wip: running pass on remaining features
This commit is contained in:
parent
5e14166fd8
commit
abdc955dde
12
.env.sample
12
.env.sample
|
@ -3,7 +3,15 @@ TYPE=parasol-static-site
|
|||
DOMAIN=parasol.example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
# Change this value to your repo
|
||||
# **NOTE** Please change this value to your repo
|
||||
HUGO_GIT_URL=git@codeberg.org:offline/future.git
|
||||
|
||||
WHD_SCRIPTS=/home/webhookd/scripts
|
||||
# HTTP basic auth protected deploy endpoint
|
||||
#COMPOSE_FILE="compose.yml:compose.auth.yml"
|
||||
#AUTH_ENABLED=1
|
||||
#AUTH_USERNAME=foobar
|
||||
#SECRET_AUTH_PASSWORD_VERSION=v1
|
||||
|
||||
# Private repository deployment
|
||||
#COMPOSE_FILE="compose.yml:compose.private.yml"
|
||||
#SECRET_DEPLOY_KEY_VERSION=v1
|
||||
|
|
6
abra.sh
6
abra.sh
|
@ -1,3 +1,5 @@
|
|||
|
||||
export WEBHOOKD_SCRIPT_VERSION=v1
|
||||
export HTPASSWD_CONF_VERSION=v1
|
||||
export NGINX_CONF_VERSION=v1
|
||||
export SSH_CONF_VERSION=v1
|
||||
export SSH_DEPLOY_KEY_VERSION=v1
|
||||
export WEBHOOKD_SCRIPT_VERSION=v1
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- AUTH_ENABLED
|
||||
- AUTH_USERNAME
|
||||
configs:
|
||||
- source: htpasswd_conf
|
||||
target: /etc/nginx/.htpasswd
|
||||
secrets:
|
||||
- auth_password
|
||||
|
||||
secrets:
|
||||
auth_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_auth_password_${SECRET_AUTH_PASSWORD_VERSION}
|
||||
|
||||
configs:
|
||||
htpasswd_conf:
|
||||
name: ${STACK_NAME}_htpasswd_conf_${HTPASSWD_CONF_VERSION}
|
||||
file: htpasswd.conf.tmpl
|
||||
template_driver: golang
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
badger:
|
||||
configs:
|
||||
- source: ssh_config
|
||||
target: /home/webhookd/.ssh/config
|
||||
- source: ssh_deploy_key
|
||||
target: /home/webhookd/.ssh/deploy
|
||||
secrets:
|
||||
- deploy_key
|
||||
|
||||
secrets:
|
||||
deploy_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_deploy_key_${SECRET_DEPLOY_KEY_VERSION}
|
||||
|
||||
configs:
|
||||
ssh_deploy_key:
|
||||
name: ${STACK_NAME}_ssh_deploy_key_${SSH_DEPLOY_KEY_VERSION}
|
||||
file: deploy_key.tmpl
|
||||
template_driver: golang
|
||||
ssh_conf:
|
||||
name: ${STACK_NAME}_ssh_conf_${SSH_CONF_VERSION}
|
||||
file: ssh_config.tmpl
|
||||
template_driver: golang
|
27
compose.yml
27
compose.yml
|
@ -1,16 +1,17 @@
|
|||
version: '3'
|
||||
|
||||
volumes:
|
||||
html:
|
||||
---
|
||||
version: "3"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: nginx:1.25.3-alpine
|
||||
environment:
|
||||
- DOMAIN
|
||||
- HTTP_BASIC_AUTH_ENABLED
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/conf.d/default.conf
|
||||
volumes:
|
||||
- html:/usr/share/nginx/website
|
||||
- nginx-data:/usr/share/nginx/website
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
@ -21,17 +22,21 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
|
||||
builder:
|
||||
badger:
|
||||
image: codeberg.org/eotl/site-badger:0.1.0
|
||||
environment:
|
||||
- HUGO_GIT_URL
|
||||
- HUGO_PUBLIC_DIR=/usr/share/nginx/website
|
||||
- HUGO_WORKING_DIR=/home/webhookd/website
|
||||
- WHD_HOOK_SCRIPTS=/home/webhookd/scripts
|
||||
configs:
|
||||
source: webhookd_script
|
||||
target: /home/webhookd/scripts/deploy.sh
|
||||
volumes:
|
||||
- html:/home/webhookd/public
|
||||
- ${SSH_DIR_PATH}:/home/webhookd/.ssh:ro
|
||||
environment:
|
||||
- HUGO_GIT_URL
|
||||
- WHD_SCRIPTS
|
||||
- nginx-data:/usr/share/nginx/website
|
||||
|
||||
volumes:
|
||||
nginx-data:
|
||||
|
||||
configs:
|
||||
webhookd_script:
|
||||
|
|
|
@ -10,27 +10,23 @@ if [ -z "$HUGO_GIT_URL" ]; then
|
|||
fi
|
||||
|
||||
if [ ! -d "$HUGO_WORKING_DIR" ]; then
|
||||
echo "Clone .git repository for the first time"
|
||||
echo "Clone $HUGO_GIT_URL for the first time"
|
||||
git clone $HUGO_GIT_URL $HUGO_WORKING_DIR
|
||||
else
|
||||
echo "All good!"
|
||||
echo "$HUGO_GIT_URL is already cloned"
|
||||
fi
|
||||
|
||||
cd $HUGO_WORKING_DIR
|
||||
|
||||
echo "◆ Pull latest version from .git repository"
|
||||
|
||||
# Force pull everything, just in case
|
||||
git fetch --all
|
||||
git reset --hard origin/main
|
||||
|
||||
echo "◆ Build static HTML page with hugo"
|
||||
|
||||
# Start building website with hugo
|
||||
hugo
|
||||
|
||||
# Clean the public folder without affecting what's currently served by HTTP
|
||||
# server
|
||||
rm -rf $HUGO_PUBLIC_DIR/*
|
||||
cp -r $HUGO_WORKING_DIR/public/* $HUGO_PUBLIC_DIR
|
||||
rm -rf $HUGO_WORKING_DIR/public/*
|
|
@ -0,0 +1 @@
|
|||
{{ secret "deploy_key" }}
|
|
@ -0,0 +1 @@
|
|||
{{ env "AUTH_USERNAME" }}:{{ secret "auth_password" }}
|
17
nginx.conf
17
nginx.conf
|
@ -1,15 +1,18 @@
|
|||
server {
|
||||
listen 80;
|
||||
server_name localhost;
|
||||
|
||||
# This is set to the build volume of our builder container in the
|
||||
# `docker-compose.yml` configuration
|
||||
server_name {{ env "DOMAIN" }};
|
||||
root /usr/share/nginx/website;
|
||||
index index.html;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then as directory, then try
|
||||
# to find an index.html inside, then fall back to displaying a 404
|
||||
try_files $uri $uri/index.html =404;
|
||||
try_files $uri $uri/index.html =404;
|
||||
}
|
||||
|
||||
location /deploy {
|
||||
{{ if eq (env "HTTP_BASIC_AUTH_ENABLED") "1" }}
|
||||
auth_basic "Administrator’s Area";
|
||||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||
{{ end }}
|
||||
proxy_pass http://badger:8080;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
Host *
|
||||
StrictHostKeyChecking no
|
Loading…
Reference in New Issue