# Tori 部署指南

## 架构

- **编译方式**: Rust musl 静态链接 (`aarch64-unknown-linux-musl`)
- **部署位置**: OCI (Oracle Cloud Infrastructure), ARM64 aarch64
- **域名**: https://tori.oci.euphon.net
- **K8s**: k3s 单节点, traefik ingress, Let's Encrypt TLS
- **镜像仓库**: registry.oci.euphon.net/tori

## 前置条件 (OCI 机器上)

```bash
# Rust 工具链 + musl target
rustup target add aarch64-unknown-linux-musl
sudo apt-get install musl-tools

# Docker, kubectl (k3s 自带)
```

## 编译

在 OCI 上原生编译，避免交叉编译的复杂性:

```bash
ssh oci
cd ~/src/tori
cargo build --release --target aarch64-unknown-linux-musl
```

产出为静态链接的 ELF binary，可直接在 alpine 容器中运行。

## 部署流程

从本地执行:

```bash
scripts/deploy.sh
```

脚本做的事:
1. rsync `config.yaml` 到 OCI (含 API key，不进 git)
2. git push + OCI 上 git pull
3. docker build (仅 COPY 预编译 binary + 前端 dist，秒级完成)
4. docker push 到 registry.oci.euphon.net
5. kubectl apply + rollout restart

## 手动部署

```bash
# 1. 同步代码和配置
rsync -az config.yaml oci:~/src/tori/
ssh oci "cd ~/src/tori && git pull"

# 2. 编译 (如有代码变更)
ssh oci "cd ~/src/tori && . ~/.cargo/env && cargo build --release --target aarch64-unknown-linux-musl"

# 3. 构建镜像
ssh oci "cd ~/src/tori && docker build -t registry.oci.euphon.net/tori:latest . && docker push registry.oci.euphon.net/tori:latest"

# 4. 部署
ssh oci "kubectl apply -f ~/src/tori/deploy/ && kubectl rollout restart deployment/tori -n tori"
```

## K8s 资源

- **Namespace**: tori
- **Deployment**: tori (1 replica, imagePullSecrets: regcred)
- **Service**: tori (ClusterIP, port 80 → 3000)
- **Ingress**: traefik, TLS via Let's Encrypt (`le` certresolver)
- **PVC**: tori-data (1Gi, local-path)

## 配置

`config.yaml` 直接 COPY 进 Docker 镜像 (不用 ConfigMap/Secret):

```yaml
llm:
  base_url: "https://router.requesty.ai/v1"
  api_key: "..."
  model: "bedrock/claude-sonnet-4-6@eu-west-1"

server:
  host: "0.0.0.0"
  port: 3000

database:
  path: "tori.db"
```

## 查看状态

```bash
ssh oci "kubectl get pods -n tori"
ssh oci "kubectl logs -n tori deploy/tori"
```