wip: docs: moar resolutions

See coop-cloud/organising#583

docs/abra/cheat-sheet.md

@@ -7,57 +7,134 @@ title: Cheat sheet
 !!! info
     not all flags are listed here.
 
-!!! warning
-    Definitely set up autocomplete or you'll be sad
 
-    `abra autocomplete bash/zsh/fizsh`
+### Abra Autocomplete
 
-### create and deploy a new app:
-- `abra app new $RECIPE`
-flags: `-s/--server`, `-D/--domain`, `-S/--secrets`, `-p/--pass`
-- `abra app config $APPNAME`
-- `abra app secret generate $APPNAME -a`
-flags: `-p/--pass`, `-a/--all`
-- `abra app deploy $APPNAME`
-flags: `-f/--force`, `-C/--chaos`
+Definitely set up autocomplete or you'll be sad :sob: `abra` supports `bash`,
+`zsh`, and `fizsh` just run
 
-### undeploy and remove an app
-- back up any data you don't want to lose
-- `abra app undeploy $APPNAME`
-- `abra app rm --volumes $APPNAME`
-flags: `-f/--force`, `-V/--volumes`
+```
+$ abra autocomplete bash
+# Restart your terminal or load autocompletion in place
+$ source /etc/bash_completion.d/abra
+```
 
-### upgrade abra
-- `abra upgrade`
-flags: `--rc`
 
-### upgrade a recipe
-- `abra recipe upgrade $RECIPE`
-flags: `-x,y,z/--major,minor,patch`
-- `abra recipe sync $RECIPE`
-flags: `-x,y,z`
-- `abra recipe release $RECIPE [$VERSION]`
-flags: `-p/--publish`, `-r/--dry-run`, `-x,y,z`
+### Create & deploy an app
+
+```
+$ abra app new $RECIPE`
+```
+
+Optional flags: `-s/--server`, `-D/--domain`, `-S/--secrets`, `-p/--pass`
+
+```
+$ abra app config $APPNAME
+$ abra app secret generate $APPNAME -a
+```
+
+Optional flags: `-p/--pass`, `-a/--all`
+
+```
+$ abra app deploy $APPNAME
+```
+
+Optional flags: `-f/--force`, `-C/--chaos`
+
+
+### Restarting an app
+
+To run `restart` you need to specify the `<service>` name with the default being `app`
+
+```
+$ abra app restart <domain> app
+```
+
+### Undeploy & remove an app
+
+Back up any data you don't want to lose
+
+```
+$ abra app undeploy $APPNAME
+$ abra app rm --volumes $APPNAME
+```
+
+Optional flags: `-f/--force`, `-V/--volumes`
+
+
+### Upgrade abra
+
+To upgrade `abra` itself, run the following:
+
+```
+$ abra upgrade
+```
+
+Option flags: `--rc`
+
+
+### Upgrade a recipe
+
+```
+$ abra recipe upgrade $RECIPE`
+```
+
+Option flags: `-x,y,z/--major,minor,patch`
+
+```
+$ abra recipe sync $RECIPE
+```
+
+Optional flags: `-x,y,z`
+
+```
+$ abra recipe release $RECIPE [$VERSION]
+```
+
+Optional flags: `-p/--publish`, `-r/--dry-run`, `-x,y,z`
+
+
+### Manually restoring app data
+
+To manually restore app data or configurations, you can use the `cp` command as:
+
+```
+$ abra app cp <domain> path/to/.app.conf app:/home/app/
+$ abra app cp <domain> path/to/data app:/home/app/
+```
+
+*Note: the destination must be a directory and not a filename*
+
+
+### Make changes to a recipe
+
+Edit the files in `~/.abra/recipe/$RECIPENAME`
+
+Deploy the changed version to your test instance
+
+Determine how serious your change is (semver.org for reference)
+
+```
+$ abra recipe release $RECIPE [$VERSION]
+```
 
-### make a change to a recipe
-- edit the files in `~/.abra/recipe/$RECIPENAME`
-- deploy the changed version to your test instance
-- determine how serious your change is (semver.org for reference)
-- `abra recipe release $RECIPE [$VERSION]`
 
 ### Advanced Listing using `jq`
 
 Several `abra` commands can output JSON formatted tables, and can thus be queried and filtered with the tool [jq](https://stedolan.github.io/jq/ "jq JSON Query tool"). We can also format these outputs with [tv](https://github.com/uzimaru0000/tv "tv Table Viewer") into a pretty table. 
 
