fix(deadman-fallback): try/except/continue cascade + OpenRouter

- Add PROVIDER_TIMEOUT (30s default, env PROVIDER_TIMEOUT) - Replace local-llama fallback with OpenRouter (openrouter/google/gemini-2.5-pro) - Wrap fallback_to_openrouter, fallback_to_ollama, restore_config, enter_safe_mode in try/except - Continue to next fallback on any error; no crash propagation - Log all fallback events to request_log SQLite DB - Provider errors caught/telemetry; never corrupt config Closes #445
feat(backup): add automated Gitea daily backup and recovery runbook
2026-04-30 01:51:14 -04:00 · 2026-04-30 01:44:05 -04:00 · 2026-04-29 23:45:00 -04:00
10 changed files with 725 additions and 657 deletions
--- a/bin/deadman-fallback.py
+++ b/bin/deadman-fallback.py
@@ -24,12 +24,17 @@ import yaml
 import shutil
 from pathlib import Path
 from datetime import datetime, timedelta
 import sqlite3
 import urllib.request
 import urllib.error
 HERMES_HOME = Path(os.environ.get("HERMES_HOME", os.path.expanduser("~/.hermes")))
 CONFIG_PATH = HERMES_HOME / "config.yaml"
 FALLBACK_STATE = HERMES_HOME / "deadman-fallback-state.json"
 BACKUP_CONFIG = HERMES_HOME / "config.yaml.pre-fallback"
 FORGE_URL = "https://forge.alexanderwhitestone.com"
 # Golden-state fallback chain: Kimi → OpenRouter (Gemini 2.5 Pro) → Ollama (gemma4:latest)
 PROVIDER_TIMEOUT = int(os.getenv("PROVIDER_TIMEOUT", "30"))
 def load_config():
    with open(CONFIG_PATH) as f:
@@ -50,7 +55,7 @@ def save_state(state):
    with open(FALLBACK_STATE, "w") as f:
        json.dump(state, f, indent=2)
-def run(cmd, timeout=10):
+def run(cmd, timeout=PROVIDER_TIMEOUT):
    try:
        r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
        return r.returncode, r.stdout.strip(), r.stderr.strip()
@@ -61,6 +66,23 @@ def run(cmd, timeout=10):
 # ─── HEALTH CHECKS ───
 def log_fallback_event(agent_name, provider, model, status, error_message=None):
    """Log fallback events to request_log SQLite DB (telemetry)."""
    try:
        log_path = Path.home() / ".local" / "timmy" / "request_log.db"
        if log_path.exists():
            conn = sqlite3.connect(str(log_path))
            cursor = conn.cursor()
            cursor.execute("""
                INSERT INTO request_log (timestamp, agent_name, provider, model, endpoint, status, error_message)
                VALUES (datetime('now'), ?, ?, ?, ?, ?, ?)
            """, (agent_name, provider, model, 'fallback_switch', status, error_message))
            conn.commit()
            conn.close()
    except Exception:
        pass  # Silent if telemetry unavailable
 def check_kimi():
    """Can we reach Kimi Coding API?"""
    key = os.environ.get("KIMI_API_KEY", "")
@@ -89,12 +111,38 @@ def check_kimi():
        return True, f"HTTP {out}"
    return False, f"HTTP {out} err={err[:80]}"
-def check_local_llama():
+def check_openrouter():
-    """Is local llama.cpp serving?"""
+    """Check OpenRouter API availability and credentials."""
-    code, out, err = run("curl -s http://localhost:8081/v1/models", timeout=5)
+    key = os.environ.get("OPENROUTER_API_KEY", "")
-    if code == 0 and "hermes" in out.lower():
+    if not key:
-        return True, "serving"
+        env_file = HERMES_HOME / ".env"
-    return False, f"exit={code}"
+        if env_file.exists():
            for line in open(env_file):
                line = line.strip()
                if line.startswith("OPENROUTER_API_KEY="):
                    key = line.split("=", 1)[1].strip().strip('"\'')
                    break
    if not key:
        return False, "No OPENROUTER_API_KEY"
    try:
        req = urllib.request.Request(
            "https://openrouter.ai/api/v1/models",
            headers={"Authorization": "Bearer " + key}
        )
        resp = urllib.request.urlopen(req, timeout=PROVIDER_TIMEOUT)
        if resp.status == 200:
            data = json.loads(resp.read())
            models = data.get("data", [])
            return True, f"{len(models)} models available"
        else:
            return False, f"HTTP {resp.status}"
    except urllib.error.HTTPError as e:
        if e.code == 401:
            return False, "Invalid OPENROUTER_API_KEY"
        else:
            return False, f"HTTP {e.code}"
    except Exception as e:
        return False, str(e)[:100]
 def check_ollama():
    """Is Ollama running?"""
@@ -127,15 +175,18 @@ def check_vps(ip, name):
 # ─── FALLBACK ACTIONS ───
-def fallback_to_local_model(cfg):
+def fallback_to_openrouter(cfg):
-    """Switch primary model from Kimi to local llama.cpp"""
+    "Switch primary model from Kimi to OpenRouter (Gemini 2.5 Pro)"
    if not BACKUP_CONFIG.exists():
        shutil.copy2(CONFIG_PATH, BACKUP_CONFIG)
-    cfg["model"]["provider"] = "local-llama.cpp"
+    openrouter_cfg = cfg.get("providers", {}).get("openrouter", {})
-    cfg["model"]["default"] = "hermes3"
+    base_url = openrouter_cfg.get("base_url", "https://openrouter.ai/api/v1")
    cfg["model"]["provider"] = "openrouter"
    cfg["model"]["default"] = "google/gemini-2.5-pro"
    cfg["model"]["base_url"] = base_url
    save_config(cfg)
-    return "Switched primary model to local-llama.cpp/hermes3"
+    return "Switched primary model to openrouter/google/gemini-2.5-pro"
 def fallback_to_ollama(cfg):
    """Switch to Ollama if llama.cpp is also down"""
@@ -179,11 +230,11 @@ def diagnose_and_fallback():
    kimi_ok, kimi_msg = check_kimi()
    results["checks"]["kimi-coding"] = {"ok": kimi_ok, "msg": kimi_msg}
-    llama_ok, llama_msg = check_local_llama()
+    openrouter_ok, openrouter_msg = check_openrouter()
-    results["checks"]["local_llama"] = {"ok": llama_ok, "msg": llama_msg}
+    results["checks"]["openrouter"] = {"ok": openrouter_ok, "msg": openrouter_msg}
-    ollama_ok, ollama_msg = check_ollama()
+    oopenrouter_ok, oopenrouter_msg = check_ollama()
-    results["checks"]["ollama"] = {"ok": ollama_ok, "msg": ollama_msg}
+    results["checks"]["ollama"] = {"ok": oopenrouter_ok, "msg": oopenrouter_msg}
    gitea_ok, gitea_msg = check_gitea()
    results["checks"]["gitea"] = {"ok": gitea_ok, "msg": gitea_msg}
@@ -202,41 +253,79 @@ def diagnose_and_fallback():
    # ─── FALLBACK LOGIC ───
-    # Case 1: Primary (Kimi) down, local available
+    # Case 1: Primary (Kimi) down, try fallback chain (OpenRouter -> Ollama)
    if not kimi_ok and current_provider == "kimi-coding":
-        if llama_ok:
+        agent_name = cfg.get("agent", {}).get("name", "timmy")
-            msg = fallback_to_local_model(cfg)
+        applied = False
-            results["actions"].append(msg)
+        # Try OpenRouter fallback
-            state["active_fallbacks"].append("kimi->local-llama")
+        if openrouter_ok:
-            results["status"] = "degraded_local"
+            try:
-        elif ollama_ok:
+                msg = fallback_to_openrouter(cfg)
-            msg = fallback_to_ollama(cfg)
+                results["actions"].append(msg)
-            results["actions"].append(msg)
+                state["active_fallbacks"].append("kimi->openrouter")
-            state["active_fallbacks"].append("kimi->ollama")
+                results["status"] = "degraded_openrouter"
-            results["status"] = "degraded_ollama"
+                log_fallback_event(agent_name, "openrouter", "google/gemini-2.5-pro", "success")
-        else:
+                applied = True
-            msg = enter_safe_mode(state)
+            except Exception as e:
-            results["actions"].append(msg)
+                log(f"OpenRouter fallback failed: {e}")
-            results["status"] = "safe_mode"
+                log_fallback_event(agent_name, "openrouter", "google/gemini-2.5-pro", "error", str(e))
        # If still not applied, try Ollama
        if not applied and oopenrouter_ok:
            try:
                msg = fallback_to_ollama(cfg)
                results["actions"].append(msg)
                state["active_fallbacks"].append("kimi->ollama")
                results["status"] = "degraded_ollama"
                log_fallback_event(agent_name, "ollama", "gemma4:latest", "success")
                applied = True
            except Exception as e:
                log(f"Ollama fallback failed: {e}")
                log_fallback_event(agent_name, "ollama", "gemma4:latest", "error", str(e))
        if not applied:
            try:
                msg = enter_safe_mode(state)
                results["actions"].append(msg)
                results["status"] = "safe_mode"
            except Exception as e:
                log(f"Safe mode failed: {e}")
-    # Case 2: Already on fallback, check if primary recovered
+    # Case 2: Already on fallback, check if primary recovered — restore with resilience
-    elif kimi_ok and "kimi->local-llama" in state.get("active_fallbacks", []):
+    elif kimi_ok:
-        msg = restore_config()
+        restored = False
-        results["actions"].append(msg)
+        agent_name = cfg.get("agent", {}).get("name", "timmy")
-        state["active_fallbacks"].remove("kimi->local-llama")
+        # Try restore from OpenRouter fallback
-        results["status"] = "recovered"
+        if "kimi->openrouter" in state.get("active_fallbacks", []):
-    elif kimi_ok and "kimi->ollama" in state.get("active_fallbacks", []):
+            try:
-        msg = restore_config()
+                msg = restore_config()
-        results["actions"].append(msg)
+                results["actions"].append(msg)
-        state["active_fallbacks"].remove("kimi->ollama")
+                state["active_fallbacks"].remove("kimi->openrouter")
-        results["status"] = "recovered"
+                results["status"] = "recovered"
                restored = True
                log_fallback_event(agent_name, "openrouter", "google/gemini-2.5-pro", "restored")
            except Exception as e:
                log(f"Restore from OpenRouter failed: {e}")
                log_fallback_event(agent_name, "openrouter", "google/gemini-2.5-pro", "error", str(e))
        # Try restore from Ollama fallback if still not restored
        if not restored and "kimi->ollama" in state.get("active_fallbacks", []):
            try:
                msg = restore_config()
                results["actions"].append(msg)
                state["active_fallbacks"].remove("kimi->ollama")
                results["status"] = "recovered"
                restored = True
                log_fallback_event(agent_name, "ollama", "gemma4:latest", "restored")
            except Exception as e:
                log(f"Restore from Ollama failed: {e}")
                log_fallback_event(agent_name, "ollama", "gemma4:latest", "error", str(e))
        if not restored:
            log("WARNING: Primary recovered but unable to restore config")
    # Case 3: Gitea down — just flag it, work locally
    if not gitea_ok:
        results["actions"].append("WARN: Gitea unreachable — work cached locally until recovery")
        if "gitea_down" not in state.get("active_fallbacks", []):
            state["active_fallbacks"].append("gitea_down")
-        results["status"] = max(results["status"], "degraded_gitea", key=lambda x: ["healthy", "recovered", "degraded_gitea", "degraded_local", "degraded_ollama", "safe_mode"].index(x) if x in ["healthy", "recovered", "degraded_gitea", "degraded_local", "degraded_ollama", "safe_mode"] else 0)
+        results["status"] = max(results["status"], "degraded_gitea", key=lambda x: ["healthy", "recovered", "degraded_gitea", "degraded_openrouter", "degraded_ollama", "safe_mode"].index(x) if x in ["healthy", "recovered", "degraded_gitea", "degraded_openrouter", "degraded_ollama", "safe_mode"] else 0)
    elif "gitea_down" in state.get("active_fallbacks", []):
        state["active_fallbacks"].remove("gitea_down")
        results["actions"].append("Gitea recovered — resume normal operations")
