From fa032f4500fbb02498e30de5fd2228ceabe8f380 Mon Sep 17 00:00:00 2001 From: Jarkko Toivanen Date: Sat, 25 Jan 2025 00:54:59 +0200 Subject: [PATCH] Adding documentation about CI/CD and .gitignoring MkDocs build --- .gitignore | 1 + docs/mkdocs/forgejo-ci.md | 53 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 .gitignore create mode 100644 docs/mkdocs/forgejo-ci.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3bf8003 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/site/ \ No newline at end of file diff --git a/docs/mkdocs/forgejo-ci.md b/docs/mkdocs/forgejo-ci.md new file mode 100644 index 0000000..5e7cca6 --- /dev/null +++ b/docs/mkdocs/forgejo-ci.md @@ -0,0 +1,53 @@ +# CI/CD + +!!! TODO + This documentation might not be complete + +``` console +Install required stuff and things on Debian based system +$ sudo apt-get install rsync +Make a user to have limited access +$ sudo useradd adduser --home /varasto/verkkojuuri --system verkkojuuri --shell /bin/sh +$ cd /varasto/verkkojuuri +$ sudo -u verkkojuuri ssh-keygen +$ sudo -u verkkojuuri cat .ssh/id_rsa +copy the result to your Forgejo as an action secret ssh_private_key +$ sudo -u verkkojuuri cat .ssh/id_rsa.pub +copy the result to your Forgejo as an action variable ssh_public_key +$ sudo -u verkkojuuri ssh-keygen -p +enter new password to protect the private key or delete it +or something security blah blah... No really, assume this is accessed! +(you just did and you are not verkkojuuri so think about it) +sudo -u verkkojuuri cp .ssh/id_rsa.pub .ssh/authorized_keys +this let's us trust the key +$ sudo usermod -aG ssh verkkojuuri +give us permission to get connected via ssh (might not be needed) +``` + +!!! WARNING + You might want to check out `rssh`, `scponly` or similar + more restricted shell to use with the account. + + Change it afterwards using `sudo usermod -s /Sbin/HELL verkkojuuri` + +Then you just like build and like rsync the files +using a forgejo action runner passing it the relevant +secrets. In practise you'll make it execute + +``` console +$ mkdocs build +$ rsync -e "ssh -rclthv --exclude --delete-after .git site/ verkkojuuri@jakest.us:site +``` + + + +And well yeah serve them files with Apache or whatever. +That's out of the scope of this document. + +## Credits +Thank you Nexy and Tulir for your help! + +- Nexy's blogpost: [https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/](https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/) +- Tulir's relevant stuff: + - [https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml](https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml) + - [https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml](https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml)