PaaS Stack Overview

This skill provides an overview of the self-hosted PaaS stack and common operations.

Services

GITEA_TOKEN

GITEA_URL

COOLIFY_TOKEN

COOLIFY_URL

N8N_TOKEN

N8N_URL

LOBE_URL

OPENCLAW_GATEWAY_TOKEN

Quick Health Check

echo "=== Service Health ==="
echo "Gitea: $(curl -sf $GITEA_URL/api/healthz && echo OK || echo FAIL)"
echo "Coolify: $(curl -sf $COOLIFY_URL/api/health && echo OK || echo FAIL)"
echo "n8n: $(curl -sf $N8N_URL/healthz && echo OK || echo FAIL)"
echo "LobeChat: $(curl -sf $LOBE_URL/api/health && echo OK || echo FAIL)"

Available Skills

gitea

coolify

n8n

ci-cd

lobechat

Common Operations

Create and Deploy a New App

# 1. Create repository in Gitea
curl -X POST "$GITEA_URL/api/v1/user/repos" \
  -H "Authorization: token $GITEA_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "my-app", "auto_init": true}'

# 2. Connect to Coolify (creates deploy key + webhook)
bash /srv/paas/scripts/setup-ci-cd.sh my-app myapp 3000

# 3. Push code → auto deploys via webhook

CI/CD Architecture

Push to Gitea
    ↓
Webhook → https://coolify.domain/webhooks/source/gitea/events/manual?app={uuid}
    ↓
Coolify clones via SSH (git@gitea:user/repo.git)
    ↓
Build container → Deploy to coolify network
    ↓
Traefik routes by domain → Container

Key requirements:

• Gitea must be on

  coolify

  network (for SSH clone access)
• Coolify proxy must be on

  paas-network

  (for cloudflared access)
• Deploy key in both Coolify and Gitea
• Webhook secret matching

  manual_webhook_secret_gitea

Check Deployment Status

curl -s "$COOLIFY_URL/api/v1/deployments" \
  -H "Authorization: Bearer $COOLIFY_TOKEN" | jq '.[0:3] | .[] | {status, created_at}'

Trigger Manual Deployment

curl -X POST "$COOLIFY_URL/api/v1/applications/APP_UUID/restart" \
  -H "Authorization: Bearer $COOLIFY_TOKEN"

Create Automation Workflow

# List n8n workflows
curl -s "$N8N_URL/api/v1/workflows" \
  -H "X-N8N-API-KEY: $N8N_TOKEN" | jq '.data[] | {id, name, active}'

Scripts

bash /srv/paas/scripts/setup-ci-cd.sh

bash /srv/paas/scripts/refresh-tokens.sh

bash /srv/paas/scripts/bootstrap.sh

Note: Use

bash

Token Refresh

If API calls fail with authentication errors:

# Refresh all tokens
bash /srv/paas/scripts/refresh-tokens.sh --all

# Refresh specific service
bash /srv/paas/scripts/refresh-tokens.sh --gitea
bash /srv/paas/scripts/refresh-tokens.sh --coolify

Network Architecture

The stack uses two bridged networks for full inter-service communication:

paas-network

coolify

All core services are connected to BOTH networks, allowing:

• Stack services to communicate with each other
• Stack services to communicate with deployed applications
• n8n workflows to call deployed app APIs
• OpenClaw agent to interact with deployed services

Network Troubleshooting

# Check which networks a service is on
docker inspect gitea --format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}} {{end}}'

# Connect all core services to coolify network (if missing)
docker network connect coolify gitea
docker network connect coolify n8n
docker network connect coolify openclaw-cli
docker network connect coolify lobe-chat
docker network connect paas-network coolify-proxy

# Verify all connections
for svc in gitea n8n openclaw-cli lobe-chat; do
    echo "$svc: $(docker inspect $svc --format '{{range $k, $v := .NetworkSettings.Networks}}{{$k}} {{end}}')"
done

Service-Specific Skills

For detailed operations, use the dedicated skills:

• Gitea operations: Read

  /srv/paas/skills/gitea/SKILL.md

• Coolify operations: Read

  /srv/paas/skills/coolify/SKILL.md

• n8n operations: Read

  /srv/paas/skills/n8n/SKILL.md

• CI/CD setup: Read

  /srv/paas/skills/ci-cd/SKILL.md

Environment Variables

All service URLs and tokens are available as environment variables:

# Check available env vars
env | grep -E "_URL|_TOKEN" | grep -v "="