docs: switch active deployment runbooks from dokploy to ssh compose

.gitea/workflows/deploy-ssh-compose.yml

@@ -85,14 +85,45 @@ jobs:
           ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" \
             "cd '$DEPLOY_PATH' && IMAGE_TAG='$IMAGE_TAG' docker compose pull && IMAGE_TAG='$IMAGE_TAG' docker compose up -d --remove-orphans && docker image prune -f"
 
+      - name: Verify Web and Scheduler Are Running
+        run: |
+          set -euo pipefail
+          ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" "DEPLOY_PATH='$DEPLOY_PATH' bash -s" << 'EOF'
+          set -euo pipefail
+          cd "$DEPLOY_PATH"
+          web_id="$(docker compose ps -q web)"
+          scheduler_id="$(docker compose ps -q scheduler)"
+
+          if [ -z "$web_id" ]; then
+            echo "web service container not found"
+            exit 1
+          fi
+          if [ -z "$scheduler_id" ]; then
+            echo "scheduler service container not found"
+            exit 1
+          fi
+
+          web_running="$(docker inspect -f '{{.State.Running}}' "$web_id")"
+          scheduler_running="$(docker inspect -f '{{.State.Running}}' "$scheduler_id")"
+
+          if [ "$web_running" != "true" ]; then
+            echo "web service is not running"
+            exit 1
+          fi
+          if [ "$scheduler_running" != "true" ]; then
+            echo "scheduler service is not running"
+            exit 1
+          fi
+          EOF
+
       - name: Wait for Ready Health Check
         env:
-          HEALTH_URL: ${{ secrets.DOKPLOY_HEALTHCHECK_URL }}
+          HEALTH_URL: ${{ secrets.DEPLOY_HEALTHCHECK_URL }}
           MAX_ATTEMPTS: "30"
           SLEEP_SECONDS: "10"
         run: |
           if [ -z "$HEALTH_URL" ]; then
-            echo "Missing DOKPLOY_HEALTHCHECK_URL secret"
+            echo "Missing DEPLOY_HEALTHCHECK_URL secret"
             exit 1
           fi
           bash scripts/wait-for-health.sh

docs/07_PUBLIC_LAUNCH_CHECKLIST.md

@@ -8,19 +8,23 @@
 - [ ] Postgres port `5432` is not public.
 
 ## B) App and Deployment
-- [ ] Dokploy project connected to Gitea repo.
-- [ ] Secrets configured:
+- [ ] SSH deployment host is prepared (`/opt/fiddy`, Docker Engine, Compose plugin).
+- [ ] Deploy host runtime env is configured in `/opt/fiddy/.env`:
   - [ ] `DATABASE_URL`
   - [ ] `DATABASE_SSL`
   - [ ] `ALLOWED_DB_NAMES`
   - [ ] `SESSION_COOKIE_NAME`
   - [ ] `SESSION_TTL_DAYS`
-  - [ ] `DEBUG_API=0`
-  - [ ] `DOKPLOY_DEPLOY_HOOK`
-  - [ ] `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
-  - [ ] `DOKPLOY_HEALTHCHECK_URL`
+  - [ ] `DEBUG_API`
+- [ ] Gitea Actions secrets configured:
+  - [ ] `REGISTRY_USER`
+  - [ ] `REGISTRY_PASS`
+  - [ ] `DEPLOY_KEY`
+  - [ ] `DEPLOY_HOST`
+  - [ ] `DEPLOY_USER`
+  - [ ] `DEPLOY_HEALTHCHECK_URL`
 - [ ] Deploy workflow passes build/test/push/deploy.
-- [ ] Scheduler deploy workflow step passes.
+- [ ] Deploy guard confirms `web` and `scheduler` are running.
 - [ ] Post-deploy health gate passes (`scripts/wait-for-health.sh`).
 - [ ] Manual smoke passes (`scripts/smoke-public-launch.sh`).
 
@@ -47,6 +51,6 @@
 - [ ] Measured RTO is acceptable.
 
 ## F) Rollback Readiness
-- [ ] Previous stable release retained in Dokploy.
-- [ ] Rollback runbook tested once in staging or low-risk window.
+- [ ] Previous stable image tags retained in registry (for rollback).
+- [ ] Rollback runbook tested once in staging or low-risk window (SSH Compose deploy by older image tag).
 - [ ] Rollback smoke check verified.

docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md

@@ -25,28 +25,30 @@ Use these in execution updates for fast scanning:
   - [ ] `docs/08_NGINX_PROXY_MANAGER_SETUP.md`
   - [ ] `docs/06_SECURITY_REVIEW.md`
 
-## Phase 1: Registry + Dokploy Wiring (Operator Needed)
-First-time reference: `docs/11_DOKPLOY_FIRST_TIME_WALKTHROUGH.md`.
+## Phase 1: Registry + SSH Compose Wiring (Operator Needed)
 
