proxmox/docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md

# Sankofa Studio (FusionAI Creator) — Proxmox Deployment

**Last Updated:** 2026-02-28  
**Status:** Active  
**White-label URL:** [https://studio.sankofa.nexus](https://studio.sankofa.nexus)

---

## Overview

**Sankofa Studio** is the white-label SaaS offering of **FusionAI Creator** (multi-modal AI creative production: audio, image, video, UE5 export). It is deployed as a single Proxmox LXC (VMID **7805**) running the full stack via Docker Compose: API (port 8000), worker, Redis, and optional backend services (audio, image, video, UE5 export). The Studio UI is served at `/studio/` and the Phoenix Marketplace landing at `/marketplace/landing.html` on the same API origin.

| Item | Value |
|------|--------|
| **VMID** | 7805 (Sankofa/Phoenix range 7800–8999) |
| **Hostname** | sankofa-studio |
| **IP** | 192.168.11.72 (`IP_SANKOFA_STUDIO` in `config/ip-addresses.conf`; .55 is VMID 10230 order-vault) |
| **Node** | Default: r630-01 (override with `NODE`) |
| **Public URL** | https://studio.sankofa.nexus |

---

## Architecture

- **Single LXC** runs Docker and the FusionAI Creator stack (orchestrator API, worker, Redis, audio/image/video/ue5_export services).
- **API** listens on `0.0.0.0:8000`; NPMplus proxies `studio.sankofa.nexus` → `http://192.168.11.72:8000`.
- **Studio UI** at `https://studio.sankofa.nexus/studio/`; **Marketplace landing** at `https://studio.sankofa.nexus/marketplace/landing.html`.

For scaled-out deployment (separate VMs per service), see FusionAI Creator [service-topology](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/specs/service-topology.md) and optional runbook updates.

---

## Prerequisites

- Proxmox host with LXC support; Ubuntu 22.04 template: `local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst`.
- Git and network access from the container for clone (or copy repo into container via `REPO_PATH` on the Proxmox host).
- NPMplus (VMID 10233) and Cloudflare DNS/tunnel as per [E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md).

---

## Deploy (create LXC + Docker + app)

The script uses `pct` (Proxmox Container Toolkit), which exists only on Proxmox nodes. Either run it **on** a Proxmox host or set **PROXMOX_HOST** so the script SSHs there to run `pct`.

From the **proxmox** repo root:

```bash
source config/ip-addresses.conf 2>/dev/null || true

# From another machine: SSH to Proxmox to run pct (use your Proxmox node IP, e.g. 192.168.11.11 or 192.168.11.12)
PROXMOX_HOST=192.168.11.11 REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git ./scripts/deployment/deploy-sankofa-studio-lxc.sh

# Or from the Proxmox host itself (e.g. after cloning the repo or copying the script):
REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git ./scripts/deployment/deploy-sankofa-studio-lxc.sh

# With production .env (secrets, API keys, backends)
REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git \
  ENV_FILE=/path/to/fusionai-production.env \
  ./scripts/deployment/deploy-sankofa-studio-lxc.sh

# From another host via SSH to Proxmox
PROXMOX_HOST=192.168.11.11 REPO_URL=https://gitea.d-bis.org/d-bis/FusionAI-Creator.git \
  ./scripts/deployment/deploy-sankofa-studio-lxc.sh
```

- **--dry-run:** Print what would be done; no create or install.
- **--skip-create:** Assume container 7805 already exists; only install Docker (if missing), clone/copy app, and run `docker compose up -d`.

### Env overrides

| Variable | Default | Description |
|----------|---------|-------------|
| VMID | 7805 | Container ID |
| HOSTNAME | sankofa-studio | Container hostname |
| IP_SANKOFA_STUDIO | 192.168.11.72 | Static IP (avoid .55: used by VMID 10230 order-vault) |
| PROXMOX_HOST | (none) | SSH here to run `pct` |
| NODE | (none) | Proxmox node for `pct --node` |
| REPO_URL | (none) | Git URL to clone (preferred for remote deploy) |
| REPO_PATH | (none) | Local path to copy into container (must be on Proxmox host when PROXMOX_HOST is set) |
| ENV_FILE | (none) | Path to `.env` for FusionAI (API key, Redis, service URLs, TTS/image backends) |
| MEMORY_MB | 8192 | RAM |
| CORES | 4 | CPU cores |
| DISK_GB | 60 | Root disk |
| APP_DIR | /srv/fusionai-creator | Path inside container for the app |

