Commit Graph

6 Commits

Author SHA1 Message Date
6555ed2fed fix(infra): allow modelwatch rsync + restorecon in the deploy sudoers
All checks were successful
deploy / build-web (push) Successful in 1m21s
deploy / deploy-web (push) Successful in 4s
deploy / build-api (push) Successful in 6m46s
deploy / deploy-api (push) Successful in 18s
The scoped /etc/sudoers.d/newsfeed_gitea_ci allowlist only permitted rsync of
the api/worker binaries + their configs and a fixed restorecon command. The
modelwatch deploy adds a newsfeed-modelwatch binary, a modelwatch.toml, and an
extra restorecon path, so `sudo rsync … /usr/local/bin/newsfeed-modelwatch`
was refused ("a password is required") and deploy-api failed (rsync code 12).

Add the two rsync destinations and extend the restorecon rule to match deploy.yml.
As with any new deploy touchpoint, infra-setup.sh must be re-run on the API host
(to push the updated sudoers) before the next deploy can succeed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016fKZzDpvjiJ9eYbPGgJvUP
2026-07-08 14:40:02 +03:00
3db1f586a8 feat(modelwatch): push producer for open-weight model releases
Some checks failed
deploy / build-web (push) Successful in 1m30s
deploy / deploy-web (push) Successful in 4s
deploy / build-api (push) Successful in 6m35s
deploy / deploy-api (push) Failing after 10s
Add newsfeed-modelwatch: a one-shot, systemd-timer-driven producer that watches
the Hugging Face Hub for open-weight releases and pushes filtered candidates to
the ingest endpoint. Answers "how do I automate the HF firehose into my feed" —
the RSS half already works on the pull rail; this is the JSON/API half.

How it works: each run polls the HF models API (a watchlist of orgs +
trendingScore), applies an admission predicate (license allowlist, total-params
cap, safetensors present, not gated, pipeline_tag), and POSTs the survivors to
POST /v1/ingest/candidates under a bearer token, tagged source="huggingface".

Two properties of the existing ingest rail shape the design:
- Ingest is idempotent on (user, external_id). Using the repo id as external_id
  makes the producer STATELESS — no dedup table; re-runs/overlapping timers just
  re-submit and the server drops repeats.
- HF `tags` are copied onto the candidate, so the user's per-interest weights do
  the ranking. The predicate is only an ADMISSION filter (what's worth surfacing
  at all) and stays subordinate to explicit weights, per the house rule.

Layout: newsfeed-modelwatch is a client of the API, not an internal component —
it holds no core/data deps. Pure logic (HF types, predicate, mapping to
CandidateSubmission, param formatting) lives in the lib with unit tests; the bin
does the HTTP polling/posting. CandidateSubmission gains Serialize so the
in-workspace producer can build and post one.

Ops:
- asset/systemd/newsfeed-modelwatch.{service,timer}: oneshot + 3-hourly timer.
  The ingest token is a secret, kept in /etc/newsfeed/modelwatch.env
  (NEWSFEED_TOKEN, mapped to `token` by figment) so a redeploy of the config
  never clobbers it.
- asset/config/modelwatch.toml.tmpl: watchlist + predicate, no secret.
- infra-setup.sh installs the units, creates the env placeholder (never
  overwritten), enables the timer, and prints the token step.
- deploy.yml builds + ships the binary and the (secret-free) config each deploy.

Verified: unit tests (gated union, license precedence, admit accept/reject,
mapping); dry-run against live HF; full loop against a local API — minted token,
submitted a real release, confirmed it landed in the feed with the huggingface
source linked and HF tags carried through. fmt/clippy/test all green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016fKZzDpvjiJ9eYbPGgJvUP
2026-07-08 14:29:32 +03:00
ee63939151 docs(infra-setup): print required DNS records + public-name override warning
All checks were successful
deploy / build-web (push) Successful in 1m37s
deploy / deploy-web (push) Successful in 4s
deploy / build-api (push) Successful in 6m17s
deploy / deploy-api (push) Successful in 10s
Deployment needs two DNS records this script doesn't manage: a split-horizon
newsfeed.internal -> oolon (the mesh access path), and NO internal override for
the public rob.fyi (an internal record pointing it elsewhere makes mesh clients
land on the wrong vhost/cert — which is exactly what happened: rob.fyi resolved
internally to the office proxy 10.6.0.46 and served admin.zap.pics).

