+36 -13

.devcontainer/config.fish

reviewed

··· 3208 3208 echo " nc -lu 7777 | while read line; do echo \"\$(date '+%H:%M:%S') \$line\"; done" 3209 3209 end 3210 3210 3211 3211 - # 🖥️ Machine Info / SSH Helpers 3212 3212 - # Read machine configs from vault/machines.json 3213 3213 - 3214 3214 - function ac-host --description "Show current host SSH config from machines.json" 3215 3215 - set -l machines_file "/workspaces/aesthetic-computer/aesthetic-computer-vault/machines.json" 3216 3216 - 3217 3217 - if not test -f $machines_file 3218 3218 - echo "❌ machines.json not found at $machines_file" 3219 3219 - return 1 3220 3220 - end 3211 3211 + # 🖥️ Machine Info / SSH Helpers 3212 3212 + # Read machine configs from vault/machines.json 3213 3213 + 3214 3214 + function __ac_machines_file --description "Resolve machines.json with local cache fallback" 3215 3215 + set -l machines_file "/workspaces/aesthetic-computer/aesthetic-computer-vault/machines.json" 3216 3216 + set -l machines_cache "$HOME/.cache/ac/machines.json" 3217 3217 + 3218 3218 + if test -f $machines_file 3219 3219 + mkdir -p (dirname $machines_cache) 3220 3220 + cp $machines_file $machines_cache 2>/dev/null 3221 3221 + echo $machines_file 3222 3222 + return 0 3223 3223 + end 3224 3224 + 3225 3225 + if test -f $machines_cache 3226 3226 + echo $machines_cache 3227 3227 + return 0 3228 3228 + end 3229 3229 + 3230 3230 + return 1 3231 3231 + end 3232 3232 + 3233 3233 + function ac-host --description "Show current host SSH config from machines.json" 3234 3234 + set -l machines_file (__ac_machines_file) 3235 3235 + 3236 3236 + if test $status -ne 0 -o -z "$machines_file" 3237 3237 + echo "❌ machines.json not found in vault or local cache" 3238 3238 + return 1 3239 3239 + end 3221 3240 3222 3241 set -l machine_key $argv[1] 3223 3242 ··· 3320 3339 ac-host 3321 3340 end 3322 3341 3323 3323 - function ac-host-nmap --description "Run nmap scan on local network via current host" 3324 3324 - set -l machines_file "/workspaces/aesthetic-computer/aesthetic-computer-vault/machines.json" 3325 3325 - set -l search_term $argv[1] 3342 3342 + function ac-host-nmap --description "Run nmap scan on local network via current host" 3343 3343 + set -l machines_file (__ac_machines_file) 3344 3344 + if test $status -ne 0 -o -z "$machines_file" 3345 3345 + echo "❌ machines.json not found in vault or local cache" 3346 3346 + return 1 3347 3347 + end 3348 3348 + set -l search_term $argv[1] 3326 3349 3327 3350 set -l hosts_to_try (jq -r ' 3328 3351 .machines

+13 -10

.devcontainer/devcontainer.json

reviewed

··· 248 248 // 249 249 // --tmpfs: In-memory /tmp for faster temp file operations 250 250 // 251 251 - // --ulimit nofile: Raise open file limit for Vite's many watchers 252 252 - // 253 253 - // NOTE: Explicit -p port mappings removed - forwardPorts handles this 254 254 - // and avoids "port already in use" errors on restart 255 255 - "runArgs": [ 256 256 - "-v", "/tmp/.X11-unix:/tmp/.X11-unix", 257 257 - "-q", 258 258 - "--cap-add=SYS_PTRACE", 259 259 - "--security-opt=apparmor=unconfined", 260 260 - "--security-opt", "label:disable", 251 251 + // --ulimit nofile: Raise open file limit for Vite's many watchers 252 252 + // --add-host: Force Docker host alias inside the container 253 253 + // Needed when Docker Desktop doesn't inject host.docker.internal 254 254 + // 255 255 + // NOTE: Explicit -p port mappings removed - forwardPorts handles this 256 256 + // and avoids "port already in use" errors on restart 257 257 + "runArgs": [ 258 258 + "-v", "/tmp/.X11-unix:/tmp/.X11-unix", 259 259 + "-q", 260 260 + "--add-host=host.docker.internal:host-gateway", 261 261 + "--cap-add=SYS_PTRACE", 262 262 + "--security-opt=apparmor=unconfined", 263 263 + "--security-opt", "label:disable", 261 264 "--name", "aesthetic", 262 265 "--hostname", "aesthetic", 263 266 "--init",

+7

lith/.env.example

reviewed

··· 1 1 + # Production monolith env for lith deploys. 2 2 + # This file is copied to /opt/ac/system/.env on the remote host. 3 3 + 4 4 + NODE_ENV=production 5 5 + CONTEXT=production 6 6 + PORT=8888 7 7 + DEPLOY_SECRET=replace-with-production-secret

+24

lith/README.md

reviewed

··· 1 1 + # lith 2 2 + 3 3 + Secrets and runtime env for the Aesthetic Computer monolith deploy. 4 4 + 5 5 + `lith/deploy.fish` expects: 6 6 + - `aesthetic-computer-vault/lith/.env` 7 7 + 8 8 + That file is uploaded to: 9 9 + - `/opt/ac/system/.env` 10 10 + 11 11 + Why `system/.env` on the server: 12 12 + - [`lith.service`](/workspaces/aesthetic-computer/lith/lith.service) uses `EnvironmentFile=/opt/ac/system/.env` 13 13 + - The monolith serves the main site and API from the shared `system/` tree 14 14 + 15 15 + Minimum required keys: 16 16 + - `NODE_ENV=production` 17 17 + - `CONTEXT=production` 18 18 + - `DEPLOY_SECRET=...` 19 19 + 20 20 + Recommended workflow: 21 21 + 1. Copy `.env.example` to `.env` 22 22 + 2. Fill in the real production values 23 23 + 3. Re-run `fish vault-tool.fish status` to confirm `lith/.env` is tracked 24 24 + 4. Deploy with `fish /workspaces/aesthetic-computer/lith/deploy.fish`