docs: align deploy/auth runbooks with the wocod-CI + personal-user model (supersedes #77/#78)#82
Conversation
Successor to PRs #77 and #78, whose payloads are now superseded: - #77 (default push_data.sh host to reese@) — superseded by #79, which removes the username default entirely per Michael's instruction. - #78 (CI deploy as reese + WOCO_DEV_SSH_KEY) — superseded by staging's own rework: CI now SSHes directly as wocod with dedicated STAGING/PROD_DEPLOY_SSH_KEY keys and scoped sudo -n, which is stronger. What remained true from their intent is that the docs still described the old root-deploy world: STAGING_WOCO_DEV.md told operators to push data as root@woco.dev and AUTH_SYNC.md to scp as root@ — both impossible now that root login is disabled, and contrary to the deploy model. Updated to <your-user>@ with notes that files still land owned by wocod, and marked the provisioning section's root SSH as initial-setup-only. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Code review overview
Syntax ErrorsNo issues found. Code SmellsFile: BugsFile: File: Security VulnerabilitiesFile: |
|
Tyvm! This ties the docs back to the appropriate deployment model of using root only for initial provisioning, personal user accounts for manual operator access, and This & the previous two PRs are the Right Thing by superseding the older root/personal-user fixes instead of carrying those assumptions forward. gg |
Consolidates what remains of PRs #77 and #78, both of which are now superseded and closed:
push_data.shtoreese@hellowoco.app. Michael has since asked for no specific user at all — push_data.sh: no hardcoded deploy user — WOCO_DEPLOY_USER from .env; refuse --import with --dry-run #79 implements that (username from the gitignored.env), so a personal default would be a step backwards.reesewithWOCO_DEV_SSH_KEY. Staging's current workflows already went further: CI SSHes directly aswocodwith dedicatedSTAGING_DEPLOY_SSH_KEY/PROD_DEPLOY_SSH_KEYkeys and narrowly scopedsudo -ncommands — stronger than what ci: deploy to woco.dev as reese user with dedicated WOCO_DEV_SSH_KEY #78 proposed, and exactly the "wocod deploys on both boxes" model.What was still genuinely broken from their era is the docs:
STAGING_WOCO_DEV.mdinstructed operators to push data asroot@woco.devandAUTH_SYNC.mdtoscpasroot@— both impossible now that root login is disabled, and contrary to the deploy model. This PR:STAGING_WOCO_DEV.md: data-push example now uses<your-user>@woco.devwith a note that files still land owned bywocod; the provisioning section's root SSH is explicitly marked initial-setup-only with a pointer to the sshd-hardening steps inDEPLOY.md.AUTH_SYNC.md:scptarget updated to<your-user>@with the same root-disabled note.No code changes.
🤖 Generated with Claude Code