max / makenotwork

server: decouple from /opt/makenotwork (0.9.6) Lift the four hardcoded /opt/makenotwork/ paths in src/ so the legacy deploy.sh tree can be removed after the soak. MNW_ADMIN_PATH and the ssh_keys.rs rebuild exec now point at /opt/mnw/current/mnw-admin; the mnw-admin binary reads /etc/mnw/makenotwork.env; build_runner reads /etc/mnw/known_hosts. No env-var indirection — FHS layout is canonical. Note: MNW_ADMIN_PATH is baked into git's authorized_keys command= prefixes, so after deploying 0.9.6 run `sudo -u git mnw-admin rebuild-keys` once before starting the soak clock on rm -rf /opt/makenotwork/. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Max Johnson <me@maxj.phd> · 2026-06-03 03:19 UTC

Commit: bfba435a09773626a4143e7a18230df222e4add1

Parent: 69718f2

6 files changed, +8 insertions, -8 deletions

M server/Cargo.lock +1 -1

			@@ -4140,7 +4140,7 @@ dependencies = [
4140	4140
4141	4141		[[package]]
4142	4142		name = "makenotwork"
4143		-	version = "0.9.4"
	4143	+	version = "0.9.6"
4144	4144		dependencies = [
4145	4145		"anyhow",
4146	4146		"apple-codesign",

M server/Cargo.toml +1 -1

			@@ -1,6 +1,6 @@
1	1		[package]
2	2		name = "makenotwork"
3		-	version = "0.9.5"
	3	+	version = "0.9.6"
4	4		edition = "2024"
5	5		license-file = "LICENSE"
6	6

M server/src/bin/mnw-admin.rs +3 -3

			@@ -117,9 +117,9 @@ enum Command {
117	117
118	118		#[tokio::main]
119	119		async fn main() -> anyhow::Result<()> {
120		-	// Try the production .env first (SSH invocations have CWD=/opt/git),
121		-	// then fall back to the local directory for dev usage.
122		-	dotenvy::from_path("/opt/makenotwork/.env").ok();
	120	+	// Try the production env first (SSH invocations have CWD=/opt/git or
	121	+	// /var/lib/mnw/git), then fall back to the local directory for dev usage.
	122	+	dotenvy::from_path("/etc/mnw/makenotwork.env").ok();
123	123		dotenvy::dotenv().ok();
124	124
125	125		let database_url = std::env::var("DATABASE_URL")

M server/src/build_runner.rs +1 -1

			@@ -464,7 +464,7 @@ async fn execute_target(
464	464		/// Path to a known_hosts file for build SSH connections.
465	465		/// When present, StrictHostKeyChecking=yes is used (pinned keys).
466	466		/// When absent, StrictHostKeyChecking=accept-new (trust on first use).
467		-	const BUILD_SSH_KNOWN_HOSTS: &str = "/opt/makenotwork/ssh/known_hosts";
	467	+	const BUILD_SSH_KNOWN_HOSTS: &str = "/etc/mnw/known_hosts";
468	468
469	469		/// Run a command on a remote host via SSH.
470	470		async fn run_ssh_command(host: &str, command: &str) -> std::result::Result<String, String> {

M server/src/git_ssh.rs +1 -1

			@@ -12,7 +12,7 @@ use crate::validation::validate_git_repo_name;
12	12		// ── Constants ──
13	13
14	14		pub const AUTHORIZED_KEYS_PATH: &str = "/opt/git/.ssh/authorized_keys";
15		-	pub const MNW_ADMIN_PATH: &str = "/opt/makenotwork/mnw-admin";
	15	+	pub const MNW_ADMIN_PATH: &str = "/opt/mnw/current/mnw-admin";
16	16
17	17		// ── Git operations ──
18	18

M server/src/routes/api/ssh_keys.rs +1 -1

			@@ -162,7 +162,7 @@ pub(super) async fn delete_key(
162	162		fn rebuild_authorized_keys() {
163	163		std::thread::spawn(\|\| {
164	164		let result = std::process::Command::new("sudo")
165		-	.args(["-u", "git", "/opt/makenotwork/mnw-admin", "rebuild-keys"])
	165	+	.args(["-u", "git", "/opt/mnw/current/mnw-admin", "rebuild-keys"])
166	166		.output();
167	167
168	168		match result {