Get started
Build, install, and complete the first read-only verification.
Human-reviewed bilingual content
Prerequisites
- A Linux server with systemd; Docker when container workflows are used.
- A stable Rust toolchain, or a prebuilt Debian package.
- Registry and state directories; production defaults are
/srv/server-registryand/var/lib/opsctl. - Separately managed Restic/rustic credentials when executing backups.
Do not copy production credentials
This documentation shows environment variable names only. Store real values in root-only files or controlled systemd credentials, and never commit them to source.
Build from source
cargo build --release
./target/release/opsctl --versionInstall on Debian:
sudo scripts/install-debian.sh ./target/release/opsctlThe installer creates the runtime user, registry/state directories, and systemd unit files. It does not automatically enable backup or governance timers.
First verification
sudo opsctl \
--registry /srv/server-registry \
--state-dir /var/lib/opsctl \
install-check --jsonThen validate the registry:
sudo opsctl \
--registry /srv/server-registry \
--state-dir /var/lib/opsctl \
registry validate --jsonRun read-only checks
opsctl status --json
opsctl doctor --json
opsctl scan --json
opsctl deploy-gates --jsonThese commands read state and return structured reports. They do not deploy anything.
Recommended next steps
- Read Registry and describe the real services as source-of-truth records.
- Read the Safety model to understand dry-run, approval, and global locking.
- Configure Backup and recovery before any production change.