PurpleRain TechSafe Documentation

Complete guide to PurpleRain TechSafe's features, configuration, and best practices for securing small and medium businesses (SMBs) with affordable, enterprise-grade cybersecurity solutions.

Overview

PurpleRain TechSafe delivers affordable, enterprise-grade cybersecurity for SMBs using a web app built with Next.js, Tailwind CSS, and Supabase, integrated with a WireGuard-based VPN (via Headscale or Twingate). The MVP secures network access, monitors threats, and provides dashboards for clients and employees. Deploy it via a server (VPS or local) or the plug-and-play PurpleRain TechSafe Box, designed for minimal setup using free tools like Vercel, Supabase, and Cloudflare, or a low-cost VPS (e.g., Hostinger at ₹599/month).

Getting Started

Welcome to PurpleRain TechSafe! This guide helps you deploy and manage our cybersecurity solution to protect your business infrastructure and data.

System Requirements

  • Server-Based Deployment:
    • Hardware: VPS or local server with 2GB RAM, 10GB storage (e.g., i5 server).
    • OS: Debian-based Linux (e.g., Ubuntu 20.04+).
    • Network: Stable internet; Cloudflare Tunnel or public IP if behind CGNAT.
    • Software: Docker (optional), Node.js (for local dev), wget or curl.
  • PurpleRain TechSafe Box:
    • Hardware: Preconfigured Raspberry Pi 3B+ or higher (included with the box).
    • OS: Preinstalled Raspberry Pi OS with PurpleRain TechSafe software.
    • Network: Ethernet or Wi-Fi, Cloudflare Tunnel for CGNAT environments.
    • Accessories: Power adapter, Ethernet cable (optional), included with the box.
  • Accounts: PurpleRain TechSafe account, Cloudflare account (for Zero Trust/Tunnel), Supabase account (for database and alerts).

Account Setup

  1. Sign Up: Create an account at purplerain.tech to get your API key.
  2. Cloudflare Setup: Configure Cloudflare Zero Trust for secure access (see Using Cloudflare Tunnel).
  3. Supabase Setup: Create a free Supabase project for database and real-time alerts.
  4. WireGuard Setup: Choose Headscale (self-hosted) or Twingate for secure VPN access.

Installation

PurpleRain TechSafe supports two deployment methods: server-based (VPS or local server) or the plug-and-play PurpleRain TechSafe Box. Administrative privileges are required for server setups.

Server-Based Deployment

Deploy on a VPS or local server for flexible, scalable cybersecurity.

Installing on a VPS

  1. Choose a VPS provider (e.g., Hostinger at ₹599/month).
  2. SSH into your VPS and update the system:
    sudo apt update && sudo apt upgrade -y
  3. Install Docker (optional for containerized setup):
    sudo apt install docker.io -y
sudo systemctl enable --now docker
  4. Download the installer:
    wget https://install.purplerain.tech/latest
  5. Run the installer with your API key:
    sudo sh ./latest --api-key YOUR_API_KEY
  6. Verify installation:
    purplerain-agent --version

Installing on a Local Server

  1. Ensure your server (e.g., i5 server) runs a Debian-based OS.
  2. Update the system:
    sudo apt update && sudo apt upgrade -y
  3. Download the installer:
    wget https://install.purplerain.tech/latest
  4. Run the installer with your API key:
    sudo sh ./latest --api-key YOUR_API_KEY
  5. Verify installation:
    purplerain-agent --version
  6. If behind CGNAT, configure a Cloudflare Tunnel (see Using Cloudflare Tunnel).

PurpleRain TechSafe Box (Plug-and-Play)

The PurpleRain TechSafe Box is a preconfigured Raspberry Pi for instant deployment, ideal for SMBs seeking simplicity.

