# CI/CD !!! TODO This documentation might not be complete !!! INFO There are plenty of things you need to customize accordingly like hosts and usernames and preferred directories. ## Server side of things ``` console Install required stuff and things on Debian based system $ sudo apt-get install rsync Make a user to have limited access $ sudo useradd adduser --home /varasto/verkkojuuri --system verkkojuuri --shell /bin/sh $ cd /varasto/verkkojuuri $ sudo -u verkkojuuri ssh-keygen $ sudo -u verkkojuuri cat .ssh/id_rsa copy the result to your Forgejo as an action secret ssh_private_key $ sudo -u verkkojuuri cat .ssh/id_rsa.pub copy the result to your Forgejo as an action variable ssh_public_key $ sudo -u verkkojuuri ssh-keygen -p enter new password to protect the private key or delete it or something security blah blah... No really, assume this is accessed! (you just did and you are not verkkojuuri so think about it) sudo -u verkkojuuri cp .ssh/id_rsa.pub .ssh/authorized_keys this let's us trust the key $ sudo usermod -aG ssh verkkojuuri give us permission to get connected via ssh (might not be needed) ``` !!! WARNING You might want to check out `rssh`, `scponly` or similar more restricted shell to use with the account. Change it afterwards using `sudo usermod -s /Sbin/HELL verkkojuuri` ## Forgejo side of things Then you just like build and like rsync the files using a forgejo action runner passing it the relevant secrets. In practise you'll make it execute ``` console $ mkdocs build $ rsync -e "ssh -rclthv --exclude --delete-after .git site/ verkkojuuri@jakest.us:site ``` Oh you need it more detailed, okay. 1. Set *secret* `SSH_PRIVATE_KEY` to have non-password-protected ssh private key (you should have done that in previousu steps). 2. Set following *variables* - `SSH_USER`: verkkojuuri - `SSH_HOST`: jakest.us - `SSH_PATH`: site 3. Setup the action itself (refer to workflow actions in [my repo](https://git.jakest.us/jt/saitti/) perhaps) 4. Enjoy And well yeah serve them files with Apache or whatever. That's out of the scope of this document. ## Credits Thank you Nexy and Tulir for your help! - Nexy's blogpost: [https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/](https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/) - Tulir's relevant stuff: - [https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml](https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml) - [https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml](https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml)