Merge pull request #12 from onetimesecret/fix/version-single-source

Make config optional, add migration commands, single-source version

Author: delano

.pre-commit-config.yaml

@@ -93,7 +93,7 @@ repos:
 
   # Ruff - fast linting and formatting
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.8.3
+    rev: v0.9.2
     hooks:
       - id: ruff
         args: [--fix]

CLAUDE.md

@@ -48,6 +48,7 @@ When running git commands with long output, use `git --no-pager diff` etc.
 ## Architecture
 
 This is a dual-purpose service orchestration tool:
+
 1. **Container management**: OneTimeSecret containers via Podman Quadlets (systemd integration)
 2. **Service management**: Native systemd services for dependencies (Valkey, Redis)
 
@@ -63,17 +64,20 @@ This is a dual-purpose service orchestration tool:
 ### Commands (`src/ots_containers/commands/`)
 
 #### Container Commands
+
 - **instance.py** - Main operations: `deploy`, `redeploy`, `undeploy`, `start`, `stop`, `restart`, `status`, `logs`, `list`
 - **assets.py** - `sync` command for static asset updates
 - **image.py** - Container image management
 - **proxy.py** - Caddy reverse proxy configuration
 
 #### Service Commands (`service/`)
+
 - **app.py** - Service lifecycle: `init`, `start`, `stop`, `restart`, `status`, `logs`, `enable`, `disable`, `list_instances`
 - **packages.py** - Service package definitions: `VALKEY`, `REDIS` with config paths, secrets handling, systemd templates
-- **_helpers.py** - Shared utilities: config file management, secrets creation, systemctl wrappers
+- **\_helpers.py** - Shared utilities: config file management, secrets creation, systemctl wrappers
 
 #### Cloud-Init Commands (`cloudinit/`)
+
 - **app.py** - Cloud-init generation: `generate`, `validate`
 - **templates.py** - DEB822-style apt sources templates for Debian 13 (Trixie), PostgreSQL, and Valkey repositories
 
@@ -87,6 +91,6 @@ This is a dual-purpose service orchestration tool:
 - **Service secrets separation**: Sensitive data in separate files with restricted permissions (mode 0640, owned by service user)
 - **Package-provided templates**: Uses existing systemd templates (`valkey-server@.service`) rather than creating custom units
 - ## Verification
-Don't invent technical rationales. When working with runtime behavior, get or
-ask for actual output (podman ps, systemctl status, etc.) before changing code.
-Documentation and memories are not substitutes for verified information.
+  Don't invent technical rationales. When working with runtime behavior, get or
+  ask for actual output (podman ps, systemctl status, etc.) before changing code.
+  Documentation and memories are not substitutes for verified information.

NETWORKING.md

@@ -17,6 +17,7 @@ which port the application listens on.
 The quadlet template passes the instance number as the PORT:
 
 **onetime@.container**:
+
 ```ini
 [Container]
 Image=ghcr.io/onetimesecret/onetimesecret:current

README.md

@@ -3,6 +3,7 @@
 Service orchestration CLI for [OneTimeSecret](https://github.com/onetimesecret/onetimesecret) infrastructure.
 
 **Dual-purpose management tool:**
+
 - **Container orchestration**: Containerized OTS deployments via Podman Quadlets (systemd integration)
 - **Service management**: Native systemd services for dependencies (Valkey, Redis)
 
@@ -39,10 +40,10 @@ ots-containers --version
 
 Three container types with explicit systemd unit naming:
 
-| Type | Unit Name | Identifier | Use |
-|------|-----------|------------|-----|
-| `--web` | `onetime-web@{port}` | Port number | HTTP servers |
-| `--worker` | `onetime-worker@{id}` | Name/number | Background jobs |
+| Type          | Unit Name                | Identifier  | Use             |
+| ------------- | ------------------------ | ----------- | --------------- |
+| `--web`       | `onetime-web@{port}`     | Port number | HTTP servers    |
+| `--worker`    | `onetime-worker@{id}`    | Name/number | Background jobs |
 | `--scheduler` | `onetime-scheduler@{id}` | Name/number | Scheduled tasks |
 
 ### Managing OTS Containers

pyproject.toml

@@ -13,7 +13,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "ots-containers"
-version = "0.3.0"
+version = "0.3.1"
 description = "Service orchestration for OneTimeSecret: Podman Quadlets and systemd service management"
 readme = "README.md"
 requires-python = ">=3.11"

src/ots_containers/__init__.py

@@ -1,3 +1,8 @@
 # src/ots_containers/__init__.py
 
-__version__ = "0.2.2"
+from importlib.metadata import PackageNotFoundError, version
+
+try:
+    __version__ = version("ots-containers")
+except PackageNotFoundError:
+    __version__ = "0.0.0+dev"

src/ots_containers/commands/README.md

@@ -12,10 +12,10 @@ ots-containers <topic> <command> [identifiers] [flags]
 
 Three container types, each with explicit naming:
 
-| Type | Systemd Unit | Identifier | Use |
-|------|--------------|------------|-----|
-| `web` | `onetime-web@{port}` | Port number | HTTP servers |
-| `worker` | `onetime-worker@{id}` | Name or number | Background jobs |
+| Type        | Systemd Unit             | Identifier     | Use             |
+| ----------- | ------------------------ | -------------- | --------------- |
+| `web`       | `onetime-web@{port}`     | Port number    | HTTP servers    |
+| `worker`    | `onetime-worker@{id}`    | Name or number | Background jobs |
 | `scheduler` | `onetime-scheduler@{id}` | Name or number | Scheduled tasks |
 
 ## Command Syntax
@@ -39,14 +39,14 @@ ots instances logs --scheduler -f   # only scheduler logs
 
 Each topic is a separate module with its own `cyclopts.App`:
 
-| Topic | Purpose |
-|-------|---------|
-| `instance` | Container lifecycle and runtime control |
-| `service` | Native systemd services (Valkey, Redis) |
-| `image` | Container image management |
-| `assets` | Static asset management |
-| `cloudinit` | Cloud-init configuration generation |
-| `env` | Environment file management |
+| Topic       | Purpose                                 |
+| ----------- | --------------------------------------- |
+| `instance`  | Container lifecycle and runtime control |
+| `service`   | Native systemd services (Valkey, Redis) |
+| `image`     | Container image management              |
+| `assets`    | Static asset management                 |
+| `cloudinit` | Cloud-init configuration generation     |
+| `env`       | Environment file management             |
 
 To add a new topic, create a module and register it in `cli.py`.
 
@@ -55,24 +55,28 @@ To add a new topic, create a module and register it in `cli.py`.
 Commands are categorized by their impact:
 
 ### High-level (affects config + state)
+
 Commands that modify quadlet templates, database records, or both:
+
 - `deploy`, `redeploy`, `undeploy`
 
 These commands should document their config impact in the docstring.
 
 ### Low-level (runtime control only)
+
 Commands that only interact with systemd, no config changes:
+
 - `start`, `stop`, `restart`, `status`, `logs`, `enable`, `disable`, `exec`
 
 These commands should explicitly state they do NOT refresh config.
 
 ## Naming Conventions
 
-| Pattern | Example | Use for |
-|---------|---------|---------|
-| Verb | `deploy`, `sync` | Actions |
-| `--flag` | `--force`, `--yes` | Boolean options |
-| `--option VALUE` | `--delay 5`, `--lines 50` | Value options |
+| Pattern            | Example                            | Use for                 |
+| ------------------ | ---------------------------------- | ----------------------- |
+| Verb               | `deploy`, `sync`                   | Actions                 |
+| `--flag`           | `--force`, `--yes`                 | Boolean options         |
+| `--option VALUE`   | `--delay 5`, `--lines 50`          | Value options           |
 | `--type` shortcuts | `--web`, `--worker`, `--scheduler` | Instance type selection |
 
 ## Default Commands

src/ots_containers/commands/assets.py

@@ -1,4 +1,5 @@
 # src/ots_containers/commands/assets.py
+
 """Asset management commands for OTS containers."""
 
 from typing import Annotated
@@ -25,5 +26,4 @@ def sync(
     on initial setup.
     """
     cfg = Config()
-    cfg.validate()
     assets_module.update(cfg, create_volume=create_volume)

src/ots_containers/commands/cloudinit/app.py

@@ -1,4 +1,5 @@
 # src/ots_containers/commands/cloudinit/app.py
+
 """Cloud-init configuration generation commands.
 
 Generates cloud-init YAML with Debian 13 (Trixie) DEB822-style apt sources.
@@ -74,7 +75,10 @@ def generate(
             "Warning: --include-postgresql specified but no --postgresql-key provided",
             file=sys.stderr,
         )
-        print("PostgreSQL repository will use inline key placeholder", file=sys.stderr)
+        print(
+            "PostgreSQL repository will use inline key placeholder",
+            file=sys.stderr,
+        )
 
     if include_valkey and valkey_key:
         valkey_gpg = Path(valkey_key).read_text()

src/ots_containers/commands/cloudinit/templates.py

@@ -1,4 +1,5 @@
 # src/ots_containers/commands/cloudinit/templates.py
+
 """Cloud-init configuration templates with Debian 13 DEB822 apt sources."""