1 files changed, 37 insertions, 0 deletions

diff --git a/DEPLOY.md b/DEPLOY.md
new file mode 100644

index 0000000..201ce8b
--- /dev/null
+++ b/DEPLOY.md
@@ -0,0 +1,37 @@
+# Deployment
+---
+
+## NixOS (recommended)
+
+flake.nix: (production: [inputs](https://cgit.rory.gay/Rory-Open-Architecture.git/tree/flake.nix?h=d94f5#n104), [modules](https://cgit.rory.gay/Rory-Open-Architecture.git/tree/flake.nix?h=d94f5#n147), [service](https://cgit.rory.gay/Rory-Open-Architecture.git/tree/host/Rory-ovh/services/safensound.nix))
+```nix
+# inputs section
+inputs.safeNSound.url = "git+https://cgit.rory.gay/school/nodejs-final-assignment.git/";
+
+# system configuration section
+# modules = [
+safeNSound.modules.default
+
+# configuration section
+# services.mongodb = { enable = true; ... };
+services.safeNSound = {
+  enable = true;
+  package = safeNSound.packages.default;
+  port = 3000; # or any other port you prefer
+  logRequests = "-"; # or "true" to log requests
+  databaseSecretPath = "/path/to/mongodb/connection/string";
+  jwtSecretPath = "/path/to/jwt/secret/certificate";
+  logQueries = false; # set to true to enable mongoose debug logs
+  logAuth = false; # set to true to enable authentication debug logs
+};
+```
+
+## Other Linux distros:
+
+Please see your service manager:
+- systemd (Debian, Arch, Fedora, ...): /etc/systemd/system/SafeNSound.service (see [example]())
+- sysvinit/openrc/... (Alpine, Gentoo, Devuan, ...): /etc/init.d/SafeNSound
+
+## General setup considerations:
+- Do not run as root!
+- Secrets live on disk and should be handled via whatever secret scheme your system allows. (NixOS uses systemd by default).
\ No newline at end of file