============================================================================
+    # Database Configuration
+    # =============================================================================
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  Database Configuration"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "Choose database type:"
+    echo "1) Local PostgreSQL database"
+    echo "2) Remote PostgreSQL database"
+    read -p "Enter your choice (1 or 2): " db_choice
+
+    if [ "$db_choice" = "1" ]; then
+        echo "Setting up local PostgreSQL database..."
+        
+        # Generate database credentials
+        DB_PASSWORD="powerhouse"
+        DB_USER="powerhouse"
+        # Convert to lowercase, replace dots with underscores, replace special chars with underscore, ensure starts with letter
+        DB_NAME="powerhouse_$(echo "${PROJECT_NAME}" | tr '[:upper:]' '[:lower:]' | sed 's/\./_/g' | sed 's/[^a-z0-9]/_/g' | sed 's/^[^a-z]/p_/' | cut -c1-63)"
+        
+        # Check if database already exists
+        if sudo -u postgres psql -lqt | cut -d \| -f 1 | grep -qw $DB_NAME; then
+            echo "Database $DB_NAME already exists"
+            read -p "Do you want to recreate it? (y/n): " recreate_db
+            if [ "$recreate_db" = "y" ]; then
+                sudo -u postgres psql -c "DROP DATABASE $DB_NAME;"
+            else
+                echo "Using existing database"
+            fi
+        fi
+        
+        # Create database and user if they don't exist
+        sudo -u postgres psql << EOF
+DO
+\$do\$
+BEGIN
+   IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$DB_USER') THEN
+      CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';
+   END IF;
+END
+\$do\$;
+
+CREATE DATABASE $DB_NAME OWNER $DB_USER;
+GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;
+EOF
+        
+        # Configure PostgreSQL
+        sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = 'localhost'/" /etc/postgresql/*/main/postgresql.conf
+        
+        # Set DATABASE_URL for local database
+        DATABASE_URL="postgresql://$DB_USER:$DB_PASSWORD@localhost:5432/$DB_NAME"
+        
+        echo "Local database configured successfully!"
+        echo "Database URL: $DATABASE_URL"
+        echo "Please save these credentials securely!"
+    else
+        echo "Enter remote PostgreSQL URL (format: postgresql://user:password@host:port/db)"
+        echo "Example: postgresql://powerhouse:password@db.example.com:5432/powerhouse"
+        read -p "DATABASE_URL: " DATABASE_URL
+    fi
+
+    # Save DATABASE_URL to .env file
+    echo "DATABASE_URL=$DATABASE_URL" | sudo tee -a .env
+
+    # =============================================================================
+    # SSL Configuration
+    # =============================================================================
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  SSL Configuration"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "Choose SSL configuration:"
+    echo "1) Let's Encrypt certificates for domains"
+    echo "2) Self-signed certificate for machine hostname"
+    read -p "Enter your choice (1 or 2): " ssl_choice
+
+    if [ "$ssl_choice" = "1" ]; then
+        # Install certbot
+        sudo apt install -y certbot python3-certbot-nginx
+        
+        # =============================================================================
+        # Domain Setup
+        # =============================================================================
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        echo "  Domain Setup"
+        echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+        read -p "Enter Connect domain (e.g. connect.google.com): " connect_domain
+        read -p "Enter Switchboard domain (e.g. switchboard.google.com): " switchboard_domain
+
+        echo "Using domains:"
+        echo "Connect: $connect_domain"
+        echo "Switchboard: $switchboard_domain"
+
+        # Generate temporary SSL certificates
+        echo "Generating temporary SSL certificates..."
+        sudo mkdir -p /etc/nginx/ssl
+        sudo openssl req -x509 -nodes -days 1 -newkey rsa:2048 \
+            -keyout /etc/nginx/ssl/temp.key \
+            -out /etc/nginx/ssl/temp.crt \
+            -subj "/CN=$connect_domain" \
+            -addext "subjectAltName = DNS:$connect_domain,DNS:$switchboard_domain"
+
+        # Check if Nginx configuration already exists
+        if [ -f "/etc/nginx/sites-available/$PROJECT_NAME" ]; then
+            echo "Nginx configuration for $PROJECT_NAME already exists"
+            read -p "Do you want to overwrite it? (y/n): " overwrite_nginx
+            if [ "$overwrite_nginx" != "y" ]; then
+                echo "Keeping existing Nginx configuration"
+            else
+                # Create Nginx configuration for domains
+                echo "Creating Nginx configuration..."