-
 Currently, `abra recipe ls`, `abra server ls`, and `abra app ls` support the `-m` machine readable output flag which outputs JSON.
 
+
 #### Filter recipes by "category"
 
-`abra recipe ls -m | jq '[.[] | select(.category == "Utilities") ]' | tv`
+```
+$ abra recipe ls -m | jq '[.[] | select(.category == "Utilities") ]' | tv
+```
 
 As you can see we, we're selecting all recipes where category is "Utilities".
 
+
 #### Filter apps by state `deployed`
 
 !!! info 
@@ -66,6 +143,8 @@ As you can see we, we're selecting all recipes where category is "Utilities".
 !!! info 
     `abra app ls` lists apps grouped into a server object, with statistics about the server. In `jq` we can select the entire apps list with `.[].apps[]`.
 
-`abra app ls -m -S |jq '[.[].apps[] | select(.status == "deployed") | del(.upgrade)]' |tv`
+```
+$ abra app ls -m -S |jq '[.[].apps[] | select(.status == "deployed") | del(.upgrade)]' |tv
+```
 
 The `del(.upgrade)` filter filters out available versions for the recipe in question for that row. It could be useful to leave in if you want a list of deployed apps that need an upgrade.

docs/abra/hack.md

@@ -54,11 +54,44 @@ go test ./pkg/recipe -v -run TestGetVersionLabelLocalDoesNotUseTimeoutLabel
 
 ## Integration tests
 
-### Install dependencies
+### Running on the CI server
 
-We use [`bats`](https://bats-core.readthedocs.io/en/stable/), you can install
-the required dependencies with the following. You also need a working
-installation of Docker and Go (not covered in this section).
+Based on
+[R020](https://docs.coopcloud.tech/federation/resolutions/passed/020/), we have
+automated running the integration test suite. Here's the TLDR;
+
+* We have a donated CI server (tysm `@mirsal` 💝) standing at the ready,
+  `int.coopcloud.tech`.
+* We run the entire integration suite nightly via our Drone CI/CD configuration [here](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/.drone.yml) (see "`name: integration test`" stanza)
+* Here is the script that is run on the remote server: [`run-ci-int`](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/scripts/tests/run-ci-int)
+
+What follows is a listing of how this was achieved so that we can collectivise
+the maintenance.
+
+On the server, we have:
+
+* Created an `abra` user with `docker` permissions
+* Ran `apt install bats bats-file bats-assert bats-support jq make git golang-1.21 wget bash`
+* Installed `bats-core` from source, following the instructions below
+* Docker was already installed on the machine, so nothing to do there
+* `docker login` with the `thecoopcloud` details so we don't get rate limited
+
+The drone configuration was wired up as follows:
+
+* Generated a SSH key and put the public key part in `~/.ssh/authorize_keys`
+* Added that public key part as a "deploy key" in the abra repo (so we can do `ssh://` git remote pulls)
+* Added the private key part as a Drone secret which is available in build so that the build can SSH over to the server to run commands. That was done like so: `drone secret add --repository coop-cloud/abra --name abra_int_private_key --data @id_ed25519`
+* In order to specify a cron timing, you need to create it with the Drone CLI: `drone cron add "coop-cloud/abra" "integration" @daily --branch main`
+
+Please ask `@decentral1se` or on the Matrix channels for SSH access to the machine.
+
+### Running them locally
+
+#### Install dependencies
+
+We use [`bats`](https://bats-core.readthedocs.io/en/stable/) to run the tests.
+You can install the required dependencies with the following. You also need a
+working installation of Docker and Go >= 1.16 (not covered in this section).
 
 ```
 apt install bats-file bats-assert bats-support jq make git
@@ -75,12 +108,14 @@ cd bats-core
 sudo ./install.sh /usr/local
 ```
 
-### Setup Test Server
+#### Setup Test Server
 
-For many tests an actual server is needed, where apps can be deployed. You can
-either use a local one or a remote test server.
+For some tests an actual server is needed, where apps can be deployed. You can
+either use a local one or a remote test server. There is also a way to run or
+skip tests that require a remote server. This is covered below in the
+[filtering tests](#filter-tests_1) section.
 
-#### With remote test server
+##### Remote swarm
 
 ```
 export ABRA_TEST_DOMAIN="test.example.com"
@@ -89,14 +124,9 @@ export ABRA_DIR="$HOME/.abra_test"
 
 `ABRA_TEST_DOMAIN` should also have a DNS A record for `*.test.example.com`
 which points to the same server so that the test suite can deploy apps freely.
-It's advised that you re-use the same server and therefore the same Traefik
-deployment for running your integration tests. The test suite does not deploy
-Traefik for you. Then you'll have more stable results.
+The test suite does not deploy Traefik for you.
 
-You probably don't want to run the entire test suite though, it takes a while.
-Try the following for starters.
-
-#### With local swarm
+##### Local swarm
 
 When running the test suite localy you need a running docker swarm setup:
 
@@ -128,10 +158,11 @@ bats -Tp tests/integration/autocomplete.bats
 
 ### Tagging tests
 
-When a test actually deploys something to a server, we tag it with the following:
+When a test actually deploys something, we tag it as "slow". When the test
+requires public DNS, we use "dns". There may be more tags we write more tests.
 
 ```
-# bats test_tags=slow
+# bats test_tags=slow,dns
 @test "..." {
   ...
 }
@@ -166,14 +197,17 @@ bats -Tp tests/integration --filter "validate app argument"
 You can filter on tags.
 
 ```
-bats -Tp tests/integration --filter-tags "\!slow" # only fast tests
-bats -Tp tests/integration --filter-tags "slow"   # only slow tests
+bats -Tp tests/integration --filter-tags \!slow      # only fast tests
+bats -Tp tests/integration --filter-tags slow        # only slow tests
+bats -Tp tests/integration --filter-tags slow,\!dns  # slow but no DNS tests
 ```
 
 You can also only run the previously failed tests.
 
 ```
-bats -TP tests/integration --filter-status failed
+mkdir -p tests/integration/.bats/run-logs
+bats -Tp tests/integration                        # run tests
+bats -Tp tests/integration --filter-status failed # re-run only failed
 ```
 
 ### Debug tests

docs/abra/install.md

@@ -2,14 +2,40 @@
 title: Install
 ---
 
+## Installer script source
+
+You can view that [here](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/scripts/installer/installer).
+
+## Installer prerequisites
+
+* `tar`
+* `wget`
+* `curl` (only if using `curl` method below)
+
 ## Stable release
 
+### Wget
+
+```
+wget -q -O - https://install.abra.coopcloud.tech | bash
+```
+
+### Curl
+
 ```
 curl https://install.abra.coopcloud.tech | bash
 ```
 
 ## Release candidate
 
+### Wget
+
+```
+wget -q -O - https://install.abra.coopcloud.tech | bash -s -- --rc
+```
+
+### Curl
+
 ```
 curl https://install.abra.coopcloud.tech | bash -s -- --rc
 ```
@@ -36,20 +62,16 @@ Otherwise, you downloaded a corrupted file and you should re-download it.
 
 Follow the guide [here](https://docs.coopcloud.tech/abra/hack/)
 
-## Installer script source
-
-You can view that [here](https://git.coopcloud.tech/coop-cloud/abra/src/branch/main/scripts/installer/installer).
-
 ## Using Docker
 
 ```
 docker run \
-	-v $HOME/.abra:/.abra \
-	git.coopcloud.tech/coop-cloud/abra app ls
+  -v $HOME/.abra:/.abra \
+  git.coopcloud.tech/coop-cloud/abra app ls
 ```
 
 !!! note
-	If you're using symlinks, e.g. for [sharing
-	`~/.abra`](/operators/handbook/#sharing-abra), add more `-v` options for each
-	directory you're symlinking to, e.g. `-v
-	$HOME/Projects/CoopCloud/apps:/home/user/Projects/CoopCloud/apps`
+    If you're using symlinks, e.g. for [sharing
+    `~/.abra`](/operators/handbook/#sharing-abra), add more `-v` options for
+    each directory you're symlinking to, e.g. `-v
+    $HOME/Projects/CoopCloud/apps:/home/user/Projects/CoopCloud/apps`

docs/federation/membership.md

@@ -4,15 +4,17 @@ title: Membership
 
 > Are you also interested in joining the federation? Please see [Resolution 002](/federation/resolutions/passed/002/) for our process on how to join. If you have any questions, [drop us a line](/intro/contact/) with us for a chat
 
