feat: add fluxer upstream source and self-hosting documentation

- Clone of github.com/fluxerapp/fluxer (official upstream)
- SELF_HOSTING.md: full VM rebuild procedure, architecture overview,
  service reference, step-by-step setup, troubleshooting, seattle reference
- dev/.env.example: all env vars with secrets redacted and generation instructions
- dev/livekit.yaml: LiveKit config template with placeholder keys
- fluxer-seattle/: existing seattle deployment setup scripts

fluxer/dev/.env.example

@@ -0,0 +1,228 @@
+NODE_ENV=production
+
+# =============================================================================
+# Domain configuration
+# Replace with your actual domain
+# =============================================================================
+FLUXER_API_PUBLIC_ENDPOINT=https://your-domain.example.com/api
+FLUXER_API_CLIENT_ENDPOINT=
+FLUXER_APP_ENDPOINT=https://your-domain.example.com
+FLUXER_GATEWAY_ENDPOINT=wss://your-domain.example.com/gateway
+FLUXER_MEDIA_ENDPOINT=https://your-domain.example.com/media
+FLUXER_CDN_ENDPOINT=https://fluxerstatic.com
+FLUXER_MARKETING_ENDPOINT=https://your-domain.example.com
+FLUXER_ADMIN_ENDPOINT=https://your-domain.example.com/admin
+FLUXER_INVITE_ENDPOINT=https://your-domain.example.com
+FLUXER_GIFT_ENDPOINT=https://your-domain.example.com
+FLUXER_API_HOST=api:8080
+
+FLUXER_API_PORT=8080
+FLUXER_GATEWAY_WS_PORT=8080
+FLUXER_GATEWAY_RPC_PORT=8081
+FLUXER_MEDIA_PROXY_PORT=8080
+FLUXER_ADMIN_PORT=8080
+FLUXER_MARKETING_PORT=8080
+
+FLUXER_PATH_GATEWAY=/gateway
+FLUXER_PATH_ADMIN=/
+FLUXER_PATH_MARKETING=/marketing
+
+API_HOST=api:8080
+FLUXER_GATEWAY_RPC_HOST=
+FLUXER_GATEWAY_PUSH_ENABLED=false
+FLUXER_GATEWAY_PUSH_USER_GUILD_SETTINGS_CACHE_MB=1024
+FLUXER_GATEWAY_PUSH_SUBSCRIPTIONS_CACHE_MB=1024
+FLUXER_GATEWAY_PUSH_BLOCKED_IDS_CACHE_MB=1024
+FLUXER_GATEWAY_IDENTIFY_RATE_LIMIT_ENABLED=false
+
+FLUXER_MEDIA_PROXY_HOST=
+MEDIA_PROXY_ENDPOINT=
+
+# =============================================================================
+# VAPID keys (Web Push notifications)
+# Generate with: npx web-push generate-vapid-keys
+# =============================================================================
+VAPID_PUBLIC_KEY=GENERATE_WITH_web-push_generate-vapid-keys
+VAPID_PRIVATE_KEY=GENERATE_WITH_web-push_generate-vapid-keys
+VAPID_EMAIL=noreply@your-domain.example.com
+
+# =============================================================================
+# Secrets
+# Generate each with: openssl rand -hex 64 (or 32 for shorter ones)
+# =============================================================================
+SECRET_KEY_BASE=GENERATE_openssl_rand_hex_64
+GATEWAY_RPC_SECRET=GENERATE_openssl_rand_hex_32
+GATEWAY_ADMIN_SECRET=GENERATE_openssl_rand_hex_32
+ERLANG_COOKIE=GENERATE_openssl_rand_hex_32
+MEDIA_PROXY_SECRET_KEY=GENERATE_openssl_rand_hex_32
+SUDO_MODE_SECRET=GENERATE_openssl_rand_hex_32
+
+# =============================================================================
+# Passkeys / WebAuthn
+# =============================================================================
+PASSKEYS_ENABLED=true
+PASSKEY_RP_NAME=Fluxer
+PASSKEY_RP_ID=your-domain.example.com
+PASSKEY_ALLOWED_ORIGINS=https://your-domain.example.com
+
+# =============================================================================
+# Admin OAuth2
+# Set after first boot — create an OAuth2 app in the Fluxer admin panel
+# =============================================================================
+ADMIN_OAUTH2_CLIENT_ID=
+ADMIN_OAUTH2_CLIENT_SECRET=
+ADMIN_OAUTH2_AUTO_CREATE=false
+ADMIN_OAUTH2_REDIRECT_URI=https://your-domain.example.com/admin/oauth2_callback
+
+RELEASE_CHANNEL=stable
+
+# =============================================================================
+# Databases
+# =============================================================================
+DATABASE_URL=postgresql://postgres:postgres@postgres:5432/fluxer
+
+REDIS_URL=redis://redis:6379
+
+CASSANDRA_HOSTS=cassandra
+CASSANDRA_KEYSPACE=fluxer
+CASSANDRA_LOCAL_DC=datacenter1
+CASSANDRA_USERNAME=cassandra
+CASSANDRA_PASSWORD=cassandra
+
+# =============================================================================
+# S3 / MinIO (object storage)
+# Defaults use local MinIO container — replace with real S3/R2 for production
+# =============================================================================
+AWS_S3_ENDPOINT=http://minio:9000
+AWS_ACCESS_KEY_ID=minioadmin
+AWS_SECRET_ACCESS_KEY=minioadmin
+
+AWS_S3_BUCKET_CDN=fluxer
+AWS_S3_BUCKET_UPLOADS=fluxer-uploads
+AWS_S3_BUCKET_DOWNLOADS=fluxer-downloads
