Fold files./filestash into the docs that carry the service list, the vhost
map and the deploy procedure — README stack table, 00-overview, 02-caddy,
12-build-order, 14-deploy, and the deploy skill.
Two real gaps the filestash deploy exposed, now guardrails in the skill:
- update-all.sh never touches host nginx, so a NEW SUBDOMAIN silently 404s
after deploy. It needs issue-letsencrypt.sh + render-nginx.sh --install.
- a new service with ${FOO:?} guards fails the WHOLE compose file, so a
missing .env var means `up` starts nothing — and --hard has already run
`down`. Check the host's .env BEFORE tearing the stack down.
Also: filestash/config.json is a single-file bind mount re-rendered every
run, so a rolling update-all leaves it on a stale inode (same trap as the
caddy conf) — force-recreate after any FILES_* change.
Correct the cochi divergence section: `git diff HEAD` on the host is now
empty (verified this deploy — the ff-pull succeeded). The documented
docker-compose.yml/package.json divergence was converged; only untracked
dnsmasq/, caddy-root-ca.crt and a stale pack/ remain. The stash-pull-pop
procedure it prescribed is no longer needed.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
6.7 KiB
name, description
| name | description |
|---|---|
| deploy | Redeploy the Ulicraft Minecraft stack to the production host `cochi` — git pull on main then a hard restart (compose down + up). Use when the user says "deploy", "redeploy", "deploy to cochi", "push to prod", "ship it", or "restart the server" for this project. Causes brief Minecraft downtime. |
Deploy Ulicraft to cochi
Redeploy the running stack on the production host. Full reference:
plan/14-deploy.md.
Fixed parameters
- Host:
cochi(SSH alias) - Path:
/home/ubuntu/mc/ulicraft-server-v1 - Branch:
main - Stack: single unified
docker-compose.yml(drasl, minecraft, mc-backup, caddy, nmsr, mc-status, uptime-kuma, filestash) - Auth: Drasl
- Restart: hard (down → up) — players are disconnected for a few minutes
Procedure
This is an outward-facing, downtime-causing action on production. The user invoking this skill is the authorization to proceed, but:
-
Pre-check (read-only). See what would change before tearing anything down:
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && git fetch && git log --oneline HEAD..@{u}'Report the incoming commits. If the list is empty, tell the user the host is already up to date and ask whether to restart anyway (they may want a plain restart). If
git fetchfails (host unreachable, auth), STOP and report.If the incoming commits ADD A SERVICE, check
.envon the host first. A new service with${FOO:?...}guards (filestash uses them) fails the whole compose file, not just that service — so a missing var meansuprefuses to start anything, and a--harddeploy has already rundown. The stack stays down. Check before tearing it down:ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && grep -c "^FILES_" .env'Same for a new subdomain: it needs a cert (
LE_SUBDOMAINS+issue-letsencrypt.sh) and an nginx vhost — see step 2b, which the deploy does NOT do for you. -
Pull, ensure authlib, then
update-all.sh --hard(single SSH session, halts on any error):ssh cochi 'set -e cd /home/ubuntu/mc/ulicraft-server-v1 git pull --ff-only tooling/fetch-authlib.sh ./update-all.sh --hard'--ff-onlyrefuses to merge — if the pull is not a fast-forward, STOP and report (local changes on the host need manual resolution).fetch-authlib.shensuresruntime/authlib-injector.jarexists (gitignored; skips if already valid; NOT part of update-all since it rarely changes). Missing jar = minecraft crashloops with "Error opening zip file or JAR manifest missing". Run it beforeupdate-allso the jar is present when compose brings minecraft up.update-all.shis the single source of truth for the post-pull build + restart steps (render drasl/nmsr configs from.env, sync server mods, regen the landing mod list, rebuildwww/, then apply via docker compose). It is also runnable on its own for a lighter rolling update (no--hard= change-detected restart, no world downtime).--hardhere doesdown --remove-orphans && up -d --buildfor the deliberate full restart.render-config.shhalts on an invalidREGISTRATION_MODE(must beinviteoropen); a missing distribution jar haltssync-server-mods.sh. The landing rebuild is unconditional (the gitignoredwww/is never updated bygit pull), so no separate landing step is needed.
2b. Only if the deploy changed nginx/ulicraft-caddy.conf.tmpl (a new
subdomain, a new body-size/rate-limit rule, a changed CADDY_HTTP_PORT).
update-all.sh does not touch the host nginx, so a new vhost simply
won't exist and the subdomain 404s / hits the wrong server block:
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && tooling/render-nginx.sh --install'
It runs nginx -t before reloading, so a bad render fails safe. The cert
must already exist (certs/<name>/cert.pem) or nginx won't load the block —
issue it first with tooling/issue-letsencrypt.sh (reads LE_SUBDOMAINS).
- Verify.
Confirm
ssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && docker compose ps'caddy,drasl,minecraft,mc-backup,nmsr,mc-status,uptime-kuma,filestashare Up. Tail the minecraft log briefly and confirm it reaches the ready marker (matchDone (Ns)! For help— a bareDonealso matches unrelated mod-loading lines):If a public vhost changed, verify it end-to-end from your workstation rather than trustingssh cochi 'cd /home/ubuntu/mc/ulicraft-server-v1 && timeout 180 docker compose logs -f minecraft' 2>/dev/null | grep -m1 'Done ([0-9.]*s)! For help'compose ps(a container can be Up while nginx never routes to it):curl -s -o /dev/null -w '%{http_code}' https://<vhost>/.
Guardrails
- Never
git reset --hardor discard changes oncochiwithout telling the user first — there may be host-local edits. - Caddy conf changes need a recreate, not reload/restart. If the deploy
touched any
caddy/conf.d/*.caddyor the Caddyfile and you did a rollingupdate-all.sh(not--hard), the change WON'T apply: those are single-file bind mounts pinned to the host inode, andgit pullgives the file a new inode.restart/caddy reloadreuse the stale inode. Rundocker compose up -d --force-recreate caddy, then verify withdocker compose exec caddy cat /etc/caddy/conf.d/<file>. The--hardpath (fulldown/up) already recreates, so it's unaffected. - Same trap for
filestash/config.json— also a single-file bind mount, and it is re-rendered on every run byrender-config.sh, so a rollingupdate-all.shleaves filestash reading the stale inode after anyFILES_*change (rotating the shared password, flippingFILES_AUTH). Apply withdocker compose up -d --force-recreate filestash.--hardis unaffected. - Never let
filestash/config.jsonbe missing when compose runs. It is gitignored and rendered; if it doesn't exist, Docker creates a directory at that path and filestash breaks in a confusing way.update-all.shrenders beforeup, so the normal path is safe — just don't hand-rundocker compose upon the host without rendering first. If it happened:rm -rf filestash/config.json && tooling/render-config.sh && docker compose up -d --force-recreate filestash. - Volumes (
mc_data,drasl_state,kuma_data) persist acrossdown; the world and monitors are safe. Do NOT pass-v/--volumestodown. - If a step fails, STOP and surface the exact error + the failing command. Do not improvise recovery on production.