-| Name | Dues paid up? | Notes | Contact |
-| -------- | -------- | -------- |-------- |
-| Agaric | - | - | `@wolcen:matrix.org` |
-| Autonomic | - | - | `@3wc`, `@cas`, `@knoflook`, `@travvy`, `@aadil` |
-| Bonfire | - | - | `@mayel:matrix.org` + Ivan (`@cambriale:matrix.org`) |
-| Doop.coop | - | - | `@yusf:gottsnack.net` |
-| Klasse & Methode | - | - | `@p4u1_f4u1:matrix.org` |
-| Local IT | - | - | Philipp (`@yksflip:matrix.kaputt.cloud`) + `@moritz:matrix.local-it.org` |
-| Mirsal ™ | - | - | `@mirsal:1312.media` |
-| UTAW | - | - | `@javielico:matrix.org` |
+| Name      | Dues Paid | Notes    | Contact |
+| --------- | --------- | -------- |-------- |
+| Agaric    | - | - | `@wolcen:matrix.org` |
+| [Autonomic](https://autonomic.zone) | - | - | `@3wc`, `@cas`, `@knoflook`, `@travvy`, `@aadil` |
+| [Bonfire](https://bonfirenetworks.org) | - | - | `@mayel:matrix.org` + Ivan (`@cambriale:matrix.org`) |
+| [Doop.coop](https://doop.coop) | - | - | `@yusf:gottsnack.net` |
+| [EOTL](https://eotl.supply) | - | - | `@basebuilder:pub.solar` |
+| [Karrot](https://karrot.world) | - | - | `@nicksellen:matrix.org` |
+| [Klasse & Methode](https://codeberg.org/Klasse-Methode) | - | - | `@p4u1_f4u1:matrix.org` |
+| [Local IT](https://local-it.org/)  | - | - | Philipp (`@yksflip:matrix.kaputt.cloud`) + `@moritz:matrix.local-it.org` |
+| Mirsal ™  | - | - | `@mirsal:1312.media` |
+| [UTAW](https://utaw.tech) | -  | - | `@javielico:matrix.org` |
 | [BeWater](https://bewater.contact) | Waiver | - | `@decentral1se` |
-| ruangrupa | - | - | Henry `@babystepper:matrix.org` |
+| [ruangrupa](https://ruangrupa.id) | - | - | Henry `@babystepper:matrix.org` |

docs/federation/minutes/2024-03-29.md

@@ -1,5 +1,5 @@
 ---
-title: 2024-29-03
+title: 2024-03-29
 ---
 
 ## Meta

docs/federation/minutes/2024-04-17.md

@@ -0,0 +1,73 @@
+---
+title: 2024-04-17
+---
+
+## Meta
+
+* Poll: https://poll.local-it.org/invite/Q828kjlYLNwW
+* Call: https://talk.local-it.org/rooms/nyy-z5y-yrh-sc2/join
+* Present: Local IT (moritz), EOTL (BaseBuilder, blu), BeWater(d1), Autonomic (Lai), Klasse & Methode (p4u1)
+
+## Agenda
+
+### First
+
+* Fixed monthly Federation meeting (3rd Mon, etc) `@basebuilder`
+* Project re-organisation (recipes, tools, fedi repos) `@d1`
+* Backup specification `@p4u1`
+
+### The Rest
+
+* Non-Federation tasks specific bounty / funding `@basebuilder`
+* Website and docs work to better showcase federation - `@kawaiipunk`
+    * https://git.coopcloud.tech/coop-cloud/organising/milestone/43
+* Recipe maintainence proposal - `@kawaiipunk`
+* "Hacking velocity = slow & money" (RE: recent fedi orga chat) `@d1`
+* Continuing budget 001 for meeting attendance, resolution 004 technically only covered 6 months to oct 2023 `@3wc` (but I won't be there)
+
+## Notes
+
+### Fixed monthly Federation meeting (3rd Mon, etc)
+
+Talked about it couple of times, back and forth.
+- People who want to do regular can do that
+- Other people can do polled meeting
+- Poll every month is time consuming
+- Timezones is an issue
+
+Poll options for meeting
+1. fix time/date every month
+1. fixed time/date with timezone wraparound (can be merged with 1. :)
+1. flexible every month (poll)
+1. fixed week with poll (day of week, crab.fit)
+
+> crab.fit - software with heatmap of availability
+
+### Project re-organisation (recipes, tools, fedi repos)
+
+Problem: All projects are under one organisation (coop-cloud). Abra has to do a lot of work to figure out what is a recipe repo and what not. This got fixed but made recipe generation really slow
+
+Proposal: 3 Organisations in gitea:
+- Recipes
+- Tools
+- Projects
+
+What to look out for:
+- Redirects (mainly for recipes)
+- SSH will break though -> could make a migration script for that?
+ 
+https://git.coopcloud.tech/coop-cloud/organising/milestone/45
+https://git.coopcloud.tech/coop-cloud/organising/issues/569
+
+Maybe "tools" / "projects" not needed, only "recipes" / "other".
+
+### Backup Specification
+
+Needing to write operators and matainers guide
+
+- [ ] should abra implement backup and restore or only provide an integration?
+- [ ] should we add a specification version?
+
+## Next Meeting
+
+* Who: ???