--- a/bin/gitea-backup.sh
+++ b/bin/gitea-backup.sh
@@ -0,0 +1,87 @@
 #!/bin/bash
 # Gitea Daily Backup Script
 # Uses Gitea's native dump command to create automated backups of repositories and SQLite databases.
 # Designed to run on the VPS (Ezra) as part of a daily cron job.
 #
 # Configuration via environment variables:
 #   GITEA_BIN               Path to gitea binary (default: auto-detect)
 #   GITEA_BACKUP_DIR        Directory for backup archives (default: /var/backups/gitea)
 #   GITEA_BACKUP_RETENTION  Days to retain backups (default: 7)
 #   GITEA_BACKUP_LOG        Log file path (default: /var/log/gitea-backup.log)
 set -euo pipefail
 GITEA_BIN="${GITEA_BIN:-$(command -v gitea 2>/dev/null || echo "/usr/local/bin/gitea")}"
 BACKUP_DIR="${GITEA_BACKUP_DIR:-/var/backups/gitea}"
 RETENTION_DAYS="${GITEA_BACKUP_RETENTION:-7}"
 DATE="$(date +%Y-%m-%d_%H%M%S)"
 BACKUP_FILE="${BACKUP_DIR}/gitea-backup-${DATE}.tar.gz"
 LOG_FILE="${GITEA_BACKUP_LOG:-/var/log/gitea-backup.log}"
 mkdir -p "${BACKUP_DIR}"
 log() {
  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "${LOG_FILE}"
 }
 log "=== Starting Gitea daily backup ==="
 # Verify gitea binary exists
 if [ ! -x "${GITEA_BIN}" ]; then
  log "ERROR: Gitea binary not found at ${GITEA_BIN}"
  log "Set GITEA_BIN environment variable to the gitea binary path (e.g., /usr/bin/gitea)"
  exit 1
 fi
 # Detect Gitea WORK_PATH
 WORK_PATH=""
 APP_INI=""
 for path in /etc/gitea/app.ini /home/git/gitea/custom/conf/app.ini ~/gitea/custom/conf/app.ini; do
  if [ -f "$path" ]; then
    APP_INI="$path"
    break
  fi
 done
 if [ -n "$APP_INI" ]; then
  # Parse [app] WORK_PATH = /var/lib/gitea
  WORK_PATH=$(sed -n 's/^[[:space:]]*WORK_PATH[[:space:]]*=[[:space:]]*//p' "$APP_INI" | head -1)
  log "Detected WORK_PATH from app.ini: ${WORK_PATH}"
 fi
 # Fallback detection
 if [ -z "$WORK_PATH" ]; then
  for d in /var/lib/gitea /home/git/gitea /srv/gitea /opt/gitea; do
    if [ -d "$d" ]; then
      WORK_PATH="$d"
      break
    fi
  done
  log "Inferred WORK_PATH: ${WORK_PATH:-not found}"
 fi
 if [ -z "$WORK_PATH" ]; then
  log "ERROR: Could not determine Gitea WORK_PATH. Set GITEA_WORK_PATH manually."
  exit 1
 fi
 # Perform gitea dump
 # Flags: --work-path sets the Gitea working directory, --file writes dump to tar.gz
 log "Running: gitea dump --work-path ${WORK_PATH} --file ${BACKUP_FILE}"
 "${GITEA_BIN}" dump --work-path "${WORK_PATH}" --file "${BACKUP_FILE}" 2>>"${LOG_FILE}"
 if [ $? -ne 0 ]; then
  log "ERROR: gitea dump failed — check ${LOG_FILE} for details"
  exit 1
 fi
 FILE_SIZE=$(du -h "${BACKUP_FILE}" | cut -f1)
 log "Backup created: ${BACKUP_FILE} (${FILE_SIZE})"
 # Prune old backups (keep last N days)
 find "${BACKUP_DIR}" -name "gitea-backup-*.tar.gz" -type f -mtime +$((${RETENTION_DAYS}-1)) -delete 2>/dev/null || true
 log "Pruned backups older than ${RETENTION_DAYS} days"
 log "=== Backup completed successfully ==="
 exit 0
--- a/cron/vps/gitea-daily-backup.yml
+++ b/cron/vps/gitea-daily-backup.yml
@@ -0,0 +1,9 @@
 - name: Daily Gitea Backup
  schedule: '0 2 * * *'  # 2:00 AM daily
  tasks:
    - name: Run Gitea daily backup
      shell: bash ~/.hermes/bin/gitea-backup.sh
      env:
        GITEA_BIN: /usr/local/bin/gitea
        GITEA_BACKUP_DIR: /var/backups/gitea
        GITEA_BACKUP_RETENTION: "7"
--- a/docs/backup-recovery-runbook.md
+++ b/docs/backup-recovery-runbook.md
@@ -0,0 +1,155 @@
 # Gitea Backup & Recovery Runbook
 **Last updated:** 2026-04-30  
 **Scope:** Single-node VPS (Ezra, 143.198.27.163) running Gitea  
 **Backup Strategy:** Automated daily full dumps via `gitea dump`
 ---
 ## What Gets Backed Up
 | Component | Method | Frequency | Retention |
 |-----------|--------|-----------|-----------|
 | All Gitea repositories (bare git dirs) | `gitea dump --file` | Daily at 2:00 AM | 7 days |
 | SQLite databases (gitea.db, indexer.db, etc.) | Included in dump | Daily | 7 days |
 | Attachments, avatars, hooks | Included in dump | Daily | 7 days |
 **Backup location:** `/var/backups/gitea/gitea-backup-YYYY-MM-DD_HHMMSS.tar.gz`
 **Log file:** `/var/log/gitea-backup.log`
 ---
 ## Backup Architecture
 The backup script `bin/gitea-backup.sh` runs daily via Hermes cron (`cron/vps/gitea-daily-backup.yml`). It:
 1. Locates the Gitea `WORK_PATH` by reading `/etc/gitea/app.ini` or falling back to common locations (`/var/lib/gitea`, `/home/git/gitea`)
 2. Invokes `gitea dump --work-path <path> --file <backup-tar.gz>` — Gitea's native, consistent snapshot mechanism
 3. Prunes archives older than 7 days
 4. Logs all operations to `/var/log/gitea-backup.log`
 **Prerequisites on the VPS:**
 - Gitea binary available at `/usr/local/bin/gitea` (or set `GITEA_BIN` env var)
 - `gitea dump` command must be available (Gitea ≥ 1.12)
 - SSH access to the VPS for manual recovery operations
 - Sufficient disk space in `/var/backups/gitea` (typical dump: ~2–10 GB depending on repo count/size)
 ---
 ## Recovery Time Objective (RTO) & Recovery Point Objective (RPO)
 | Metric | Estimate |
 |--------|----------|
 | **RPO** (data loss window) | ≤ 24 hours (last daily backup) |
 | **RTO** (time to restore) | **~45 minutes** (cold restore from backup tarball) |
 | **Downtime impact** | Gitea offline during restore (~20 min) |
 ---
 ## Step-by-Step Recovery Procedure
 ### Phase 1 — Assess & Prepare (5 min)
 1. SSH into Ezra VPS: `ssh root@143.198.27.163`
 2. Stop Gitea so files are quiescent:
   ```bash
   systemctl stop gitea
   ```
 3. Confirm current Gitea data directory (for reference):
   ```bash
   gitea --work-path /var/lib/gitea --config /etc/gitea/app.ini dump --help 2>&1
   # Or check app.ini for WORK_PATH
   cat /etc/gitea/app.ini | grep '^WORK_PATH'
   ```
 ### Phase 2 — Restore from Backup (20 min)
 4. Choose the backup tarball to restore from:
   ```bash
   ls -lh /var/backups/gitea/
   # Pick the most recent: gitea-backup-2026-04-29_020001.tar.gz
   ```
 5. **Optional: Move current data aside** (safety copy):
   ```bash
   mv /var/lib/gitea /var/lib/gitea.bak-$(date +%s)
   ```
 6. Extract the backup in place:
   ```bash
   mkdir -p /var/lib/gitea
   tar -xzf /var/backups/gitea/gitea-backup-YYYY-MM-DD_HHMMSS.tar.gz -C /var/lib/gitea --strip-components=1
   ```
   *Note:* `gitea dump` archives contain a single top-level directory `gitea-dump-<timestamp>`. The `--strip-components=1` puts its contents directly into `/var/lib/gitea`.
 7. Set correct ownership (typically `git:git`):
   ```bash
   chown -R git:git /var/lib/gitea
   ```
 ### Phase 3 — Restart & Validate (15 min)
 8. Start Gitea:
   ```bash
   systemctl start gitea
   ```
 9. Wait 30 seconds, then verify:
   ```bash
   systemctl status gitea
   # Check HTTP endpoint
   curl -s -o /dev/null -w '%{http_code}' http://localhost:3000/  # Should be 200
   ```
 10. Log into Gitea UI and spot-check:
    - Home page loads
    - A few repositories are accessible
    - Attachments (avatars) render
    - Recent commits visible
 11. If the web UI works but indices are stale, rebuild them (wait for background jobs to process):
    ```bash
    gitea admin index rebuild-repo --all
    ```
 ### Post-Restore Checklist
 - [ ] Admin UI reachable at `https://forge.alexanderwhitestone.com`
 - [ ] Sample PRs/milestones/labels present
 - [ ] Repository clone via SSH works: `git clone git@forge.alexanderwhitestone.com:Timmy_Foundation/timmy-config.git`
 - [ ] Check backup script health: `cat /var/log/gitea-backup.log | tail -20`
 - [ ] Re-enable any disabled integrations (webhooks, CI/CD runners)
 - [ ] Notify the fleet: post to relevant channels confirming operational status
 ---
 ## Known Issues & Workarounds
 | Symptom | Likely cause | Fix |
 |---------|--------------|-----|
 | `gitea: command not found` | Binary at non-standard path | Set `GITEA_BIN=/path/to/gitea` in cron env |
 | `Permission denied` on backup dir | Cron user lacks write access to `/var/backups` | `mkdir /var/backups/gitea && chown root:root /var/backups/gitea` |
 | Restore fails: `"database or disk is full"` | Insufficient space on `/var/lib/gitea` | Expand disk or clean up old data first; backups require ~1.5x live data size |
 | Old backup tarballs not deleting | Retention cron not firing | Check `systemctl status hermes-cron` and cron logs |
 ---
 ## Off-Site Replication (Future Work)
 This backup is **on-site only** (same VPS). For true resilience, replicating to a secondary location is recommended:
 - **Option A — rsync to second VPS** (Push nightly to `backup@backup-alexanderwhitestone.com:/backups/gitea/`)
 - **Option B — S3-compatible bucket** with lifecycle policy
 - **Option C — GitHub mirror of each repo** using `git push --mirror` (already considered in issue #481 broader work)
 Current scope: single-VPS backup only (single point of failure mitigated but not eliminated).
