improve install process/documentation

Dockerfile.console

@@ -19,20 +19,11 @@ COPY protogen/ protogen/
 RUN CGO_ENABLED=0 GOOS=linux GOFLAGS="-ldflags=-s -ldflags=-w" go build -o console ./cmd/console/
 
 # Runtime stage
-FROM debian:bookworm-slim
-
-ENV TZ=Europe/Zurich
-
-# Add ca-certificates and basic tools needed for interactive console
-RUN apt-get update && apt-get install --no-install-recommends -y \
-    ca-certificates \
-    jq \
-    readline-common \
-    && rm -rf /var/lib/apt/lists/*
+FROM alpine:latest
 
 # Create user and group
-RUN groupadd dop && \
-    useradd -r --uid 1001 -g dop dop
+RUN addgroup -g 1001 dop && \
+    adduser -D -u 1001 -G dop dop
 
 # Set working directory
 RUN mkdir -p /app
@@ -44,8 +35,8 @@ COPY .env.${MINEXUS_ENV} ./.env.${MINEXUS_ENV}
 # Copy the binary from builder
 COPY --from=builder /app/console /app/console
 
-# Create entrypoint script
-RUN echo '#!/bin/sh\n/app/console' > /app/docker-entrypoint.sh && \
+# Create entrypoint script (use printf for proper newlines)
+RUN printf '#!/bin/sh\nexec /app/console\n' > /app/docker-entrypoint.sh && \
     chmod +x /app/docker-entrypoint.sh
 
 # Set ownership for Kubernetes compatibility

Dockerfile.minion

@@ -19,19 +19,11 @@ COPY protogen/ protogen/
 RUN CGO_ENABLED=0 GOOS=linux GOFLAGS="-ldflags=-s -ldflags=-w" go build -o minion ./cmd/minion/
 
 # Runtime stage
-FROM debian:bookworm-slim
-
-ENV TZ=Europe/Zurich
-
-# Add ca-certificates and basic tools
-RUN apt-get update && apt-get install --no-install-recommends -y \
-    ca-certificates \
-    jq \
-    && rm -rf /var/lib/apt/lists/*
+FROM alpine:latest
 
 # Create user and group
-RUN groupadd dop && \
-    useradd -r --uid 1001 -g dop dop
+RUN addgroup -g 1001 dop && \
+    adduser -D -u 1001 -G dop dop
 
 # Set working directory
 RUN mkdir -p /app
@@ -43,8 +35,8 @@ COPY .env.${MINEXUS_ENV} ./.env.${MINEXUS_ENV}
 # Copy the binary from builder
 COPY --from=builder /app/minion /app/minion
 
-# Create entrypoint script
-RUN echo '#!/bin/sh\n/app/minion' > /app/docker-entrypoint.sh && \
+# Create entrypoint script (use printf for proper newlines)
+RUN printf '#!/bin/sh\nexec /app/minion\n' > /app/docker-entrypoint.sh && \
     chmod +x /app/docker-entrypoint.sh
 
 # Set ownership for Kubernetes compatibility

Dockerfile.nexus

@@ -19,20 +19,11 @@ COPY protogen/ protogen/
 RUN CGO_ENABLED=0 GOOS=linux GOFLAGS="-ldflags=-s -ldflags=-w" go build -o nexus ./cmd/nexus/
 
 # Runtime stage
-FROM debian:bookworm-slim
+FROM alpine:latest
 
-ENV TZ=Europe/Zurich
-
-# Add ca-certificates and basic tools
-RUN apt-get update && apt-get install --no-install-recommends -y \
-    netcat-traditional \
-    ca-certificates \
-    jq \
-    && rm -rf /var/lib/apt/lists/*
-
-# Create user and group
-RUN groupadd dop && \
-    useradd -r --uid 1001 -g dop dop
+# Create user and group (use -G for group assignment in Alpine)
+RUN addgroup -g 1001 dop && \
+    adduser -D -u 1001 -G dop dop
 
 # Set working directory
 RUN mkdir -p /app
@@ -45,10 +36,10 @@ COPY .env.${MINEXUS_ENV} ./.env.${MINEXUS_ENV}
 COPY --from=builder /app/nexus /app/nexus
 
 # Copy webroot directory for web server assets
-COPY webroot/ /app/webroot/
+COPY internal/web/webroot/ /app/webroot/
 
-# Create entrypoint script
-RUN echo '#!/bin/sh\n/app/nexus' > /app/docker-entrypoint.sh && \
+# Create entrypoint script (use printf for proper newlines)
+RUN printf '#!/bin/sh\nexec /app/nexus\n' > /app/docker-entrypoint.sh && \
     chmod +x /app/docker-entrypoint.sh
 