docs/federation/resolutions/drafts/021.md

@@ -1,74 +0,0 @@
----
-title: "Resolution 021"
----
-
-- Topic: Budget XXX: Flag handling in Abra
-- Date: ...
-- Deadline: ...
-- Size: Medium
-
-### Summary
-
-Motivated by the collective release planning: [`#583`](https://git.coopcloud.tech/coop-cloud/organising/issues/583) under "Argument Handling".
-
-Due to a bug in the underlying library (`urfave/cli`) that Abra uses for command-line argument/flag handling, we have a bug in Abra which cannot be fixed without causing a breaking change. See [`#581`](https://git.coopcloud.tech/coop-cloud/organising/issues/581) for the ongoing discussion. This proposal is the TLDR; and proposal for the fix.
-
-### Details (Budget XXX)
-
-#### The problem
-
-The current help output of `abra app deploy` is as follows:
-
-`abra app deploy [command options] <domain> [<version>]`
-
-However, it is possible to do both of the following:
-
-```
-abra app deploy --chaos example.org  # "before" style
-abra app deploy example.org --chaos  # "after" style
-```
-
-However, `abra app cmd` is broken if you try to use the "after" style:
-
-```
-abra app cmd <domain> <function> --local -- <args>
-```
-
-This results in `FATA[0000] <recipe> doesn't have a --local function` which is a bug in the `abra` code. It tries to read the position of the arguments but `--local` is included as an argument. The bug in `abra` is due to a bug in `urfave/cli` - "after" style options appear as arguments 😱
-
-The only way to use `abra app cmd` right now is using the "before" style:
-
-```
-abra app cmd  --local <domain> <function> -- <args>
-```
-
-This means that some commands allow both "after" and "before" style and some only allow "before" style. This is a source of confusion, raised issues and frustration.
-
-#### Our solution
-
-We propose to remedy this situation by upgrading `urfave/cli` to version 2 which enforces the "before" style. This was the solution from `urfave/cli` developers to fix their bug. You can then only do e.g.
-
-```
-abra app deploy --chaos <domain>
-```
-
-This is the "simplest" option in terms of development capacity and is the most cost effective option. The upgrade effort is more or less a known quantity, see [`#404`](https://git.coopcloud.tech/coop-cloud/abra/pulls/404) for more.
-
-We have previously reverted from version 2 to version to 1 to maintain this flexibility. However, this leaves us with an unresolved bug which we want to close off.
-
-#### Alternatives
-
-If this restriction is seen as too burdensome, we see some alternatives.
-
-If you choose to vote against this proposal, please include your preference for an alternative (below or with your own). This allows us to mount another proposal with minimal effort.
-
-There is no guarantee we can get these right and it will incur an ongoing maintenance cost.
-
-1. we make a special case hack in the case of the `--local` handling and proceed as usual
-1. we upgrade to v2 and include a patch which automatically re-orders "after" style options into the "before" style transparently
-
-#### Budget
-
-Compensate `@p4u1` for XXX hrs work to get this done. This includes XXX hrs
-backpay for the initial spike in
-[`#404`](https://git.coopcloud.tech/coop-cloud/abra/pulls/404).

