fix(ops): map dev VM 5700 to r630-04; add phoenix-deploy-api deploy script

Sync get_host_for_vmid with live placement for VMID 5700 (dev-vm). Add
deploy-phoenix-deploy-api-to-dev-vm.sh for pct-based install to CT 5700.

Made-with: Cursor

scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh

@@ -0,0 +1,130 @@
+#!/usr/bin/env bash
+# Deploy Phoenix Deploy API to the dev VM (canonical: VMID 5700, IP_DEV_VM).
+# Installs to /opt/phoenix-deploy-api and enables systemd (see phoenix-deploy-api/scripts/install-systemd.sh).
+#
+# Layout on the workstation: repo root must contain phoenix-deploy-api/ and
+# config/public-sector-program-manifest.json (copied into /opt by install-systemd).
+# Include phoenix-deploy-api/.env in your tree before deploy (not committed); it is packed if present.
+#
+# Requires: LAN SSH to the Proxmox node that hosts VMID 5700 (see get_host_for_vmid in
+# scripts/lib/load-project-env.sh). Default PVE: r630-02 for 5700.
+#
+# Usage:
+#   ./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --dry-run
+#   ./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --apply
+#   ./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --apply --start-ct   # pct start 5700 on PVE if stopped
+#
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+# shellcheck source=/dev/null
+source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh" 2>/dev/null || {
+  echo "ERROR: load-project-env.sh not found at ${PROJECT_ROOT}/scripts/lib/load-project-env.sh" >&2
+  exit 1
+}
+
+VMID="${PHOENIX_DEPLOY_DEV_VM_VMID:-5700}"
+PVE_HOST="${PHOENIX_DEPLOY_PVE_HOST:-$(get_host_for_vmid "$VMID")}"
+PVE_USER="${PHOENIX_DEPLOY_PVE_USER:-root}"
+SSH_OPTS="${PHOENIX_DEPLOY_SSH_OPTS:--o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new}"
+IP_DEV_VM="${IP_DEV_VM:-192.168.11.59}"
+
+DRY_RUN=1
+START_CT=0
+for a in "$@"; do
+  if [[ "$a" == "--apply" ]]; then DRY_RUN=0; fi
+  if [[ "$a" == "--dry-run" ]]; then DRY_RUN=1; fi
+  if [[ "$a" == "--start-ct" ]]; then START_CT=1; fi
+done
+
+MANIFEST="${PROJECT_ROOT}/config/public-sector-program-manifest.json"
+if [[ ! -f "$MANIFEST" ]]; then
+  echo "WARN: missing ${MANIFEST} — install on CT will warn; add file or fix path." >&2
+fi
+
+if [[ ! -d "${PROJECT_ROOT}/phoenix-deploy-api" ]]; then
+  echo "ERROR: ${PROJECT_ROOT}/phoenix-deploy-api not found." >&2
+  exit 1
+fi
+
+echo "=============================================="
+echo "Phoenix Deploy API → dev VM"
+echo "  VMID:     $VMID (expected IP: $IP_DEV_VM)"
+echo "  PVE host: ${PVE_USER}@${PVE_HOST}"
+echo "  Dry-run:  $DRY_RUN"
+echo "=============================================="
+
+REMOTE_TAR="/tmp/pda-deploy-bundle.tar.gz"
+STAGE="/tmp/proxmox-pda-stage"
+
+remote_block() {
+  # shellcheck disable=SC2029
+  ssh $SSH_OPTS "${PVE_USER}@${PVE_HOST}" "$@"
+}
+
+if [[ "$DRY_RUN" -eq 1 ]]; then
+  echo "Dry-run only. Would:"
+  echo "  1. tar czf (phoenix-deploy-api + config/public-sector-program-manifest.json)"
+  echo "  2. scp bundle → ${PVE_USER}@${PVE_HOST}:${REMOTE_TAR}"
+  echo "  3. pct push ${VMID} … /root/pda-deploy.tar.gz && pct exec ${VMID} -- install-systemd.sh"
+  echo "  4. curl http://${IP_DEV_VM}:4001/health"
+  echo "Optional: --start-ct starts VMID ${VMID} on ${PVE_HOST} if it is stopped (pct must target a running CT)."
+  echo "Re-run with --apply to execute."
+  exit 0
+fi
+
+TMP_TAR="$(mktemp /tmp/pda-deploy-XXXXXX.tar.gz)"
+cleanup() { rm -f "$TMP_TAR"; }
+trap cleanup EXIT
+
+cd "$PROJECT_ROOT"
+tar czf "$TMP_TAR" phoenix-deploy-api config/public-sector-program-manifest.json
+
+ensure_ct_running() {
+  if remote_block "pct exec ${VMID} -- true 2>/dev/null"; then
+    return 0
+  fi
+  echo "CT ${VMID} is not running or not reachable (pct exec failed)." >&2
+  if [[ "$START_CT" -eq 1 ]]; then
+    echo "Starting CT ${VMID} on ${PVE_HOST} (--start-ct)..."
+    if ! remote_block "pct start ${VMID}"; then
+      echo "pct start failed — CT may not exist on this node. Find VMID: ssh ${PVE_USER}@${PVE_HOST} \"pct list\"" >&2
+      echo "Override: PHOENIX_DEPLOY_PVE_HOST=<node-ip> PHOENIX_DEPLOY_DEV_VM_VMID=<id> $0 --apply" >&2
+      exit 1
+    fi
+    sleep 3
+    if ! remote_block "pct exec ${VMID} -- true 2>/dev/null"; then
+      echo "CT ${VMID} still not reachable after start." >&2
+      exit 1
+    fi
+    return 0
+  fi
+  echo "Start the dev VM first, e.g. on ${PVE_HOST}: pct start ${VMID}" >&2
+  echo "Or re-run with --apply --start-ct (scoped to this script only)." >&2
+  exit 1
+}
+
+run_deploy() {
+  ensure_ct_running
+  echo "[1/3] Upload bundle to PVE..."
+  scp $SSH_OPTS "$TMP_TAR" "${PVE_USER}@${PVE_HOST}:${REMOTE_TAR}"
+
+  echo "[2/3] pct push → CT ${VMID}, extract, install-systemd..."
+  remote_block bash -s <<REMOTE_EOF
+set -euo pipefail
+pct push ${VMID} ${REMOTE_TAR} /root/pda-deploy.tar.gz
+pct exec ${VMID} -- bash -c "set -euo pipefail; rm -rf ${STAGE}; mkdir -p ${STAGE}; tar xzf /root/pda-deploy.tar.gz -C ${STAGE}; cd ${STAGE} && bash phoenix-deploy-api/scripts/install-systemd.sh; rm -f /root/pda-deploy.tar.gz"
+rm -f ${REMOTE_TAR}
+REMOTE_EOF
+
+  echo "[3/3] Health check on dev VM (LAN)..."
+  if command -v curl >/dev/null 2>&1; then
+    curl -sS --max-time 10 -o /dev/null -w "  http://${IP_DEV_VM}:4001/health → HTTP %{http_code}\n" "http://${IP_DEV_VM}:4001/health" || echo "  (curl failed — check firewall or service)"
+  else
+    echo "  (curl not installed locally; skip health check)"
+  fi
+}
+
+run_deploy
+echo "Done."