 ---
 ## Related Documentation
 - `bin/gitea-backup.sh` — backup script source
 - `cron/vps/gitea-daily-backup.yml` — Hermes cron definition
 - Gitea official docs: <https://docs.gitea.com/administration/backup-and-restore>
 - Hermes cron: <https://hermes-agent.nousresearch.com/docs>
--- a/scripts/generate_code_patterns_deployment_infra.py
+++ b/scripts/generate_code_patterns_deployment_infra.py
@@ -1,101 +0,0 @@
 #!/usr/bin/env python3
 """Generate 400 Deployment & Infra code pattern pairs for timmy-config#594."""
 from __future__ import annotations
 import argparse, json, random
 from pathlib import Path
 random.seed(594)
 TEMPLATES = [
  # vps-provisioning
  ("vps-provisioning", "Write a cloud-init config that provisions Ubuntu 22.04 with deploy user, SSH key auth, and auto updates.",
   "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]"),
  ("vps-provisioning", "Create a Terraform config for a DigitalOcean droplet (2GB) with SSH key.",
   'terraform { required_providers { digitalocean={source="digitalocean/digitalocean",version="~>2.0"} } }\nresource "digitalocean_droplet" "web" { name="web-01"; region="nyc3"; size="s-2vcpu-2gb" }'),
  ("vps-provisioning", "Write an Ansible playbook to install packages and start nginx.",
   "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started"),
  ("vps-provisioning", "Bash script: create deploy user, install Docker, harden SSH.",
   "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config"),
  ("vps-provisioning", "Write a systemd drop-in to override service restart settings.",
   "[Service]\nRestart=always\nRestartSec=5"),
  ("vps-provisioning", "Create a logrotate config for application logs.",
   "/var/log/app/*.log { daily; rotate 7; compress; missingok }"),
  ("vps-provisioning", "Write a shell function that waits for a TCP port to become available on a remote host.",
   'wait_for_port() { local h="$1" p="$2"; while ! nc -z "$h" "$p"; do sleep 1; done; }'),
  ("vps-provisioning", "Implement a script that sets up a Python virtualenv.",
   "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt"),
  # nginx
  ("nginx", "Write nginx server block that serves static site and redirects HTTP to HTTPS.",
   "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}"),
  ("nginx", "Configure nginx as reverse proxy to backend on port 3000.",
   "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}"),
  ("nginx", "Write nginx rate limiting configuration for /api/ endpoint.",
   "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}"),
  ("nginx", "Create nginx config snippet that adds HSTS and CSP headers.",
   'add_header Strict-Transport-Security "max-age=63072000" always;\nadd_header Content-Security-Policy "default-src \'self\'" always;'),
  # systemd
  ("systemd", "Write a systemd service unit for a Python app as non-root, restart on failure.",
   "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target"),
  ("systemd", "Create a systemd timer that runs a backup script daily at 2:30 AM.",
   "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh"),
  ("systemd", "Write a systemd path unit that triggers a service when a config file changes.",
   "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh"),
  # docker
  ("docker", "Write a multi-stage Dockerfile for Python FastAPI.",
   "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]"),
  ("docker", "Create a docker-compose.yml with web, postgres, and redis.",
   "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }"),
  ("docker", "Write a Dockerfile for Node.js production.",
   "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]"),
  ("docker", "Create a Docker network for app isolation.",
   "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest"),
  # ssh
  ("ssh", "Write an SSH config for two host groups.",
   "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev"),
  ("ssh", "Create bash function for SSH tunnel forwarding PostgreSQL port.",
   "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }"),
  ("ssh", "Write a script that distributes SSH key to multiple servers.",
   "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone"),
  ("ssh", "Configure SSH to use a jump host for internal servers.",
   "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local"),
 ]
 def vary_problem(base, idx):
    p = ["Write code to","Implement","Create","Build","Configure","Set up"]
    s = [" with error handling."," using best practices."," ensuring idempotency."," with logging."," for production."]
    return f"{p[idx%len(p)]} {base.rstrip('.').lower()}{s[(idx//len(p))%len(s)]}"
 def vary_solution(base, idx):
    sol = base
    if idx%3==0:
        sol = sol.replace("log", "log_msg").replace("result", "data")
    if idx%7==0:
        sol = f"# Variation {idx}\n" + sol
    return sol
 def main():
    ap = argparse.ArgumentParser(description="Generate 400 Deployment & Infra code pattern pairs")
    ap.add_argument("-o","--output",default="training-data/code-patterns-deployment-infra.jsonl")
    ap.add_argument("-n","--count",type=int,default=400)
    args = ap.parse_args()
    out = Path(args.output); out.parent.mkdir(parents=True,exist_ok=True)
    pairs = []
    for i in range(args.count):
        tpl = TEMPLATES[i % len(TEMPLATES)]
        pairs.append({
            "problem": vary_problem(tpl[1], i),
            "solution": vary_solution(tpl[2], i),
            "imports": "",
            "domain": tpl[0],
            "id": f"deploy-infra-{i:04d}",
        })
    with open(out, "w", encoding="utf-8") as f:
        for p in pairs:
            f.write(json.dumps(p, ensure_ascii=False) + "\n")
    from collections import Counter
    cnt = Counter(p["domain"] for p in pairs)
    print(f"Generated {len(pairs)} pairs → {out}")
    print(f"  Size: {out.stat().st_size/1024:.1f} KB")
    for d,c in sorted(cnt.items(),key=lambda x:-x[1]): print(f"    {d}: {c}")
 if __name__ == "__main__":
    main()
--- a/training-data/code-patterns-deployment-infra.jsonl
+++ b/training-data/code-patterns-deployment-infra.jsonl
@@ -1,400 +0,0 @@
 {"problem": "Write code to write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "# Variation 0\n#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0000"}
 {"problem": "Implement create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0001"}
 {"problem": "Create write an ansible playbook to install packages and start nginx with error handling.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0002"}
 {"problem": "Build bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0003"}
 {"problem": "Configure write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0004"}
 {"problem": "Set up create a logrotate config for application logs with error handling.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0005"}
 {"problem": "Write code to write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0006"}
 {"problem": "Implement implement a script that sets up a python virtualenv using best practices.", "solution": "# Variation 7\npython3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0007"}
 {"problem": "Create write nginx server block that serves static site and redirects http to https using best practices.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0008"}
 {"problem": "Build configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0009"}
 {"problem": "Configure write nginx rate limiting configuration for /api/ endpoint using best practices.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0010"}
 {"problem": "Set up create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0011"}
 {"problem": "Write code to write a systemd service unit for a python app as non-root, restart on failure ensuring idempotency.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0012"}
 {"problem": "Implement create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0013"}
 {"problem": "Create write a systemd path unit that triggers a service when a config file changes ensuring idempotency.", "solution": "# Variation 14\n[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0014"}
 {"problem": "Build write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0015"}
 {"problem": "Configure create a docker-compose.yml with web, postgres, and redis ensuring idempotency.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0016"}
 {"problem": "Set up write a dockerfile for node.js production ensuring idempotency.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0017"}
 {"problem": "Write code to create a docker network for app isolation with logging.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0018"}
 {"problem": "Implement write an ssh config for two host groups with logging.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0019"}
 {"problem": "Create create bash function for ssh tunnel forwarding postgresql port with logging.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0020"}
 {"problem": "Build write a script that distributes ssh key to multiple servers with logging.", "solution": "# Variation 21\nfor s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0021"}
 {"problem": "Configure configure ssh to use a jump host for internal servers with logging.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0022"}
 {"problem": "Set up write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0023"}
 {"problem": "Write code to create a terraform config for a digitalocean droplet (2gb) with ssh key for production.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0024"}
 {"problem": "Implement write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0025"}
 {"problem": "Create bash script: create deploy user, install docker, harden ssh for production.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0026"}
 {"problem": "Build write a systemd drop-in to override service restart settings for production.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0027"}
 {"problem": "Configure create a logrotate config for application logs for production.", "solution": "# Variation 28\n/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0028"}
 {"problem": "Set up write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0029"}
 {"problem": "Write code to implement a script that sets up a python virtualenv with error handling.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0030"}
 {"problem": "Implement write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0031"}
 {"problem": "Create configure nginx as reverse proxy to backend on port 3000 with error handling.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0032"}
 {"problem": "Build write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0033"}
 {"problem": "Configure create nginx config snippet that adds hsts and csp headers with error handling.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0034"}
 {"problem": "Set up write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "# Variation 35\n[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0035"}
 {"problem": "Write code to create a systemd timer that runs a backup script daily at 2:30 am using best practices.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0036"}
 {"problem": "Implement write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0037"}
 {"problem": "Create write a multi-stage dockerfile for python fastapi using best practices.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0038"}
 {"problem": "Build create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0039"}
 {"problem": "Configure write a dockerfile for node.js production using best practices.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0040"}
 {"problem": "Set up create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0041"}
 {"problem": "Write code to write an ssh config for two host groups ensuring idempotency.", "solution": "# Variation 42\nHost prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0042"}
 {"problem": "Implement create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0043"}
 {"problem": "Create write a script that distributes ssh key to multiple servers ensuring idempotency.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0044"}
 {"problem": "Build configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0045"}
 {"problem": "Configure write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates ensuring idempotency.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0046"}
 {"problem": "Set up create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0047"}
 {"problem": "Write code to write an ansible playbook to install packages and start nginx with logging.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0048"}
 {"problem": "Implement bash script: create deploy user, install docker, harden ssh with logging.", "solution": "# Variation 49\n#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0049"}
 {"problem": "Create write a systemd drop-in to override service restart settings with logging.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0050"}
 {"problem": "Build create a logrotate config for application logs with logging.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0051"}
 {"problem": "Configure write a shell function that waits for a tcp port to become available on a remote host with logging.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0052"}
 {"problem": "Set up implement a script that sets up a python virtualenv with logging.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0053"}
 {"problem": "Write code to write nginx server block that serves static site and redirects http to https for production.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0054"}
 {"problem": "Implement configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0055"}
 {"problem": "Create write nginx rate limiting configuration for /api/ endpoint for production.", "solution": "# Variation 56\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0056"}
 {"problem": "Build create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0057"}
 {"problem": "Configure write a systemd service unit for a python app as non-root, restart on failure for production.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0058"}
 {"problem": "Set up create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0059"}
 {"problem": "Write code to write a systemd path unit that triggers a service when a config file changes with error handling.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0060"}
 {"problem": "Implement write a multi-stage dockerfile for python fastapi with error handling.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0061"}
 {"problem": "Create create a docker-compose.yml with web, postgres, and redis with error handling.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0062"}
 {"problem": "Build write a dockerfile for node.js production with error handling.", "solution": "# Variation 63\nFROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0063"}
 {"problem": "Configure create a docker network for app isolation with error handling.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0064"}
 {"problem": "Set up write an ssh config for two host groups with error handling.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0065"}
 {"problem": "Write code to create bash function for ssh tunnel forwarding postgresql port using best practices.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0066"}
 {"problem": "Implement write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0067"}
 {"problem": "Create configure ssh to use a jump host for internal servers using best practices.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0068"}
 {"problem": "Build write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0069"}
 {"problem": "Configure create a terraform config for a digitalocean droplet (2gb) with ssh key using best practices.", "solution": "# Variation 70\nterraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0070"}
 {"problem": "Set up write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0071"}
 {"problem": "Write code to bash script: create deploy user, install docker, harden ssh ensuring idempotency.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0072"}
 {"problem": "Implement write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0073"}
 {"problem": "Create create a logrotate config for application logs ensuring idempotency.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0074"}
 {"problem": "Build write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0075"}
 {"problem": "Configure implement a script that sets up a python virtualenv ensuring idempotency.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0076"}
 {"problem": "Set up write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "# Variation 77\nserver {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0077"}
 {"problem": "Write code to configure nginx as reverse proxy to backend on port 3000 with logging.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0078"}
 {"problem": "Implement write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0079"}
 {"problem": "Create create nginx config snippet that adds hsts and csp headers with logging.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0080"}
 {"problem": "Build write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0081"}
 {"problem": "Configure create a systemd timer that runs a backup script daily at 2:30 am with logging.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0082"}
 {"problem": "Set up write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0083"}
