docs: add index page

Heavily inspired by: https://forgejo.c3voc.de/voc/av-docs

.forgejo/workflows/cleanup-docs.yaml

@@ -0,0 +1,24 @@
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  cleanup-staging:
+    runs-on: docker
+    container:
+      image: code.forgejo.org/oci/node:22-bookworm
+    steps:
+      - name: Pipeline info PR
+        run: |
+          echo "Run triggered by ${{ github.event_name }} (${{ github.event.action }}) on ref ${{ github.ref_name }}"
+
+      - name: Staging Deployment - Prepare keys
+        run: |
+          echo "${{ secrets.SSH_DEPLOY_KEY }}" > deploykey.priv
+          chmod 400 deploykey.priv
+          echo "${{ vars.SSH_KNOWN_HOSTS }}" > ./known_hosts
+
+      - name: Staging Deployment - Remove PR from staging
+        run: |
+          ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts' infra-docs-deploy@public-web-static.hosts.hamburg.ccc.de -t "rm -r /var/www/staging.infra-docs.hamburg.ccc.de/pr${{ github.event.pull_request.number }}/"

.forgejo/workflows/deploy-docs.yaml

@@ -0,0 +1,75 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  TZ: Europe/Berlin
+
+jobs:
+  build:
+    runs-on: docker
+    container:
+      image: docker.io/library/python:3.14-trixie
+    steps:
+      - name: Pipeline info
+        run: |
+          echo "Run triggered by ${{ github.event_name }} (${{ github.event.action }}) on ref ${{ github.ref_name }}"
+
+      - name: Install packages
+        run: |
+          apt update
+          apt -y install nodejs git rsync openssh-client
+          pip install --upgrade pip
+
+      - uses: actions/checkout@v6
+
+      - name: Install Python packages
+        run: |
+          pip install -r docs_requirements.txt
+
+      - name: Build website - prod
+        if: github.event_name != 'pull_request'
+        run: |
+          mkdocs build
+
+      - name: Build website - staging
+        if: github.event_name == 'pull_request'
+        run: |
+          sed -i "s#site_url: https://infra-docs.hamburg.ccc.de#site_url: https://staging.infra-docs.hamburg.ccc.de/pr${{ github.event.pull_request.number }}/#" mkdocs.yml
+          mkdocs build
+
+      - name: Deploy - Prepare keys
+        run: |
+          echo "${{ secrets.SSH_DEPLOY_KEY }}" > deploykey.priv
+          chmod 400 deploykey.priv
+          echo "${{ vars.SSH_KNOWN_HOSTS }}" > ./known_hosts
+
+      - name: Deploy - Upload PR to staging
+        if: github.event_name == 'pull_request'
+        run: |
+          echo "Deploying to staging.infra-docs.hamburg.ccc.de/pr${{ github.event.pull_request.number }}"
+          rsync -v -r --delete -e "ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts'" site/ infra-docs-deploy@public-web-static.hosts.hamburg.ccc.de:/var/www/staging.infra-docs.hamburg.ccc.de/pr${{ github.event.pull_request.number }}/
+
+      - name: Deploy - Add comment to PR with staging URL
+        if: github.event_name == 'pull_request' && github.event.action == 'opened'
+        run: |
+          curl \
+            -X POST \
+            ${{ github.event.pull_request.base.repo.url }}/issues/${{ github.event.pull_request.number }}/comments \
+            -H "Content-Type: application/json" \
+            -H "Authorization: token $FORGEJO_TOKEN" \
+            --data '{ "body": "You can view your changes at https://staging.infra-docs.hamburg.ccc.de/pr${{ github.event.pull_request.number }}/" }'
+
+      - name: Deploy - Upload to prod
+        if: github.event_name != 'pull_request'
+        run: |
+          rsync -v -r --delete -e "ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts'" site/ infra-docs-deploy@public-web-static.hosts.hamburg.ccc.de:/var/www/infra-docs.hamburg.ccc.de/
+
+      - uses: actions/upload-artifact@v3
+        if: github.event_name == 'pull_request'
+        with:
+          name: docs-build
+          path: site/
+          retention-days: 3

docs/index.md

@@ -0,0 +1,3 @@
+# CCCHH Infrastructure Documentation
+
+Home for CCCHH infrastructure documentation.