 # Set ownership for Kubernetes compatibility

Makefile

@@ -99,26 +99,29 @@ build-test:
 ## compose-build: Build Docker images for specified environment (default: test)
 compose-build:
 	@export MINEXUS_ENV=$${MINEXUS_ENV:-test}; \
-	set -a; . ./.env.$$MINEXUS_ENV; set +a; \
 	echo "Building Docker images for $$MINEXUS_ENV environment..."; \
 	[ "$$MINEXUS_ENV" = "prod" ] && $(MAKE) certs-prod || true; \
-	docker compose build
+	docker compose --env-file .env.$$MINEXUS_ENV build
 
 ## compose-run: Run application in specified environment (default: test)
 compose-run:
 	@export MINEXUS_ENV=$${MINEXUS_ENV:-test}; \
-	set -a; . ./.env.$$MINEXUS_ENV; set +a; \
 	echo "Starting application in $$MINEXUS_ENV mode..."; \
 	$(MAKE) compose-stop; \
 	$(MAKE) compose-build; \
-	docker compose up -d
+	docker compose --env-file .env.$$MINEXUS_ENV up -d
 
 ## compose-stop: Stop services for specified environment (default: test)
 compose-stop:
 	@export MINEXUS_ENV=$${MINEXUS_ENV:-test}; \
-	set -a; . ./.env.$$MINEXUS_ENV; set +a; \
 	echo "Stopping $$MINEXUS_ENV environment..."; \
-	docker compose down --remove-orphans
+	docker compose --env-file .env.$$MINEXUS_ENV down --remove-orphans
+
+## compose-up: Start services without rebuilding for specified environment (default: test)
+compose-up:
+	@export MINEXUS_ENV=$${MINEXUS_ENV:-test}; \
+	echo "Starting $$MINEXUS_ENV environment without rebuild..."; \
+	docker compose --env-file .env.$$MINEXUS_ENV up
 
 ## certs-clean: remove copied certificates from root certs directory
 certs-clean:
@@ -258,9 +261,8 @@ local: compose-run
 ## logs-docker: Follow logs for specified environment (default: test)
 logs-docker:
 	@export MINEXUS_ENV=$${MINEXUS_ENV:-test}; \
-	set -a; . ./.env.$$MINEXUS_ENV; set +a; \
 	echo "Following logs for $$MINEXUS_ENV environment..."; \
-	docker compose logs -f
+	docker compose --env-file .env.$$MINEXUS_ENV logs -f
 
 ## minion: build minion client (production environment)
 minion:

README.md

@@ -66,17 +66,46 @@ So I decided to make this agent (minion) the server (nexus) and start by impleme
 
 ## Quick Start
 
-create an .env.prod file
-```cp env.sample .env.prod```
+### 1. Setup Nexus Server
+
+Create an .env.prod file:
+```bash
+cp env.sample .env.prod
+```
 
 Modify the .env.prod (DON'T KEEP the default password unchanged...)
 
-Then launch the nexus
-```MINEXUS_ENV=prod make compose-run```
+Then launch the nexus:
+```bash
+MINEXUS_ENV=prod make compose-run
+```
+
+### 2. Install Minion Clients
+
+Once Nexus is running, visit the web dashboard at `http://yournexus.address.com:8086` to see quick installation commands with copy buttons.
+
+Alternatively, use these commands directly:
+
+**Linux/macOS:**
+```bash
+curl -sSL http://yournexus.address.com:8086/install_minion.sh | sh
+```
+
+**Windows PowerShell:**
+```powershell
+iwr -useb http://yournexus.address.com:8086/download/minion/windows-amd64.exe -OutFile minion.exe; .\minion.exe
+```
+
+**Options:**
+- For systemd installation on Linux: `curl -sSL http://yournexus.address.com:8086/install_minion.sh | sh -s -- --systemd`
+- For Windows with custom environment variables:
+  ```powershell
+  $env:NEXUS_SERVER="yournexus.address.com"
+  $env:NEXUS_MINION_PORT="11972"
+  .\minion.exe
+  ```
 
-From now on the hosts where you want to install minion, just
-```curl http://yournexus.address.com:8086/install_minion.sh | sh```
-This will download and run the right minion for your OS/ARCH
+The installation script automatically detects your OS and architecture, downloading the appropriate minion binary.
 
