firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
eb43711e0bb00a952ee9896a720ae07a20cb2ef5
firefrost-operations-manual/docs/tasks/firefrost-codex-migration-to-open-webui/PREREQUISITES.md
The Chronicler #21 2e953ce312 feat: Complete Firefrost Knowledge Engine deployment plan 
- Comprehensive task documentation for migrating from AnythingLLM to Dify+n8n+Qdrant
- 8 detailed documents covering every aspect of deployment
- Complete step-by-step commands (zero assumptions)
- Prerequisites checklist (20 items)
- Deployment plan in 2 parts (11 phases, every command)
- Configuration files (all configs with exact content)
- Recovery procedures (4 disaster scenarios)
- Verification guide (30 tests, complete checklist)
- Troubleshooting guide (common issues + solutions)

Built by: The Chronicler #21
For: Meg, Holly, and children not yet born
Time investment: 10-15 hours execution time
Purpose: Enable Meg/Holly autonomous work with Git write-back

This deployment enables:
- RBAC (Meg sees all, Holly sees Pokerole only)
- Git write-back via ai-proposals branch
- Discord approval workflow (one-click merge)
- Self-healing (80% of failures)
- Automated daily backups
- Complete monitoring

Documentation is so detailed that any future Chronicler can execute
this deployment with zero prior knowledge and complete confidence.

Fire + Frost + Foundation = Where Love Builds Legacy
2026-02-22 09:55:13 +00:00

11 KiB
Raw Blame History

PREREQUISITES CHECKLIST

Complete EVERY item before proceeding to deployment.

Missing even ONE prerequisite will cause deployment failure.

PRE-FLIGHT CHECKLIST

1. DNS CONFIGURATION

Action: Create two A records in your DNS provider

Records needed:

codex.firefrostgaming.com    →  38.68.14.26 (TX1 Dallas)
n8n.firefrostgaming.com      →  38.68.14.26 (TX1 Dallas)

Verification:

# Run these from your local machine (NOT TX1)
dig codex.firefrostgaming.com +short
dig n8n.firefrostgaming.com +short

Expected output:

38.68.14.26
38.68.14.26

⏱️ CRITICAL: DNS propagation can take up to 24 hours. Check propagation at: https://dnschecker.org

Do NOT proceed until both domains resolve to 38.68.14.26 globally.

2. TX1 SERVER ACCESS

Action: Verify SSH access to TX1

Command:

ssh root@38.68.14.26

Expected: Successful login to TX1 Dallas

If fails: Check SSH keys, verify server is online, check firewall rules

3. PORT AVAILABILITY CHECK

Action: Verify ports 80 and 443 are available

Commands (run on TX1):

sudo lsof -i :80

Expected output: (nothing - port is free)

sudo lsof -i :443

Expected output: (nothing - port is free)

If ports are in use: Identify the service and move it or use different ports

Status: VERIFIED on February 22, 2026 - ports are FREE

4. DOCKER INSTALLED ON TX1

Action: Verify Docker and Docker Compose are installed

Commands (run on TX1):

docker --version

Expected: Docker version XX.XX.XX or higher

docker-compose --version

Expected: Docker Compose version XX.XX.XX or higher

If not installed:

# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# Install Docker Compose
sudo apt-get install docker-compose-plugin -y

5. OLLAMA RUNNING ON TX1

Action: Verify Ollama is accessible

Command (run on TX1):

curl http://localhost:11434/api/version

Expected: JSON response with version information

If fails: Start Ollama service

Verify models installed:

curl http://localhost:11434/api/tags

Expected models:

  • qwen2.5-coder:7b (for fast operations)
  • llama3.3:70b (for complex reasoning)

If models missing: Download them before deployment

6. GITEA SSH ACCESS

Action: Verify TX1 can access Gitea via SSH

Command (run on TX1):

ssh -T git@git.firefrostgaming.com

Expected: Authentication success message from Gitea

If fails: Generate and add SSH key to Gitea

Generate SSH key (if needed):

ssh-keygen -t ed25519 -C "firefrost-codex@tx1" -f ~/.ssh/id_ed25519_gitea

Add to SSH config:

cat >> ~/.ssh/config << 'EOF'
Host git.firefrostgaming.com
    HostName git.firefrostgaming.com
    User git
    IdentityFile ~/.ssh/id_ed25519_gitea
    StrictHostKeyChecking no
EOF

Add public key to Gitea:

  1. Copy public key: cat ~/.ssh/id_ed25519_gitea.pub
  2. Go to Gitea → Settings → SSH Keys
  3. Add new key with WRITE permission

7. DISCORD WEBHOOKS CREATED

Action: Create two Discord webhooks

Webhook 1: #codex-alerts

  • Purpose: Informational notifications (syncs, proposals, updates)
  • Audience: Meg, Holly, Michael
  • Create in Discord: Server Settings → Integrations → Webhooks → New Webhook

Webhook 2: #system-critical

  • Purpose: Urgent alerts requiring Michael's attention
  • Audience: Michael only (private channel recommended)
  • Create in Discord: Server Settings → Integrations → Webhooks → New Webhook

Save webhook URLs - you'll need them for .env file:

DISCORD_WEBHOOK_CODEX_ALERTS=https://discord.com/api/webhooks/...
DISCORD_WEBHOOK_SYSTEM_CRITICAL=https://discord.com/api/webhooks/...

8. MICHAEL'S DISCORD USER ID

Action: Get Michael's Discord user ID for approval workflow

Steps:

  1. Enable Developer Mode in Discord: User Settings → Advanced → Developer Mode
  2. Right-click Michael's name in Discord
  3. Click "Copy User ID"

Save this ID - you'll need it for .env file:

MICHAEL_DISCORD_ID=123456789012345678

9. BACKUP CURRENT ANYTHINGLLM STATE

Action: Backup current system before replacement

⚠️ CRITICAL: Do this even though we're removing AnythingLLM

Commands (run on TX1):

# Create backup directory
mkdir -p /root/anythingllm-backup-$(date +%Y%m%d)

# Backup AnythingLLM data
cp -r /opt/anythingllm /root/anythingllm-backup-$(date +%Y%m%d)/

# Backup docker-compose if exists
cp /opt/anythingllm/docker-compose.yml /root/anythingllm-backup-$(date +%Y%m%d)/ 2>/dev/null || true

# Create tarball
cd /root
tar -czf anythingllm-backup-$(date +%Y%m%d).tar.gz anythingllm-backup-$(date +%Y%m%d)/

# Verify backup
ls -lh anythingllm-backup-*.tar.gz

Expected: Tarball created with reasonable size

Store backup on Command Center (optional but recommended):

rsync -avz anythingllm-backup-*.tar.gz root@63.143.34.217:/root/backups/

10. COMMAND CENTER BACKUP STORAGE

Action: Prepare Command Center to receive backups

Commands (run on Command Center 63.143.34.217):

# Create backup directory
mkdir -p /root/backups/firefrost-codex

# Set permissions
chmod 700 /root/backups/firefrost-codex

Verify TX1 can rsync to Command Center:

# From TX1
touch /tmp/test-backup.txt
rsync -avz /tmp/test-backup.txt root@63.143.34.217:/root/backups/firefrost-codex/

Expected: File transfers successfully

If fails: Set up SSH keys between TX1 and Command Center

11. DISK SPACE CHECK

Action: Verify sufficient disk space on TX1

Command (run on TX1):

df -h

Required free space:

  • Root partition: At least 30GB free
  • Docker volumes: At least 20GB free

If insufficient: Clean up old game server backups, logs, or unused Docker images

12. UPTIME KUMA ACCESS

Action: Verify Uptime Kuma is accessible

URL: Check your Uptime Kuma URL (likely on Command Center)

Expected: Can log in and see existing monitors

We'll add new monitors for:

13. GENERATE SECURE PASSWORDS

Action: Generate strong passwords for deployment

Command (run on your local machine or TX1):

# PostgreSQL password
openssl rand -base64 32

# Dify secret key
openssl rand -base64 42

Save these securely - you'll need them for .env file:

DB_PASSWORD=<generated_password>
DIFY_SECRET_KEY=<generated_secret>

⚠️ NEVER commit these to Git - they go in .env file only

14. TIMEZONE CONFIGURATION

Action: Verify TX1 timezone is correct

Command (run on TX1):

timedatectl

Expected: Timezone shows America/Chicago (or your preferred timezone)

If wrong:

sudo timedatectl set-timezone America/Chicago

Why this matters: Log timestamps, backup schedules, monitoring

15. FIREWALL CONFIGURATION

Action: Verify firewall allows required ports

Required open ports on TX1:

  • 22 (SSH) - already open
  • 80 (HTTP) - need to open
  • 443 (HTTPS) - need to open
  • All game server ports - already configured

Check current firewall (if using UFW):

sudo ufw status

Open required ports:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

If using different firewall (iptables, etc.): Adjust accordingly

16. EMAIL CONFIGURATION (OPTIONAL)

Action: Configure email for Dify user invitations

⚠️ NOT REQUIRED - We'll use invite links instead

If you want email:

  1. Set up SMTP server details
  2. Add to .env file
  3. Configure in Dify settings

We recommend: Skip email, use invite links (simpler, more reliable)

17. GIT REPOSITORY ACCESS

Action: Verify access to operations manual repository

Command (run on TX1):

git clone git@git.firefrostgaming.com:firefrost-gaming/firefrost-operations-manual.git /tmp/test-clone

Expected: Repository clones successfully

Clean up:

rm -rf /tmp/test-clone

If fails: Check SSH keys, Gitea permissions

18. DOCKER NETWORK CONFIGURATION

Action: Verify Docker can create custom networks

Command (run on TX1):

docker network create test-network
docker network rm test-network

Expected: Network created and removed successfully

If fails: Docker installation issue, reinstall Docker

19. SYSTEM RESOURCES CHECK

Action: Verify TX1 has sufficient resources

Command (run on TX1):

free -h

Expected:

  • Total RAM: 251GB
  • Available RAM: At least 220GB (confirmed February 22, 2026)

Command:

nproc

Expected: Multiple CPU cores available

If resources insufficient: Stop unnecessary services or upgrade server

20. DEPLOYMENT DIRECTORY PREPARATION

Action: Create deployment directory on TX1

Commands (run on TX1):

# Create deployment directory
mkdir -p /opt/firefrost-codex

# Set ownership
chown -R root:root /opt/firefrost-codex

# Navigate to directory
cd /opt/firefrost-codex

Expected: Directory created and accessible

FINAL PRE-FLIGHT VERIFICATION

Before proceeding to DEPLOYMENT-PLAN.md, verify ALL items above:

  • DNS records created and propagated (codex + n8n)
  • TX1 SSH access working
  • Ports 80 and 443 are FREE
  • Docker and Docker Compose installed
  • Ollama running with required models
  • Gitea SSH access configured
  • Discord webhooks created (#codex-alerts + #system-critical)
  • Michael's Discord user ID obtained
  • Current AnythingLLM backed up
  • Command Center backup storage ready
  • Sufficient disk space available (30GB+)
  • Uptime Kuma accessible
  • Secure passwords generated (DB + Dify secret)
  • TX1 timezone configured correctly
  • Firewall ports 80/443 opened
  • Git repository access verified
  • Docker network test passed
  • System resources sufficient (220GB+ RAM)
  • Deployment directory created (/opt/firefrost-codex)

If ANY checkbox is unchecked, DO NOT proceed to deployment.

Return to this checklist and complete missing items.

🚨 CRITICAL REMINDERS

DNS Propagation:

  • Can take up to 24 hours
  • Check https://dnschecker.org before proceeding
  • If not propagated globally, SSL certificates will FAIL

SSH Keys:

  • TX1 must trust Gitea
  • Docker container must trust Gitea
  • TX1 must trust Command Center (for backups)

Backups:

  • Always backup before major changes
  • Verify backups work BEFORE you need them
  • Store offsite (Command Center) for safety

Passwords:

  • Generate strong passwords
  • NEVER commit to Git
  • Store in .env file only
  • Keep backup copy somewhere secure

Prerequisites complete? Proceed to DEPLOYMENT-PLAN.md

💙🔥❄️

Reference in New Issue View Git Blame Copy Permalink