Setting Up the TechSafe Box

  1. Unbox and Connect:
    • Unpack the PurpleRain TechSafe Box (Raspberry Pi 3B+ or higher).
    • Connect the power adapter and an Ethernet cable (or configure Wi-Fi).
  2. Power On:
    • Plug in the box; it boots with preinstalled PurpleRain TechSafe software.
  3. Initial Setup:
    • Access the setup wizard at http://techsafe.local:3000 from a device on the same network.
    • Enter your PurpleRain TechSafe API key (from purplerain.tech).
    • Follow prompts to connect to Cloudflare and Supabase (preconfigured credentials provided).
  4. Verify Setup: Default SSH credentials: pi / purplerain2025 (change immediately).
    ssh pi@techsafe.local
purplerain-agent --version

Connecting to the Network

  1. Wi-Fi Configuration (if not using Ethernet):
    • In the setup wizard, select your Wi-Fi network and enter credentials.
  2. WireGuard Activation:
    • The box auto-configures a Headscale-based WireGuard VPN.
    • Download client configs from the dashboard (https://app.purplerain.tech).
  3. Cloudflare Tunnel (if behind CGNAT):
    • Preinstalled; activate via the setup wizard with your Cloudflare account.

Using Cloudflare Tunnel

For servers or boxes behind CGNAT (e.g., Airtel), use Cloudflare Tunnel for secure access:

  1. Install cloudflared (server only; preinstalled on TechSafe Box):
    wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
sudo mv cloudflared-linux-arm64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
  2. Authenticate with Cloudflare:
    cloudflared tunnel login
  3. Create a tunnel:
    cloudflared tunnel create purplerain-techsafe
  4. Configure the tunnel to point to your service (e.g., port 3000 for Next.js):
    # /root/.cloudflared/config.yml
tunnel: purplerain-techsafe
credentials-file: /root/.cloudflared/YOUR_TUNNEL_ID.json
ingress:
  - hostname: app.purplerain.tech
    service: http://localhost:3000
  - service: http_status:404
  5. Start the tunnel:
    cloudflared tunnel run purplerain-techsafe

Configuration

Customize PurpleRain TechSafe via the main configuration file at /etc/purplerain/config.yml (server) or via the web interface (TechSafe Box).

Config File Structure

policy:
  mode: "enforce"  # Options: enforce, monitor, disable
  ruleset: "strict"  # Options: strict, moderate, custom
  allowed_ips: ["192.168.1.0/24", "10.0.0.0/8"]

logging:
  level: "info"  # Options: debug, info, warn, error
  output: "/var/log/purplerain.log"
  max_size: 100  # Log file size in MB
  max_backups: 3

vpn:
  provider: "headscale"  # Options: headscale, twingate
  endpoint: "https://headscale.purplerain.tech"
  key: "YOUR_HEADSCALE_KEY"

supabase:
  url: "https://your-project.supabase.co"
  anon_key: "YOUR_SUPABASE_ANON_KEY"

WireGuard Integration

  1. Install Headscale (server only; preinstalled on TechSafe Box):
    wget https://github.com/juanfont/headscale/releases/latest/download/headscale
sudo mv headscale /usr/local/bin/
sudo headscale server --config /etc/headscale/config.yaml
  2. Register a device:
    headscale nodes register --user YOUR_USER --key YOUR_MACHINE_KEY
  3. Configure clients to connect to app.purplerain.tech:51820.

Supabase Integration

  1. Set up a Supabase table for alerts:
    CREATE TABLE alerts (
  id UUID PRIMARY KEY,
  device_id VARCHAR(50),
  type VARCHAR(20),
  message TEXT,
  created_at TIMESTAMP DEFAULT NOW()
);
  2. Enable real-time subscriptions in Supabase for dashboard updates.
  3. Integrate with your Next.js app using the Supabase JavaScript client:
    import { createClient } from '@supabase/supabase-js';
const supabase = createClient('https://your-project.supabase.co', 'YOUR_SUPABASE_ANON_KEY');

API Reference

The REST API enables programmatic access to PurpleRain TechSafe. All endpoints require authentication.