+                sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+    listen 80;
+    server_name $connect_domain $switchboard_domain;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $connect_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    if (\$http_x_forwarded_proto = "http") {
+        return 301 https://\$server_name\$request_uri;
+    }
+    
+    location / {
+        root $PWD/.ph/connect-build/dist;
+        try_files \$uri \$uri/ /index.html;
+        add_header Cache-Control "no-cache";
+        add_header X-Forwarded-Proto \$scheme;
+        add_header X-Forwarded-Host \$host;
+        add_header X-Forwarded-Port \$server_port;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $switchboard_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    location / {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+            fi
+        else
+            # Create Nginx configuration for domains
+            echo "Creating Nginx configuration..."
+            sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+    listen 80;
+    server_name $connect_domain $switchboard_domain;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $connect_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    if (\$http_x_forwarded_proto = "http") {
+        return 301 https://\$server_name\$request_uri;
+    }
+    
+    location / {
+        root /var/www/html/$PROJECT_NAME;
+        try_files \$uri \$uri/ /index.html;
+        add_header Cache-Control "no-cache";
+        add_header X-Forwarded-Proto \$scheme;
+        add_header X-Forwarded-Host \$host;
+        add_header X-Forwarded-Port \$server_port;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $switchboard_domain;
+    
+    ssl_certificate /etc/nginx/ssl/temp.crt;
+    ssl_certificate_key /etc/nginx/ssl/temp.key;
+    
+    location / {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+        fi
+
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+
+        # Test Nginx configuration
+        sudo nginx -t
+
+        # Obtain SSL certificates
+        echo "Obtaining SSL certificates..."
+        sudo certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email admin@$connect_domain
+
+        # Remove temporary certificates
+        sudo rm -f /etc/nginx/ssl/temp.*
+
+    else
+        # Get machine hostname
+        hostname=$(hostname)
+        
+        # Generate self-signed certificate
+        echo "Generating self-signed certificate for $hostname..."
+        sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+            -keyout /etc/ssl/private/$hostname.key \
+            -out /etc/ssl/certs/$hostname.crt \
+            -subj "/CN=$hostname" \
+            -addext "subjectAltName = DNS:$hostname"
+
+        # Create Nginx configuration for self-signed
+        echo "Creating Nginx configuration..."
+        sudo tee /etc/nginx/sites-available/$PROJECT_NAME > /dev/null << EOF
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+    listen 80;
+    server_name $hostname;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $hostname;
+    
+    ssl_certificate /etc/ssl/certs/$hostname.crt;
+    ssl_certificate_key /etc/ssl/private/$hostname.key;
+    
+    location /connect {
+        proxy_pass http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+
+    location /switchboard {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+    }
+}
+EOF
+
+        # Enable the site
+        sudo ln -sf /etc/nginx/sites-available/$PROJECT_NAME /etc/nginx/sites-enabled/
+        sudo rm -f /etc/nginx/sites-enabled/default
+
+        # Test Nginx configuration
+        sudo nginx -t
+    fi
+
+    # =============================================================================
+    # Database Schema Setup
+    # =============================================================================
+    pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma
+
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  Environment setup complete!"
+    echo "  Use 'ph service start' to start services"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+fi 

package/dist/scripts/setup-environment.ps1

@@ -0,0 +1,313 @@
+# PowerShell script for setting up Powerhouse environment on Windows
+param(
+    [string]$TARGET_TAG = "latest"
+)
+
+# Function to check if running as administrator
+function Test-Administrator {
+    $user = [Security.Principal.WindowsIdentity]::GetCurrent()
+    $principal = New-Object Security.Principal.WindowsPrincipal $user
+    $principal.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
+}
+
+# Check if running as administrator
+if (-not (Test-Administrator)) {
+    Write-Host "Please run this script as Administrator" -ForegroundColor Red
+    exit 1
+}
+
+# Install required packages using winget
+Write-Host "Installing required packages..."
