# PREREQUISITES CHECKLIST

**Complete EVERY item before proceeding to deployment.**

Missing even ONE prerequisite will cause deployment failure.

---

## ✅ PRE-FLIGHT CHECKLIST

### 1. DNS CONFIGURATION

**Action:** Create two A records in your DNS provider

**Records needed:**
```
codex.firefrostgaming.com    →  38.68.14.26 (TX1 Dallas)
n8n.firefrostgaming.com      →  38.68.14.26 (TX1 Dallas)
```

**Verification:**
```bash
# Run these from your local machine (NOT TX1)
dig codex.firefrostgaming.com +short
dig n8n.firefrostgaming.com +short
```

**Expected output:**
```
38.68.14.26
38.68.14.26
```

**⏱️ CRITICAL:** DNS propagation can take up to 24 hours. Check propagation at: https://dnschecker.org

**Do NOT proceed until both domains resolve to 38.68.14.26 globally.**

---

### 2. TX1 SERVER ACCESS

**Action:** Verify SSH access to TX1

**Command:**
```bash
ssh root@38.68.14.26
```

**Expected:** Successful login to TX1 Dallas

**If fails:** Check SSH keys, verify server is online, check firewall rules

---

### 3. PORT AVAILABILITY CHECK

**Action:** Verify ports 80 and 443 are available

**Commands (run on TX1):**
```bash
sudo lsof -i :80
```

**Expected output:** (nothing - port is free)

```bash
sudo lsof -i :443
```

**Expected output:** (nothing - port is free)

**If ports are in use:** Identify the service and move it or use different ports

**Status:** ✅ VERIFIED on February 22, 2026 - ports are FREE

---

### 4. DOCKER INSTALLED ON TX1

**Action:** Verify Docker and Docker Compose are installed

**Commands (run on TX1):**
```bash
docker --version
```

**Expected:** `Docker version XX.XX.XX` or higher

```bash
docker-compose --version
```

**Expected:** `Docker Compose version XX.XX.XX` or higher

**If not installed:**
```bash
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# Install Docker Compose
sudo apt-get install docker-compose-plugin -y
```

---

### 5. OLLAMA RUNNING ON TX1

**Action:** Verify Ollama is accessible

**Command (run on TX1):**
```bash
curl http://localhost:11434/api/version
```

**Expected:** JSON response with version information

**If fails:** Start Ollama service

**Verify models installed:**
```bash
curl http://localhost:11434/api/tags
```

**Expected models:**
- qwen2.5-coder:7b (for fast operations)
- llama3.3:70b (for complex reasoning)

**If models missing:** Download them before deployment

---

### 6. GITEA SSH ACCESS

**Action:** Verify TX1 can access Gitea via SSH

**Command (run on TX1):**
```bash
ssh -T git@git.firefrostgaming.com
```

**Expected:** Authentication success message from Gitea

**If fails:** Generate and add SSH key to Gitea

**Generate SSH key (if needed):**
```bash
ssh-keygen -t ed25519 -C "firefrost-codex@tx1" -f ~/.ssh/id_ed25519_gitea
```

**Add to SSH config:**
```bash
cat >> ~/.ssh/config << 'EOF'
Host git.firefrostgaming.com
    HostName git.firefrostgaming.com
    User git
    IdentityFile ~/.ssh/id_ed25519_gitea
    StrictHostKeyChecking no
EOF
```

**Add public key to Gitea:**
1. Copy public key: `cat ~/.ssh/id_ed25519_gitea.pub`
2. Go to Gitea → Settings → SSH Keys
3. Add new key with WRITE permission

---

### 7. DISCORD WEBHOOKS CREATED

**Action:** Create two Discord webhooks

**Webhook 1: #codex-alerts**
- Purpose: Informational notifications (syncs, proposals, updates)
- Audience: Meg, Holly, Michael
- Create in Discord: Server Settings → Integrations → Webhooks → New Webhook

**Webhook 2: #system-critical**
- Purpose: Urgent alerts requiring Michael's attention
- Audience: Michael only (private channel recommended)
- Create in Discord: Server Settings → Integrations → Webhooks → New Webhook