Base URL: https://api.purplerain.tech/v1

Authentication

Use your API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Endpoints

Devices

  • GET /devices
    • Description: List all registered devices.
    • Response:
      [
  {
    "id": "device_123",
    "name": "TechSafeBox-01",
    "ip": "192.168.1.100",
    "last_seen": "2025-06-15T18:00:00Z"
  }
]
  • POST /devices/register
    • Description: Register a new device.
    • Body:
      {
  "name": "TechSafeBox-02",
  "key": "YOUR_WIREGUARD_KEY"
}
    • Response: 201 Created

Alerts

  • GET /alerts
    • Description: Retrieve recent alerts.
    • Query Params: limit (default: 50), device_id (optional).
    • Response:
      [
  {
    "id": "alert_456",
    "device_id": "device_123",
    "type": "intrusion",
    "message": "Unauthorized access attempt",
    "created_at": "2025-06-15T18:00:00Z"
  }
]

Users

  • GET /users
    • Description: List authorized users.
    • Response:
      [
  {
    "id": "user_789",
    "email": "employee@purplerain.tech",
    "role": "admin"
  }
]
  • POST /users
    • Description: Add a new user.
    • Body:
      {
  "email": "new@purplerain.tech",
  "role": "employee"
}
    • Response: 201 Created

Troubleshooting

Resolve common issues with these steps.

Common Issues

  • Connection Errors: Ensure your Cloudflare Tunnel or public IP is active. For TechSafe Box, verify Wi-Fi/Ethernet connectivity.
  • API Key Issues: Confirm your API key in /etc/purplerain/config.yml (server) or the web interface (TechSafe Box).
  • WireGuard Failure: Check Headscale logs (/var/log/headscale.log) and ensure client keys are registered.

Diagnostic Tools

Run the diagnostic tool:

sudo purplerain-agent --diagnose

Output is saved to /var/log/purplerain-diagnostic.log (server) or accessible via the TechSafe Box dashboard.

Support

Best Practices

Maximize security and performance with these recommendations.

Network Security

  • Use strong, unique API keys and rotate them every 90 days.
  • Restrict allowed_ips in config.yml to your internal network.
  • Enable two-factor authentication on your Cloudflare and Supabase accounts.

User Management

  • Assign minimal permissions (e.g., "employee" role) to new users.
  • Regularly audit user access via the /users API endpoint.
  • Use Cloudflare Zero Trust to enforce device-based access controls.

Use Cases

Small Retail Business

  • Scenario: A retail store with 10 employees needs secure access to a point-of-sale system.
  • Solution: Deploy the TechSafe Box for plug-and-play setup, connect devices via WireGuard, and monitor threats via the Supabase dashboard.

Remote Workforce

  • Scenario: A 20-person team works remotely and needs secure access to internal tools.
  • Solution: Use a VPS-based deployment with a Cloudflare Tunnel, configure Headscale for VPN access, and display real-time alerts on the employee dashboard.

FAQs

Q: What's the difference between server and TechSafe Box deployments?

A: Server deployments (VPS/local) offer flexibility and scalability but require manual setup. The TechSafe Box is plug-and-play, ideal for SMBs with minimal technical expertise.

Q: Can I use the TechSafe Box without a public IP?

A: Yes, the box includes a preconfigured Cloudflare Tunnel to bypass CGNAT. See Using Cloudflare Tunnel.

Q: What's the cost of running the MVP?

A: Server deployments can be free (Vercel, Supabase, Cloudflare) or ~₹599/month (VPS). The TechSafe Box is a one-time purchase with free cloud services.

Q: How do I scale for more users?

A: For servers, upgrade VPS resources or configure load balancing in Supabase. For TechSafe Boxes, deploy additional units and manage via the central dashboard.

Community and Support

Join our community at community.purplerain.tech to share feedback and get help. For direct support, email support@purplerain.tech or check our blog at purplerain.tech/blog for updates.