Skip to content

Instantly share code, notes, and snippets.

@possibilities

possibilities/original-plan.md

Created March 20, 2026 01:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save possibilities/2d7c4fbcae5d8022a7c620fd551aaac3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save possibilities/2d7c4fbcae5d8022a7c620fd551aaac3 to your computer and use it in GitHub Desktop.
Download ZIP
Original (wrong) plan: Fix QMD content-topics sync via GitHub deploy key
Raw
original-plan.md

Fix QMD content-topics collection sync on artbird

Context

qmdctl-watch-collections on artbird calls qmd update which runs git operations against GitHub for the content-topics collection. The artbird user's SSH key is missing or not registered as a deploy key, causing git@github.com: Permission denied (publickey). Syncthing is also retrying failed deletes in the same folder - a secondary symptom that should resolve once sync recovers.

Plan

All steps are remote ops via SSH to artbird. No code changes.

Step 1: Diagnose SSH key state

ssh artbird 'sudo -u artbird ls -la /home/artbird/.ssh/'
ssh artbird 'sudo -u artbird ssh -T git@github.com'

Determine if a key exists and whether GitHub accepts it.

Step 2: Generate deploy key (if needed)

If no key or GitHub rejects it:

ssh artbird 'sudo -u artbird ssh-keygen -t ed25519 -f /home/artbird/.ssh/id_ed25519 -N ""'
ssh artbird 'sudo -u artbird cat /home/artbird/.ssh/id_ed25519.pub'

Then add the public key as a read-only deploy key on possibilities/content-topics:

# Save the pubkey locally, add as deploy key, clean up
ssh artbird 'sudo -u artbird cat /home/artbird/.ssh/id_ed25519.pub' > /tmp/artbird-deploy-key.pub
gh repo deploy-key add /tmp/artbird-deploy-key.pub -R possibilities/content-topics -t "artbird" -w=false
rm /tmp/artbird-deploy-key.pub

Step 3: Verify GitHub access

ssh artbird 'sudo -u artbird ssh -T git@github.com'

Should return "Hi ... You've successfully authenticated" (exit code 1 is normal for -T).

Step 4: Check Syncthing folder status

ssh artbird 'sudo -u artbird curl -s -H "X-API-Key: $(sudo -u artbird xmllint --xpath "string(//gui/apikey)" /home/artbird/.local/state/syncthing/config.xml)" http://127.0.0.1:8384/rest/db/status?folder=content-topics'

If folder is in error state, restart Syncthing:

ssh artbird 'sudo systemctl restart qmdctl-syncthing'

Step 5: Restart watcher and verify

ssh artbird 'sudo systemctl restart qmdctl-watch-collections'
ssh artbird 'sudo journalctl -u qmdctl-watch-collections --since "2 min ago" --no-pager'

Look for successful qmd update and qmd embed in logs.

Key files (reference only, no changes)

  • apps/qmdctl/qmdctl/run_watch_collections.py - the watcher daemon
  • apps/boxctl/BOOTSTRAP.md:107-116 - SSH key setup docs
  • system/watchctl/.config/watchctl/folders.yaml - Syncthing folder config

Verification

  • qmd update succeeds without SSH errors in watcher logs
  • Syncthing folder status shows no errors
  • Collection freshness recovers (check via qmdctl check-service or QMD search UI)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment