fetch_ml/scripts/testing/test-homelab-secure.sh

#!/bin/bash

# Homelab Secure Test Environment Script
set -e

echo "Starting Homelab Secure Production Environment..."

# Clean up any existing containers
echo "Cleaning up existing containers..."
docker-compose -f deployments/docker-compose.homelab-secure.yml down -v

# Create necessary directories with proper permissions
echo "Creating directories..."
mkdir -p data logs
chmod 750 data logs

# Build and start services
echo "Building and starting services..."
docker-compose -f deployments/docker-compose.homelab-secure.yml up --build -d

# Wait for services to be healthy
echo "Waiting for services to be healthy..."
sleep 20

# Check service health
echo "Checking service health..."
docker-compose -f deployments/docker-compose.homelab-secure.yml ps

# Test API server with TLS
echo "Testing API server..."
curl -k -s https://localhost:9104/health || echo "API health check failed"

# Test Redis with authentication
echo "Testing Redis with authentication..."
docker exec ml-homelab-redis redis-cli -a "HomelabRedis2024!" ping || echo "Redis health check failed"

# Test SSH connectivity with security
echo "Testing SSH connectivity..."
docker exec -u worker ml-homelab-worker ssh -o StrictHostKeyChecking=no -o Port=2222 worker@localhost "echo 'SSH OK'" || echo "SSH test failed"

# Test fail2ban status
echo "Testing fail2ban..."
docker exec ml-homelab-api fail2ban-client status sshd || echo "fail2ban check failed"

echo ""
echo "Homelab secure production environment is ready!"
echo ""
echo "Services:"
echo "  - API Server: https://localhost:9104"
echo "  - SSH: localhost:2223 (worker user)"
echo "  - Redis: localhost:6379 (with password)"
echo "  - Metrics: http://localhost:9101"
echo ""
echo "Security Features:"
echo "  ✓ Strong TLS 1.3 with modern ciphers"
echo "  ✓ SSH with fail2ban protection"
echo "  ✓ Redis with password authentication"
echo "  ✓ SQLite database with encryption"
echo "  ✓ Container security hardening"
echo "  ✓ Rate limiting and CORS protection"
echo "  ✓ Security headers and CSRF protection"
echo "  ✓ Podman sandboxed job execution"
echo "  ✓ Audit logging and monitoring"
echo ""
echo "Credentials:"
echo "  - API User: homelab_user / password"
echo "  - SSH User: worker / HomelabWorker2024!"
echo "  - Redis Password: HomelabRedis2024!"
echo ""
echo "To test with CLI:"
echo "  ./cli/zig-out/bin/ml queue homelab-secure-test"
echo "  ./cli/zig-out/bin/ml status"
echo ""
echo "To view logs:"
echo "  docker-compose -f deployments/docker-compose.homelab-secure.yml logs -f api-server"
echo "  docker-compose -f deployments/docker-compose.homelab-secure.yml logs -f worker"
echo "  docker-compose -f deployments/docker-compose.homelab-secure.yml down"
echo ""
echo "To stop:"
echo "  docker-compose -f deployments/docker-compose.homelab-secure.yml down"