firefrost-operations-manual/docs/code-server-deployment-plan.md

# Code-Server Deployment Plan

**Service:** Visual Studio Code (Web-based IDE)  
**URL:** code.firefrostgaming.com  
**Location:** Command Center VPS (63.143.34.217)  
**Purpose:** Browser-based file editing for documentation (no SSH required)  
**Priority:** HIGH - Accessibility enhancement for hand limitations

---

## Strategic Value

**Problem Solved:**
- Eliminates need for SSH terminal for doc editing
- GUI-based file management
- Works on Chromebook + Samsung Galaxy S24 Ultra
- Enables Meg to edit docs without SSH knowledge
- Visual Git workflow (no command line)

**The Wizard + The Emissary can both edit docs from any device!**

---

## Technical Specifications

**Software:** Code-Server (VS Code in browser)  
**Version:** Latest stable  
**Port:** 8080 (internal)  
**External Access:** HTTPS via Nginx reverse proxy  
**Authentication:** Password (upgrade to Authentik SSO in Phase 2)  
**SSL:** Let's Encrypt certificate  
**Firewall:** UFW rules for port 8080 (localhost only)

---

## Architecture
```
User Browser
    ↓ HTTPS
Nginx (code.firefrostgaming.com)
    ↓ Reverse Proxy (localhost:8080)
Code-Server
    ↓ File Access
/root/firefrost-work/firefrost-operations-manual/
    ↓ Git Operations
Gitea (git.firefrostgaming.com)
```

---

## Pre-Deployment Checklist

- [ ] DNS A record: code.firefrostgaming.com → 63.143.34.217
- [ ] Port 8080 available (check with `ss -tlnp | grep 8080`)
- [ ] Disk space check (Code-Server ~500MB)
- [ ] Backup current Git repo state

---

## Deployment Steps

### Step 1: Install Code-Server
```bash
curl -fsSL https://code-server.dev/install.sh | sh
```

### Step 2: Configure Code-Server
- Config file: `~/.config/code-server/config.yaml`
- Set bind address: 127.0.0.1:8080
- Set password: [STRONG_PASSWORD]
- Disable telemetry

### Step 3: Create Systemd Service
- Enable auto-start on boot
- Set working directory: `/root/firefrost-work/firefrost-operations-manual`
- Configure restart policy

### Step 4: Nginx Reverse Proxy
- Create site config: `/etc/nginx/sites-available/code.firefrostgaming.com`
- Proxy pass to localhost:8080
- WebSocket support (critical for Code-Server)

### Step 5: SSL Certificate
```bash
certbot --nginx -d code.firefrostgaming.com
```

### Step 6: UFW Firewall
- Allow HTTP/HTTPS on ens3
- Block direct access to port 8080

### Step 7: Verification
- Test HTTPS access
- Test file editing
- Test Git operations
- Test from mobile devices

---

## Post-Deployment Configuration

**VS Code Extensions to Install:**
1. Markdown All in One (preview + shortcuts)
2. Git Graph (visual Git history)
3. GitLens (advanced Git features)
4. Prettier (code formatting)
5. Material Icon Theme (better file icons)

**Workspace Settings:**
- Open folder: `/root/firefrost-work/firefrost-operations-manual`
- Git: Enable auto-fetch
- Files: Auto-save enabled
- Terminal: Default shell bash

---

## Security Considerations

**Access Control:**
- Password authentication (for now)
- HTTPS only (no HTTP access)
- Future: Integrate with Authentik SSO

**File Permissions:**
- Code-Server runs as root (needs Git access)
- Read/write to firefrost-operations-manual repo

**Network:**
- Bound to localhost only
- Nginx reverse proxy handles external access
- UFW blocks direct port access

---

## Usage Workflow (Post-Deployment)

**For Michael:**
1. Open code.firefrostgaming.com on Chromebook/phone
2. Enter password
3. Navigate files in sidebar
4. Edit markdown files
5. Use Source Control tab for Git
6. Commit + Push with GUI buttons

**For Meg:**
1. Same workflow as Michael
2. No SSH knowledge required
3. Visual file management
4. Can edit branding docs easily

---

## Troubleshooting Guide

**Issue: Can't connect to code.firefrostgaming.com**
- Check DNS propagation
- Verify Nginx config: `nginx -t`
- Check Code-Server status: `systemctl status code-server@root`

**Issue: WebSocket connection failed**
- Verify Nginx proxy_http_version 1.1
- Check Upgrade and Connection headers

**Issue: Git operations fail**
- Verify Git credentials configured
- Check file permissions

---

## Rollback Plan

**If deployment fails:**
1. Stop Code-Server: `systemctl stop code-server@root`
2. Remove Nginx config
3. Remove DNS record
4. Continue using SSH workflow

**No data loss risk - all Git repo files untouched**

---

## Success Metrics

- ✅ HTTPS accessible from browser
- ✅ File editing works smoothly
- ✅ Git commit/push from UI works
- ✅ Accessible from Chromebook
- ✅ Accessible from Samsung S24 Ultra
- ✅ Meg can edit docs without SSH

---

## Timeline

**Estimated Deployment Time:** 1-2 hours

**Phase Breakdown:**
- DNS + Prerequisites: 10 minutes
- Code-Server install: 15 minutes
- Configuration: 20 minutes
- Nginx setup: 15 minutes
- SSL certificate: 5 minutes
- Testing: 20 minutes
- Documentation: 15 minutes

**Total:** ~100 minutes

---

## Future Enhancements (Phase 2+)

- [ ] Authentik SSO integration
- [ ] Custom VS Code theme (Fire + Frost colors)
- [ ] Shared editing (Live Share extension)
- [ ] Mobile app (code-server has PWA support)
- [ ] Backup/snapshot system

---

**Status:** READY FOR DEPLOYMENT  
**Next Step:** Create DNS record, then begin installation

**Fire + Frost = Where Passion Meets Precision** 🔥❄️