54 lines
2 KiB
Markdown
54 lines
2 KiB
Markdown
|
# CI/CD
|
||
|
|
||
|
!!! TODO
|
||
|
This documentation might not be complete
|
||
|
|
||
|
``` console
|
||
|
Install required stuff and things on Debian based system
|
||
|
$ sudo apt-get install rsync
|
||
|
Make a user to have limited access
|
||
|
$ sudo useradd adduser --home /varasto/verkkojuuri --system verkkojuuri --shell /bin/sh
|
||
|
$ cd /varasto/verkkojuuri
|
||
|
$ sudo -u verkkojuuri ssh-keygen
|
||
|
$ sudo -u verkkojuuri cat .ssh/id_rsa
|
||
|
copy the result to your Forgejo as an action secret ssh_private_key
|
||
|
$ sudo -u verkkojuuri cat .ssh/id_rsa.pub
|
||
|
copy the result to your Forgejo as an action variable ssh_public_key
|
||
|
$ sudo -u verkkojuuri ssh-keygen -p
|
||
|
enter new password to protect the private key or delete it
|
||
|
or something security blah blah... No really, assume this is accessed!
|
||
|
(you just did and you are not verkkojuuri so think about it)
|
||
|
sudo -u verkkojuuri cp .ssh/id_rsa.pub .ssh/authorized_keys
|
||
|
this let's us trust the key
|
||
|
$ sudo usermod -aG ssh verkkojuuri
|
||
|
give us permission to get connected via ssh (might not be needed)
|
||
|
```
|
||
|
|
||
|
!!! WARNING
|
||
|
You might want to check out `rssh`, `scponly` or similar
|
||
|
more restricted shell to use with the account.
|
||
|
|
||
|
Change it afterwards using `sudo usermod -s /Sbin/HELL verkkojuuri`
|
||
|
|
||
|
Then you just like build and like rsync the files
|
||
|
using a forgejo action runner passing it the relevant
|
||
|
secrets. In practise you'll make it execute
|
||
|
|
||
|
``` console
|
||
|
$ mkdocs build
|
||
|
$ rsync -e "ssh -rclthv --exclude --delete-after .git site/ verkkojuuri@jakest.us:site
|
||
|
```
|
||
|
|
||
|
|
||
|
|
||
|
And well yeah serve them files with Apache or whatever.
|
||
|
That's out of the scope of this document.
|
||
|
|
||
|
## Credits
|
||
|
Thank you Nexy and Tulir for your help!
|
||
|
|
||
|
- Nexy's blogpost: [https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/](https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/)
|
||
|
- Tulir's relevant stuff:
|
||
|
- [https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml](https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml)
|
||
|
- [https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml](https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml)
|