Add roadmap and deployment examples

deployments/config.prod.yaml

@@ -0,0 +1,37 @@
+# Silo Production Configuration
+# For deployment on dedicated VM using external PostgreSQL and MinIO
+#
+# Credentials are provided via environment variables:
+#   SILO_DB_PASSWORD
+#   SILO_MINIO_ACCESS_KEY
+#   SILO_MINIO_SECRET_KEY
+
+server:
+  host: "0.0.0.0"
+  port: 8080
+  base_url: "http://silo.kindred.internal:8080"
+
+database:
+  host: "psql.kindred.internal"
+  port: 5432
+  name: "silo"
+  user: "silo"
+  password: ""  # Set via SILO_DB_PASSWORD
+  sslmode: "require"
+  max_connections: 20
+
+storage:
+  endpoint: "minio.kindred.internal:9000"
+  access_key: ""  # Set via SILO_MINIO_ACCESS_KEY
+  secret_key: ""  # Set via SILO_MINIO_SECRET_KEY
+  bucket: "silo-files"
+  use_ssl: true
+  region: "us-east-1"
+
+schemas:
+  directory: "/etc/silo/schemas"
+  default: "kindred-rd"
+
+freecad:
+  uri_scheme: "silo"
+  executable: "/usr/bin/freecad"

deployments/docker-compose.prod.yaml

@@ -0,0 +1,50 @@
+# Production Docker Compose for Silo
+# Uses external PostgreSQL (psql.kindred.internal) and MinIO (minio.kindred.internal)
+#
+# Usage:
+#   export SILO_DB_PASSWORD=<your-password>
+#   export SILO_MINIO_ACCESS_KEY=<your-access-key>
+#   export SILO_MINIO_SECRET_KEY=<your-secret-key>
+#   docker compose -f docker-compose.prod.yaml up -d
+
+services:
+  silo:
+    build:
+      context: ..
+      dockerfile: build/package/Dockerfile
+    container_name: silod
+    restart: unless-stopped
+    environment:
+      # Database connection (psql.kindred.internal)
+      SILO_DB_HOST: psql.kindred.internal
+      SILO_DB_PORT: 5432
+      SILO_DB_NAME: silo
+      SILO_DB_USER: silo
+      SILO_DB_PASSWORD: ${SILO_DB_PASSWORD:?Database password required}
+      SILO_DB_SSLMODE: require
+
+      # MinIO storage (minio.kindred.internal)
+      SILO_MINIO_ENDPOINT: minio.kindred.internal:9000
+      SILO_MINIO_ACCESS_KEY: ${SILO_MINIO_ACCESS_KEY:?MinIO access key required}
+      SILO_MINIO_SECRET_KEY: ${SILO_MINIO_SECRET_KEY:?MinIO secret key required}
+      SILO_MINIO_BUCKET: silo-files
+      SILO_MINIO_USE_SSL: "true"
+
+      # Server settings
+      SILO_SERVER_BASE_URL: ${SILO_BASE_URL:-http://silo.kindred.internal:8080}
+    ports:
+      - "8080:8080"
+    volumes:
+      - ../schemas:/etc/silo/schemas:ro
+      - ./config.prod.yaml:/etc/silo/config.yaml:ro
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"

deployments/systemd/silod.env.example

@@ -0,0 +1,13 @@
+# Silo daemon environment variables
+# Copy to /etc/silo/silod.env and fill in values
+# Permissions: chmod 600 /etc/silo/silod.env
+
+# Database credentials (psql.kindred.internal)
+SILO_DB_PASSWORD=
+
+# MinIO credentials (minio.kindred.internal)
+SILO_MINIO_ACCESS_KEY=
+SILO_MINIO_SECRET_KEY=
+
+# Optional: Override server base URL
+# SILO_SERVER_BASE_URL=http://silo.kindred.internal:8080

deployments/systemd/silod.service

@@ -0,0 +1,43 @@
+[Unit]
+Description=Silo Item Database Server
+Documentation=https://github.com/kindred-systems/silo
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=silo
+Group=silo
+
+# Working directory
+WorkingDirectory=/opt/silo
+
+# Environment file for secrets
+EnvironmentFile=/etc/silo/silod.env
+
+# Main process
+ExecStart=/opt/silo/bin/silod -config /etc/silo/config.yaml
+
+# Restart policy
+Restart=on-failure
+RestartSec=5s
+
+# Security hardening
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+ReadOnlyPaths=/etc/silo
+ReadWritePaths=/var/log/silo
+
+# Resource limits
+LimitNOFILE=65535
+LimitNPROC=4096
+
+# Logging
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=silod
+
+[Install]
+WantedBy=multi-user.target