# Setup VPS from scratch — DictIA

Guide complet pour deployer DictIA sur un VPS Ubuntu.
Teste sur OVH VPS avec Ubuntu 22.04/24.04.

## 1. Preparation du VPS

```bash
# Mise a jour systeme
sudo apt update && sudo apt upgrade -y

# Installer les essentiels
sudo apt install -y curl git
```

## 2. Docker

```bash
# Installer Docker (methode officielle)
curl -fsSL https://get.docker.com | sh

# Ajouter l'utilisateur au groupe docker
sudo usermod -aG docker $USER

# Se reconnecter pour appliquer le groupe
exit
# (reconnecter via SSH)

# Verifier
docker --version
docker compose version
```

## 3. Tailscale (recommande)

Tailscale fournit un VPN mesh pour acceder au VPS sans exposer de ports publics.

```bash
# Installer Tailscale
curl -fsSL https://tailscale.com/install.sh | sh

# Connecter au tailnet
sudo tailscale up

# Verifier
tailscale status
```

## 4. DictIA

```bash
# Cloner le repo
cd ~
git clone https://gitea.innova-ai.ca/Innova-AI/dictia.git
cd dictia
git checkout dictia-branding

# Lancer le setup
bash deployment/setup.sh --profile cloud
```

Le setup va:
- Generer le `.env` avec vos identifiants
- Creer les repertoires de donnees
- Builder l'image Docker
- Demarrer les containers

## 5. ASR Proxy (GCP GPU)

```bash
# Installer le proxy
bash deployment/asr-proxy/setup.sh

# Ajouter les credentials GCP
# Copier votre fichier de credentials dans:
cp ~/gcp-credentials.json deployment/asr-proxy/gcp-credentials.json

# Demarrer le service
sudo systemctl start asr-proxy
sudo systemctl status asr-proxy
```

## 6. Securite

```bash
# Docker daemon config (log rotation)
sudo cp deployment/security/docker-daemon.json /etc/docker/daemon.json
sudo systemctl restart docker

# Firewall iptables (bloque trafic non-Tailscale)
sudo bash deployment/security/iptables-rules.sh

# Service systemd pour les regles au boot
sudo cp deployment/security/docker-iptables.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable docker-iptables
```

## 7. Tailscale Serve (HTTPS)

```bash
# Expose DictIA et le dashboard ASR via Tailscale HTTPS
bash deployment/config/tailscale/setup-serve.sh

# Verifier
tailscale serve status
```

DictIA sera accessible a `https://votre-hostname.tailnet.ts.net/`.

## 8. Service systemd (auto-start)

```bash
# Adapter le chemin dans le fichier si necessaire
sudo cp deployment/config/systemd/dictia.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable dictia
```

## 9. Verification

```bash
# Health check complet
bash deployment/tools/health-check.sh

# Verifier les endpoints
curl -s http://localhost:8899/health
curl -s http://localhost:9090/health
```

## 10. Premier backup

```bash
bash deployment/tools/backup.sh
```

---

## Checklist post-installation

- [ ] DictIA repond sur :8899
- [ ] ASR Proxy repond sur :9090
- [ ] Tailscale Serve configure
- [ ] iptables: seul Tailscale peut acceder
- [ ] Docker: log rotation configuree
- [ ] Service systemd enable (auto-start au boot)
- [ ] Premier backup effectue
- [ ] Identifiants admin testes