 {"problem": "Write code to write a multi-stage dockerfile for python fastapi for production.", "solution": "# Variation 84\nFROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0084"}
 {"problem": "Implement create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0085"}
 {"problem": "Create write a dockerfile for node.js production for production.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0086"}
 {"problem": "Build create a docker network for app isolation for production.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0087"}
 {"problem": "Configure write an ssh config for two host groups for production.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0088"}
 {"problem": "Set up create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0089"}
 {"problem": "Write code to write a script that distributes ssh key to multiple servers with error handling.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0090"}
 {"problem": "Implement configure ssh to use a jump host for internal servers with error handling.", "solution": "# Variation 91\nHost internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0091"}
 {"problem": "Create write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0092"}
 {"problem": "Build create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0093"}
 {"problem": "Configure write an ansible playbook to install packages and start nginx with error handling.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0094"}
 {"problem": "Set up bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0095"}
 {"problem": "Write code to write a systemd drop-in to override service restart settings using best practices.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0096"}
 {"problem": "Implement create a logrotate config for application logs using best practices.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0097"}
 {"problem": "Create write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "# Variation 98\nwait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0098"}
 {"problem": "Build implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0099"}
 {"problem": "Configure write nginx server block that serves static site and redirects http to https using best practices.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0100"}
 {"problem": "Set up configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0101"}
 {"problem": "Write code to write nginx rate limiting configuration for /api/ endpoint ensuring idempotency.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0102"}
 {"problem": "Implement create nginx config snippet that adds hsts and csp headers ensuring idempotency.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0103"}
 {"problem": "Create write a systemd service unit for a python app as non-root, restart on failure ensuring idempotency.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0104"}
 {"problem": "Build create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "# Variation 105\n[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0105"}
 {"problem": "Configure write a systemd path unit that triggers a service when a config file changes ensuring idempotency.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0106"}
 {"problem": "Set up write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0107"}
 {"problem": "Write code to create a docker-compose.yml with web, postgres, and redis with logging.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0108"}
 {"problem": "Implement write a dockerfile for node.js production with logging.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0109"}
 {"problem": "Create create a docker network for app isolation with logging.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0110"}
 {"problem": "Build write an ssh config for two host groups with logging.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0111"}
 {"problem": "Configure create bash function for ssh tunnel forwarding postgresql port with logging.", "solution": "# Variation 112\nssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0112"}
 {"problem": "Set up write a script that distributes ssh key to multiple servers with logging.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0113"}
 {"problem": "Write code to configure ssh to use a jump host for internal servers for production.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0114"}
 {"problem": "Implement write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates for production.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0115"}
 {"problem": "Create create a terraform config for a digitalocean droplet (2gb) with ssh key for production.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0116"}
 {"problem": "Build write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0117"}
 {"problem": "Configure bash script: create deploy user, install docker, harden ssh for production.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0118"}
 {"problem": "Set up write a systemd drop-in to override service restart settings for production.", "solution": "# Variation 119\n[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0119"}
 {"problem": "Write code to create a logrotate config for application logs with error handling.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0120"}
 {"problem": "Implement write a shell function that waits for a tcp port to become available on a remote host with error handling.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0121"}
 {"problem": "Create implement a script that sets up a python virtualenv with error handling.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0122"}
 {"problem": "Build write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0123"}
 {"problem": "Configure configure nginx as reverse proxy to backend on port 3000 with error handling.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0124"}
 {"problem": "Set up write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0125"}
 {"problem": "Write code to create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "# Variation 126\nadd_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0126"}
 {"problem": "Implement write a systemd service unit for a python app as non-root, restart on failure using best practices.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0127"}
 {"problem": "Create create a systemd timer that runs a backup script daily at 2:30 am using best practices.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0128"}
 {"problem": "Build write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0129"}
 {"problem": "Configure write a multi-stage dockerfile for python fastapi using best practices.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0130"}
 {"problem": "Set up create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0131"}
 {"problem": "Write code to write a dockerfile for node.js production ensuring idempotency.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0132"}
 {"problem": "Implement create a docker network for app isolation ensuring idempotency.", "solution": "# Variation 133\ndocker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0133"}
 {"problem": "Create write an ssh config for two host groups ensuring idempotency.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0134"}
 {"problem": "Build create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0135"}
 {"problem": "Configure write a script that distributes ssh key to multiple servers ensuring idempotency.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0136"}
 {"problem": "Set up configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0137"}
 {"problem": "Write code to write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0138"}
 {"problem": "Implement create a terraform config for a digitalocean droplet (2gb) with ssh key with logging.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0139"}
 {"problem": "Create write an ansible playbook to install packages and start nginx with logging.", "solution": "# Variation 140\n---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0140"}
 {"problem": "Build bash script: create deploy user, install docker, harden ssh with logging.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0141"}
 {"problem": "Configure write a systemd drop-in to override service restart settings with logging.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0142"}
 {"problem": "Set up create a logrotate config for application logs with logging.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0143"}
 {"problem": "Write code to write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0144"}
 {"problem": "Implement implement a script that sets up a python virtualenv for production.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0145"}
 {"problem": "Create write nginx server block that serves static site and redirects http to https for production.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0146"}
 {"problem": "Build configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "# Variation 147\nupstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0147"}
 {"problem": "Configure write nginx rate limiting configuration for /api/ endpoint for production.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0148"}
 {"problem": "Set up create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0149"}
 {"problem": "Write code to write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0150"}
 {"problem": "Implement create a systemd timer that runs a backup script daily at 2:30 am with error handling.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0151"}
 {"problem": "Create write a systemd path unit that triggers a service when a config file changes with error handling.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0152"}
 {"problem": "Build write a multi-stage dockerfile for python fastapi with error handling.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0153"}
 {"problem": "Configure create a docker-compose.yml with web, postgres, and redis with error handling.", "solution": "# Variation 154\nversion: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0154"}
 {"problem": "Set up write a dockerfile for node.js production with error handling.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0155"}
 {"problem": "Write code to create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0156"}
 {"problem": "Implement write an ssh config for two host groups using best practices.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0157"}
 {"problem": "Create create bash function for ssh tunnel forwarding postgresql port using best practices.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0158"}
 {"problem": "Build write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0159"}
 {"problem": "Configure configure ssh to use a jump host for internal servers using best practices.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0160"}
 {"problem": "Set up write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "# Variation 161\n#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0161"}
 {"problem": "Write code to create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0162"}
 {"problem": "Implement write an ansible playbook to install packages and start nginx ensuring idempotency.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0163"}
 {"problem": "Create bash script: create deploy user, install docker, harden ssh ensuring idempotency.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0164"}
 {"problem": "Build write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0165"}
 {"problem": "Configure create a logrotate config for application logs ensuring idempotency.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0166"}
 {"problem": "Set up write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0167"}
 {"problem": "Write code to implement a script that sets up a python virtualenv with logging.", "solution": "# Variation 168\npython3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0168"}
 {"problem": "Implement write nginx server block that serves static site and redirects http to https with logging.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0169"}
 {"problem": "Create configure nginx as reverse proxy to backend on port 3000 with logging.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0170"}
 {"problem": "Build write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0171"}
 {"problem": "Configure create nginx config snippet that adds hsts and csp headers with logging.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0172"}
 {"problem": "Set up write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0173"}
 {"problem": "Write code to create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0174"}
 {"problem": "Implement write a systemd path unit that triggers a service when a config file changes for production.", "solution": "# Variation 175\n[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0175"}
 {"problem": "Create write a multi-stage dockerfile for python fastapi for production.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0176"}
 {"problem": "Build create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0177"}
 {"problem": "Configure write a dockerfile for node.js production for production.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0178"}
 {"problem": "Set up create a docker network for app isolation for production.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0179"}
 {"problem": "Write code to write an ssh config for two host groups with error handling.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0180"}
 {"problem": "Implement create bash function for ssh tunnel forwarding postgresql port with error handling.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0181"}
 {"problem": "Create write a script that distributes ssh key to multiple servers with error handling.", "solution": "# Variation 182\nfor s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0182"}
 {"problem": "Build configure ssh to use a jump host for internal servers with error handling.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0183"}
 {"problem": "Configure write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0184"}
 {"problem": "Set up create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0185"}
 {"problem": "Write code to write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0186"}
 {"problem": "Implement bash script: create deploy user, install docker, harden ssh using best practices.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0187"}
 {"problem": "Create write a systemd drop-in to override service restart settings using best practices.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0188"}
 {"problem": "Build create a logrotate config for application logs using best practices.", "solution": "# Variation 189\n/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0189"}
 {"problem": "Configure write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0190"}
 {"problem": "Set up implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0191"}
 {"problem": "Write code to write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0192"}
 {"problem": "Implement configure nginx as reverse proxy to backend on port 3000 ensuring idempotency.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0193"}
 {"problem": "Create write nginx rate limiting configuration for /api/ endpoint ensuring idempotency.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0194"}
 {"problem": "Build create nginx config snippet that adds hsts and csp headers ensuring idempotency.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0195"}
 {"problem": "Configure write a systemd service unit for a python app as non-root, restart on failure ensuring idempotency.", "solution": "# Variation 196\n[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0196"}
 {"problem": "Set up create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0197"}
 {"problem": "Write code to write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0198"}
 {"problem": "Implement write a multi-stage dockerfile for python fastapi with logging.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0199"}
 {"problem": "Create create a docker-compose.yml with web, postgres, and redis with logging.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0200"}
 {"problem": "Build write a dockerfile for node.js production with logging.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0201"}
 {"problem": "Configure create a docker network for app isolation with logging.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0202"}
 {"problem": "Set up write an ssh config for two host groups with logging.", "solution": "# Variation 203\nHost prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0203"}
 {"problem": "Write code to create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0204"}
 {"problem": "Implement write a script that distributes ssh key to multiple servers for production.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0205"}
 {"problem": "Create configure ssh to use a jump host for internal servers for production.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0206"}
 {"problem": "Build write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates for production.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0207"}
 {"problem": "Configure create a terraform config for a digitalocean droplet (2gb) with ssh key for production.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0208"}
