From 22517f89ba4c70cd92bee8e71ea2c9c9d4258110 Mon Sep 17 00:00:00 2001 From: John Bargman Date: Wed, 15 Apr 2026 04:56:07 +0000 Subject: docs: add three-phase execution plan for modernization Phase 1: Deployment modernization - replace nixinate with pure flake Phase 2: cgit verification and repository creation (nixtaml, nixtaml-website) Phase 3: Website integration at nixtaml.tech as nginx webroot--- docs/PHASE_EXECUTION_PLAN.md | 176 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 docs/PHASE_EXECUTION_PLAN.md (limited to 'docs/PHASE_EXECUTION_PLAN.md') diff --git a/docs/PHASE_EXECUTION_PLAN.md b/docs/PHASE_EXECUTION_PLAN.md new file mode 100644 index 0000000..4774f94 --- /dev/null +++ b/docs/PHASE_EXECUTION_PLAN.md @@ -0,0 +1,176 @@ +# Phase Execution Plan + +## Overview + +This document defines the three-phase modernization plan for the CrashOverBurn web server infrastructure. + +**Current State:** +- Single Nix flake with multiple services (cgit, ejabberd, murmur, movim, mailserver, nginx) +- Nixinate-based deployment to host `193.16.42.36` +- Secrets encrypted via age/Secrix +- Minimal website (static HTML) + +**Target State:** +- Modernized Nix flake deployment +- Self-hosted Git hosting (cgit + gitolite) +- Full website deployment at nixtaml.tech +- Two documented Git repositories + +--- + +## Phase 1: Deployment Modernisation + +### Objectives + +1. **Replace nixinate with pure flake deployment** + - Remove nixinate dependency from inputs + - Add deployment helpers per common-infra-strategies.md + - Enable `nixos-rebuild --flake .#` workflow + +2. **Validate flake builds** + - `nix flake check` + - `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` + +3. **Add deployment documentation** + +### Tasks + +- [ ] Remove `nixinate` from flake.nix inputs +- [ ] Add `deploy-crash-over-burn-1` app to flake/apps +- [ ] Test `nix flake check` passes +- [ ] Test build produces valid system derivation +- [ ] Document deployment workflow in docs/deployment.md +- [ ] Create deploy script in docs/scripts/deploy.sh + +### Dependencies + +- nixpkgs (existing) +- secrix (existing) + +### Success Criteria + +- `nix flake check` passes without errors +- `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` succeeds +- Deployment via `nixos-rebuild --flake .#crash-over-burn-1 --target-host user@host` works + +--- + +## Phase 2: cgit Verification and Repository Creation + +### Objectives + +1. **Verify cgit + gitolite deployment** + - Test cgit web interface at code.crashoverburn.com + - Test git push over SSH to git@cgit.,crashoverburn.com + - Verify gitolite serves repositories + +2. **Create nixtaml repository** + - Initialize bare git repository in gitolite + - Mirror from upstream source (if applicable) + - Configure proper access controls + +3. **Create nixtaml-website repository** + - Create new repository for website content + - Configure CI/CD to deploy on push to main + +### Tasks + +#### cgit Verification + +- [ ] Verify uwsgi service runs: `systemctl status uwsgi` +- [ ] Test HTTP access to code.crashoverburn.com +- [ ] Test git clone over HTTP: `git clone http://code.crashoverburn.com/git/nixtaml.git` +- [ ] Test git clone over SSH: `git clone git@code.crashoverburn.com:nixtaml.git` +- [ ] Verify gitolite admin access works + +#### Repository: nixtaml + +- [ ] Create repository via gitolite +- [ ] Push initial content (existing flake from filesystem) +- [ ] Configure access (public read, authenticated write) +- [ ] Add remote to local working copy + +#### Repository: nixtaml-website + +- [ ] Create new empty repository in gitolite +- [ ] Set up basic website source files +- [ ] Configure nginx to serve from repository checkout +- [ ] Test deployment webhook (if applicable) + +### Dependencies + +- cgit.nix service module (Phase 1) +- nginx service (Phase 1) +- gitolite (existing in cgit.nix) + +### Success Criteria + +- cgit web interface accessible at code.crashoverburn.com +- Repository clone works via both HTTP and SSH +- nixtaml repository exists and is pushable +- nixtaml-website repository exists with content + +--- + +## Phase 3: Website Integration (nixtaml.tech) + +### Objectives + +1. **Deploy website as nginx webroot** + - Configure nginx virtual host for nixtaml.tech + - Serve static content from git checkout + - Enable HTTPS via ACME + +2. **Migrate from crashoverburn.com** + - Maintain both domains or redirect + - Update DNS records + - Configure SSL certificates + +3. **Set up automated deployment** + - Git post-receive hook to update webroot + - Or: CI/CD pipeline for static builds + +### Tasks + +- [ ] Update DNS A/AAAA records for nixtaml.tech +- [ ] Configure nginx virtual host for nixtaml.tech +- [ ] Set up ACME certificate for nixtaml.tech +- [ ] Configure webroot path (suggested: `/var/lib/nixtaml-website`) +- [ ] Create post-receive hook for automatic deployment +- [ ] Test HTTPS access +- [ ] Verify website content renders correctly +- [ ] Update CrashOverBurn main site redirect (optional) + +### Dependencies + +- nginx (Phase 1) +- acme_server.nix (existing) +- nixtaml-website repository (Phase 2) + +### Success Criteria + +- nixtaml.tech resolves and loads over HTTPS +- Website content is properly served +- Push to nixtaml-website main branch deploys automatically + +--- + +## Execution Order + +``` +Phase 1 ──────────────► Phase 2 ──────────────► Phase 3 +(Deploy Modernization)│ (Git Hosting) │ (Website) +• Remove nixinate │• Verify cgit │• DNS for nixtaml.tech +• Add deploy helpers │• Create nixtaml │• Configure nginx +• Test flake build │• Create nixtaml-site │• ACME cert +• Document deploy │ │• Deploy hook +``` + +--- + +## Notes + +- Secrets are encrypted via age (files in `secrets/`) +- Deployment target: 193.16.42.36 (SSH on port 1108) +- Deployment user: commander +- State persisted in `/persist/` (per service configs) \ No newline at end of file -- cgit v1.2.3