**Save webhook URLs - you'll need them for .env file:**
```
DISCORD_WEBHOOK_CODEX_ALERTS=https://discord.com/api/webhooks/...
DISCORD_WEBHOOK_SYSTEM_CRITICAL=https://discord.com/api/webhooks/...
```

---

### 8. MICHAEL'S DISCORD USER ID

**Action:** Get Michael's Discord user ID for approval workflow

**Steps:**
1. Enable Developer Mode in Discord: User Settings → Advanced → Developer Mode
2. Right-click Michael's name in Discord
3. Click "Copy User ID"

**Save this ID - you'll need it for .env file:**
```
MICHAEL_DISCORD_ID=123456789012345678
```

---

### 9. BACKUP CURRENT ANYTHINGLLM STATE

**Action:** Backup current system before replacement

**⚠️ CRITICAL:** Do this even though we're removing AnythingLLM

**Commands (run on TX1):**
```bash
# Create backup directory
mkdir -p /root/anythingllm-backup-$(date +%Y%m%d)

# Backup AnythingLLM data
cp -r /opt/anythingllm /root/anythingllm-backup-$(date +%Y%m%d)/

# Backup docker-compose if exists
cp /opt/anythingllm/docker-compose.yml /root/anythingllm-backup-$(date +%Y%m%d)/ 2>/dev/null || true

# Create tarball
cd /root
tar -czf anythingllm-backup-$(date +%Y%m%d).tar.gz anythingllm-backup-$(date +%Y%m%d)/

# Verify backup
ls -lh anythingllm-backup-*.tar.gz
```

**Expected:** Tarball created with reasonable size

**Store backup on Command Center (optional but recommended):**
```bash
rsync -avz anythingllm-backup-*.tar.gz root@63.143.34.217:/root/backups/
```

---

### 10. COMMAND CENTER BACKUP STORAGE

**Action:** Prepare Command Center to receive backups

**Commands (run on Command Center 63.143.34.217):**
```bash
# Create backup directory
mkdir -p /root/backups/firefrost-codex

# Set permissions
chmod 700 /root/backups/firefrost-codex
```

**Verify TX1 can rsync to Command Center:**
```bash
# From TX1
touch /tmp/test-backup.txt
rsync -avz /tmp/test-backup.txt root@63.143.34.217:/root/backups/firefrost-codex/
```

**Expected:** File transfers successfully

**If fails:** Set up SSH keys between TX1 and Command Center

---

### 11. DISK SPACE CHECK

**Action:** Verify sufficient disk space on TX1

**Command (run on TX1):**
```bash
df -h
```

**Required free space:**
- Root partition: At least 30GB free
- Docker volumes: At least 20GB free

**If insufficient:** Clean up old game server backups, logs, or unused Docker images

---

### 12. UPTIME KUMA ACCESS

**Action:** Verify Uptime Kuma is accessible

**URL:** Check your Uptime Kuma URL (likely on Command Center)

**Expected:** Can log in and see existing monitors

**We'll add new monitors for:**
- Dify (https://codex.firefrostgaming.com)
- n8n webhooks
- Qdrant health

---

### 13. GENERATE SECURE PASSWORDS

**Action:** Generate strong passwords for deployment

**Command (run on your local machine or TX1):**
```bash
# PostgreSQL password
openssl rand -base64 32

# Dify secret key
openssl rand -base64 42
```

**Save these securely - you'll need them for .env file:**
```
DB_PASSWORD=<generated_password>
DIFY_SECRET_KEY=<generated_secret>
```

**⚠️ NEVER commit these to Git - they go in .env file only**

---

### 14. TIMEZONE CONFIGURATION

**Action:** Verify TX1 timezone is correct

**Command (run on TX1):**
```bash
timedatectl
```

**Expected:** Timezone shows America/Chicago (or your preferred timezone)

**If wrong:**
```bash
sudo timedatectl set-timezone America/Chicago
```

**Why this matters:** Log timestamps, backup schedules, monitoring

---

### 15. FIREWALL CONFIGURATION

**Action:** Verify firewall allows required ports

**Required open ports on TX1:**
- 22 (SSH) - already open
- 80 (HTTP) - need to open
- 443 (HTTPS) - need to open
- All game server ports - already configured

