From 93c0db7167168c572f0b94bf727c28bd4cf220f5 Mon Sep 17 00:00:00 2001
From: John Bargman
Date: Wed, 15 Apr 2026 05:08:26 +0000
Subject: tier-1: validate deployment, docs, and Secrix workflow

- nix flake check passes (minor warnings only)
- nix build produces valid derivation
- docs/deployment.md: complete deployment workflow
- phase plan updated with Secrix validation task---
 docs/deployment.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 docs/deployment.md

(limited to 'docs/deployment.md')

diff --git a/docs/deployment.md b/docs/deployment.md
new file mode 100644
index 0000000..3438301
--- /dev/null
+++ b/docs/deployment.md
@@ -0,0 +1,53 @@
+# Deployment Documentation for CrashOverBurn Web Server
+
+## Overview
+
+This document outlines the deployment process for the CrashOverBurn web server to the target host `crash-over-burn-1` at IP address `193.16.42.36`.
+
+## Prerequisites
+
+- Nix with flakes enabled
+- SSH access to the target host
+- Secrix keys configured
+
+## Deployment Commands
+
+### Validate
+```
+nix flake check --option builders ''
+```
+
+### Build
+```
+nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel --option builders ''
+```
+
+### Deploy via nixinate
+```
+nix run .#crash-over-burn-1
+```
+
+## Secrix Commands
+
+### Validate recipients
+```
+nix run .#secrix -- -l
+```
+
+### Encrypt a new secret
+```
+nix run .#secrix encrypt ./secrets/<path> -- --all-users -s crash-over-burn-1
+```
+
+## Post-Deployment
+
+- Verify services are running
+- Check logs: `journalctl -u uwsgi` etc.
+
+## Rollback Procedure
+
+If deployment fails, rollback to the previous system generation by running:
+```
+sudo nixos-rebuild switch --rollback
+```
+on the target host. This will revert to the last known good configuration.
\ No newline at end of file
-- 
cgit v1.2.3