docs/federation/resolutions/passed/020.md

@@ -0,0 +1,48 @@
+---
+title: "Resolution 020"
+---
+
+- Topic: Budget 10: Abra integration suite automation
+- Date: 04-04-2024
+- Deadline: 18-04-2024
+- Size: Large
+
+### Summary
+
+Motivated by the collective release planning:
+[`#583`](https://git.coopcloud.tech/coop-cloud/organising/issues/583) under
+"Automate Integration Test Suite".
+
+The latest `abra` release (`0.9.x`) was heavily delayed due to several issues.
+One of those was the need to fix the integration test suite which wasn't run in
+some time. Many breakages had crept into the test suite over time. This can
+avoided in the future by automating the running of the integration test suite.
+
+This proposal describes a way to do this and includes a budget for doing so.
+
+### Details (Budget 10)
+
+The `abra` test suite takes around 1.30 hrs to run on a modest machine.
+Therefore, we propose to run it only once daily. Some parts of the tests are
+slow, fast and only a few require public DNS. This means we can break up the
+tests and run them in separate "builds" to speed things up. This involves some
+research & experimentation.
+
+A server has been provided by `@mirsal` on donation (💘). This machine will be
+be wiped clean each day (`docker <command> prune ....`) and will have the usual
+DNS machinery attached to it, e.g. `int.coopcloud.tech`, `*.int.coopcloud.tech`.
+
+Once that is all wired up, we can implement the CI/CD configuration to make the
+test suite run automatically once a day. This will be triggered via the
+`.drone.yml` in the `abra` Git repository.
+
+Budget details:
+
+| Item | Cost | Who? |
+| ---- | ---- | ---- |
+| Server | Free (on donation) | `@mirsal` |
+| Server setup & docs | 1 hour | `@d1` |
+| R & D for breaking up tests | 5 hours | `@d1` | 
+| Implementing CI/CD configs | 10 hours | `@d1` |
+
+**Total: 16 hrs * 20 EUR = 320 EUR**

docs/maintainers/handbook.md

@@ -696,6 +696,21 @@ You should be able to deploy this overriden configuration now.
 
 ## Linting rules
 
+### R015: "long secret names"
+
+Due to limitations placed by the Docker runtime, secret names must be < 64
+characters long. Due to convetions in recipe configuration and how `abra`
+works, several characters are appended to secret names during a deployment.
+This means if you have a domain `example.org` and a secret `foo_pass`, you'll
+end up with something like `example_org_foo_pass_v1` being used for the secret
+name.
+
+Based on a discussion in
+[`#463`](https://git.coopcloud.tech/coop-cloud/organising/issues/463) and
+looking on what is implemented currently in existing recipes, we came up with a
+general rule of thumb that secret names in recipe configurations should be < 12
+characters long to avoid errors on deployment.
+
 ### R014: "invalid lightweight tag"
 
 This is an issue related to the way Git/`go-git` handle Git tags internally. We

docs/operators/handbook.md

@@ -317,9 +317,20 @@ See [`#312`](https://git.coopcloud.tech/coop-cloud/organising/issues/312) for mo
 
 If you're app [supports backup/restore](/maintainers/handbook/#how-do-i-configure-backuprestore) then you have two options: [`backup-bot-two`](https://git.coopcloud.tech/coop-cloud/backup-bot-two) & [`abra`](https://git.coopcloud.tech/coop-cloud/abra).
 
-With `abra`, you can simply run `abra app backup ...` & `abra app restore ...`.
+With `abra`, you can simply run the commands:
+
+```
+$ abra app backup <domain>
+$ abra app restore <domain>
+```
+
 Pass `-h` for more information on the specific flags & arguments.
 
+If your app Recipe *does not support backups* you can do it manually with the
+`abra cp` command. See the exact commands in [abra
+cheetsheet](/abra/cheat-sheet/#manually-restoring-app-data).
+
+
 ## How do I take a manual database backup?
 
 MySQL / MariaDB:
@@ -449,3 +460,43 @@ route requests after. You're free to make as many `$whatever.yml` files in your
 
 Yes, it's possible although currently Quite Experimental! See
 [`#388`](https://git.coopcloud.tech/coop-cloud/organising/issues/388) for more.
+
+## Running an offline coop-cloud server 
+
+You may want to run a coop-cloud directly on your device (or in a VM or machine on your LAN), whether that's for testing a recipe or to run coop-cloud apps outside of the cloud ;-)
+In that case you might simply add some names to `/etc/hosts` (e.g `127.0.0.1 myapp.localhost`), or configure them on a local DNS server - which means `traefik` won't be able to use `letsencrypt` to generate and verify SSL certificates. Here's what you can do instead:
+1. In your traefik .env file, edit/uncomment the following lines:
+```
+LETS_ENCRYPT_ENV=staging
+WILDCARDS_ENABLED=1
+SECRET_WILDCARD_CERT_VERSION=v1
+SECRET_WILDCARD_KEY_VERSION=v1
+COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
+```
+2. Generate a self-signed certificate using the [command listed here](https://letsencrypt.org/docs/certificates-for-localhost/#making-and-trusting-your-own-certificates). Unless using `localhost` you may want to edit that where it appears in the command, and/or add multiple (sub)domains to the certificate e.g: `subjectAltName=DNS:localhost,DNS:myapp.localhost`
+3. Run these commands:
+```
+abra app secret insert localhost ssl_cert v1 "$(cat localhost.crt)"
+abra app secret insert localhost ssl_key v1 "$(cat localhost.key)"
+```
+4. Re-deploy `traefik` with `--force` and voila!
+
+## Remote recipes
+
+!!! warning "This is only available in the currently unreleased version of `abra`"
+
+    Please see [this issue](https://git.coopcloud.tech/coop-cloud/organising/issues/583) to track current progress towards a release. All feedback and testing are welcome on this new feature. The design is not finalised yet.
+
+It is possible to specify a remote recipe in your `.env` file:
+
+```
+RECIPE=mygit.org/myorg/cool-recipe.git:1.3.12
+```
+
+Where `1.3.12` is an optional pinned version. When `abra` runs a deployment, it
+will fetch the remote recipe and create a directory for it under `$ABRA_DIR`
+(typically `~/.abra`):
+
+```
+$ABRA_DIR/recipes/mygit_org_myorg_cool-recipe
+```

