From 93c0db7167168c572f0b94bf727c28bd4cf220f5 Mon Sep 17 00:00:00 2001 From: John Bargman Date: Wed, 15 Apr 2026 05:08:26 +0000 Subject: tier-1: validate deployment, docs, and Secrix workflow - nix flake check passes (minor warnings only) - nix build produces valid derivation - docs/deployment.md: complete deployment workflow - phase plan updated with Secrix validation task--- docs/PHASE_EXECUTION_PLAN.md | 3 ++- docs/deployment.md | 53 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 docs/deployment.md (limited to 'docs') diff --git a/docs/PHASE_EXECUTION_PLAN.md b/docs/PHASE_EXECUTION_PLAN.md index 7e41a56..f4c8aa6 100644 --- a/docs/PHASE_EXECUTION_PLAN.md +++ b/docs/PHASE_EXECUTION_PLAN.md @@ -43,6 +43,7 @@ This document defines the three-phase modernization plan for the CrashOverBurn w - [ ] Add validation app to flake/apps (pre-deploy check) - [ ] Document deployment workflow in docs/deployment.md - [ ] Document nixinate usage and configuration +- [ ] Validate Secrix recipients: `nix run .#secrix -- -l` ### Dependencies @@ -56,7 +57,7 @@ This document defines the three-phase modernization plan for the CrashOverBurn w - `nix flake check` passes without errors - `nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel` succeeds - Deployment via nixinate works -- Secrix recipients validated: `nix run .#secrix -- -l` +- Secrix recipients validated --- diff --git a/docs/deployment.md b/docs/deployment.md new file mode 100644 index 0000000..3438301 --- /dev/null +++ b/docs/deployment.md @@ -0,0 +1,53 @@ +# Deployment Documentation for CrashOverBurn Web Server + +## Overview + +This document outlines the deployment process for the CrashOverBurn web server to the target host `crash-over-burn-1` at IP address `193.16.42.36`. + +## Prerequisites + +- Nix with flakes enabled +- SSH access to the target host +- Secrix keys configured + +## Deployment Commands + +### Validate +``` +nix flake check --option builders '' +``` + +### Build +``` +nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel --option builders '' +``` + +### Deploy via nixinate +``` +nix run .#crash-over-burn-1 +``` + +## Secrix Commands + +### Validate recipients +``` +nix run .#secrix -- -l +``` + +### Encrypt a new secret +``` +nix run .#secrix encrypt ./secrets/ -- --all-users -s crash-over-burn-1 +``` + +## Post-Deployment + +- Verify services are running +- Check logs: `journalctl -u uwsgi` etc. + +## Rollback Procedure + +If deployment fails, rollback to the previous system generation by running: +``` +sudo nixos-rebuild switch --rollback +``` +on the target host. This will revert to the last known good configuration. \ No newline at end of file -- cgit v1.2.3