+AWS_S3_BUCKET_REPORTS=fluxer-reports
+AWS_S3_BUCKET_HARVESTS=fluxer-harvests
+
+R2_S3_ENDPOINT=http://minio:9000
+R2_ACCESS_KEY_ID=minioadmin
+R2_SECRET_ACCESS_KEY=minioadmin
+
+# =============================================================================
+# Metrics
+# =============================================================================
+METRICS_MODE=noop
+
+CLICKHOUSE_URL=http://clickhouse:8123
+CLICKHOUSE_DATABASE=fluxer_metrics
+CLICKHOUSE_USER=fluxer
+CLICKHOUSE_PASSWORD=fluxer_dev
+
+ANOMALY_DETECTION_ENABLED=true
+ANOMALY_WINDOW_SIZE=100
+ANOMALY_ZSCORE_THRESHOLD=3.0
+ANOMALY_CHECK_INTERVAL_SECS=60
+ANOMALY_COOLDOWN_SECS=300
+ANOMALY_ERROR_RATE_THRESHOLD=0.05
+ALERT_WEBHOOK_URL=
+
+# =============================================================================
+# Email (disabled by default)
+# =============================================================================
+EMAIL_ENABLED=false
+SENDGRID_FROM_EMAIL=noreply@your-domain.example.com
+SENDGRID_FROM_NAME=Fluxer
+SENDGRID_API_KEY=
+SENDGRID_WEBHOOK_PUBLIC_KEY=
+
+# =============================================================================
+# SMS (disabled by default)
+# =============================================================================
+SMS_ENABLED=false
+TWILIO_ACCOUNT_SID=
+TWILIO_AUTH_TOKEN=
+TWILIO_VERIFY_SERVICE_SID=
+
+# =============================================================================
+# CAPTCHA (disabled by default)
+# =============================================================================
+CAPTCHA_ENABLED=false
+CAPTCHA_PRIMARY_PROVIDER=none
+HCAPTCHA_SITE_KEY=
+HCAPTCHA_PUBLIC_SITE_KEY=
+HCAPTCHA_SECRET_KEY=
+TURNSTILE_SITE_KEY=
+TURNSTILE_PUBLIC_SITE_KEY=
+TURNSTILE_SECRET_KEY=
+
+# =============================================================================
+# Search (meilisearch)
+# =============================================================================
+SEARCH_ENABLED=true
+MEILISEARCH_URL=http://meilisearch:7700
+MEILISEARCH_API_KEY=masterKey
+
+# =============================================================================
+# Stripe / payments (disabled by default)
+# =============================================================================
+STRIPE_ENABLED=false
+STRIPE_SECRET_KEY=
+STRIPE_WEBHOOK_SECRET=
+STRIPE_PRICE_ID_MONTHLY_USD=
+STRIPE_PRICE_ID_MONTHLY_EUR=
+STRIPE_PRICE_ID_YEARLY_USD=
+STRIPE_PRICE_ID_YEARLY_EUR=
+STRIPE_PRICE_ID_VISIONARY_USD=
+STRIPE_PRICE_ID_VISIONARY_EUR=
+STRIPE_PRICE_ID_GIFT_VISIONARY_USD=
+STRIPE_PRICE_ID_GIFT_VISIONARY_EUR=
+STRIPE_PRICE_ID_GIFT_1_MONTH_USD=
+STRIPE_PRICE_ID_GIFT_1_MONTH_EUR=
+STRIPE_PRICE_ID_GIFT_1_YEAR_USD=
+STRIPE_PRICE_ID_GIFT_1_YEAR_EUR=
+
+# =============================================================================
+# Cloudflare (tunnel + optional purge)
+# =============================================================================
+CLOUDFLARE_PURGE_ENABLED=false
+CLOUDFLARE_ZONE_ID=
+CLOUDFLARE_API_TOKEN=
+# Get from Cloudflare Zero Trust → Networks → Tunnels → your tunnel → token
+CLOUDFLARE_TUNNEL_TOKEN=YOUR_CLOUDFLARE_TUNNEL_TOKEN
+
+# =============================================================================
+# Voice & Video (LiveKit)
+# Generate: LIVEKIT_API_KEY with openssl rand -hex 16
+#           LIVEKIT_API_SECRET with openssl rand -hex 32
+# Must match keys in dev/livekit.yaml
+# =============================================================================
+VOICE_ENABLED=true
+LIVEKIT_API_KEY=GENERATE_openssl_rand_hex_16
+LIVEKIT_API_SECRET=GENERATE_openssl_rand_hex_32
+LIVEKIT_WEBHOOK_URL=http://api:8080/webhooks/livekit
+LIVEKIT_AUTO_CREATE_DUMMY_DATA=true
+
+# =============================================================================
+# ClamAV (virus scanning)
+# Can be disabled — api/worker don't depend on it
+# =============================================================================
+CLAMAV_ENABLED=false
+CLAMAV_HOST=clamav
+CLAMAV_PORT=3310
+
+# =============================================================================
+# Third-party integrations (optional)
+# =============================================================================
+TENOR_API_KEY=
+YOUTUBE_API_KEY=
+
+# =============================================================================
+# Self-hosting config
+# =============================================================================
+SELF_HOSTED=true
+# Invite code to auto-join a community on registration (leave blank to disable)
+AUTO_JOIN_INVITE_CODE=
+FLUXER_VISIONARIES_GUILD_ID=
+FLUXER_OPERATORS_GUILD_ID=
+
+GIT_SHA=production
+BUILD_TIMESTAMP=

