DaGhE is a production-grade orchestration platform for Linux VPS environments. It manages multiple Python and Bash jobs using a Zero-Sudo architecture. By leveraging systemd user-instances, DaGhE remains entirely confined to its own directory, requiring no root privileges for day-to-day operations. New modules can be added by following the PROMPT_TEMPLATE.md specification in case you wish to vibe code.

• Zero-Sudo: Once the initial "linger" is set, the orchestrator operates without elevated privileges.
• Location-Agnostic: Automatically discovers BASE_DIR for local testing or VPS production.
• Isolated Environments: Every module manages its own dependencies via uv.
• Decoupled Data: Code (current/) and collected data (data/) live in separate repositories.

sudo useradd -m -d /opt/daghe -s /bin/bash daghe
sudo mkdir -p /opt/daghe
sudo chown daghe:daghe /opt/daghe

Ensures the daghe user-instance starts at boot and stays alive after logout.

sudo loginctl enable-linger daghe

To allow your personal admin account (e.g., your_user) to edit files in /opt/daghe without changing the primary owner, use Access Control Lists.

# Install the ACL utility
sudo apt update && sudo apt install acl -y

# Grant your user recursive rwx access to existing files
sudo setfacl -R -m u:your_user:rwx /opt/daghe

# Set default ACLs so NEW files inherit these permissions automatically
sudo setfacl -Rd -m u:your_user:rwx /opt/daghe

sudo -u daghe -i
cd /opt/daghe
git clone <orchestration-repo-url> .

uv sync
chmod +x bin/daghe bin/telegram-notify.sh

cp config/telegram.env.example config/telegram.env
# Edit with your Telegram BOT_TOKEN and CHAT_ID
nano config/telegram.env
chmod 600 config/*.env

1. Clone Repositories: Deploy code to jobs/<module-name>/current and data to jobs/<module-name>/data.
2. Run Installation:

   uv run bin/daghe install <module-name>

Running bin/daghe outside /opt/daghe triggers TESTING MODE. It generates files for inspection in local folders but does not modify systemd or the user session.

To trigger a job immediately bypassing the timer:

systemctl --user start auto-<module-name>.service
# Monitor logs
journalctl --user -u auto-<module-name>.service -f

If systemctl --user fails with Failed to connect to bus:

1. Ensure loginctl enable-linger daghe was executed.
2. The daghe CLI automatically injects XDG_RUNTIME_DIR. If running commands manually, ensure these variables are exported:

   export XDG_RUNTIME_DIR="/run/user/$(id -u)"
   export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"

If you experience issues after editing files from an external account, re-apply the ACLs:

sudo setfacl -R -m u:your_user:rwx /opt/daghe

• bin/: Orchestrator CLI and generated wrappers.
• jobs/: Individual modules (code and data repositories).
• .config/systemd/user/: Active systemd unit symlinks.
• logs/: Centralised operational logs.
• templates/: Blueprints for service/timer generation.

To allow DaGhE to push data to private GitHub repositories without manual intervention:

Run the following command as the daghe user:

uv run bin/daghe setup-ssh

Copy the public key output by the command above. On GitHub:

• For the entire account: Go to Settings -> SSH and GPG keys -> New SSH key.
• For a specific repo (Recommended): Go to the repository Settings -> Deploy keys -> Add deploy key. Ensure you tick "Allow write access".

Ensure your daghe-module.yaml uses the SSH format: code_repo: git@github.com:username/repo.git

ssh -T git@github.com

If successful, GitHub will welcome you by your username.

---

## ⚖️ Standards
*   **Language**: UK English spelling throughout.
*   **Security**: Minimalist privilege model with Zero-Sudo operation.
*   **Environment**: Full isolation via `uv`.