diff options
tier-1: validate deployment, docs, and Secrix workflow
- nix flake check passes (minor warnings only)
- nix build produces valid derivation
- docs/deployment.md: complete deployment workflow
- phase plan updated with Secrix validation task
| -rw-r--r-- | docs/PHASE_EXECUTION_PLAN.md | 3 | ||||
| -rw-r--r-- | docs/deployment.md | 53 |
2 files changed, 55 insertions, 1 deletions
diff --git a/docs/PHASE_EXECUTION_PLAN.md b/docs/PHASE_EXECUTION_PLAN.md index 7e41a56..f4c8aa6 100644 --- a/docs/PHASE_EXECUTION_PLAN.md +++ b/docs/PHASE_EXECUTION_PLAN.md @@ -43,6 +43,7 @@ This document defines the three-phase modernization plan for the CrashOverBurn w - [ ] Add validation app to flake/apps (pre-deploy check) - [ ] Document deployment workflow in docs/deployment.md - [ ] Document nixinate usage and configuration +- [ ] Validate Secrix recipients: `nix run .#secrix -- -l` ### Dependencies @@ -56,7 +57,7 @@ This document defines the three-phase modernization plan for the CrashOverBurn w - `nix flake check` passes without errors - `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` succeeds - Deployment via nixinate works -- Secrix recipients validated: `nix run .#secrix -- -l` +- Secrix recipients validated --- diff --git a/docs/deployment.md b/docs/deployment.md new file mode 100644 index 0000000..3438301 --- /dev/null +++ b/docs/deployment.md @@ -0,0 +1,53 @@ +# Deployment Documentation for CrashOverBurn Web Server + +## Overview + +This document outlines the deployment process for the CrashOverBurn web server to the target host `crash-over-burn-1` at IP address `193.16.42.36`. + +## Prerequisites + +- Nix with flakes enabled +- SSH access to the target host +- Secrix keys configured + +## Deployment Commands + +### Validate +``` +nix flake check --option builders '' +``` + +### Build +``` +nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel --option builders '' +``` + +### Deploy via nixinate +``` +nix run .#crash-over-burn-1 +``` + +## Secrix Commands + +### Validate recipients +``` +nix run .#secrix -- -l +``` + +### Encrypt a new secret +``` +nix run .#secrix encrypt ./secrets/<path> -- --all-users -s crash-over-burn-1 +``` + +## Post-Deployment + +- Verify services are running +- Check logs: `journalctl -u uwsgi` etc. + +## Rollback Procedure + +If deployment fails, rollback to the previous system generation by running: +``` +sudo nixos-rebuild switch --rollback +``` +on the target host. This will revert to the last known good configuration.
\ No newline at end of file |