Infrastructure Setup Continuation Prompt
Purpose: Copy-paste this into a new Claude Code session to continue the Solanasis infrastructure setup from where we left off.
The Prompt
We're continuing the Solanasis infrastructure setup from a previous session. Most of the work is done — we need to finish the Cloudflare tunnel setup and verify everything end-to-end.
## FIRST: Read the planning docs
Before doing ANYTHING, read these 3 files to get full context on what was already done and what remains:
1. `_solanasis/solanasis-docs/operations/infrastructure-setup-plan.md` — The master plan with completed/remaining phases
2. `_solanasis/solanasis-docs/operations/service-inventory.md` — Full inventory of all services, ports, domains, repos, GitHub secrets
3. `_solanasis/solanasis-docs/operations/credential-setup-guide.md` — How credentials are distributed and managed
## CONTEXT: What was already completed (2026-03-22)
### Phase A — Git Sync (DONE)
- Created `dzinreach/frappe_docker` repo on GitHub (private)
- Committed: compose.solanasis.yaml, build-custom-image.sh, apps.json, .env.example
- Committed 7 untracked docs in solanasis-docs
- All repos verified clean and pushed
### Phase B — ERPNext API Setup (DONE)
- Generated API key for `claude-bot@solanasis.com` via bench execute
- Token auth verified working: `curl -H "Authorization: token $ERPNEXT_API_KEY:$ERPNEXT_API_SECRET" http://localhost:8080/api/method/frappe.auth.get_logged_user` returns the user
- GitHub Secrets set on solanasis_crm, solanasis_core, solanasis-scripts (ERPNEXT_URL, ERPNEXT_API_KEY, ERPNEXT_API_SECRET)
- Created `solanasis-scripts/scripts/setup_erpnext_env.py` for credential setup on other machines
### Phase D — Baserow Self-Hosted (DONE)
- Baserow 2.1.6 deployed at `localhost:8880` with 4GB memory limit
- Config at `_solanasis/baserow/docker-compose.yml`
- Container is healthy, using ~2GB RAM
- Admin account still needs to be created via web UI (needs tunnel or Host header to access)
### Phase E — Documentation (DONE)
- 3 operations docs committed to `solanasis-docs/operations/`
## WHAT'S REMAINING: Phase C — Cloudflare Tunnel Setup
### The situation
- The EXISTING `claude-bot` tunnel (ID: 90bc3874-2505-4963-a76c-24a4505c463a) is on the `Admin@matchkeyz.com` Cloudflare account. It only has the `zasage.us` zone. It is NOT connected to solanasis.com.
- `solanasis.com` DNS is on a SEPARATE Cloudflare account (the Solanasis account). This account's API token is in GitHub Secrets on the `solanasis-site` repo as `CLOUDFLARE_API_TOKEN` and `CLOUDFLARE_ACCOUNT_ID`.
- GitHub Secrets are write-only — we can't read the token back via API.
- The existing `~/.cloudflared/cert.pem` is an Argo Tunnel Token for the Matchkeyz account, NOT Solanasis.
### What needs to happen (steps C1-C7 in the plan)
1. **C1: Authenticate with Solanasis Cloudflare account**
- Back up old cert.pem: `cp ~/.cloudflared/cert.pem ~/.cloudflared/cert.pem.matchkeyz`
- User must run `cloudflared login` interactively (opens browser, select solanasis.com zone)
- This creates a new cert.pem for the Solanasis account
2. **C2: Create new tunnel**
- `cloudflared tunnel create solanasis`
- Capture the tunnel ID from output
3. **C3: Write config.yml**
- Create `~/.cloudflared/config.yml` with ingress rules:
- `erp.solanasis.com` → `http://localhost:8080` (ERPNext)
- `baserow.solanasis.com` → `http://localhost:8880` (Baserow)
- Catch-all → `http_status:404`
4. **C4: Create DNS CNAME records**
- `cloudflared tunnel route dns solanasis erp.solanasis.com`
- `cloudflared tunnel route dns solanasis baserow.solanasis.com`
5. **C5: Update systemd service**
- Change ExecStart from `tunnel run claude-bot` to `tunnel run solanasis`
- daemon-reload + restart
6. **C6: Verify**
- `curl -s https://erp.solanasis.com/api/method/ping` should return `{"message":"pong"}`
- `curl -s https://baserow.solanasis.com/` should return Baserow UI
7. **C7 (optional): Decide what to do with old claude-bot tunnel**
- If zasage.us still needs it, create a second systemd service
- If not, delete it: `cloudflared tunnel delete claude-bot`
### Additional post-tunnel tasks
- Create Baserow admin account at https://baserow.solanasis.com once it's accessible
- Update `ERPNEXT_URL` GitHub Secret if the final URL differs from what was set
- Update cloudflared to latest version (current: 2025.7.0, latest: 2026.3.0)
- Clean up stale `~/.cloudflared/config.yml.save` (1 byte, empty artifact)
- Consider updating Baserow GitHub Secrets in solanasis-scripts to point to self-hosted instance
### If this is running on the SECOND WSL machine (not the server)
- Run `python solanasis-scripts/scripts/setup_erpnext_env.py` to configure ERPNext API access
- The tunnel steps above only apply to the server where ERPNext/Baserow are running
## APPROACH
1. Read the 3 planning docs first
2. Check current state: `docker ps`, `systemctl status cloudflared`, verify ERPNext and Baserow are still running
3. Guide me through cloudflared login (requires browser interaction)
4. Execute steps C2-C7 programmatically
5. Verify everything works end-to-end
6. Update the planning docs with completion status
7. Commit and push any changes
## KEY FILE PATHS
- ERPNext Docker: `_solanasis/frappe_docker/compose.solanasis.yaml`
- ERPNext env: `_solanasis/frappe_docker/.env`
- Baserow Docker: `_solanasis/baserow/docker-compose.yml`
- Cloudflared creds: `~/.cloudflared/`
- Systemd service: `/etc/systemd/system/cloudflared.service`
- Planning docs: `_solanasis/solanasis-docs/operations/`
- Setup script: `_solanasis/solanasis-scripts/scripts/setup_erpnext_env.py`
## GITHUB REPOS (all under dzinreach, all private except erpnext/frappe forks)
solanasis-docs, solanasis-site, solanasis-scripts, solanasis_crm, solanasis_core, frappe_docker, sage-e, erpnext, frappe, zasage-scripts