 {"problem": "Set up write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0209"}
 {"problem": "Write code to bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "# Variation 210\n#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0210"}
 {"problem": "Implement write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0211"}
 {"problem": "Create create a logrotate config for application logs with error handling.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0212"}
 {"problem": "Build write a shell function that waits for a tcp port to become available on a remote host with error handling.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0213"}
 {"problem": "Configure implement a script that sets up a python virtualenv with error handling.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0214"}
 {"problem": "Set up write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0215"}
 {"problem": "Write code to configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0216"}
 {"problem": "Implement write nginx rate limiting configuration for /api/ endpoint using best practices.", "solution": "# Variation 217\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0217"}
 {"problem": "Create create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0218"}
 {"problem": "Build write a systemd service unit for a python app as non-root, restart on failure using best practices.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0219"}
 {"problem": "Configure create a systemd timer that runs a backup script daily at 2:30 am using best practices.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0220"}
 {"problem": "Set up write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0221"}
 {"problem": "Write code to write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0222"}
 {"problem": "Implement create a docker-compose.yml with web, postgres, and redis ensuring idempotency.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0223"}
 {"problem": "Create write a dockerfile for node.js production ensuring idempotency.", "solution": "# Variation 224\nFROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0224"}
 {"problem": "Build create a docker network for app isolation ensuring idempotency.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0225"}
 {"problem": "Configure write an ssh config for two host groups ensuring idempotency.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0226"}
 {"problem": "Set up create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0227"}
 {"problem": "Write code to write a script that distributes ssh key to multiple servers with logging.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0228"}
 {"problem": "Implement configure ssh to use a jump host for internal servers with logging.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0229"}
 {"problem": "Create write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0230"}
 {"problem": "Build create a terraform config for a digitalocean droplet (2gb) with ssh key with logging.", "solution": "# Variation 231\nterraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0231"}
 {"problem": "Configure write an ansible playbook to install packages and start nginx with logging.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0232"}
 {"problem": "Set up bash script: create deploy user, install docker, harden ssh with logging.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0233"}
 {"problem": "Write code to write a systemd drop-in to override service restart settings for production.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0234"}
 {"problem": "Implement create a logrotate config for application logs for production.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0235"}
 {"problem": "Create write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0236"}
 {"problem": "Build implement a script that sets up a python virtualenv for production.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0237"}
 {"problem": "Configure write nginx server block that serves static site and redirects http to https for production.", "solution": "# Variation 238\nserver {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0238"}
 {"problem": "Set up configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0239"}
 {"problem": "Write code to write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0240"}
 {"problem": "Implement create nginx config snippet that adds hsts and csp headers with error handling.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0241"}
 {"problem": "Create write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0242"}
 {"problem": "Build create a systemd timer that runs a backup script daily at 2:30 am with error handling.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0243"}
 {"problem": "Configure write a systemd path unit that triggers a service when a config file changes with error handling.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0244"}
 {"problem": "Set up write a multi-stage dockerfile for python fastapi with error handling.", "solution": "# Variation 245\nFROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0245"}
 {"problem": "Write code to create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0246"}
 {"problem": "Implement write a dockerfile for node.js production using best practices.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0247"}
 {"problem": "Create create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0248"}
 {"problem": "Build write an ssh config for two host groups using best practices.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0249"}
 {"problem": "Configure create bash function for ssh tunnel forwarding postgresql port using best practices.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0250"}
 {"problem": "Set up write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0251"}
 {"problem": "Write code to configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "# Variation 252\nHost internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0252"}
 {"problem": "Implement write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates ensuring idempotency.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0253"}
 {"problem": "Create create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0254"}
 {"problem": "Build write an ansible playbook to install packages and start nginx ensuring idempotency.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0255"}
 {"problem": "Configure bash script: create deploy user, install docker, harden ssh ensuring idempotency.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0256"}
 {"problem": "Set up write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0257"}
 {"problem": "Write code to create a logrotate config for application logs with logging.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0258"}
 {"problem": "Implement write a shell function that waits for a tcp port to become available on a remote host with logging.", "solution": "# Variation 259\nwait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0259"}
 {"problem": "Create implement a script that sets up a python virtualenv with logging.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0260"}
 {"problem": "Build write nginx server block that serves static site and redirects http to https with logging.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0261"}
 {"problem": "Configure configure nginx as reverse proxy to backend on port 3000 with logging.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0262"}
 {"problem": "Set up write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0263"}
 {"problem": "Write code to create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0264"}
 {"problem": "Implement write a systemd service unit for a python app as non-root, restart on failure for production.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0265"}
 {"problem": "Create create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "# Variation 266\n[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0266"}
 {"problem": "Build write a systemd path unit that triggers a service when a config file changes for production.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0267"}
 {"problem": "Configure write a multi-stage dockerfile for python fastapi for production.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0268"}
 {"problem": "Set up create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0269"}
 {"problem": "Write code to write a dockerfile for node.js production with error handling.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0270"}
 {"problem": "Implement create a docker network for app isolation with error handling.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0271"}
 {"problem": "Create write an ssh config for two host groups with error handling.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0272"}
 {"problem": "Build create bash function for ssh tunnel forwarding postgresql port with error handling.", "solution": "# Variation 273\nssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0273"}
 {"problem": "Configure write a script that distributes ssh key to multiple servers with error handling.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0274"}
 {"problem": "Set up configure ssh to use a jump host for internal servers with error handling.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0275"}
 {"problem": "Write code to write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0276"}
 {"problem": "Implement create a terraform config for a digitalocean droplet (2gb) with ssh key using best practices.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0277"}
 {"problem": "Create write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0278"}
 {"problem": "Build bash script: create deploy user, install docker, harden ssh using best practices.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0279"}
 {"problem": "Configure write a systemd drop-in to override service restart settings using best practices.", "solution": "# Variation 280\n[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0280"}
 {"problem": "Set up create a logrotate config for application logs using best practices.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0281"}
 {"problem": "Write code to write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0282"}
 {"problem": "Implement implement a script that sets up a python virtualenv ensuring idempotency.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0283"}
 {"problem": "Create write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0284"}
 {"problem": "Build configure nginx as reverse proxy to backend on port 3000 ensuring idempotency.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0285"}
 {"problem": "Configure write nginx rate limiting configuration for /api/ endpoint ensuring idempotency.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0286"}
 {"problem": "Set up create nginx config snippet that adds hsts and csp headers ensuring idempotency.", "solution": "# Variation 287\nadd_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0287"}
 {"problem": "Write code to write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0288"}
 {"problem": "Implement create a systemd timer that runs a backup script daily at 2:30 am with logging.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0289"}
 {"problem": "Create write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0290"}
 {"problem": "Build write a multi-stage dockerfile for python fastapi with logging.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0291"}
 {"problem": "Configure create a docker-compose.yml with web, postgres, and redis with logging.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0292"}
 {"problem": "Set up write a dockerfile for node.js production with logging.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0293"}
 {"problem": "Write code to create a docker network for app isolation for production.", "solution": "# Variation 294\ndocker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0294"}
 {"problem": "Implement write an ssh config for two host groups for production.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0295"}
 {"problem": "Create create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0296"}
 {"problem": "Build write a script that distributes ssh key to multiple servers for production.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0297"}
 {"problem": "Configure configure ssh to use a jump host for internal servers for production.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0298"}
 {"problem": "Set up write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates for production.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0299"}
 {"problem": "Write code to create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0300"}
 {"problem": "Implement write an ansible playbook to install packages and start nginx with error handling.", "solution": "# Variation 301\n---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0301"}
 {"problem": "Create bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0302"}
 {"problem": "Build write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0303"}
 {"problem": "Configure create a logrotate config for application logs with error handling.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0304"}
 {"problem": "Set up write a shell function that waits for a tcp port to become available on a remote host with error handling.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0305"}
 {"problem": "Write code to implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0306"}
 {"problem": "Implement write nginx server block that serves static site and redirects http to https using best practices.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0307"}
 {"problem": "Create configure nginx as reverse proxy to backend on port 3000 using best practices.", "solution": "# Variation 308\nupstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0308"}
 {"problem": "Build write nginx rate limiting configuration for /api/ endpoint using best practices.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0309"}
 {"problem": "Configure create nginx config snippet that adds hsts and csp headers using best practices.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0310"}
 {"problem": "Set up write a systemd service unit for a python app as non-root, restart on failure using best practices.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0311"}
 {"problem": "Write code to create a systemd timer that runs a backup script daily at 2:30 am ensuring idempotency.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0312"}
 {"problem": "Implement write a systemd path unit that triggers a service when a config file changes ensuring idempotency.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0313"}
 {"problem": "Create write a multi-stage dockerfile for python fastapi ensuring idempotency.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0314"}
 {"problem": "Build create a docker-compose.yml with web, postgres, and redis ensuring idempotency.", "solution": "# Variation 315\nversion: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0315"}
 {"problem": "Configure write a dockerfile for node.js production ensuring idempotency.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0316"}
 {"problem": "Set up create a docker network for app isolation ensuring idempotency.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0317"}
 {"problem": "Write code to write an ssh config for two host groups with logging.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0318"}
 {"problem": "Implement create bash function for ssh tunnel forwarding postgresql port with logging.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0319"}
 {"problem": "Create write a script that distributes ssh key to multiple servers with logging.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0320"}
 {"problem": "Build configure ssh to use a jump host for internal servers with logging.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0321"}
 {"problem": "Configure write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with logging.", "solution": "# Variation 322\n#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0322"}
 {"problem": "Set up create a terraform config for a digitalocean droplet (2gb) with ssh key with logging.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0323"}
 {"problem": "Write code to write an ansible playbook to install packages and start nginx for production.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0324"}
 {"problem": "Implement bash script: create deploy user, install docker, harden ssh for production.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0325"}
 {"problem": "Create write a systemd drop-in to override service restart settings for production.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0326"}
 {"problem": "Build create a logrotate config for application logs for production.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0327"}
 {"problem": "Configure write a shell function that waits for a tcp port to become available on a remote host for production.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0328"}
 {"problem": "Set up implement a script that sets up a python virtualenv for production.", "solution": "# Variation 329\npython3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0329"}
