blob: 4e25ed9c689e3919870e4044c915c16bd7f33e4e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# AGENTS.md - CrashOverBurn Web Server
## Core Commands
```bash
# Validate flake (ALWAYS use --option builders '')
nix flake check --option builders ''
# Build system derivation
nix build .#nixosConfigurations.crash-over-burn-1.config.system.build.toplevel --option builders ''
# Deploy (nixinate - the CORRECT deployment tool, never replace it)
nix run .#crash-over-burn-1
# Run remote command on crash-over-burn-1 (193.16.42.36:1108)
nix run .#remote-command -- "<command>"
# Validate Secrix recipients
nix run .#secrix -- -l
```
## Key Facts
- **Deployment target**: 193.16.42.36, port 1108, user: commander
- **Services**: cgit, ejabberd (XMPP), murmur (Mumble), movim (social), mailserver, nginx
- **Secrets**: Encrypted via age/Secrix in `secrets/`
- **State persisted**: `/persist/` directories
## Gotchas
1. **Nixinate is NOT legacy**. It is the bleeding edge of correct deployment tools. Never suggest replacing it with `nixos-rebuild`.
2. **Always use `--option builders ''`** with nix commands per fleet directives.
3. **Secrix encryption requires both user AND host key** - validate with `nix run .#secrix -- -l` before deploying.
4. **Deprecated options**:
- `services.xserver.layout` → `services.xserver.xkb.layout`
- `devShell` → `devShells.x86_64-linux.default`
5. **Verify cgit** via: `nix run .#remote-command -- "systemctl status uwsgi"`
## Reference
- Core guideline: `/speed-storage/opencode/llm/shared/common-infra-strategies.md`
- Deployment docs: `docs/deployment.md`
- Phase plan: `docs/PHASE_EXECUTION_PLAN.md`
|
