diff options
| -rw-r--r-- | AGENTS.md | 31 | ||||
| -rw-r--r-- | docs/PHASE_EXECUTION_PLAN.md | 68 |
2 files changed, 77 insertions, 22 deletions
@@ -25,6 +25,25 @@ nix run .#secrix -- -l - **Services**: cgit, ejabberd (XMPP), murmur (Mumble), movim (social), mailserver, nginx - **Secrets**: Encrypted via age/Secrix in `secrets/` - **State persisted**: `/persist/` directories +- **Git hosting**: code.crashoverburn.com (cgit + gitolite) + +## Git Repositories + +| Repository | Visibility | Description | +|------------|------------|-------------| +| testing | Public | Gitolite test repo | +| nixtaml | Public | Main Nix flake (mirrored from GitHub) | +| nixtaml-website | Public | Website content repo | +| crash-web | Private | SSH auth only | +| gitolite-admin | Private | Gitolite admin config | + +**Gitolite admin folder**: `/speed-storage/repo/crash-git/gitolite-admin/` (sibling to this repo) + +## cgit Visibility Control + +Public/private visibility uses `strict-export=git-daemon-export-ok`: +- **Public repos**: Have `git-daemon-export-ok` file (created declaratively via Nix) +- **Private repos**: No marker file = hidden from web, SSH access only ## Gotchas @@ -38,7 +57,17 @@ nix run .#secrix -- -l - `services.xserver.layout` → `services.xserver.xkb.layout` - `devShell` → `devShells.x86_64-linux.default` -5. **Verify cgit** via: `nix run .#remote-command -- "systemctl status uwsgi"` +5. **NEVER make imperative changes to remote** - all config must go through Nix or gitolite-admin. + +6. **Verify cgit** via: `nix run .#remote-command -- "systemctl status uwsgi"` + +7. **cgit accessible at root**: https://code.crashoverburn.com/ (not /git/) + +## Phase Status + +- **Phase 1**: ✅ Complete (deployment modernization, deprecated fixes) +- **Phase 2**: In Progress (cgit configured, nixtaml pushed, need nixtaml-website content) +- **Phase 3**: Pending (nixtaml.tech website integration) ## Reference diff --git a/docs/PHASE_EXECUTION_PLAN.md b/docs/PHASE_EXECUTION_PLAN.md index f4c8aa6..691c029 100644 --- a/docs/PHASE_EXECUTION_PLAN.md +++ b/docs/PHASE_EXECUTION_PLAN.md @@ -35,15 +35,16 @@ This document defines the three-phase modernization plan for the CrashOverBurn w ### Tasks -- [ ] **KEEP nixinate** - DO NOT REMOVE -- [ ] Verify nixinate configuration in flake.nix (_module.args) -- [ ] Verify Secrix hostPubKey is configured for crash-over-burn-1 -- [ ] Test `nix flake check` passes -- [ ] Test build produces valid system derivation: `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` -- [ ] Add validation app to flake/apps (pre-deploy check) -- [ ] Document deployment workflow in docs/deployment.md -- [ ] Document nixinate usage and configuration -- [ ] Validate Secrix recipients: `nix run .#secrix -- -l` +- [x] **KEEP nixinate** - DO NOT REMOVE +- [x] Verify nixinate configuration in flake.nix (_module.args) +- [x] Verify Secrix hostPubKey is configured for crash-over-burn-1 +- [x] Test `nix flake check` passes +- [x] Test build produces valid system derivation: `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` +- [x] Add remote-command app to flake/apps +- [x] Document deployment workflow in docs/deployment.md +- [x] Validate Secrix recipients: `nix run .#secrix -- -l` +- [x] Fix deprecated: services.xserver.layout → services.xserver.xkb.layout +- [x] Fix deprecated: devShell → devShells.x86_64-linux.default ### Dependencies @@ -83,25 +84,25 @@ This document defines the three-phase modernization plan for the CrashOverBurn w #### cgit Verification -- [ ] Verify uwsgi service runs: `systemctl status uwsgi` -- [ ] Test HTTP access to code.crashoverburn.com -- [ ] Test git clone over HTTP: `git clone http://code.crashoverburn.com/git/nixtaml.git` +- [x] Verify uwsgi service runs: `systemctl status uwsgi` +- [x] Test HTTP access to code.crashoverburn.com (200 OK) +- [x] Verify gitolite serves repositories +- [ ] Test git clone over HTTP: `git clone http://code.crashoverburn.com/nixtaml.git` - [ ] Test git clone over SSH: `git clone git@code.crashoverburn.com:nixtaml.git` -- [ ] Verify gitolite admin access works +- [x] Configure public/private visibility via Nix (strict-export) #### Repository: nixtaml -- [ ] Create repository via gitolite -- [ ] Push initial content (existing flake from filesystem) -- [ ] Configure access (public read, authenticated write) -- [ ] Add remote to local working copy +- [x] Create repository via gitolite (via gitolite-admin push) +- [x] Push initial content from /speed-storage/LLM-COMPLETE/nixtaml-prime +- [x] Configure as public repository +- [x] Add gitolite remote to local working copy #### Repository: nixtaml-website -- [ ] Create new empty repository in gitolite -- [ ] Set up basic website source files +- [x] Create empty repository via gitolite +- [ ] Add initial website content - [ ] Configure nginx to serve from repository checkout -- [ ] Test deployment webhook (if applicable) ### Dependencies @@ -188,4 +189,29 @@ Phase 1 ──────────────► Phase 2 ────── - **common-infra-strategies.md** - Core guideline for deployment patterns, Secrix integration, and host constructors - nixinate - Deployment tool (github:DarthPJB/nixinate) -- Secrix - Secrets management (github:platonic-systems/secrix)
\ No newline at end of file +- Secrix - Secrets management (github:platonic-systems/secrix) + +--- + +## Session Notes (2026-04-15) + +### Completed Today +- Phase 1 fully complete (validation, deprecated fixes, documentation) +- Added `remote-command` app for SSH execution on remote +- Created gitolite-admin repos: nixtaml, nixtaml-website +- Pushed nixtaml from /speed-storage/LLM-COMPLETE/nixtaml-prime +- Configured cgit public/private visibility via Nix (strict-export) +- Updated AGENTS.md with comprehensive documentation + +### Pending Next Session +1. **Deploy cgit changes**: `nix run .#crash-over-burn-1` +2. **Verify cgit shows all public repos** after deployment +3. **Test git clone** over HTTP and SSH +4. **Add content to nixtaml-website** repository +5. **Begin Phase 3**: nixtaml.tech website integration + +### Key Learnings +- cgit visibility controlled by `git-daemon-export-ok` marker files +- Use `strict-export=git-daemon-export-ok` in cgitrc +- NEVER make imperative changes - always use Nix or gitolite-admin +- cgit accessible at root: https://code.crashoverburn.com/ (not /git/)
\ No newline at end of file |