fix path: /srv/configs -> /srv/config (singular); fix broken anchor

- deploy.md: /srv/configs -> /srv/config (singular is canonical) across the compose mount, paths table, secrets path, and rotation snippet. Add the repo+compose row (/srv/docker/<workspace>/<project>, created by the clone, not pre-provisioned) and a note that all /srv paths are owned by the services user (1337) — rounding out the canonical layout. - workflow.md: the first 'per-project git identity' link pointed at a nonexistent #per-project-git-identity anchor; point it at #handy-shell-setup (where the gitsetup alias lives), matching the other link to the same spot. Did not touch pip/requirements, chmod a+rwX + user 1337, HOME=/tmp, init, layer caching, or the git-install caveat — all intentional standards. Verified: mkdocs build --strict clean (validates anchors); table renders. Signed-off-by: disqualifier <dev@disqualifier.me>
2026-06-30 00:57:24 -04:00 · 2026-06-30 00:57:24 -04:00 · dafc1dcacd
commit dafc1dcacd
parent 6498c5b6d5
2 changed files with 8 additions and 5 deletions
--- a/docs/deploy.md
+++ b/docs/deploy.md
@ -48,7 +48,7 @@ services:
    environment:
      HOME: /tmp
    volumes:
-      - /srv/configs/<workspace>/<project>:/app/config:ro  # (2)!
+      - /srv/config/<workspace>/<project>:/app/config:ro  # (2)!
      - /srv/logs/<workspace>/<project>:/app/logs          # (3)!
      - yourapp-data:/app/data                             # (4)!
@ -76,11 +76,14 @@ Everything host-side follows one shape: `/srv/<kind>/<workspace>/<project>/`.
 | What | Where | How |
 | --- | --- | --- |
-| Configs | `/srv/configs/<workspace>/<project>/` | bind mount, host-managed, read-only |
+| Repo + compose | `/srv/docker/<workspace>/<project>/` | created by the git clone, not pre-provisioned |
 | Config | `/srv/config/<workspace>/<project>/` | bind mount, host-managed, read-only |
 | Logs | `/srv/logs/<workspace>/<project>/` | bind mount; live + rolled, scraped |
 | Mounts (other host-visible data) | `/srv/mounts/<workspace>/<project>/` | bind mount, host-managed |
 | Caches, profiles, scratch | named volume | Docker manages ownership |
 All `/srv/...` paths are owned by the `services` user (uid/gid **1337**).
 !!! note "If your service won't start or its logs aren't persisting"
    That's usually a host-side bind-mount **ownership** thing — the kind of detail
    **we sort out at deploy time**, not something you need to chown or provision.
@ -143,13 +146,13 @@ services:
 !!! warning "Secrets never go in the image"
    We do **not** commit secrets (usually, lol). They stay **gitignored**, live on
-    the host at `/srv/configs/<workspace>/<project>/`, and are bind-mounted
+    the host at `/srv/config/<workspace>/<project>/`, and are bind-mounted
    **read-only** at runtime. Add them to `.dockerignore` so a `COPY . .` can't
    sweep them into a layer.
 Rotating a secret = edit the host file and restart. No rebuild.
 ```bash
-vim /srv/configs/<workspace>/<project>/secrets.env   # edit on the host
+vim /srv/config/<workspace>/<project>/secrets.env   # edit on the host
 docker compose restart yourapp                       # pick up the change — no rebuild
 ```
--- a/docs/workflow.md
+++ b/docs/workflow.md
@ -56,7 +56,7 @@ with the right one per project.
 We solve that with **per-repo local git config** — run a small alias inside a repo
 to set its local user and the SSH key it pushes with (see
-[per-project git identity](#per-project-git-identity) below). No global identity
+[per-project git identity](#handy-shell-setup) below). No global identity
 juggling.
 Our conventions, in short: