coop-cloud/parasol-static-site
coop-cloud/parasol-static-site
3
2
Fork 0
Code Issues 6 Pull Requests Packages Projects Releases Wiki Activity

wip: running pass on remaining features

Browse Source
This commit is contained in:
decentral1se 2024-03-22 00:00:14 +01:00
parent 5e14166fd8
commit abdc955dde
Signed by: decentral1se
GPG Key ID: 03789458B3D0C410
10 changed files with 97 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.env.sample
View File

@ -3,7 +3,15 @@ TYPE=parasol-static-site
DOMAIN=parasol.example.com DOMAIN=parasol.example.com
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
# Change this value to your repo # **NOTE** Please change this value to your repo
HUGO_GIT_URL=git@codeberg.org:offline/future.git HUGO_GIT_URL=git@codeberg.org:offline/future.git
WHD_SCRIPTS=/home/webhookd/scripts # HTTP basic auth protected deploy endpoint
#COMPOSE_FILE="compose.yml:compose.auth.yml"
#AUTH_ENABLED=1
#AUTH_USERNAME=foobar
#SECRET_AUTH_PASSWORD_VERSION=v1
# Private repository deployment
#COMPOSE_FILE="compose.yml:compose.private.yml"
#SECRET_DEPLOY_KEY_VERSION=v1

6
abra.sh
View File

@ -1,3 +1,5 @@
export HTPASSWD_CONF_VERSION=v1
export WEBHOOKD_SCRIPT_VERSION=v1
export NGINX_CONF_VERSION=v1 export NGINX_CONF_VERSION=v1
export SSH_CONF_VERSION=v1
export SSH_DEPLOY_KEY_VERSION=v1
export WEBHOOKD_SCRIPT_VERSION=v1

24
compose.auth.yml Normal file
View File

@ -0,0 +1,24 @@
---
version: "3"
services:
app:
environment:
- AUTH_ENABLED
- AUTH_USERNAME
configs:
- source: htpasswd_conf
target: /etc/nginx/.htpasswd
secrets:
- auth_password
secrets:
auth_password:
external: true
name: ${STACK_NAME}_auth_password_${SECRET_AUTH_PASSWORD_VERSION}
configs:
htpasswd_conf:
name: ${STACK_NAME}_htpasswd_conf_${HTPASSWD_CONF_VERSION}
file: htpasswd.conf.tmpl
template_driver: golang

27
compose.private.yml Normal file
View File

@ -0,0 +1,27 @@
---
version: "3"
services:
badger:
configs:
- source: ssh_config
target: /home/webhookd/.ssh/config
- source: ssh_deploy_key
target: /home/webhookd/.ssh/deploy
secrets:
- deploy_key
secrets:
deploy_key:
external: true
name: ${STACK_NAME}_deploy_key_${SECRET_DEPLOY_KEY_VERSION}
configs:
ssh_deploy_key:
name: ${STACK_NAME}_ssh_deploy_key_${SSH_DEPLOY_KEY_VERSION}
file: deploy_key.tmpl
template_driver: golang
ssh_conf:
name: ${STACK_NAME}_ssh_conf_${SSH_CONF_VERSION}
file: ssh_config.tmpl
template_driver: golang

27
compose.yml
View File

@ -1,16 +1,17 @@
version: '3' ---
version: "3"
volumes:
html:
services: services:
app: app:
image: nginx:1.25.3-alpine image: nginx:1.25.3-alpine
environment:
- DOMAIN
- HTTP_BASIC_AUTH_ENABLED
configs: configs:
- source: nginx_conf - source: nginx_conf
target: /etc/nginx/conf.d/default.conf target: /etc/nginx/conf.d/default.conf
volumes: volumes:
- html:/usr/share/nginx/website - nginx-data:/usr/share/nginx/website
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
@ -21,17 +22,21 @@ services:
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
builder: badger:
image: codeberg.org/eotl/site-badger:0.1.0 image: codeberg.org/eotl/site-badger:0.1.0
environment:
- HUGO_GIT_URL
- HUGO_PUBLIC_DIR=/usr/share/nginx/website
- HUGO_WORKING_DIR=/home/webhookd/website
- WHD_HOOK_SCRIPTS=/home/webhookd/scripts
configs: configs:
source: webhookd_script source: webhookd_script
target: /home/webhookd/scripts/deploy.sh target: /home/webhookd/scripts/deploy.sh
volumes: volumes:
- html:/home/webhookd/public - nginx-data:/usr/share/nginx/website
- ${SSH_DIR_PATH}:/home/webhookd/.ssh:ro
environment: volumes:
- HUGO_GIT_URL nginx-data:
- WHD_SCRIPTS
configs: configs:
webhookd_script: webhookd_script:

8
scripts/deploy.sh → deploy.sh.tmpl
View File

@ -10,27 +10,23 @@ if [ -z "$HUGO_GIT_URL" ]; then
fi fi
if [ ! -d "$HUGO_WORKING_DIR" ]; then if [ ! -d "$HUGO_WORKING_DIR" ]; then
echo "Clone .git repository for the first time" echo "Clone $HUGO_GIT_URL for the first time"
git clone $HUGO_GIT_URL $HUGO_WORKING_DIR git clone $HUGO_GIT_URL $HUGO_WORKING_DIR
else else
echo "All good!" echo "$HUGO_GIT_URL is already cloned"
fi fi
cd $HUGO_WORKING_DIR cd $HUGO_WORKING_DIR
echo "◆ Pull latest version from .git repository" echo "◆ Pull latest version from .git repository"
# Force pull everything, just in case
git fetch --all git fetch --all
git reset --hard origin/main git reset --hard origin/main
echo "◆ Build static HTML page with hugo" echo "◆ Build static HTML page with hugo"
# Start building website with hugo
hugo hugo
# Clean the public folder without affecting what's currently served by HTTP
# server
rm -rf $HUGO_PUBLIC_DIR/* rm -rf $HUGO_PUBLIC_DIR/*
cp -r $HUGO_WORKING_DIR/public/* $HUGO_PUBLIC_DIR cp -r $HUGO_WORKING_DIR/public/* $HUGO_PUBLIC_DIR
rm -rf $HUGO_WORKING_DIR/public/* rm -rf $HUGO_WORKING_DIR/public/*

1
deploy_key.tmpl Normal file
View File

@ -0,0 +1 @@
{{ secret "deploy_key" }}

1
htpasswd.conf.tmpl Normal file
View File

@ -0,0 +1 @@
{{ env "AUTH_USERNAME" }}:{{ secret "auth_password" }}

15
nginx.conf
View File

@ -1,15 +1,18 @@
server { server {
listen 80; listen 80;
server_name localhost; server_name {{ env "DOMAIN" }};
# This is set to the build volume of our builder container in the
# `docker-compose.yml` configuration
root /usr/share/nginx/website; root /usr/share/nginx/website;
index index.html; index index.html;
location / { location / {
# First attempt to serve request as file, then as directory, then try
# to find an index.html inside, then fall back to displaying a 404
try_files $uri $uri/index.html =404; try_files $uri $uri/index.html =404;
} }
location /deploy {
{{ if eq (env "HTTP_BASIC_AUTH_ENABLED") "1" }}
auth_basic "Administrators Area";
auth_basic_user_file /etc/nginx/.htpasswd;
{{ end }}
proxy_pass http://badger:8080;
}
} }

2
ssh_config.tmpl Normal file
View File

@ -0,0 +1,2 @@
Host *
StrictHostKeyChecking no