docs/operators/tutorial.md

@@ -13,13 +13,6 @@ In order to deploy an app you need two things:
 
 This tutorial tries to help you make choices about which server and which DNS setup you need to run a _Co-op Cloud_ deployment but it does not go into great depth about how to set up a new server.
 
-??? question "Can `abra` help automate this?"
-
-    Our `abra` tool can help bootstrap new servers & configure DNS records for
-    you. We'll skip that for now since we're just getting started. For more on
-    these topics after you finish the tutorial see the [operators
-    handbook](/operators/handbook).
-
 ### Server setup
 
 Co-op Cloud has itself near zero system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/intro/faq/#isnt-running-everything-in-containers-inefficient)).
@@ -39,15 +32,25 @@ You need to keep port `:80` and `:443` free on your server for web proxying to y
     Docker.
 
 ```
+# ssh into your server
+ssh <server-domain>
+
 # docker install convenience script
 wget -O- https://get.docker.com | bash
 
 # add user to docker group
 sudo usermod -aG docker $USER
 
-# setup swarm
+# exit and re-login to load the group
+exit
+ssh <server-domain>
+
+# back on the server, setup swarm
 docker swarm init
 docker network create -d overlay proxy
+
+# now you can exit and start using abra
+exit
 ```
 
 ??? question "Do you support multiple web proxies?"
@@ -89,7 +92,8 @@ abra -h
 ```
 
 You may need to add the `~/.local/bin/` directory to your `$PATH` variable, in
-order to run the executable.
+order to run the executable. Also, run this line into your terminal so
+you have immediate access to `abra` on the current terminal.
 
 ```bash
 export PATH=$PATH:$HOME/.local/bin
@@ -103,14 +107,38 @@ If you run into issues during installation, [please report a ticket](https://git
 
 ### Add your server
 
-Now you can connect `abra` with your server. You should have a working SSH configuration before you can do this (e.g. a matching `Host <server-domain>` entry in `~/.ssh/config` with the correct SSH connection details). That means you can run `ssh <server-domain>` on your command-line and everything Works :tm:.
+Now you can connect `abra` with your server. You must have a working SSH configuration for your server before you can proceed. That means you can run `ssh <server-domain>` on your command-line and everything Works :tm:. See the [`abra` SSH troubleshooting](/abra/trouble/#ssh-connection-issues) for a working SSH configuration example.
+
+??? warning "Beware of SSH dragons :dragon_face:"
+
+    Under the hood `abra` uses plain 'ol `ssh` and aims to make use of your
+    existing SSH configurations in `~/.ssh/config` and interfaces with your
+    running `ssh-agent` for password protected secret key files.
+
+    Running `server add` with `-d` or `--debug` should help you debug what is
+    going on under the hood. `ssh -v ...` should also help. If you're running
+    into SSH connection issues with `abra` take a moment to read [this
+    troubleshooting entry](/abra/trouble/#ssh-connection-issues).
 
 ```bash
 ssh <server-domain> # make sure it works
 abra server add <server-domain>
 ```
 
-It is important to note that `<domain>` here is a publicy accessible domain name which points to your server IP address. `abra` does make sure this is the case and this is done to avoid issues with HTTPS certificate rate limiting.
+It is important to note that `<server-domain>` here is a publicy accessible domain name which points to your server IP address. `abra` does make sure this is the case and this is done to avoid issues with HTTPS certificate rate limiting.
+
+??? warning "Can I use arbitrary server names?"
+
+    Yes, this is possible. You need to pass `-D` to `server add` and ensure
+    that your `Host ...` entry in your SSH configuration includes the name.
+    So, for example:
+
+      Host example.com example
+        ...
+
+    And then:
+
+      abra server add -D example
 
 You will now have a new `~/.abra/` folder on your local file system which stores all the configuration of your Co-op Cloud instance.
 