---

## NPMplus proxy (studio.sankofa.nexus)

1. In NPMplus (https://192.168.11.167 or your NPMplus URL), add **Proxy Host**:
   - **Domain:** `studio.sankofa.nexus`
   - **Scheme:** HTTP  
   - **Forward hostname / IP:** `192.168.11.72`  
   - **Forward port:** `8000`
2. Request **SSL certificate** (Let's Encrypt or Cloudflare Origin) and enable **Force SSL**.

---

## Cloudflare DNS and tunnel (E2E)

1. **DNS:** In Cloudflare (zone `sankofa.nexus`), add **CNAME** `studio` → `<your-tunnel>.cfargotunnel.com` (Proxied), or **A** `studio` → `76.53.10.36` if using direct port forward.
2. **Tunnel (if used):** In Cloudflare Zero Trust → Networks → Tunnels, add **Public Hostname:** `studio.sankofa.nexus` → **URL** `https://192.168.11.167:443` (or your NPMplus origin; No TLS Verify if backend is HTTP).
3. **E2E check:** Run [verify-end-to-end-routing.sh](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md) and ensure `studio.sankofa.nexus` passes DNS, SSL, and HTTPS (e.g. 200 on `/health` or `/studio/`).

---

## Production .env

Use the template [sankofa-studio.env.example](sankofa-studio.env.example) in this directory. Set in `.env` (or `ENV_FILE` when deploying):

- `FUSIONAI_ARTIFACT_ROOT` — persistent path for artifacts (e.g. `/data/artifacts`; mount volume in compose).
- `FUSIONAI_REDIS_URL` — `redis://redis:6379/0` (compose service name).
- `FUSIONAI_API_URL` — `http://api:8000` or public URL for webhooks.
- Service URLs (inside compose): `FUSIONAI_AUDIO_SERVICE_URL=http://audio:8001`, etc.
- Optional: `FUSIONAI_API_KEY`, `FUSIONAI_TTS_BACKEND`, `FUSIONAI_IMAGE_BACKEND`, and keys (ElevenLabs, OpenAI, Replicate) per [FusionAI Creator .env.example](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/.env.example).

---

## Updating the app

```bash
# From Proxmox host
pct exec 7805 -- bash -c 'cd /srv/fusionai-creator && git pull && docker compose up -d --build'
```

Or SSH into the container and run the same.

---

## Health and verification

- **Health:** `curl -s http://192.168.11.72:8000/health`
- **Studio UI:** https://studio.sankofa.nexus/studio/
- **Marketplace landing:** https://studio.sankofa.nexus/marketplace/landing.html

---

## VMID / IP reference

See [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) for 7805 and the Sankofa Phoenix table. See [RPC_ENDPOINTS_MASTER.md](../04-configuration/RPC_ENDPOINTS_MASTER.md) for edge/NPMplus context.

---

## E2E flow

For the full sequence (deploy → NPMplus → Cloudflare → verify), see **[SANKOFA_STUDIO_E2E_FLOW.md](SANKOFA_STUDIO_E2E_FLOW.md)**. Run:

```bash
./scripts/deployment/run-sankofa-studio-e2e.sh
```

With `REPO_URL` set, the script deploys then prints NPMplus and Cloudflare steps.

---

## Related

- FusionAI Creator: [README](https://gitea.d-bis.org/d-bis/FusionAI-Creator), [RUNBOOK](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/RUNBOOK.md), [Sankofa Studio doc](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/sankofa-studio.md), [service-topology](https://gitea.d-bis.org/d-bis/FusionAI-Creator/src/branch/main/docs/specs/service-topology.md).
- Proxmox: [VMID_ALLOCATION_FINAL.md](../02-architecture/VMID_ALLOCATION_FINAL.md) (7800–8999 Sankofa/Phoenix), [DAPP_LXC_DEPLOYMENT.md](DAPP_LXC_DEPLOYMENT.md) (pattern for LXC deploy).