docs_requirements.txt

@@ -0,0 +1,2 @@
+mkdocs
+mkdocs-shadcn

mkdocs.yml

@@ -0,0 +1,19 @@
+site_name: CCCHH Infrastructure Documentation
+site_url: https://infra-docs.hamburg.ccc.de
+repo_url: https://git.hamburg.ccc.de/CCCHH/ansible-infra
+copyright: MIT
+markdown_extensions:
+  - smarty
+  - admonition
+  - attr_list
+
+theme:
+  name: shadcn
+  show_title: true
+  show_stargazers: false
+  pygments_style:
+    light: shadcn-light
+    dark: github-dark
+  icon: oui:documentation
+  topbar_sections: false
+  show_datetime: false

resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone

@@ -287,6 +287,8 @@ spaceapiccc                         IN  CNAME           public-reverse-proxy
 acmedns                             IN  CNAME           public-reverse-proxy
 cpuccc                              IN  CNAME           public-reverse-proxy
 did                                 IN  CNAME           public-reverse-proxy
+infra-docs                          IN  CNAME           public-reverse-proxy
+staging.infra-docs                  IN  CNAME           public-reverse-proxy
 
 
 auth.acmedns                        IN  NS              acmedns.hosts.hamburg.ccc.de.

resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf

@@ -85,6 +85,8 @@ map $host $upstream_acme_challenge_host {
     diday.org public-web-static.hosts.hamburg.ccc.de:31820;
     docs.c3voc.de public-web-static.hosts.hamburg.ccc.de:31820;
     staging.docs.c3voc.de public-web-static.hosts.hamburg.ccc.de:31820;
+    infra-docs.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:31820;
+    staging.infra-docs.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:31820;
     default "";
 }
 

resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf

@@ -108,6 +108,8 @@ stream {
         *.staging.diday.org public-web-static.hosts.hamburg.ccc.de:8443;
         docs.c3voc.de public-web-static.hosts.hamburg.ccc.de:8443;
         staging.docs.c3voc.de public-web-static.hosts.hamburg.ccc.de:8443;
+        infra-docs.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:8443;
+        staging.infra-docs.hamburg.ccc.de public-web-static.hosts.hamburg.ccc.de:8443;
     }
 
     server {

roles/renovate/files/renovate-cleanup.service

@@ -0,0 +1,7 @@
+[Unit]
+Description=renovate cleanup (delete docker volume)
+Conflicts=renovate.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/docker volume rm renovate

roles/renovate/files/renovate-cleanup.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=renovate cleanup (delete docker volume) running daily
+
+[Timer]
+# @daily with 10 minute offset
+OnCalendar=*-*-* 00:10
+
+[Install]
+WantedBy=timers.target

roles/renovate/tasks/main.yaml

@@ -16,31 +16,28 @@
     mode: "0640"
   become: true
 
-- name: ensure systemd service exists
+- name: ensure systemd services and timers exist
   ansible.builtin.copy:
-    src: renovate.service
+    src: "{{ item }}"
-    dest: /etc/systemd/system/renovate.service
+    dest: "/etc/systemd/system/{{ item }}"
     owner: root
     group: root
     mode: "0644"
   become: true
+  loop:
+    - renovate.service
+    - renovate-cleanup.service
+    - renovate.timer
+    - renovate-cleanup.timer
   notify:
     - systemd daemon reload
 
-- name: ensure systemd timer exists
+- name: ensure systemd timers are started and enabled
-  ansible.builtin.copy:
-    src: renovate.timer
-    dest: /etc/systemd/system/renovate.timer
-    owner: root
-    group: root
-    mode: "0644"
-  become: true
-  notify:
-    - systemd daemon reload
-
-- name: ensure systemd timer is started and enabled
   ansible.builtin.systemd_service:
-    name: renovate.timer
+    name: "{{ item }}"
     state: started
     enabled: true
+  loop:
+    - renovate.timer
+    - renovate-cleanup.timer
   become: true