fluxer/dev/Caddyfile.dev

@@ -0,0 +1,51 @@
+{
+	auto_https off
+	admin off
+}
+
+:48763 {
+	handle /_caddy_health {
+		respond "OK" 200
+	}
+
+	@gateway path /gateway /gateway/*
+	handle @gateway {
+		uri strip_prefix /gateway
+		reverse_proxy 127.0.0.1:49107
+	}
+
+	@marketing path /marketing /marketing/*
+	handle @marketing {
+		uri strip_prefix /marketing
+		reverse_proxy 127.0.0.1:49531
+	}
+
+	@server path /admin /admin/* /api /api/* /s3 /s3/* /queue /queue/* /media /media/* /_health /_ready /_live /.well-known/fluxer
+	handle @server {
+		reverse_proxy 127.0.0.1:49319
+	}
+
+	@livekit path /livekit /livekit/*
+	handle @livekit {
+		uri strip_prefix /livekit
+		reverse_proxy 127.0.0.1:7880
+	}
+
+	redir /mailpit /mailpit/
+	handle_path /mailpit/* {
+		rewrite * /mailpit{path}
+		reverse_proxy 127.0.0.1:49667
+	}
+
+	handle {
+		reverse_proxy 127.0.0.1:49427 {
+			header_up Connection {http.request.header.Connection}
+			header_up Upgrade {http.request.header.Upgrade}
+		}
+	}
+
+	log {
+		output stdout
+		format console
+	}
+}

fluxer/dev/livekit.template.yaml

@@ -0,0 +1,28 @@
+port: 7880
+
+keys:
+  '{{API_KEY}}': '{{API_SECRET}}'
+
+rtc:
+  tcp_port: 7881
+  port_range_start: 50000
+  port_range_end: 50100
+  use_external_ip: false
+  node_ip: {{NODE_IP}}
+
+turn:
+  enabled: true
+  domain: {{TURN_DOMAIN}}
+  udp_port: 3478
+
+webhook:
+  api_key: '{{API_KEY}}'
+  urls:
+    - '{{WEBHOOK_URL}}'
+
+room:
+  auto_create: true
+  max_participants: 100
+  empty_timeout: 300
+
+development: true