fix(pods): self-heal pre-existing pods to pick up the public_html bind#26
Merged
Conversation
The box auto-deploys (self-update timer pulls origin/main, rebuilds, restarts agentbbs), but `systemctl restart agentbbs` only restarts the daemon — it never touches the long-lived per-user pod containers. ensure() also short-circuits on any container that already exists, so pods created before the homepage bind landed would never gain the /home/dev/public_html mount without a manual `podman rm`. That defeats the "everything happens automatically on push" goal. Make ensure() self-healing: when a pod exists but lacks the public_html mount, recreate it so the bind is applied. The named home volume survives `rm`, so the member's files are kept. Only heal when the pod is idle (attached count 0) to avoid pulling a running pod out from under an active session — an unbound pod heals on its next idle attach. New hasMount() inspects the container's mounts. Net effect: push to main -> self-update redeploys within the timer interval -> the next `ssh pod@` recreates the pod with the bind. No manual step. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
vu1nz Security Review0 finding(s) in PR #? No security issues found. |
ralyodio
added a commit
that referenced
this pull request
Jun 15, 2026
…n box (#27) The deploy SSHed into the ~458MB droplet and ran `go build` there. The Go linker's peak memory OOM-killed the build — and with it the sshd serving the deploy session — surfacing as "Connection closed by remote host" (exit 255). It was flaky because it tracked momentary memory pressure from the co-resident ergo/forgejo/tor/podman/agentbbs processes (run #25 passed, #26 failed on near-identical code). Build both binaries on the 16GB GitHub runner instead (pure-Go, modernc sqlite, so CGO_ENABLED=0 static cross-build), scp them to the droplet, and run setup.sh with SKIP_BUILD=1 so the box never compiles. Arch is detected from the droplet so amd64/arm64 both work. setup.sh now also skips the Go toolchain download when SKIP_BUILD=1. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
ralyodio
added a commit
that referenced
this pull request
Jun 15, 2026
* fix(deploy): build Go binaries on the runner, ship them, SKIP_BUILD on box The deploy SSHed into the ~458MB droplet and ran `go build` there. The Go linker's peak memory OOM-killed the build — and with it the sshd serving the deploy session — surfacing as "Connection closed by remote host" (exit 255). It was flaky because it tracked momentary memory pressure from the co-resident ergo/forgejo/tor/podman/agentbbs processes (run #25 passed, #26 failed on near-identical code). Build both binaries on the 16GB GitHub runner instead (pure-Go, modernc sqlite, so CGO_ENABLED=0 static cross-build), scp them to the droplet, and run setup.sh with SKIP_BUILD=1 so the box never compiles. Arch is detected from the droplet so amd64/arm64 both work. setup.sh now also skips the Go toolchain download when SKIP_BUILD=1. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * feat(members): member directory + store-and-forward messaging A members-only hub plugin (the BBS "who") plus user-to-user messaging: - internal/store: messages table + SendMessage/Inbox/UnreadCount/MarkRead, and OnlineUsers (open sessions) for presence. MarkRead is recipient-scoped so a member can only clear their own mail. - plugins/members: directory with online dots + last-seen, a finger-style profile view, a minimal compose box, and an inbox that marks read on open. - ssh msg@host <user> [text]: scriptable CLI to leave a note (body from args or stdin), mirroring the existing finger route; "msg"/"message" are reserved. - hub: "N unread" badge on login (hubMOTD). plugin.Context gains Host for member homepage URLs. Extends the existing finger@ behavior (ssh <name>@host) rather than replacing it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #25.
Why
The box auto-deploys (self-update timer: pull
origin/main→ rebuild →systemctl restart agentbbs), but that restart only bounces the daemon. The long-lived per-user pod containers are untouched, andensure()short-circuits on any existing container — so pods created before #25 would never gain the/home/dev/public_htmlbind without a manualpodman rm. That defeats "everything happens automatically on push."What
ensure()is now self-healing: if a pod exists but lacks thepublic_htmlmount, it recreates it so the bind applies. The named home volume survivesrm, so the member's files are kept. Healing only happens when the pod is idle (attached count 0) so a running session is never pulled out from under the user — an unbound pod heals on its next idle attach. NewhasMount()inspects the container's mounts.Net effect: push to
main→ self-update redeploys within the timer interval → nextssh pod@recreates the pod with the bind. No manual step.Build/vet/
go test ./internal/pods/green.🤖 Generated with Claude Code