Remote Server

This page owns the production host layout and deploy assumptions for ab-ticket-bot.

Target Host

• default remote host: mathbox.90.cz
• default remote user: agent
• deploy root: /home/agent/docker_deployments/ab-ticket-bot

Remote Module Directories

• jobs module: /home/agent/docker_deployments/ab-ticket-bot/ab-ticket-bot-jobs
• docs module: /home/agent/docker_deployments/ab-ticket-bot/ab-ticket-bot-docs

Each module owns its own docker-compose.yml, Dockerfile, .env.server, data/, logs/, and conf/.

Deploy Workflow

1. Root scripts/deploy.sh materializes .env.server from secrets/prod/<module>.env.
2. The module-local deploy script uploads the full module directory to the remote module path.
3. Remote execution runs the same module-local deploy script with PROJECT_REMOTE_EXEC=1.
4. Runtime UID:GID on the host is derived from id -u and id -g of the remote agent user.
5. The local plaintext .env.server is deleted after deploy finishes.

Exposure Model

• ab-ticket-bot-jobs is not an HTTP service and has no public endpoint.
• ab-ticket-bot-docs is locally bound on the server at 127.0.0.1:18081.
• public docs URL: https://ab-ticket-bot-docs.mathbox.90.cz/.
• HAProxy terminates TLS and routes ab-ticket-bot-docs.mathbox.90.cz to 127.0.0.1:18081.
• the TLS certificate is issued by Let's Encrypt for ab-ticket-bot-docs.mathbox.90.cz and renewed by the server certbot timer.
• post-deploy verification should check https://ab-ticket-bot-docs.mathbox.90.cz/ and https://ab-ticket-bot-docs.mathbox.90.cz/healthz.

Runtime Ownership

• application processes run as a non-root numeric user through HOST_UID and HOST_GID
• bind-mounted data/ and logs/ must remain writable by that user
• if ownership drifts, fix it before the next start or deploy