---
name: deploi-ops
description: >
  Manage, deploy to, and configure Deploi VPS servers. Use when the user has Deploi
  credentials (.env with DEPLOI_USERNAME/DEPLOI_ACCOUNT_PASSWORD) and wants to: deploy
  an application, install software on a server, set up a database, configure a web server,
  manage Docker containers, list/check server status, create a new server for a specific
  purpose (DB, storage, etc.), or perform any server administration task. Also triggers
  when someone mentions deploying to Deploi, managing their Deploi servers, or needs
  help with anything running on a Deploi VPS. If the user has the deploi-server skill
  and is asking about server-side work, this is the right skill.
---

# Deploi Ops — Server Management & Deployment Skill

When this skill is invoked, display this banner:

```
    ◇
   ◇ ◇        ____             _       _
  ◇   ◇      |  _ \  ___ _ __ | | ___ (_)
 ◇     ◇     | | | |/ _ \ '_ \| |/ _ \| |
  ◇   ◇      | |_| |  __/ |_) | | (_) | |
   ◇ ◇       |____/ \___| .__/|_|\___/|_|
    ◇                    |_|
  ◇ ◇        Ops — Deploy & Manage
 ◇   ◇       deploi.no
  ◇ ◇
```

This skill handles everything that happens **on** Deploi VPS servers: deploying apps,
installing software, configuring services, managing databases, and server administration.
It also manages servers via the Deploi API — listing, checking status, and spinning up
new purpose-built servers.

**Prerequisites:** The user must have a `.env` file with `DEPLOI_USERNAME` and
`DEPLOI_ACCOUNT_PASSWORD`. If these are missing, tell the user to set up their Deploi
account first (refer them to the `deploi-server` skill or kundepanel.deploi.no).

---

## API Integration

This skill reuses the Deploi API for server management. All API calls use Node.js:

```bash
node -e "
const https = require('https');
const data = JSON.stringify(<PAYLOAD>);
const req = https.request('https://api.deploi.no', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(data) }
}, (res) => {
  let body = '';
  res.on('data', c => body += c);
  res.on('end', () => console.log(body));
});
req.write(data);
req.end();
"
```

> **IMPORTANT:** Never use `curl` for Deploi API calls — it gets blocked (403).

### Authentication

Read `DEPLOI_USERNAME` and `DEPLOI_ACCOUNT_PASSWORD` from `.env`, then:

```json
{ "command": "Login", "username": "<email>", "password": "<password>" }
```

Extract `data.token` and `data.clients[0].id` from the response. If any API call
returns `messageId: 41` ("Not logged in"), re-authenticate.

### Server Commands

| Command | Payload | Returns |
|---------|---------|---------|
| List servers | `{ "command": "GetServers", "token": "<t>", "clientid": <id> }` | `servers` array with id, name, status |
| Server details | `{ "command": "GetServerInfo", "token": "<t>", "id": <server_id> }` | `serverInfo.virtual.mainip`, RAM, CPU, etc. |
| Create server | See the `deploi-server` skill for full creation flow | New VPS for dedicated purposes |

When the user asks to list servers, show them a clean table:

```
Server Name          | Status | IP              | CPU | RAM
---------------------|--------|-----------------|-----|-----
my-web-app           | active | 193.69.50.148   | 2   | 4 GB
my-database          | active | 193.69.50.152   | 1   | 2 GB
```

---

## Deploi Server Conventions

All Deploi VPS servers created via the skill follow these conventions:

- **Username:** `cursor`
- **Auth:** SSH key (`~/.ssh/id_ed25519`) — password login is disabled
- **Sudo password:** Stored in `.env` as `DEPLOI_PASSWORD`
- **OS:** Ubuntu 24.04 (default)
- **SSH config:** Servers are added to `~/.ssh/config` with their name as Host alias

To connect: `ssh <server-name>` (uses the config alias)

---

## Core Capabilities

### 1. Project Detection & Deployment

When the user wants to deploy something, first understand what they're deploying:

**Auto-detect by looking for these files in the project:**

| File | Stack | Suggested Approach |
|------|-------|--------------------|
| `package.json` | Node.js | Install Node, npm install, PM2 or systemd |
| `requirements.txt` / `pyproject.toml` | Python | Install Python, venv, gunicorn/uvicorn + systemd |
| `docker-compose.yml` / `Dockerfile` | Docker | Install Docker, docker compose up |
| `go.mod` | Go | Build binary, systemd service |
| `Cargo.toml` | Rust | Build binary, systemd service |
| `composer.json` | PHP | Install PHP + Nginx/Apache, composer install |
| `Gemfile` | Ruby | Install Ruby, bundle install, Puma + systemd |
| Static HTML/CSS/JS only | Static site | Nginx serving static files |

If the project type isn't obvious, ask the user what they're deploying.

