Registers haskelseed as a Gitea Actions runner and adds
.gitea/workflows/build-and-deploy.yml that runs nix build → skopeo push →
helm deploy on every push to main. Deploy step SSHes to Railiance01 using
a dedicated deploy key (haskelseed-ci-deploy) already authorized on the node.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
nix build's staticFilesCompiledByMake phase calls make static/prod.css,
which depends on static/app.css. Added a minimal pre-built static/app.css
(satisfies Makefile dep without needing Tailwind in build sandbox) and a
Makefile rule to regenerate it via Tailwind in devenv.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Gitea's registry token realm is misconfigured — it points to
gitea.coulomb.social:80 but Gitea only listens on port 32166. iptables
is not available on haskelseed (Alpine). Workaround: pre-fetch the bearer
token via curl against port 32166 and pass it to skopeo with
--dest-registry-token, bypassing the broken token service URL entirely.
Validated with inter-hub:11ff61c on 2026-05-02.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
INTENT.md captures why the probe exists (validate build-to-deploy before
inter-hub attempts production again) and its success criteria.
DeploymentBlueprint.md is a textual C4 deployment diagram covering all four
nodes: workstation, haskelseed, CoulombCore/Gitea, and Railiance01/k3s, plus
the full artifact flow and known infrastructure constraints.
IRP-WP-0001 is a 12-task workplan: flake bootstrap → minimal IHP scaffold →
schema → health endpoint → Hspec test → production build → push → Helm chart →
k3s registry config → deploy → smoke test → optional CI.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
