# Shit Deploy Can't Do

This is everything `./.deploy_prod` cannot safely automate for you.

## 1. Create Infrastructure

Step:
Create Hetzner servers, networking, and load balancer.

Reason:
The script only deploys app workloads. It cannot create paid cloud resources without cloud API credentials and IaC wiring.

## 2. Join Nodes To Swarm

Step:
Run `docker swarm init` on the first manager and `docker swarm join` on other nodes.

Reason:
Joining nodes requires one-time bootstrap tokens and host-level control.

## 3. Configure Firewall And Origin Restrictions

Step:
Set firewall rules so only expected ingress paths can reach your nodes.

Reason:
Firewall policies live in provider networking controls, outside this repo.

## 4. Configure DNS / Cloudflare

Step:
Point DNS at LB, enable proxying, set SSL mode, and lock down origin access.

Reason:
DNS and CDN settings are account-level operations in Cloudflare, not deploy-time app actions.

## 5. Configure External Services

Step:
Create and configure Neon, B2, email provider, APNS, and FCM credentials.

Reason:
These credentials are issued in vendor dashboards and must be manually generated/rotated.

## 6. Seed SSH Trust

Step:
Ensure your local machine can SSH to the manager with the key in `deploy/cluster.env`.

Reason:
The script assumes SSH already works; it cannot grant itself SSH access.

## 7. First-Time Smoke Testing Beyond `/api/health/`

Step:
Manually test login, push, background jobs, and admin panel flows after first deploy.

Reason:
Automated health checks prove container readiness, not end-to-end business behavior.

## 8. Safe Secret Garbage Collection

Step:
Periodically remove old versioned Docker secrets that are no longer referenced.

Reason:
This deploy script creates versioned secrets for safe rollouts and does not auto-delete old ones to avoid breaking running services.