2026-01-14 03:09:18 +00:00
|
|
|
# Unified Setup Guide\n\n**Quick Answer**: Run `provisioning setup profile` and choose your profile.\n\n---\n\n## Overview\n\nThe provisioning system uses a **unified profile-based setup** that creates type-safe configurations in your platform-specific home directory. No\nmatter which profile you choose, all configurations are validated with Nickel before use.\n\n### Three Setup Profiles\n\n| | Profile | Duration | Use Case | Deployment | Security | |\n| | --------- | ---------- | ---------- | ----------- | ---------- | |\n| | **Developer** | <5 min | Local development, testing, learning | Docker Compose (local) | Minimal (local defaults) | |\n| | **Production** | ~12 min | Production-ready, HA, team deployments | Kubernetes or SSH | Full (MFA, audit, policies) | |\n| | **CI/CD** | <2 min | Automated pipelines, ephemeral setup | Docker Compose (temp) | CI secrets | |\n\nAll profiles use **Nickel-first architecture**: configuration source of truth is type-safe Nickel, validated before use.\n\n---\n\n## Quick Start (Choose Your Profile)\n\n### Developer Profile (Recommended for First Time)\n\n```\n# Run unified setup\nprovisioning setup profile --profile developer\n\n# What happens:\n# 1. Detects your OS and system capabilities\n# 2. Creates Nickel configs in platform-specific location:\n# • macOS: ~/Library/Application Support/provisioning/\n# • Linux: ~/.config/provisioning/\n# 3. Validates all configs with Nickel typecheck\n# 4. Starts platform services (orchestrator, control-center, KMS)\n# 5. Verifies health checks\n\n# Verify it worked\ncurl http://localhost:9090/health\ncurl http://localhost:3000/health\ncurl http://localhost:3001/health\n```\n\nExpected output:\n```\n╔═════════════════════════════════════════════════════╗\n║ PROVISIONING SETUP - DEVELOPER PROFILE ║\n╚═════════════════════════════════════════════════════╝\n\n✓ System detected: macOS (aarch64)\n✓ Docker available: Yes\n✓ Configuration location: ~/Library/Application Support/provisioning/\n✓ Config validation: PASSED (Nickel typecheck)\n✓ Services started: Orchestrator, Control Center, KMS\n✓ Health checks: All green\n\nSetup complete in ~4 minutes!\n```\n\n### Production Profile (HA, Security, Team Ready)\n\n```\n# Interactive setup for production\nprovisioning setup profile --profile production --interactive\n\n# What happens:\n# 1. Detects system: OS, CPU (≥4 required), memory (≥8GB recommended)\n# 2. Asks for deployment mode: Kubernetes (preferred) or SSH\n# 3. Asks for cloud provider: UpCloud, AWS, Hetzner, or local\n# 4. Asks for security settings: MFA, audit logging, Cedar policies\n# 5. Creates workspace infrastructure\n# 6. Creates Nickel configs with production overlays\n# 7. Validates all configs (Nickel typecheck)\n# 8. Optionally starts services\n\n# Setup with specific provider\nprovisioning setup profile --profile production --provider upcloud --interactive\n\n# Verify Nickel configs validated\nnickel typecheck ~/.config/provisioning/platform/deployment.ncl\n```\n\nExpected config structure:\n```\n~/.config/provisioning/\n├── system.ncl # System detection + capabilities\n├── user_preferences.ncl # User settings (MFA, audit, etc.)\n├── platform/\n│ ├── deployment.ncl # Deployment mode (kubernetes, ssh)\n│ └── services.ncl # Service endpoints and timeouts\n├── providers/\n│ ├── upcloud.ncl # UpCloud config (RustyVault refs)\n│ └── aws.ncl # AWS config (RustyVault refs)\n├── workspaces/\n│ └── infrastructure.ncl # Infrastructure definitions\n└── cedar-policies/\n └── default.cedar # Authorization policies\n```\n\n### CI/CD Profile (Automated, Ephemeral)\n\n```\n# Fully automat
|