**Check current firewall (if using UFW):**
```bash
sudo ufw status
```

**Open required ports:**
```bash
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload
```

**If using different firewall (iptables, etc.):** Adjust accordingly

---

### 16. EMAIL CONFIGURATION (OPTIONAL)

**Action:** Configure email for Dify user invitations

**⚠️ NOT REQUIRED** - We'll use invite links instead

**If you want email:**
1. Set up SMTP server details
2. Add to .env file
3. Configure in Dify settings

**We recommend:** Skip email, use invite links (simpler, more reliable)

---

### 17. GIT REPOSITORY ACCESS

**Action:** Verify access to operations manual repository

**Command (run on TX1):**
```bash
git clone git@git.firefrostgaming.com:firefrost-gaming/firefrost-operations-manual.git /tmp/test-clone
```

**Expected:** Repository clones successfully

**Clean up:**
```bash
rm -rf /tmp/test-clone
```

**If fails:** Check SSH keys, Gitea permissions

---

### 18. DOCKER NETWORK CONFIGURATION

**Action:** Verify Docker can create custom networks

**Command (run on TX1):**
```bash
docker network create test-network
docker network rm test-network
```

**Expected:** Network created and removed successfully

**If fails:** Docker installation issue, reinstall Docker

---

### 19. SYSTEM RESOURCES CHECK

**Action:** Verify TX1 has sufficient resources

**Command (run on TX1):**
```bash
free -h
```

**Expected:**
- Total RAM: 251GB
- Available RAM: At least 220GB (confirmed February 22, 2026)

**Command:**
```bash
nproc
```

**Expected:** Multiple CPU cores available

**If resources insufficient:** Stop unnecessary services or upgrade server

---

### 20. DEPLOYMENT DIRECTORY PREPARATION

**Action:** Create deployment directory on TX1

**Commands (run on TX1):**
```bash
# Create deployment directory
mkdir -p /opt/firefrost-codex

# Set ownership
chown -R root:root /opt/firefrost-codex

# Navigate to directory
cd /opt/firefrost-codex
```

**Expected:** Directory created and accessible

---

## ✅ FINAL PRE-FLIGHT VERIFICATION

**Before proceeding to DEPLOYMENT-PLAN.md, verify ALL items above:**

- [ ] DNS records created and propagated (codex + n8n)
- [ ] TX1 SSH access working
- [ ] Ports 80 and 443 are FREE
- [ ] Docker and Docker Compose installed
- [ ] Ollama running with required models
- [ ] Gitea SSH access configured
- [ ] Discord webhooks created (#codex-alerts + #system-critical)
- [ ] Michael's Discord user ID obtained
- [ ] Current AnythingLLM backed up
- [ ] Command Center backup storage ready
- [ ] Sufficient disk space available (30GB+)
- [ ] Uptime Kuma accessible
- [ ] Secure passwords generated (DB + Dify secret)
- [ ] TX1 timezone configured correctly
- [ ] Firewall ports 80/443 opened
- [ ] Git repository access verified
- [ ] Docker network test passed
- [ ] System resources sufficient (220GB+ RAM)
- [ ] Deployment directory created (/opt/firefrost-codex)

**If ANY checkbox is unchecked, DO NOT proceed to deployment.**

**Return to this checklist and complete missing items.**

---

## 🚨 CRITICAL REMINDERS

**DNS Propagation:**
- Can take up to 24 hours
- Check https://dnschecker.org before proceeding
- If not propagated globally, SSL certificates will FAIL

**SSH Keys:**
- TX1 must trust Gitea
- Docker container must trust Gitea
- TX1 must trust Command Center (for backups)

**Backups:**
- Always backup before major changes
- Verify backups work BEFORE you need them
- Store offsite (Command Center) for safety

**Passwords:**
- Generate strong passwords
- NEVER commit to Git
- Store in .env file only
- Keep backup copy somewhere secure

---

**Prerequisites complete? Proceed to DEPLOYMENT-PLAN.md**

💙🔥❄️