Surface both at the end of every run so the gap is visible.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016fKZzDpvjiJ9eYbPGgJvUP
2026-07-08 12:41:43 +03:00
81fe5f7d4d fix: move newsfeed-api off 8081 to 22672 (conflict-unlikely port)
All checks were successful
deploy / build-web (push) Successful in 1m34s
deploy / deploy-web (push) Successful in 4s
deploy / build-api (push) Successful in 6m17s
deploy / deploy-api (push) Successful in 10s
8081 is the alt-HTTP port — one of the crowded defaults every proxy/dev server
grabs — so it's collision-prone on a shared host. Move to 22672, a registered-
range port in the sparse 20000s band, derived deterministically from the
service name and recorded in architecture port-allocations.md.

Updated everywhere the number appears: api bind config + default, firewalld
service XML, nginx upstream, vite dev proxy, deploy workflow API_PORT,
infra-setup (SELinux semanage label), and docs.

Operator note: re-run script/infra-setup.sh on slartibartfast to relabel the
SELinux port (22672) and ship the updated firewalld XML before the next deploy
restarts the api on the new port.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016fKZzDpvjiJ9eYbPGgJvUP
2026-07-08 12:25:26 +03:00
19dfe793e0 feat(infra): provision the public rob.fyi vhost + LE cert in infra-setup
Some checks failed
deploy / build-api (push) Waiting to run
deploy / build-web (push) Successful in 1m33s
deploy / deploy-api (push) Has been cancelled
deploy / deploy-web (push) Has been cancelled
infra-setup only handled the internal (newsfeed.internal) cert and vhost and
just printed a generic "set it up yourself" note for the WAN name. Now it also,
on the web host:

- issues the Let's Encrypt cert for rob.fyi idempotently (certbot, Cloudflare
  DNS-01, ECDSA, --keep-until-expiring), skipping cleanly if the CF token or
  certbot is absent;
- installs the certbot renew deploy-hook (reload nginx);
- installs the public vhost, gated on the cert existing so a missing cert can't
  break `nginx -t` for all of nginx (external-tls.md §4).

PUBLIC_FQDN/CERT_EMAIL/CF_CREDS are infra-truth vars at the top; set PUBLIC_FQDN
empty to skip. Cloudflare A record + OPNsense :443 forward remain manual and are
called out in the closing output.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016fKZzDpvjiJ9eYbPGgJvUP
2026-07-08 12:19:31 +03:00
5ce52fff4d feat: scaffold newsfeed — user-controlled news feed
Some checks failed
deploy / build (push) Failing after 7s
deploy / deploy-api (push) Has been skipped
deploy / deploy-web (push) Has been skipped
A self-hosted feed where the user owns the ranking: per-source and signed
per-interest weights, decayed by recency, via a transparent deterministic
scorer. Content is sourced algorithmically (worker RSS/Atom polling) and
agentically (per-user API tokens POSTing candidates to the ingest endpoint).
Single-user today, multi-user by construction (every row keyed on user_id).

Rust cargo workspace + Vite/React/SWC/TS SPA:
- newsfeed-entities: DTOs (ts-rs bindings -> web/src/api/bindings)
- newsfeed-core: ranking, auth primitives, ingest, data-access ports
- newsfeed-data: SQLite adapters (sqlx, runtime queries)
- newsfeed-api: axum REST/JSON daemon
- newsfeed-worker: RSS polling + rescoring loop
- web: responsive, mobile-first SPA (React Query, generated types)

Deploy (Gitea Actions, build static musl + SPA, rsync as gitea_ci):
api+worker -> slartibartfast, SPA -> oolon (nginx serves + proxies /v1).

Deliberate deviations from house conventions (documented in CLAUDE.md/readme):
- SQLite instead of Postgres; api+worker co-locate sharing one DB file.
- Runtime sqlx queries instead of query! macros (SQLite dynamic typing;
  keeps CI database-free).

Verified end-to-end: auth, token ingest, interest-weighted ranking, signals,
pagination (curl + browser); cargo fmt/clippy -D/test and pnpm build/lint pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_016fKZzDpvjiJ9eYbPGgJvUP
2026-07-08 11:55:49 +03:00