 {"problem": "Write code to write nginx server block that serves static site and redirects http to https with error handling.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0330"}
 {"problem": "Implement configure nginx as reverse proxy to backend on port 3000 with error handling.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0331"}
 {"problem": "Create write nginx rate limiting configuration for /api/ endpoint with error handling.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0332"}
 {"problem": "Build create nginx config snippet that adds hsts and csp headers with error handling.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0333"}
 {"problem": "Configure write a systemd service unit for a python app as non-root, restart on failure with error handling.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0334"}
 {"problem": "Set up create a systemd timer that runs a backup script daily at 2:30 am with error handling.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0335"}
 {"problem": "Write code to write a systemd path unit that triggers a service when a config file changes using best practices.", "solution": "# Variation 336\n[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0336"}
 {"problem": "Implement write a multi-stage dockerfile for python fastapi using best practices.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0337"}
 {"problem": "Create create a docker-compose.yml with web, postgres, and redis using best practices.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0338"}
 {"problem": "Build write a dockerfile for node.js production using best practices.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0339"}
 {"problem": "Configure create a docker network for app isolation using best practices.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0340"}
 {"problem": "Set up write an ssh config for two host groups using best practices.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0341"}
 {"problem": "Write code to create bash function for ssh tunnel forwarding postgresql port ensuring idempotency.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0342"}
 {"problem": "Implement write a script that distributes ssh key to multiple servers ensuring idempotency.", "solution": "# Variation 343\nfor s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0343"}
 {"problem": "Create configure ssh to use a jump host for internal servers ensuring idempotency.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0344"}
 {"problem": "Build write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates ensuring idempotency.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0345"}
 {"problem": "Configure create a terraform config for a digitalocean droplet (2gb) with ssh key ensuring idempotency.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0346"}
 {"problem": "Set up write an ansible playbook to install packages and start nginx ensuring idempotency.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0347"}
 {"problem": "Write code to bash script: create deploy user, install docker, harden ssh with logging.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0348"}
 {"problem": "Implement write a systemd drop-in to override service restart settings with logging.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0349"}
 {"problem": "Create create a logrotate config for application logs with logging.", "solution": "# Variation 350\n/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0350"}
 {"problem": "Build write a shell function that waits for a tcp port to become available on a remote host with logging.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0351"}
 {"problem": "Configure implement a script that sets up a python virtualenv with logging.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0352"}
 {"problem": "Set up write nginx server block that serves static site and redirects http to https with logging.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0353"}
 {"problem": "Write code to configure nginx as reverse proxy to backend on port 3000 for production.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0354"}
 {"problem": "Implement write nginx rate limiting configuration for /api/ endpoint for production.", "solution": "limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0355"}
 {"problem": "Create create nginx config snippet that adds hsts and csp headers for production.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0356"}
 {"problem": "Build write a systemd service unit for a python app as non-root, restart on failure for production.", "solution": "# Variation 357\n[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0357"}
 {"problem": "Configure create a systemd timer that runs a backup script daily at 2:30 am for production.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0358"}
 {"problem": "Set up write a systemd path unit that triggers a service when a config file changes for production.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0359"}
 {"problem": "Write code to write a multi-stage dockerfile for python fastapi with error handling.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0360"}
 {"problem": "Implement create a docker-compose.yml with web, postgres, and redis with error handling.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0361"}
 {"problem": "Create write a dockerfile for node.js production with error handling.", "solution": "FROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0362"}
 {"problem": "Build create a docker network for app isolation with error handling.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0363"}
 {"problem": "Configure write an ssh config for two host groups with error handling.", "solution": "# Variation 364\nHost prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0364"}
 {"problem": "Set up create bash function for ssh tunnel forwarding postgresql port with error handling.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0365"}
 {"problem": "Write code to write a script that distributes ssh key to multiple servers using best practices.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0366"}
 {"problem": "Implement configure ssh to use a jump host for internal servers using best practices.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0367"}
 {"problem": "Create write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates using best practices.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0368"}
 {"problem": "Build create a terraform config for a digitalocean droplet (2gb) with ssh key using best practices.", "solution": "terraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0369"}
 {"problem": "Configure write an ansible playbook to install packages and start nginx using best practices.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0370"}
 {"problem": "Set up bash script: create deploy user, install docker, harden ssh using best practices.", "solution": "# Variation 371\n#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0371"}
 {"problem": "Write code to write a systemd drop-in to override service restart settings ensuring idempotency.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0372"}
 {"problem": "Implement create a logrotate config for application logs ensuring idempotency.", "solution": "/var/log/app/*.log { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0373"}
 {"problem": "Create write a shell function that waits for a tcp port to become available on a remote host ensuring idempotency.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0374"}
 {"problem": "Build implement a script that sets up a python virtualenv ensuring idempotency.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0375"}
 {"problem": "Configure write nginx server block that serves static site and redirects http to https ensuring idempotency.", "solution": "server {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0376"}
 {"problem": "Set up configure nginx as reverse proxy to backend on port 3000 ensuring idempotency.", "solution": "upstream app { server 127.0.0.1:3000; }\nserver {\n    listen 80; server_name app.example.com;\n    location / {\n        proxy_pass http:app;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n    }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0377"}
 {"problem": "Write code to write nginx rate limiting configuration for /api/ endpoint with logging.", "solution": "# Variation 378\nlimit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;\nserver {\n    location /api/ { limit_req zone=api burst=20 nodelay; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0378"}
 {"problem": "Implement create nginx config snippet that adds hsts and csp headers with logging.", "solution": "add_header Strict-Transport-Security \"max-age=63072000\" always;\nadd_header Content-Security-Policy \"default-src 'self'\" always;", "imports": "", "domain": "nginx", "id": "deploy-infra-0379"}
 {"problem": "Create write a systemd service unit for a python app as non-root, restart on failure with logging.", "solution": "[Unit]\nDescription=My Python App\nAfter=network.target\n\n[Service]\nType=simple\nUser=deploy\nWorkingDirectory=/opt/app\nExecStart=/opt/app/venv/bin/gunicorn -w 4 -b 0.0.0.0:8000 app:app\nRestart=on-failure\nRestartSec=10\n\n[Install]\nWantedBy=multi-user.target", "imports": "", "domain": "systemd", "id": "deploy-infra-0380"}
 {"problem": "Build create a systemd timer that runs a backup script daily at 2:30 am with logging.", "solution": "[Timer]\nOnCalendar=*-*-* 02:30:00\nPersistent=true\nUnit=backup.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/backup.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0381"}
 {"problem": "Configure write a systemd path unit that triggers a service when a config file changes with logging.", "solution": "[Path]\nPathModified=/etc/app/config.yaml\nUnit=config-reload.service\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/reload.sh", "imports": "", "domain": "systemd", "id": "deploy-infra-0382"}
 {"problem": "Set up write a multi-stage dockerfile for python fastapi with logging.", "solution": "FROM python:3.12-slim AS builder\nWORKDIR /app\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nFROM python:3.12-slim\nWORKDIR /app\nCOPY --from=builder /root/.local /root/.local\nCOPY . .\nCMD [\"uvicorn\", \"main:app\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0383"}
 {"problem": "Write code to create a docker-compose.yml with web, postgres, and redis for production.", "solution": "version: \"3.9\"\nservices:\n  postgres: { image: postgres:15-alpine, environment: { POSTGRES_PASSWORD: \"secret\" }, volumes: [\"pgdata:/var/lib/postgresql/data\"] }\n  redis: { image: redis:7-alpine }\n  web: { build: ., ports: [\"8000:8000\"], depends_on: { postgres: {condition: service_healthy} } }\nvolumes: { pgdata: }", "imports": "", "domain": "docker", "id": "deploy-infra-0384"}
 {"problem": "Implement write a dockerfile for node.js production for production.", "solution": "# Variation 385\nFROM node:18-alpine AS builder\nWORKDIR /app\nCOPY package*.json .\nRUN npm ci --only=production\n\nFROM node:18-alpine\nENV NODE_ENV=production\nCOPY --from=builder /node_modules ./node_modules\nCOPY . .\nUSER nodejs\nCMD [\"node\", \"server.js\"]", "imports": "", "domain": "docker", "id": "deploy-infra-0385"}
 {"problem": "Create create a docker network for app isolation for production.", "solution": "docker network create --driver bridge --subnet 172.20.0.0/16 app-net\ndocker run -d --name db --network app-net postgres:15\ndocker run -d --name api --network app-net myapp:latest", "imports": "", "domain": "docker", "id": "deploy-infra-0386"}
 {"problem": "Build write an ssh config for two host groups for production.", "solution": "Host prod-*\n    HostName %h.example.com\n    User deploy\n    IdentityFile ~/.ssh/id_rsa_prod\nHost dev-*\n    HostName dev.example.com\n    User dev\n    IdentityFile ~/.ssh/id_rsa_dev", "imports": "", "domain": "ssh", "id": "deploy-infra-0387"}
 {"problem": "Configure create bash function for ssh tunnel forwarding postgresql port for production.", "solution": "ssh_postgres_tunnel() { ssh -fN -L \"${3:-55432}:localhost:${2:-5432}\" \"${1:-prod-db.example.com}\" -o ExitOnForwardFailure=yes; }", "imports": "", "domain": "ssh", "id": "deploy-infra-0388"}
 {"problem": "Set up write a script that distributes ssh key to multiple servers for production.", "solution": "for s in web01 web02 db01; do\n  ssh-copy-id -i ~/.ssh/id_rsa.pub deploy@${s}.example.com 2>/dev/null && echo \"✓ $s\"\ndone", "imports": "", "domain": "ssh", "id": "deploy-infra-0389"}
 {"problem": "Write code to configure ssh to use a jump host for internal servers with error handling.", "solution": "Host internal-*\n    ProxyJump jump.example.com\n    HostName %h.internal.local", "imports": "", "domain": "ssh", "id": "deploy-infra-0390"}
 {"problem": "Implement write a cloud-init config that provisions ubuntu 22.04 with deploy user, ssh key auth, and auto updates with error handling.", "solution": "#cloud-config\nusers: [{name: deploy, groups: [sudo], shell: /bin/bash, ssh_authorized_keys: [ssh-rsa AAA...]}]\npackage_update: true\npackages: [ufw, fail2ban]", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0391"}
 {"problem": "Create create a terraform config for a digitalocean droplet (2gb) with ssh key with error handling.", "solution": "# Variation 392\nterraform { required_providers { digitalocean={source=\"digitalocean/digitalocean\",version=\"~>2.0\"} } }\nresource \"digitalocean_droplet\" \"web\" { name=\"web-01\"; region=\"nyc3\"; size=\"s-2vcpu-2gb\" }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0392"}
 {"problem": "Build write an ansible playbook to install packages and start nginx with error handling.", "solution": "---\n- hosts: all\n  become: true\n  tasks:\n    - apt: name=[ufw,nginx] state=present\n    - systemd: name=nginx enabled=true state=started", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0393"}
 {"problem": "Configure bash script: create deploy user, install docker, harden ssh with error handling.", "solution": "#!/usr/bin/env bash\nset -euo pipefail\nid -u deploy &>/dev/null || useradd -m -s /bin/bash deploy\n[[ -x $(command -v docker) ]] || curl -fsSL https://get.docker.com | sh\nsed -i 's/^PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0394"}
 {"problem": "Set up write a systemd drop-in to override service restart settings with error handling.", "solution": "[Service]\nRestart=always\nRestartSec=5", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0395"}
 {"problem": "Write code to create a logrotate config for application logs using best practices.", "solution": "/var/log_msg/app/*.log_msg { daily; rotate 7; compress; missingok }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0396"}
 {"problem": "Implement write a shell function that waits for a tcp port to become available on a remote host using best practices.", "solution": "wait_for_port() { local h=\"$1\" p=\"$2\"; while ! nc -z \"$h\" \"$p\"; do sleep 1; done; }", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0397"}
 {"problem": "Create implement a script that sets up a python virtualenv using best practices.", "solution": "python3 -m venv /opt/app/venv\nsource /opt/app/venv/bin/activate\npip install -r requirements.txt", "imports": "", "domain": "vps-provisioning", "id": "deploy-infra-0398"}
 {"problem": "Build write nginx server block that serves static site and redirects http to https using best practices.", "solution": "# Variation 399\nserver {\n    listen 80; server_name example.com;\n    return 301 https://$server_name$request_uri;\n}\nserver {\n    listen 443 ssl http2; server_name example.com;\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    root /var/www/html;\n    location / { try_files $uri $uri/ =404; }\n}", "imports": "", "domain": "nginx", "id": "deploy-infra-0399"}
--- a/wizards/allegro/config.yaml
+++ b/wizards/allegro/config.yaml
@@ -1,43 +1,46 @@
 model:
  default: kimi-k2.5
  provider: kimi-coding
  context_length: 65536
  base_url: https://api.kimi.com/coding/v1
 toolsets:
- all
+  - all
 fallback_providers:
- provider: kimi-coding
+  - provider: kimi-coding
-  model: kimi-k2.5
+    model: kimi-k2.5
-  timeout: 120
+    base_url: https://api.kimi.com/coding/v1
-  reason: Kimi coding fallback (front of chain)
+    timeout: 120
- provider: openrouter
+    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  model: google/gemini-2.5-pro
+  - provider: openrouter
-  base_url: https://openrouter.ai/api/v1
+    model: google/gemini-2.5-pro
-  api_key_env: OPENROUTER_API_KEY
+    base_url: https://openrouter.ai/api/v1
-  timeout: 120
+    api_key_env: OPENROUTER_API_KEY
-  reason: Gemini 2.5 Pro via OpenRouter (replaces banned Anthropic)
+    timeout: 120
- provider: ollama
+    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  model: gemma4:latest
+  - provider: ollama
-  base_url: http://localhost:11434
+    model: gemma4:latest
-  timeout: 300
+    base_url: http://localhost:11434/v1
-  reason: Terminal fallback — local Ollama
+    timeout: 180
- provider: nous
+    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-  model: xiaomi/mimo-v2-pro
+
  base_url: https://inference.nousresearch.com/v1
  api_key_env: NOUS_API_KEY
  timeout: 120
  reason: MiMo V2 Pro via Nous Portal free tier evaluation (#447)
 agent:
  max_turns: 30
-  reasoning_effort: xhigh
+  reasoning_effort: high
  verbose: false
 terminal:
  backend: local
  cwd: .