 ## Project Structure
 

docker-compose.yml

@@ -24,13 +24,13 @@ services:
       - default
 
   # Nexus server - depends on database being healthy
-  nexus_server:
+  nexus:
     build:
       context: .
       dockerfile: Dockerfile.nexus
       args:
         MINEXUS_ENV: ${MINEXUS_ENV:-test}
-    container_name: nexus_server
+    container_name: nexus
     env_file:
       - .env.${MINEXUS_ENV:-test}
     restart: always
@@ -55,8 +55,8 @@ services:
     networks:
       - default
     healthcheck:
-      #test: ["CMD-SHELL", "nc -z nexus_server ${NEXUS_MINION_PORT:-11972} && nc -z nexus_server ${NEXUS_CONSOLE_PORT:-11973} && nc -z nexus_server ${NEXUS_WEB_PORT:-8086} && echo 'All three ports accessible' || exit 1"]
-      test: ["CMD-SHELL", "nc -z nexus_server ${NEXUS_MINION_PORT:-11972} && nc -z nexus_server ${NEXUS_CONSOLE_PORT:-11973} && echo 'All three ports accessible' || exit 1"]
+      #test: ["CMD-SHELL", "nc -z nexus ${NEXUS_MINION_PORT:-11972} && nc -z nexus ${NEXUS_CONSOLE_PORT:-11973} && nc -z nexus ${NEXUS_WEB_PORT:-8086} && echo 'All three ports accessible' || exit 1"]
+      test: ["CMD-SHELL", "nc -z nexus ${NEXUS_MINION_PORT:-11972} && nc -z nexus ${NEXUS_CONSOLE_PORT:-11973} && echo 'All three ports accessible' || exit 1"]
       interval: 3s
       timeout: 5s
       retries: 10
@@ -77,14 +77,14 @@ services:
       - MINEXUS_ENV=${MINEXUS_ENV:-test}
       - DEBUG=true
       - MINION_ID=${MINION_ID:-docker-minion}
-      - NEXUS_SERVER=nexus_server
+      - NEXUS_SERVER=nexus
       - NEXUS_MINION_PORT=${NEXUS_MINION_PORT:-11972}
       - HEARTBEAT_INTERVAL=${HEARTBEAT_INTERVAL:-60}
       - INITIAL_RECONNECT_DELAY=${INITIAL_RECONNECT_DELAY:-1}
       - MAX_RECONNECT_DELAY=${MAX_RECONNECT_DELAY:-3600}
       - CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-3}
     depends_on:
-      nexus_server:
+      nexus:
         condition: service_healthy
     networks:
       - default
@@ -102,11 +102,11 @@ services:
     environment:
       - MINEXUS_ENV=${MINEXUS_ENV:-test}
       - DEBUG=${DEBUG:-false}
-      - NEXUS_SERVER=nexus_server
+      - NEXUS_SERVER=nexus
       - NEXUS_CONSOLE_PORT=${NEXUS_CONSOLE_PORT:-11973}
       - CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-3}
     depends_on:
-      nexus_server:
+      nexus:
         condition: service_healthy
     networks:
       - default

integration_test.go

@@ -123,7 +123,7 @@ const (
 //
 // Required Services:
 //   - nexus_db: PostgreSQL database
-//   - nexus_server: Nexus gRPC dual-port server (port 11972 for minions, 11973 for console)
+//   - nexus: Nexus gRPC dual-port server (port 11972 for minions, 11973 for console)
 //   - minion_1: Test minion client
 //
 // Test Categories:
@@ -385,7 +385,7 @@ func setupDockerServices(t *testing.T) {
 	parseDuration := time.Since(parseStart)
 	t.Logf("TIMING: Docker status parsing took %v", parseDuration)
 
-	requiredServices := []string{"nexus_db", "nexus_server", "minion"}
+	requiredServices := []string{"nexus_db", "nexus", "minion"}
 	missingServices := []string{}
 
 	for _, service := range requiredServices {
@@ -399,7 +399,7 @@ func setupDockerServices(t *testing.T) {
 
 		// Start services
 		serviceStartStart := time.Now()
-		cmd = exec.Command("docker", "compose", "up", "-d", "nexus_server", "minion")
+		cmd = exec.Command("docker", "compose", "up", "-d", "nexus", "minion")
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
 
@@ -432,9 +432,9 @@ func parseDockerComposePS(output string) map[string]string {
 				services["nexus_db"] = "running"
 			}
 		}
-		if strings.Contains(line, "nexus_server") {
+		if strings.Contains(line, "nexus") {
 			if strings.Contains(line, "running") {
-				services["nexus_server"] = "running"
+				services["nexus"] = "running"
 			}
 		}
 		if strings.Contains(line, "minion") {
@@ -2128,7 +2128,7 @@ func waitForCommandCompletion(t *testing.T, commandID string, maxAttempts int, s
 
 // executeNexusRestart executes the nexus server restart command
 func executeNexusRestart() error {
-	restartCmd := exec.Command("docker", "compose", "restart", "nexus_server")
+	restartCmd := exec.Command("docker", "compose", "restart", "nexus")
 	restartCmd.Stdout = os.Stdout
 	restartCmd.Stderr = os.Stderr
 	return restartCmd.Run()

internal/certs/certs.go

@@ -4,6 +4,10 @@ import _ "embed"
 