@@ -120,34 +148,30 @@ By now `abra` should have registered this server as managed. To confirm this run
 abra server ls
 ```
 
-??? warning "Beware of SSH dragons :dragon_face:"
-
-    Under the hood `abra` uses plain 'ol `ssh` and aims to make use of your
-    existing SSH configurations in `~/.ssh/config` and interfaces with your
-    running `ssh-agent` for password protected secret key files.
-
-    Running `server add` with `-d` or `--debug` should help you debug what is going
-    on under the hood. If you're running into SSH connection issues with `abra`
-    take a moment to read [this troubleshooting
-    entry](/abra/trouble/#ssh-connection-issues).
-
 ??? question "How do I share my configs in `~/.abra`?"
 
-    It's possible and quite easy, for more see [this handbook entry](/operators/handbook/#understanding-app-and-server-configuration).
+    It's possible and quite easy, for more see [this handbook
+    entry](/operators/handbook/#understanding-app-and-server-configuration).
 
 ### Web proxy setup
 
 In order to have your Co-op cloud deployment serve the public internet, we need to install the core web proxy, [Traefik](https://doc.traefik.io/traefik/).
 
-Traefik is the main entrypoint for all web requests (e.g. like NGINX) and supports automatic SSL certificate configuration and other quality-of-life features which make deploying libre apps more enjoyable.
+Traefik is the main entrypoint for all web requests (e.g. like NGINX) and
+supports automatic SSL certificate configuration and other quality-of-life
+features which make deploying libre apps more enjoyable. 
 
-To get started, you'll need to create a new app:
+**1. To get started, you'll need to create a new app:**
 
 ```bash
 abra app new traefik
 ```
 
-Choose your newly registered server and specify a domain name.
+Choose your newly registered server and specify a domain name. By default `abra`
+will suggest `<app-name>.server.org` or prompt you with a list of servers.
+
+
+**2. Configure this new `traefix` app**
 
 You will want to take a look at your generated configuration and tweak the `LETS_ENCRYPT_EMAIL` value. You can do that by running `abra app config`:
 
@@ -155,14 +179,32 @@ You will want to take a look at your generated configuration and tweak the `LETS
 abra app config <traefik-domain>
 ```
 
-Every app you deploy will have one of these `.env` files, which contains variables which will be injected into app configurations when deployed. Variables starting with `#` are optional, others are required.
+Every app you deploy will have one of these `.env` files, which contains
+variables which will be injected into app configurations when deployed. These
+files exist at relevantly named path:
 
-Now it is time to deploy:
+```bash
+~/.abra/servers/<domain>/<traefik-domain>.env
+```
+
+Variables starting with `#` are optional, others are required. Some things to
+consider here is that by default our *Traefik* recipe exposes the metric
+dashboard unauthenticated on the public internet at the URL `<traefik-domain>`
+it is deployed to, which is not ideal. You can disable this with:
+
+```
+DASHBOARD_ENABLED=false
+```
+
+**3. Now it is time to deploy your app:**
 
 ```
 abra app deploy <traefik-domain>
 ```
 
+Voila. Abracadabra :magic_wand: your first app is deployed :sparkles:
+
+
 ### Deploy Nextcloud
 
 And now we can deploy apps. Let's create a new Nextcloud app.

mkdocs.yml

@@ -125,16 +125,18 @@ nav:
           - federation/resolutions/passed/015.md
           - federation/resolutions/passed/016.md
           - federation/resolutions/passed/017.md
+          - federation/resolutions/passed/018.md
+          - federation/resolutions/passed/019.md
+          - federation/resolutions/passed/020.md
         - "In Progress":
           - federation/resolutions/in-progress/013.md
-          - federation/resolutions/in-progress/018.md
-          - federation/resolutions/in-progress/019.md
       - "Minutes":
         - federation/minutes/index.md
         - "Recently":
-          - federation/minutes/2024-29-03.md
-          - federation/minutes/2024-02-01.md
+          - federation/minutes/2024-04-17.md
+          - federation/minutes/2024-03-29.md
         - "Archive":
+          - federation/minutes/2024-02-01.md
           - federation/minutes/2022-03-03.md
           - federation/minutes/2023-05-03.md
       - "Digital Tools": federation/tools.md