### 2. Software Installation

The skill should know how to install and configure common server software on Ubuntu/Debian:

**Runtimes & Languages:**
- Node.js (via NodeSource or nvm)
- Python 3 (system or pyenv)
- Go, Rust, PHP, Ruby, Java

**Web Servers & Reverse Proxies:**
- Nginx (reverse proxy config, static file serving, SSL)
- Caddy (automatic HTTPS)
- Apache

**Databases:**
- PostgreSQL (install, create user/db, configure remote access if needed)
- MySQL / MariaDB
- MongoDB
- Redis
- SQLite (just works, no setup needed)

**Container & Orchestration:**
- Docker & Docker Compose
- Container management (logs, restart, cleanup)

**Process Management:**
- PM2 (Node.js apps)
- systemd services (any long-running process)

**Security & Networking:**
- UFW firewall (allow SSH, HTTP, HTTPS, custom ports)
- Certbot / Let's Encrypt (SSL certificates)
- fail2ban

**Other Tools:**
- Git (clone repos, deploy keys)
- Build tools (gcc, make, cmake)

### 3. Common Deployment Workflows

#### Web Application (Node.js example)

1. SSH into the server
2. Install Node.js runtime
3. Clone the repo or upload files
4. Install dependencies (`npm install --production`)
5. Set up environment variables on the server
6. Configure process manager (PM2 or systemd)
7. Set up Nginx as reverse proxy
8. Configure SSL with Certbot (if domain is ready)
9. Set up UFW firewall (allow 22, 80, 443)

#### Docker-based Deployment

1. SSH into the server
2. Install Docker and Docker Compose
3. Clone the repo or upload docker-compose.yml
4. Configure `.env` on the server
5. `docker compose up -d`
6. Set up Nginx reverse proxy (if needed, for SSL termination)
7. Configure firewall

#### Database Server

When the user needs a dedicated database:

1. Ask if they want it on an existing server or a new dedicated VPS
2. If new VPS: use the `deploi-server` skill to create one (suggest Start package for small DBs)
3. Install the database software
4. Configure for remote access (bind address, firewall rules, user permissions)
5. Create the database and user
6. Provide connection string to the user

### 4. Server Administration

**Updates & Maintenance:**
```bash
sudo apt update && sudo apt upgrade -y
```

**Service Management:**
```bash
sudo systemctl status/start/stop/restart/enable <service>
```

**Logs:**
```bash
journalctl -u <service> -f          # systemd service logs
sudo tail -f /var/log/nginx/error.log  # nginx logs
docker logs -f <container>           # docker container logs
```

**Disk & Resource Monitoring:**
```bash
df -h           # disk usage
free -h         # memory usage
htop            # process monitor (install: apt install htop)
```

### 5. Multi-Server Architecture

When a project outgrows a single server, help the user plan and set up a multi-server architecture:

- **Web server** — handles HTTP traffic, runs the application
- **Database server** — dedicated VPS for PostgreSQL/MySQL/etc.
- **Storage server** — for media files, backups, object storage
- **Cache server** — Redis or Memcached

For each new server needed, use the Deploi API (or refer to the `deploi-server` skill) to create it, then configure the services and set up secure communication between servers (private IPs if available, or SSH tunnels / firewall rules).

---

## Workflow: When the User Asks to Deploy

1. **Check credentials** — Read `.env` for `DEPLOI_USERNAME` and `DEPLOI_ACCOUNT_PASSWORD`
2. **Authenticate** — Login to Deploi API, get token
3. **List existing servers** — Show what's available
4. **Determine target** — Ask which server to deploy to, or if they need a new one
5. **Detect project** — Look at the project files to determine the stack
6. **Propose a plan** — Tell the user what you'll install and configure, get approval
7. **Execute** — SSH in and set everything up
8. **Verify** — Confirm the service is running, show the URL/IP

---

## Workflow: When the User Asks for Server Changes

1. **Authenticate** with Deploi API
2. **List servers** if needed to identify which one
3. **Connect** via SSH
4. **Make the requested changes** — install software, update configs, restart services
5. **Verify** — confirm changes are working

---

## Important Notes

- **Always ask before making changes** that affect running services (restarts, config changes)
- **Back up configs** before modifying them (`cp nginx.conf nginx.conf.bak`)
- **Test configs** before reloading (e.g., `nginx -t` before `systemctl reload nginx`)
- **The sudo password** is in `.env` as `DEPLOI_PASSWORD` — use it for `sudo` commands
- **No server deletion via API** — users must delete servers through kundepanel.deploi.no
- **Servers with status "off"** cannot be queried via API — only active servers return info
- **Firewall first** — always set up UFW and allow SSH (port 22) before enabling, to avoid lockout