Skip to content

docs: align deploy/auth runbooks with the wocod-CI + personal-user model (supersedes #77/#78)#82

Merged
grubermeister merged 2 commits into
stagingfrom
reese/deploy-docs-trueup
Jul 3, 2026
Merged

docs: align deploy/auth runbooks with the wocod-CI + personal-user model (supersedes #77/#78)#82
grubermeister merged 2 commits into
stagingfrom
reese/deploy-docs-trueup

Conversation

@reese8272

Copy link
Copy Markdown

Consolidates what remains of PRs #77 and #78, both of which are now superseded and closed:

What was still genuinely broken from their era is the docs: STAGING_WOCO_DEV.md instructed operators to push data as root@woco.dev and AUTH_SYNC.md to scp as root@ — both impossible now that root login is disabled, and contrary to the deploy model. This PR:

  • STAGING_WOCO_DEV.md: data-push example now uses <your-user>@woco.dev with a note that files still land owned by wocod; the provisioning section's root SSH is explicitly marked initial-setup-only with a pointer to the sshd-hardening steps in DEPLOY.md.
  • AUTH_SYNC.md: scp target updated to <your-user>@ with the same root-disabled note.

No code changes.

🤖 Generated with Claude Code

Successor to PRs #77 and #78, whose payloads are now superseded:
- #77 (default push_data.sh host to reese@) — superseded by #79, which
  removes the username default entirely per Michael's instruction.
- #78 (CI deploy as reese + WOCO_DEV_SSH_KEY) — superseded by staging's
  own rework: CI now SSHes directly as wocod with dedicated
  STAGING/PROD_DEPLOY_SSH_KEY keys and scoped sudo -n, which is stronger.

What remained true from their intent is that the docs still described the
old root-deploy world: STAGING_WOCO_DEV.md told operators to push data as
root@woco.dev and AUTH_SYNC.md to scp as root@ — both impossible now that
root login is disabled, and contrary to the deploy model. Updated to
<your-user>@ with notes that files still land owned by wocod, and marked
the provisioning section's root SSH as initial-setup-only.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Code review overview

  • Syntax Errors - Score - 10/10
  • Code Smells - Score - 9/10
  • Bugs - Score - 8/10
  • Security Vulnerabilities - Score - 9/10

Syntax Errors

No issues found.


Code Smells

File: docs/devel/STAGING_WOCO_DEV.md
Location: Lines 40–43 (revised provisioning note)
Why it matters: The sentence structure is slightly awkward ("Root SSH is for this initial provisioning ONLY — afterwards set…"). While documentation style is subjective, inconsistent phrasing compared to the rest of the doc can reduce clarity for new contributors.
Suggested fix: Rewrite as two shorter sentences: "Root SSH is used for this initial provisioning step only. Once the server is running, disable root login by setting PermitRootLogin no and switch to a sudo-group user (see DEPLOY.md §sshd hardening)."


Bugs

File: docs/devel/STAGING_WOCO_DEV.md
Location: Lines 40–43 (provisioning block)
Why it matters: The diff still shows ssh root@<IP> in the code block immediately below the updated prose warning against root login post-provisioning. While the intent is clear in context (root is acceptable only here), a future reader could miss the nuance and assume root SSH remains acceptable throughout the workflow. The code example and the warning are not tightly coupled.
Suggested fix: Add an inline comment in the shell snippet, e.g., # root only during first-time provisioning — disable afterwards, to make the constraint explicit at the point of use.

File: docs/devel/AUTH_SYNC.md
Location: scp command block
Why it matters: The IP address 172.238.189.147 is hardcoded. This is a staging server IP and may change; the old line already had it hardcoded, but the new line retains it. Future readers following this doc against a different server will silently use the wrong host.
Suggested fix: Replace the raw IP with a named placeholder (e.g., <woco.dev-IP> or document using the hostname woco.dev directly) and add a comment referencing where the current IP can be found (e.g., linode-cli linodes list).


Security Vulnerabilities

File: docs/devel/AUTH_SYNC.md and docs/devel/STAGING_WOCO_DEV.md
Location: Throughout both files
Why it matters: Both files still contain the literal IP address 172.238.189.147 in a public (or semi-public) repository. Even for a staging server, publishing a fixed IP in version-controlled documentation makes the server easier to target and complicates rotation if the IP changes.
Suggested fix: Replace the hardcoded IP with a DNS hostname (woco.dev) or a placeholder and document the IP lookup procedure separately (the linode-cli command already exists in the staging doc — lean on that instead).

@grubermeister grubermeister merged commit 0998d6a into staging Jul 3, 2026
1 check passed
@grubermeister

Copy link
Copy Markdown
Collaborator

Tyvm! This ties the docs back to the appropriate deployment model of using root only for initial provisioning, personal user accounts for manual operator access, and wocod as the deploy/runtime account where it matters.

This & the previous two PRs are the Right Thing by superseding the older root/personal-user fixes instead of carrying those assumptions forward. gg

@reese8272 reese8272 deleted the reese/deploy-docs-trueup branch July 6, 2026 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants