gb/prod.md

Production: Vault Container via LXD Socket

Current Setup

• botserver binary: Already at /opt/gbo/tenants/pragmatismo/system/bin/botserver (inside pragmatismo-system container)
• Target: Install Vault in a NEW container on the HOST LXD (outside pragmatismo-system)
• Connection: botserver uses LXD socket proxy (/tmp/lxd.sock → host LXD)

Execution Plan

Step 1: Pull latest botserver code on pragmatismo-system

cd /opt/gbo/tenants/pragmatismo/system
git pull alm main

Step 2: Build botserver (if needed)

cargo build -p botserver
cp target/debug/botserver /opt/gbo/tenants/pragmatismo/system/bin/botserver

Step 3: Install Vault container via botserver (FROM pragmatismo-system)

/opt/gbo/tenants/pragmatismo/system/bin/botserver install vault --container

This runs INSIDE pragmatismo-system container but installs Vault on HOST LXD

Step 4: Verify Vault is running on host

# From pragmatismo-system, via socket proxy
lxc list

# Or directly on host (from Proxmox)
lxc list

Step 5: Update botserver to use external Vault

After Vault is installed in its own container, update /opt/gbo/tenants/pragmatismo/system/bin/.env:

VAULT_ADDR=https://<vault-container-ip>:8200