 // Static certificate files embedded at build time
 // These certificates provide a consistent PKI across all builds and deployments
+//
+// Note: The files in internal/certs/files/ are placeholder test certificates
+// that prevent build errors. They are automatically replaced with proper
+// certificates by the Makefile during build/test processes.
 
 var (
 	// Certificate Authority

internal/certs/files/ca.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFQzCCAyugAwIBAgIUfDOkqVEWwK4zsOFYy1mcSyklk1IwDQYJKoZIhvcNAQEL
+BQAwMTEYMBYGA1UEAwwPTWluZXh1cy10ZXN0IENBMRUwEwYDVQQKDAxNaW5leHVz
+LXRlc3QwHhcNMjUwNjIyMTEwOTMyWhcNMzUwNjIwMTEwOTMyWjAxMRgwFgYDVQQD
+DA9NaW5leHVzLXRlc3QgQ0ExFTATBgNVBAoMDE1pbmV4dXMtdGVzdDCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMD2+RNwkj66jtxKU3HAXvyNBhoKnVWw
+lnJPTV7AqbGRok/9uDJqYsQ9zLbGvNRTMgle5yuHqV6v19iHDaU7uUXgY8vCoTIc
+DZG9n1khIAnMSRXzSacn0Wbv0B8jeEx+Dz81vHpJlw8XV9Qqu1gFTKz9Csv/cefE
+heAEfD7AS5gIYHycrAdz/s1QwJrqwHL8tGZb+rCfLcCMMj20FPjbX8djJFSNtdSu
+UFAiiAXAygiKlgcbP9+T0mO0l6Gpyv16b5G+8VGQYVUMQg/BGaklJ2HfqQ4yCw2L
+4s0EdQ0DF3YKJ1AQUi1iNl7SdbjoYdKqkgyC3PvsIiV98JOxV+OV1Utxjo1bYl5U
+8yaQ/n46T1BMtqKojnvgvLOjIaAQ/XD1jcEgBcVP9fPbi/onM76rx74f3T+6Gm+E
+PtEz4VN2WnIqFQNp+f/4Nd5g97q7SmLhMNjfCOWO6O4Jj1/BL9R3+NgIXnwV+10T
+fxsHSK5N2pFMEEE0Oo7aYlRlpSbIaEOG/DE3z9OJbuh1oX5u2zQB/39vrqwacZKA
+yZp77J00s/2kPJdfACQY13mDNzppSIdMzZwfJotEZm2NAEfE5c/Y8E3kgOBq/HnM
+Zqc9V7Y3eV1BLWxRvQyJW604cMC43yq1dRXEuR3h9kolwO89FfxW3bcrm/oON8a0
+LsabTaAyHefTAgMBAAGjUzBRMB0GA1UdDgQWBBSzKR/t3uHznVxtKUjGwjjkpz0C
+STAfBgNVHSMEGDAWgBSzKR/t3uHznVxtKUjGwjjkpz0CSTAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAfdc28NYw/Wm6O//pijFUNE5H/DUBOhOw/
+tcHyNB3xlAX5genhdUSRU9NvGm01h+KZqCRpZybFaaLMMgJJ7NLttScsuCib5v2t
+DYFSzBI4OUYZM2JPiYSM15dybKWlmUh1WVtWhG3NmgZhsilQMzmh419qeiCP93F+
+7sCPk3yqelP5gw3F4LHt57SDtXyxNvmLKpsvNiIDF2E8y+Y3WZx3ua31KCKNl2z6
+6/tpKZQEHzv6eSvWnq/BQxi/PKw83Hd6bt71wKbT9HdTDwwVWVc6bJFiKUFmuu7e
+CmePatNt6BEk94cV6BOAvUZCFueXgc6Jglxwc9Z4AVDAOEE9v809d5Kfdu46dz2I
+C+Q6Dcjdsr9BAhETfZDWZkTSBw4849H9RNSNNHfMyJqPsByvKhNgdYBqNgMq3xaJ
+wasxQQ+TEx/mzOmSX9Z4dzVUbnGE9bnvVvItVm3MgpCTkWGdWccIcDQqbP7ZQznA
+EjZ/4oXjzVsNbxgEEzJDlr+db473rRE1/yihFOEUgbAv+HU+RTkKRf+gq+OMUxjQ
+goAIPV+eL4O64jDI/jBNY81J4mJdz04O+gVpZZ/5Q5LT2Nxca5mdK3PYHx1lKJQH
+/OODakzvT4baCNJv5kOwf4j1ijrM2Okum9H1IbMRgrD5BV4Y/oo43wUXKzBJpiZi
+O9VC828vaA==
+-----END CERTIFICATE-----