46 lines
1.1 KiB
Markdown
46 lines
1.1 KiB
Markdown
# Sovereign Deploy: `ecp-forge`
|
|
|
|
This repository owns deployment of `git.every.channel` (Hetzner 300TB host).
|
|
|
|
## Requirements
|
|
|
|
- SSH access to `root@git.every.channel`.
|
|
- Local key that matches host `authorized_keys` (default: `~/.ssh/id_ed25519`).
|
|
- `nix` with flakes enabled.
|
|
|
|
## Deploy
|
|
|
|
```sh
|
|
./scripts/deploy-ecp-forge.sh
|
|
```
|
|
|
|
For the OP Stack operator path and observation-rail validation, see:
|
|
|
|
```sh
|
|
cat docs/OP_STACK_ECP_FORGE.md
|
|
```
|
|
|
|
Equivalent:
|
|
|
|
```sh
|
|
NIX_SSHOPTS="-o BatchMode=yes -o IdentityAgent=none -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519" \
|
|
nix run nixpkgs#nixos-rebuild -- \
|
|
--flake .#ecp-forge \
|
|
--target-host root@git.every.channel \
|
|
--build-host root@git.every.channel \
|
|
--use-remote-sudo \
|
|
switch
|
|
```
|
|
|
|
## Overrides
|
|
|
|
- `EVERY_CHANNEL_FORGE_TARGET_HOST` (default `root@git.every.channel`)
|
|
- `EVERY_CHANNEL_FORGE_BUILD_HOST` (default same as target)
|
|
- `EVERY_CHANNEL_FORGE_SSH_IDENTITY` (default `~/.ssh/id_ed25519`)
|
|
|
|
## Verify
|
|
|
|
```sh
|
|
ssh -o BatchMode=yes -o IdentityAgent=none -i ~/.ssh/id_ed25519 root@git.every.channel \
|
|
'hostnamectl --static; systemctl is-active forgejo caddy every-channel-netboot-stage every-channel-netboot'
|
|
```
|