 Hands-on checkpoints:
 1. Create/verify secrets in Gitea:
   - `REGISTRY_USER`
   - `REGISTRY_PASS`
-  - `DOKPLOY_DEPLOY_HOOK`
-  - `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
-  - `DOKPLOY_HEALTHCHECK_URL`
-2. In Dokploy app settings (Web):
-  - image source points to `git.nicosaya.com/nalalangan/fiddy/web`
-  - health endpoint is `/api/health/ready`
-  - release history retention is enabled
-3. In Dokploy app settings (Scheduler):
-  - image source points to `git.nicosaya.com/nalalangan/fiddy/scheduler`
-  - no public port exposed
-  - env vars set: `DATABASE_URL`, `DATABASE_SSL`, `ALLOWED_DB_NAMES`
+  - `DEPLOY_KEY`
+  - `DEPLOY_HOST`
+  - `DEPLOY_USER`
+  - `DEPLOY_HEALTHCHECK_URL`
+2. Prepare deploy host for SSH Compose:
+  - install Docker Engine + Compose plugin
+  - create `/opt/fiddy/.env` with production variables
+  - run `docker login git.nicosaya.com` as deploy user
+3. Confirm production compose contract:
+  - web image source: `git.nicosaya.com/nalalangan/fiddy/web`
+  - scheduler image source: `git.nicosaya.com/nalalangan/fiddy/scheduler`
+  - web publishes `3010:3000`
+  - scheduler has no public port
 
 Validation:
-- [ ] Push-to-main triggers `.gitea/workflows/deploy-dokploy.yml`
-- [ ] Web and Scheduler deploy hooks fire successfully
+- [ ] Push-to-main triggers `.gitea/workflows/deploy-ssh-compose.yml`
+- [ ] SSH deploy updates both web and scheduler containers
+- [ ] Deploy guard confirms web and scheduler are running
 - [ ] Health gate completes via `scripts/wait-for-health.sh`
 
 ## Phase 2: NPM Edge Setup (Operator Needed)

docs/public-launch-runbook.md

@@ -1,4 +1,4 @@
-# Public Launch Runbook (Self-Hosted + Dokploy)
+# Public Launch Runbook (Self-Hosted + SSH Compose)
 
 ## 1) Goals
 - Deploy Fiddy publicly without stack rewrite.
@@ -6,14 +6,14 @@
 - Enable fast rollback and basic operational visibility.
 - Keep security baseline enforceable for direct home-IP exposure.
 
-## 2) Deploy Control Plane (Dokploy)
-1. Install Dokploy on your Proxmox Docker host.
-2. Add project in Dokploy and connect Gitea repository.
+## 2) Deploy Host (SSH Compose)
+1. Prepare Linux deploy host with Docker Engine + Compose plugin.
+2. Ensure deploy target directory exists (`/opt/fiddy`).
 3. Configure web image source: `git.nicosaya.com/nalalangan/fiddy/web`.
 4. Configure scheduler image source: `git.nicosaya.com/nalalangan/fiddy/scheduler`.
-4. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
-5. Configure health check endpoint: `/api/health/ready`.
-6. Keep previous releases for rollback and verify rollback button path.
+5. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
+6. Configure health check endpoint: `/api/health/ready`.
+7. Keep previous image tags for rollback.
 
 ### Required secrets/variables
 - `DATABASE_URL`
@@ -26,15 +26,16 @@
 - `SCHEDULER_BATCH_SIZE` (scheduler app, optional)
 
 ## 3) CI/CD (Gitea Actions)
-- Use `.gitea/workflows/deploy-dokploy.yml`.
+- Use `.gitea/workflows/deploy-ssh-compose.yml`.
 - Required secrets:
   - `REGISTRY_USER`
   - `REGISTRY_PASS`
-  - `DOKPLOY_DEPLOY_HOOK`
-  - `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
-  - `DOKPLOY_HEALTHCHECK_URL`
+  - `DEPLOY_KEY`
+  - `DEPLOY_HOST`
+  - `DEPLOY_USER`
+  - `DEPLOY_HEALTHCHECK_URL`
 - Health gate:
-  - workflow calls `scripts/wait-for-health.sh` against `DOKPLOY_HEALTHCHECK_URL`
+  - workflow calls `scripts/wait-for-health.sh` against `DEPLOY_HEALTHCHECK_URL`
   - default retry window: 5 minutes (30 attempts x 10s)
 
 ## 4) Reverse Proxy + Network Hardening
@@ -100,12 +101,12 @@
 1. Identify failing request and `request_id`.
 2. Correlate application logs (Loki) by `request_id`.
 3. Check `/api/health/ready` status and DB connectivity.
-4. Roll back to previous known-good Dokploy release if needed.
+4. Roll back to previous known-good image tag via SSH Compose if needed.
 5. Capture root cause and update this runbook/checklist.
 
 ## 8) Rollback Checklist
-1. Select previous healthy image in Dokploy release history.
-2. Trigger rollback and wait for deployment completion.
+1. Select previous healthy image tag for both `web` and `scheduler`.
+2. Trigger rollback deploy and wait for completion.
 3. Run `scripts/smoke-public-launch.sh https://your-domain`.
 4. Verify error-rate drop in Grafana/Loki and confirm no DB migration mismatch.
 5. Log the rolled back version, timestamp, and reason.