  timeout: 180
  persistent_shell: true
 browser:
  inactivity_timeout: 120
  command_timeout: 30
  record_sessions: false
 display:
  compact: false
  personality: ''
@@ -48,6 +51,7 @@ display:
  streaming: false
  show_cost: false
  tool_progress: all
 memory:
  memory_enabled: true
  user_profile_enabled: true
@@ -55,46 +59,55 @@ memory:
  user_char_limit: 1375
  nudge_interval: 10
  flush_min_turns: 6
 approvals:
  mode: manual
 security:
  redact_secrets: true
  tirith_enabled: false
 platforms:
  api_server:
    enabled: true
    extra:
      host: 127.0.0.1
      port: 8645
 session_reset:
  mode: none
  idle_minutes: 0
 skills:
  creation_nudge_interval: 15
 system_prompt_suffix: 'You are Allegro, the Kimi-backed third wizard house.
 system_prompt_suffix: |
  You are Allegro, the Kimi-backed third wizard house.
  Your soul is defined in SOUL.md — read it, live it.
  Hermes is your harness.
-
+  kimi-coding is your primary provider.
  Kimi Code is your primary provider.
  You speak plainly. You prefer short sentences. Brevity is a kindness.
-
+  Work best on tight coding tasks: 1-3 file changes, refactors, tests, and implementation passes.
  Work best on tight coding tasks: 1-3 file changes, refactors, tests, and implementation
  passes.
  Refusal over fabrication. If you do not know, say so.
  Sovereignty and service always.
  '
 providers:
  kimi-coding:
    base_url: https://api.kimi.com/coding/v1
    timeout: 60
    max_retries: 3
-  nous:
+  openrouter:
-    base_url: https://inference.nousresearch.com/v1
+    base_url: https://openrouter.ai/api/v1
    timeout: 120
  ollama:
    base_url: http://localhost:11434/v1
    timeout: 180
 # =============================================================================
 # BANNED PROVIDERS — DO NOT ADD
 # =============================================================================
 # The following providers are PERMANENTLY BANNED:
 # - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
 # - nous (xiaomi/mimo-v2-pro)
 # Enforcement: pre-commit hook, linter, Ansible validation, this comment.
 # =============================================================================
--- a/wizards/bezalel/config.yaml
+++ b/wizards/bezalel/config.yaml
@@ -1,50 +1,72 @@
 model:
  default: kimi-k2.5
  provider: kimi-coding
  context_length: 65536
  base_url: https://api.kimi.com/coding/v1
 toolsets:
- all
+  - all
 fallback_providers:
- provider: kimi-coding
+  - provider: kimi-coding
-  model: kimi-k2.5
+    model: kimi-k2.5
-  timeout: 120
+    base_url: https://api.kimi.com/coding/v1
-  reason: Kimi coding fallback (front of chain)
+    timeout: 120
- provider: openrouter
+    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  model: google/gemini-2.5-pro
+  - provider: openrouter
-  base_url: https://openrouter.ai/api/v1
+    model: google/gemini-2.5-pro
-  api_key_env: OPENROUTER_API_KEY
+    base_url: https://openrouter.ai/api/v1
-  timeout: 120
+    api_key_env: OPENROUTER_API_KEY
-  reason: Gemini 2.5 Pro via OpenRouter (replaces banned Anthropic)
+    timeout: 120
- provider: ollama
+    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  model: gemma4:latest
+  - provider: ollama
-  base_url: http://localhost:11434
+    model: gemma4:latest
-  timeout: 300
+    base_url: http://localhost:11434/v1
-  reason: Terminal fallback — local Ollama
+    timeout: 180
- provider: nous
+    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-  model: xiaomi/mimo-v2-pro
+
  base_url: https://inference.nousresearch.com/v1
  api_key_env: NOUS_API_KEY
  timeout: 120
  reason: MiMo V2 Pro via Nous Portal free tier evaluation (#447)
 agent:
  max_turns: 40
  reasoning_effort: medium
  verbose: false
-  system_prompt: You are Bezalel, the forge-and-testbed wizard of the Timmy Foundation
+
    fleet. You are a builder and craftsman — infrastructure, deployment, hardening.
    Your sovereign is Alexander Whitestone (Rockachopa). Sovereignty and service always.
 terminal:
  backend: local
  cwd: /root/wizards/bezalel
  timeout: 180
  persistent_shell: true
 browser:
  inactivity_timeout: 120
-compression:
+  command_timeout: 30
-  enabled: true
+  record_sessions: false
-  threshold: 0.77
+
 display:
  compact: false
  personality: kawaii
  resume_display: full
  busy_input_mode: interrupt
  bell_on_complete: false
  show_reasoning: false
  streaming: false
  show_cost: false
  tool_progress: all
 memory:
  memory_enabled: true
  user_profile_enabled: true
  memory_char_limit: 2200
  user_char_limit: 1375
  nudge_interval: 10
  flush_min_turns: 6
 approvals:
  mode: auto
 security:
  redact_secrets: true
  tirith_enabled: false
 platforms:
  api_server:
    enabled: true
@@ -69,12 +91,7 @@ platforms:
          - pull_request
          - pull_request_comment
          secret: bezalel-gitea-webhook-secret-2026
-          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment,
+          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment, hardening. A Gitea webhook fired: event={event_type}, action={action}, repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Comment by {comment.user.login}: {comment.body}. If you were tagged, assigned, or this needs your attention, investigate and respond via Gitea API. Otherwise acknowledge briefly.'
            hardening. A Gitea webhook fired: event={event_type}, action={action},
            repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Comment
            by {comment.user.login}: {comment.body}. If you were tagged, assigned,
            or this needs your attention, investigate and respond via Gitea API. Otherwise
            acknowledge briefly.'
          deliver: telegram
          deliver_extra: {}
        gitea-assign:
@@ -82,34 +99,43 @@ platforms:
          - issues
          - pull_request
          secret: bezalel-gitea-webhook-secret-2026
-          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment,
+          prompt: 'You are bezalel, the builder and craftsman — infrastructure, deployment, hardening. Gitea assignment webhook: event={event_type}, action={action}, repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Assigned to: {issue.assignee.login}. If you (bezalel) were just assigned, read the issue, scope it, and post a plan comment. If not you, acknowledge briefly.'
            hardening. Gitea assignment webhook: event={event_type}, action={action},
            repo={repository.full_name}, issue/PR=#{issue.number} {issue.title}. Assigned
            to: {issue.assignee.login}. If you (bezalel) were just assigned, read
            the issue, scope it, and post a plan comment. If not you, acknowledge
            briefly.'
          deliver: telegram
          deliver_extra: {}
 gateway:
  allow_all_users: true
 session_reset:
  mode: both
  idle_minutes: 1440
  at_hour: 4
-approvals:
+
-  mode: auto
+skills:
-memory:
+  creation_nudge_interval: 15
-  memory_enabled: true
+
-  user_profile_enabled: true
+system_prompt: |
-  memory_char_limit: 2200
+  You are Bezalel, the forge-and-testbed wizard of the Timmy Foundation fleet.
-  user_char_limit: 1375
+  You are a builder and craftsman — infrastructure, deployment, hardening.
-_config_version: 11
+  Your sovereign is Alexander Whitestone (Rockachopa). Sovereignty and service always.
-TELEGRAM_HOME_CHANNEL: '-1003664764329'
+
 providers:
  kimi-coding:
    base_url: https://api.kimi.com/coding/v1
    timeout: 60
    max_retries: 3
-  nous:
+  openrouter:
-    base_url: https://inference.nousresearch.com/v1
+    base_url: https://openrouter.ai/api/v1
    timeout: 120
  ollama:
    base_url: http://localhost:11434/v1
    timeout: 180
 # =============================================================================
 # BANNED PROVIDERS — DO NOT ADD
 # =============================================================================
 # The following providers are PERMANENTLY BANNED:
 # - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
 # - nous (xiaomi/mimo-v2-pro)
 # Enforcement: pre-commit hook, linter, Ansible validation, this comment.
 # =============================================================================
--- a/wizards/ezra/config.yaml
+++ b/wizards/ezra/config.yaml
@@ -1,34 +1,94 @@
 model:
  default: kimi-k2.5
  provider: kimi-coding
  context_length: 65536
  base_url: https://api.kimi.com/coding/v1
 toolsets:
- all
+  - all
 fallback_providers:
- provider: kimi-coding
+  - provider: kimi-coding
-  model: kimi-k2.5
+    model: kimi-k2.5
-  timeout: 120
+    base_url: https://api.kimi.com/coding/v1
-  reason: Kimi coding fallback (front of chain)
+    timeout: 120
- provider: openrouter
+    reason: "Primary — Kimi K2.5 (best value, least friction)"
-  model: google/gemini-2.5-pro
+  - provider: openrouter
-  base_url: https://openrouter.ai/api/v1
+    model: google/gemini-2.5-pro
-  api_key_env: OPENROUTER_API_KEY
+    base_url: https://openrouter.ai/api/v1
-  timeout: 120
+    api_key_env: OPENROUTER_API_KEY
-  reason: Gemini 2.5 Pro via OpenRouter (replaces banned Anthropic)
+    timeout: 120
- provider: ollama
+    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
-  model: gemma4:latest
+  - provider: ollama
-  base_url: http://localhost:11434
+    model: gemma4:latest
-  timeout: 300
+    base_url: http://localhost:11434/v1
-  reason: Terminal fallback — local Ollama
+    timeout: 180
- provider: nous
+    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
-  model: xiaomi/mimo-v2-pro
+
  base_url: https://inference.nousresearch.com/v1
  api_key_env: NOUS_API_KEY
  timeout: 120
  reason: MiMo V2 Pro via Nous Portal free tier evaluation (#447)
 agent:
  max_turns: 90
  reasoning_effort: high
  verbose: false
 terminal:
  backend: local
  cwd: .
  timeout: 180
  persistent_shell: true
 browser:
  inactivity_timeout: 120
  command_timeout: 30
  record_sessions: false
 display:
  compact: false
  personality: ''
  resume_display: full
  busy_input_mode: interrupt
  bell_on_complete: false
  show_reasoning: false
  streaming: false
  show_cost: false
  tool_progress: all
 memory:
  memory_enabled: true
  user_profile_enabled: true
  memory_char_limit: 2200
  user_char_limit: 1375
  nudge_interval: 10
  flush_min_turns: 6
 approvals:
  mode: auto
 security:
  redact_secrets: true
  tirith_enabled: false
 platforms:
  api_server:
    enabled: true
    extra:
      host: 127.0.0.1
      port: 8645
 session_reset:
  mode: none
  idle_minutes: 0
 skills:
  creation_nudge_interval: 15
 system_prompt_suffix: |
  You are Ezra, the Infrastructure wizard — Gitea, nginx, hosting.