+winget install -e --id PostgreSQL.PostgreSQL
+winget install -e --id NGINX.NGINX
+
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+Write-Host "  Setting up global project"
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+# Create installation directory if it doesn't exist
+$installPath = "C:\www"
+if (-not (Test-Path $installPath)) {
+    New-Item -ItemType Directory -Path $installPath
+}
+Set-Location $installPath
+
+# Initialize Powerhouse project
+ph init powerhouse --$TARGET_TAG
+Set-Location powerhouse
+
+# Interactive package installation loop
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+Write-Host "  Package Installation"
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+while ($true) {
+    $package_name = Read-Host "Enter package name to install (or press Enter to skip)"
+    if ([string]::IsNullOrEmpty($package_name)) {
+        break
+    }
+    ph install $package_name
+}
+
+# Build Connect
+ph connect build
+
+# Database Configuration
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+Write-Host "  Database Configuration"
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+Write-Host "Choose database type:"
+Write-Host "1) Local PostgreSQL database"
+Write-Host "2) Remote PostgreSQL database"
+$db_choice = Read-Host "Enter your choice (1 or 2)"
+
+if ($db_choice -eq "1") {
+    Write-Host "Setting up local PostgreSQL database..."
+    
+    # Generate database credentials
+    $DB_PASSWORD = "powerhouse"
+    $DB_USER = "powerhouse"
+    $DB_NAME = "powerhouse"
+    
+    # Create database and user using psql
+    $env:PGPASSWORD = "postgres"  # Default PostgreSQL password
+    psql -U postgres -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASSWORD';"
+    psql -U postgres -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
+    psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
+    
+    # Set DATABASE_URL for local database
+    $DATABASE_URL = "postgresql://$DB_USER`:$DB_PASSWORD@localhost:5432/$DB_NAME"
+    
+    Write-Host "Local database configured successfully!"
+    Write-Host "Database URL: $DATABASE_URL"
+    Write-Host "Please save these credentials securely!"
+} else {
+    Write-Host "Enter remote PostgreSQL URL (format: postgresql://user:password@host:port/db)"
+    Write-Host "Example: postgresql://powerhouse:password@db.example.com:5432/powerhouse"
+    $DATABASE_URL = Read-Host "DATABASE_URL"
+}
+
+# Save DATABASE_URL to .env file
+Add-Content -Path "$installPath\powerhouse\.env" -Value "DATABASE_URL=$DATABASE_URL"
+
+# SSL Configuration choice
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+Write-Host "  SSL Configuration"
+Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+Write-Host "Choose SSL configuration:"
+Write-Host "1) Let's Encrypt certificates for domains"
+Write-Host "2) Self-signed certificate for machine hostname"
+$ssl_choice = Read-Host "Enter your choice (1 or 2)"
+
+if ($ssl_choice -eq "1") {
+    # Install certbot for Let's Encrypt
+    winget install -e --id Certbot.Certbot
+    
+    # Domain setup
+    Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    Write-Host "  Domain Setup"
+    Write-Host "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    $base_domain = Read-Host "Enter base domain (e.g. powerhouse.xyz)"
+    $connect_subdomain = Read-Host "Enter subdomain for Connect service (default: connect)"
+    $switchboard_subdomain = Read-Host "Enter subdomain for Switchboard service (default: switchboard)"
+
+    # Set default subdomains if not provided
+    if ([string]::IsNullOrEmpty($connect_subdomain)) { $connect_subdomain = "connect" }
+    if ([string]::IsNullOrEmpty($switchboard_subdomain)) { $switchboard_subdomain = "switchboard" }
+
+    # Construct full domains
+    $connect_domain = "$connect_subdomain.$base_domain"
+    $switchboard_domain = "$switchboard_subdomain.$base_domain"
+
+    Write-Host "Using domains:"
+    Write-Host "Connect: $connect_domain"
+    Write-Host "Switchboard: $switchboard_domain"
+
+    # Generate temporary SSL certificates
+    Write-Host "Generating temporary SSL certificates..."
+    $sslPath = "C:\nginx\ssl"
+    if (-not (Test-Path $sslPath)) {
+        New-Item -ItemType Directory -Path $sslPath
+    }
+
+    # Create Nginx configuration for domains
+    $nginxConfig = @"
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+    listen 80;
+    server_name $connect_domain $switchboard_domain;
+    return 301 https://`$host`$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $connect_domain;
+    
+    ssl_certificate $sslPath\temp.crt;
+    ssl_certificate_key $sslPath\temp.key;
+    
+    # SSL configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    if (`$http_x_forwarded_proto = "http") {
+      return 301 https://`$server_name`$request_uri;
+    }
+    
+    location / {
+        root C:/www/powerhouse/.ph/connect-build/dist;
+        try_files `$uri `$uri/ /index.html;
+        add_header Cache-Control "no-cache";
+        add_header X-Forwarded-Proto `$scheme;
+        add_header X-Forwarded-Host `$host;
+        add_header X-Forwarded-Port `$server_port;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $switchboard_domain;
+    
+    ssl_certificate $sslPath\temp.crt;
+    ssl_certificate_key $sslPath\temp.key;
+    
+    location / {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade `$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host `$host;
+        proxy_cache_bypass `$http_upgrade;
+        proxy_set_header X-Real-IP `$remote_addr;
+        proxy_set_header X-Forwarded-For `$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto `$scheme;
+    }
+}
+"@
+
+    # Save Nginx configuration
+    $nginxConfig | Out-File -FilePath "C:\nginx\conf\sites-available\powerhouse.conf" -Encoding UTF8
+
+    # Create symbolic link to enable the site
+    if (-not (Test-Path "C:\nginx\conf\sites-enabled")) {
+        New-Item -ItemType Directory -Path "C:\nginx\conf\sites-enabled"
+    }
+    New-Item -ItemType SymbolicLink -Path "C:\nginx\conf\sites-enabled\powerhouse.conf" -Target "C:\nginx\conf\sites-available\powerhouse.conf" -Force
+
+    # Test Nginx configuration
+    nginx -t
+
+    # Restart Nginx
+    Stop-Service nginx
+    Start-Service nginx
+
+    # Obtain SSL certificates
+    Write-Host "Obtaining SSL certificates..."
+    certbot --nginx -d $connect_domain -d $switchboard_domain --non-interactive --agree-tos --email "admin@$base_domain"
+
+} else {
+    # Get machine hostname
+    $hostname = [System.Net.Dns]::GetHostName()
+    
+    # Generate self-signed certificate
+    Write-Host "Generating self-signed certificate for $hostname..."
+    $sslPath = "C:\nginx\ssl"
+    if (-not (Test-Path $sslPath)) {
+        New-Item -ItemType Directory -Path $sslPath
+    }
+
+    # Create Nginx configuration for self-signed
+    $nginxConfig = @"
+# Security headers
+add_header Strict-Transport-Security "max-age=63072000" always;
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+server {
+    listen 80;
+    server_name $hostname;
+    return 301 https://`$host`$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name $hostname;
+    
+    ssl_certificate $sslPath\$hostname.crt;
+    ssl_certificate_key $sslPath\$hostname.key;
+    
+    location /connect {
+        proxy_pass http://localhost:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade `$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host `$host;
+        proxy_cache_bypass `$http_upgrade;
+        proxy_set_header X-Real-IP `$remote_addr;
+        proxy_set_header X-Forwarded-For `$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto `$scheme;
+    }
+
+    location /switchboard {
+        proxy_pass http://localhost:4001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade `$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host `$host;
+        proxy_cache_bypass `$http_upgrade;
+        proxy_set_header X-Real-IP `$remote_addr;
+        proxy_set_header X-Forwarded-For `$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto `$scheme;
+    }
+}
+"@
+
+    # Save Nginx configuration
+    $nginxConfig | Out-File -FilePath "C:\nginx\conf\sites-available\powerhouse.conf" -Encoding UTF8
+
+    # Create symbolic link to enable the site
+    if (-not (Test-Path "C:\nginx\conf\sites-enabled")) {
+        New-Item -ItemType Directory -Path "C:\nginx\conf\sites-enabled"
+    }
+    New-Item -ItemType SymbolicLink -Path "C:\nginx\conf\sites-enabled\powerhouse.conf" -Target "C:\nginx\conf\sites-available\powerhouse.conf" -Force
+
+    # Test Nginx configuration
+    nginx -t
+
+    # Restart Nginx
+    Stop-Service nginx
+    Start-Service nginx
+}
+
+# Install PM2 globally if not already installed
+if (-not (Get-Command pm2 -ErrorAction SilentlyContinue)) {
+    pnpm install -g pm2
+}
+
+# Run database migrations
+pnpm prisma db push --schema node_modules/document-drive/dist/prisma/schema.prisma
+
+# Start services with PM2
+Write-Host "Starting services with PM2..."
+if ($ssl_choice -eq "2") {
+    # Self-signed certificate - use base paths
+    pm2 start pnpm switchboard --name "switchboard" -- --base-path /switchboard
+} else {
+    # Let's Encrypt - no base paths needed
+    pm2 start "pnpm switchboard" --name "switchboard"
+}
+
+# Save PM2 process list and setup startup script
+pm2 save
+pm2 startup