Summary
compose/setup.sh was written during the repo restructure but has never been run on a clean host. Until that happens it can't be trusted for disaster recovery.
Context
The current VPS was bootstrapped manually before the script existed. The script is documented as the canonical bootstrap path in README.md, so it needs to actually work cold.
Scope
- Run
setup.sh end to end on a fresh VPS (or throwaway VM)
- Validate each step: Docker install, NetBird agent install +
up with setup key, UFW rules, proxy-net network creation, /var/log/caddy ownership
- After bootstrap, bring up the Caddy and NetBird stacks and confirm all four public hostnames serve TLS
Acceptance criteria
Notes
Hetzner snapshot or a cheap throwaway instance is enough. Will also catch unstated assumptions (e.g. base image package set, UFW present by default, kernel version vs NetBird agent requirements).
Summary
compose/setup.shwas written during the repo restructure but has never been run on a clean host. Until that happens it can't be trusted for disaster recovery.Context
The current VPS was bootstrapped manually before the script existed. The script is documented as the canonical bootstrap path in
README.md, so it needs to actually work cold.Scope
setup.shend to end on a fresh VPS (or throwaway VM)upwith setup key, UFW rules,proxy-netnetwork creation,/var/log/caddyownershipAcceptance criteria
NB_SETUP_KEYand a populated.env+netbird/config.yamlNotes
Hetzner snapshot or a cheap throwaway instance is enough. Will also catch unstated assumptions (e.g. base image package set, UFW present by default, kernel version vs NetBird agent requirements).