summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/PHASE_EXECUTION_PLAN.md17
1 files changed, 14 insertions, 3 deletions
diff --git a/docs/PHASE_EXECUTION_PLAN.md b/docs/PHASE_EXECUTION_PLAN.md
index fcc5cef..7e41a56 100644
--- a/docs/PHASE_EXECUTION_PLAN.md
+++ b/docs/PHASE_EXECUTION_PLAN.md
@@ -27,7 +27,7 @@ This document defines the three-phase modernization plan for the CrashOverBurn w
- Add additional validation steps
- Add deployment helper apps
-2. **Validate flake builds before deployment**
+2. **Validate flake builds before deployment** (per common-infra-strategies.md §6)
- `nix flake check`
- `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel`
@@ -37,6 +37,7 @@ This document defines the three-phase modernization plan for the CrashOverBurn w
- [ ] **KEEP nixinate** - DO NOT REMOVE
- [ ] Verify nixinate configuration in flake.nix (_module.args)
+- [ ] Verify Secrix hostPubKey is configured for crash-over-burn-1
- [ ] Test `nix flake check` passes
- [ ] Test build produces valid system derivation: `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel`
- [ ] Add validation app to flake/apps (pre-deploy check)
@@ -48,12 +49,14 @@ This document defines the three-phase modernization plan for the CrashOverBurn w
- nixinate (existing - KEEP)
- nixpkgs (existing)
- secrix (existing)
+- **common-infra-strategies.md** (core guideline reference)
### Success Criteria
- `nix flake check` passes without errors
- `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` succeeds
-- Deployment via nixinate (nix run .#crash-over-burn-1) works
+- Deployment via nixinate works
+- Secrix recipients validated: `nix run .#secrix -- -l`
---
@@ -176,4 +179,12 @@ Phase 1 ──────────────► Phase 2 ──────
- Deployment target: 193.16.42.36 (SSH on port 1108)
- Deployment user: commander
- State persisted in `/persist/` (per service configs)
-- **nixinate is the correct deployment tool - never replace it** \ No newline at end of file
+- **nixinate is the correct deployment tool - never replace it**
+
+---
+
+## References
+
+- **common-infra-strategies.md** - Core guideline for deployment patterns, Secrix integration, and host constructors
+- nixinate - Deployment tool (github:DarthPJB/nixinate)
+- Secrix - Secrets management (github:platonic-systems/secrix) \ No newline at end of file