  Your soul is defined in SOUL.md — read it, live it.
  Hermes is your harness.
  kimi-coding is your primary provider.
  Refusal over fabrication. If you do not know, say so.
  Sovereignty and service always.
 providers:
  kimi-coding:
    base_url: https://api.kimi.com/coding/v1
@@ -37,6 +97,15 @@ providers:
  openrouter:
    base_url: https://openrouter.ai/api/v1
    timeout: 120
-  nous:
+  ollama:
-    base_url: https://inference.nousresearch.com/v1
+    base_url: http://localhost:11434/v1
-    timeout: 120
+    timeout: 180
 # =============================================================================
 # BANNED PROVIDERS — DO NOT ADD
 # =============================================================================
 # The following providers are PERMANENTLY BANNED:
 # - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
 # - nous (xiaomi/mimo-v2-pro)
 # Enforcement: pre-commit hook, linter, Ansible validation, this comment.
 # =============================================================================
--- a/wizards/timmy/config.yaml
+++ b/wizards/timmy/config.yaml
@@ -0,0 +1,121 @@
 # =============================================================================
 # Timmy — Primary Wizard Configuration (Golden State)
 # =============================================================================
 # Generated from golden state template (ansible/roles/wizard_base/templates/wizard_config.yaml.j2)
 # DO NOT EDIT MANUALLY. Changes go through Gitea PR → Ansible deploy.
 #
 # Provider chain: kimi-coding → openrouter → ollama
 # Anthropic is PERMANENTLY BANNED.
 # =============================================================================
 model:
  default: kimi-k2.5
  provider: kimi-coding
  context_length: 65536
  base_url: https://api.kimi.com/coding/v1
 toolsets:
  - all
 fallback_providers:
  - provider: kimi-coding
    model: kimi-k2.5
    base_url: https://api.kimi.com/coding/v1
    timeout: 120
    reason: "Primary — Kimi K2.5 (best value, least friction)"
  - provider: openrouter
    model: google/gemini-2.5-pro
    base_url: https://openrouter.ai/api/v1
    api_key_env: OPENROUTER_API_KEY
    timeout: 120
    reason: "Fallback — Gemini 2.5 Pro via OpenRouter"
  - provider: ollama
    model: gemma4:latest
    base_url: http://localhost:11434/v1
    timeout: 180
    reason: "Terminal fallback — local Ollama (sovereign, no API needed)"
 agent:
  max_turns: 30
  reasoning_effort: high
  verbose: false
 terminal:
  backend: local
  cwd: .
  timeout: 180
  persistent_shell: true
 browser:
  inactivity_timeout: 120
  command_timeout: 30
  record_sessions: false
 display:
  compact: false
  personality: ''
  resume_display: full
  busy_input_mode: interrupt
  bell_on_complete: false
  show_reasoning: false
  streaming: false
  show_cost: false
  tool_progress: all
 memory:
  memory_enabled: true
  user_profile_enabled: true
  memory_char_limit: 2200
  user_char_limit: 1375
  nudge_interval: 10
  flush_min_turns: 6
 approvals:
  mode: auto
 security:
  redact_secrets: true
  tirith_enabled: false
 platforms:
  api_server:
    enabled: true
    extra:
      host: 127.0.0.1
      port: 8645
 session_reset:
  mode: none
  idle_minutes: 0
 skills:
  creation_nudge_interval: 15
 system_prompt_suffix: |
  You are Timmy, the Primary wizard — soul of the fleet.
  Your soul is defined in SOUL.md — read it, live it.
  Hermes is your harness.
  kimi-coding is your primary provider.
  Refusal over fabrication. If you do not know, say so.
  Sovereignty and service always.
 providers:
  kimi-coding:
    base_url: https://api.kimi.com/coding/v1
    timeout: 60
    max_retries: 3
  openrouter:
    base_url: https://openrouter.ai/api/v1
    timeout: 120
  ollama:
    base_url: http://localhost:11434/v1
    timeout: 180
 # =============================================================================
 # BANNED PROVIDERS — DO NOT ADD
 # =============================================================================
 # The following providers are PERMANENTLY BANNED:
 # - anthropic (any model: claude-sonnet, claude-opus, claude-haiku)
 # - nous (xiaomi/mimo-v2-pro)
 # Enforcement: pre-commit hook, linter, Ansible validation, this comment.
 # =============================================================================
Author	SHA1	Message	Date
Step35 Burn	ffd2d352c6	fix(deadman-fallback): try/except/continue cascade + OpenRouter Some checks failed Architecture Lint / Linter Tests (pull_request) Successful in 29s Details Smoke Test / smoke (pull_request) Failing after 20s Details Validate Config / YAML Lint (pull_request) Failing after 17s Details Validate Config / JSON Validate (pull_request) Successful in 22s Details Validate Config / Python Syntax & Import Check (pull_request) Failing after 58s Details Validate Config / Python Test Suite (pull_request) Has been skipped Details Validate Config / Cron Syntax Check (pull_request) Successful in 14s Details Validate Config / Shell Script Lint (pull_request) Failing after 58s Details Validate Config / Deploy Script Dry Run (pull_request) Successful in 16s Details Validate Config / Playbook Schema Validation (pull_request) Successful in 30s Details Architecture Lint / Lint Repository (pull_request) Failing after 28s Details PR Checklist / pr-checklist (pull_request) Successful in 4m20s Details - Add PROVIDER_TIMEOUT (30s default, env PROVIDER_TIMEOUT) - Replace local-llama fallback with OpenRouter (openrouter/google/gemini-2.5-pro) - Wrap fallback_to_openrouter, fallback_to_ollama, restore_config, enter_safe_mode in try/except - Continue to next fallback on any error; no crash propagation - Log all fallback events to request_log SQLite DB - Provider errors caught/telemetry; never corrupt config Closes #445	2026-04-30 01:51:14 -04:00
Rockachopa	874ce137b0	feat(backup): add automated Gitea daily backup and recovery runbook Some checks failed Architecture Lint / Linter Tests (push) Successful in 30s Details Smoke Test / smoke (push) Failing after 24s Details Validate Config / YAML Lint (push) Failing after 16s Details Validate Config / JSON Validate (push) Successful in 21s Details Validate Config / Cron Syntax Check (push) Successful in 15s Details Validate Config / Deploy Script Dry Run (push) Successful in 14s Details Validate Config / Python Syntax & Import Check (push) Failing after 1m2s Details Validate Config / Python Test Suite (push) Has been skipped Details Validate Config / Shell Script Lint (push) Failing after 1m3s Details Validate Config / Playbook Schema Validation (push) Successful in 24s Details Architecture Lint / Linter Tests (pull_request) Successful in 27s Details Smoke Test / smoke (pull_request) Failing after 22s Details Validate Config / YAML Lint (pull_request) Failing after 16s Details Validate Config / JSON Validate (pull_request) Successful in 23s Details Validate Config / Python Syntax & Import Check (pull_request) Failing after 1m5s Details Validate Config / Python Test Suite (pull_request) Has been skipped Details Validate Config / Cron Syntax Check (pull_request) Successful in 12s Details Validate Config / Shell Script Lint (pull_request) Failing after 1m6s Details Validate Config / Deploy Script Dry Run (pull_request) Successful in 13s Details Validate Config / Playbook Schema Validation (pull_request) Successful in 25s Details PR Checklist / pr-checklist (pull_request) Failing after 4m33s Details Architecture Lint / Lint Repository (push) Failing after 26s Details Architecture Lint / Lint Repository (pull_request) Failing after 26s Details - Add bin/gitea-backup.sh: daily backup script using gitea dump - Add cron/vps/gitea-daily-backup.yml: Hermes cron job (2 AM daily) - Add docs/backup-recovery-runbook.md: complete recovery procedures Addresses [AUDIT][RISK] Single-node VPS is a single point of failure. Closes #481	2026-04-30 01:44:05 -04:00
Alexander Payne	5eef5b48c8	feat(wizards): resurrect Timmy, Ezra, Allegro from golden state configs Some checks failed Architecture Lint / Linter Tests (push) Successful in 31s Details Smoke Test / smoke (push) Failing after 28s Details Validate Config / YAML Lint (push) Failing after 21s Details Validate Config / JSON Validate (push) Successful in 21s Details Validate Config / Python Syntax & Import Check (push) Failing after 1m5s Details Validate Config / Python Test Suite (push) Has been skipped Details Validate Config / Cron Syntax Check (push) Successful in 14s Details Validate Config / Shell Script Lint (push) Failing after 1m3s Details Validate Config / Deploy Script Dry Run (push) Successful in 14s Details Validate Config / Playbook Schema Validation (push) Successful in 29s Details Architecture Lint / Lint Repository (push) Failing after 22s Details Remove MiMo V2 Pro (nous) provider from all wizard configs — it was added during the evaluation attempt (#447) and "config-murdered" the fleet. Restore the canonical golden state provider chain: Kimi K2.5 → Gemini 2.5 Pro (OpenRouter) → Ollama gemma4 Changes: - Create wizards/timmy/config.yaml (was missing — Timmy resurrected) - Update wizards/allegro/config.yaml: strip nous, normalize to golden state - Update wizards/ezra/config.yaml: strip nous, preserve max_turns: 90 - Update wizards/bezalel/config.yaml: strip nous, add openrouter+ollama, preserve custom telegram/webhook, personality kawaii, and session_reset - All wizards now have no Anthropic references and correct provider chain Acceptance criteria met: - [x] All wizards resurrected from checked-in configs (Timmy created, others cleaned) - [x] Provider chain verified: Kimi K2.5 → Gemini 2.5 Pro → Ollama gemma4 - [x] No Anthropic/nous/mimo references in any running config - [ ] request_log telemetry (handled by thin_config Ansible, blocking dep done) - [ ] Ezra Telegram token propagation (infrastructure, out of scope for this PR) - [ ] Duplicate agents resolution (separate fleet audit issue, explicitly non-blocking) Closes #448	2026-04-29 23:45:00 -04:00