The Helm init container used /bin/RunProdServer which doesn't exist in IHP's
Nix Docker image (binary is at a Nix store path). Additionally, IHP v1.5's
RunProdServer starts the server after migrating — it never exits — so init
containers are the wrong pattern. IHP applies schema changes on startup.
Changes:
- Remove initContainers block from deployment.yaml entirely
- Set runMigrations: false as default in values.yaml
- Update RUNBOOK.md with correct skopeo push procedure (pre-fetch bearer token
to work around Gitea's misconfigured token realm URL: port 80 vs actual 32166)
- Add note that the Nix image has no /bin/sh or /bin/RunProdServer wrapper
k3s registry auth: credentials added to /etc/rancher/k3s/registries.yaml and
iptables DNAT rule added on Railiance01 (92.205.130.254:80 → 32166) so the
ACME token realm redirect works. hub.coulomb.social DNS A record still needed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Generated.Types imports 119 modules, pushing the combined .hi read past
a ~287 MB binary-deserialization limit in GHC 9.10.3. Fix by adding a
nixpkgs overlay that patches the inter-hub-models derivation: replaces
Generated/Types.hs with a thin TypesPart1/TypesPart2 re-export wrapper
after build-generated-code runs, and adds the two split modules to the
cabal exposed-modules list.
Also fix the production binary name from /bin/App to /bin/RunProdServer
in deployment.yaml and RUNBOOK.md (the IHP NixSupport build produces
RunProdServer, not App). Switch packages.docker to IHP's built-in
unoptimized-docker-image which already uses the correct binary path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Helm chart at deploy/helm/inter-hub/ with Deployment, Service, Ingress
(Traefik + letsencrypt-prod), and migration init container. Runbook at
deploy/railiance/RUNBOOK.md with build, push, rotate, rollback procedures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
