digitale-selbstverteidigung/digitale-selbstverteidigung-website
1
0
Fork 0
Code Issues Pull requests 4 Activity Actions

Fix formatting.

Browse source
This commit is contained in:
Justus Winter 2020-02-27 12:05:56 +01:00
commit 3051f0858f
1 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

28
README.md
View file

@ -4,12 +4,12 @@ How to build the web site
You need hugo to build the website. On Debian, install it from the You need hugo to build the website. On Debian, install it from the
'hugo' package: 'hugo' package:
# apt install hugo # apt install hugo
Furthermore, you need to checkout the submodules: Furthermore, you need to checkout the submodules:
website-content $ git submodule init website-content $ git submodule init
website-content $ git submodule update website-content $ git submodule update
Now you can build the site using 'make', it will be put into 'public'. Now you can build the site using 'make', it will be put into 'public'.
'make server' will launch a local server that is useful while editing 'make server' will launch a local server that is useful while editing
@ -22,26 +22,26 @@ On the server, the website is built using gitlab's ci runner, see
`.gitlab-ci.yml`. To deploy the site, the ci job rsyncs it to the `.gitlab-ci.yml`. To deploy the site, the ci job rsyncs it to the
host. For this purpose, a restricted user is created: host. For this purpose, a restricted user is created:
# adduser --system --home /var/www/www-data-rsync --shell /bin/sh --disabled-password --ingroup www-data www-data-rsync # adduser --system --home /var/www/www-data-rsync --shell /bin/sh --disabled-password --ingroup www-data www-data-rsync
Create a key and restrict it to invoke the restricted-rsync script: Create a key and restrict it to invoke the restricted-rsync script:
# mkdir /var/www/www-data-rsync/.ssh # mkdir /var/www/www-data-rsync/.ssh
# chmod 700 /var/www/www-data-rsync/.ssh # chmod 700 /var/www/www-data-rsync/.ssh
# ssh-keygen -t ed25519 -C 'Used for website deployment.' -f www-data-rsync-id_ed25519 # ssh-keygen -t ed25519 -C 'Used for website deployment.' -f www-data-rsync-id_ed25519
# echo 'command="/usr/local/bin/rrsync /var/www/html --safe-links",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBBpthbSQ3HgOkhoBwsrZCA9VMX7hRftB5t6LePqtr3 Used for website deployment.' > /var/www/www-data-rsync/.ssh/authorized_keys # echo 'command="/usr/local/bin/rrsync /var/www/html --safe-links",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBBpthbSQ3HgOkhoBwsrZCA9VMX7hRftB5t6LePqtr3 Used for website deployment.' > /var/www/www-data-rsync/.ssh/authorized_keys
# chmod 400 /var/www/www-data-rsync/.ssh/authorized_keys # chmod 400 /var/www/www-data-rsync/.ssh/authorized_keys
# chown -R www-data-rsync:www-data /var/www/www-data-rsync/.ssh # chown -R www-data-rsync:www-data /var/www/www-data-rsync/.ssh
Copy the restricted-rsync script from the docs and make it executable: Copy the restricted-rsync script from the docs and make it executable:
# cp /usr/share/doc/rsync/scripts/rrsync /usr/local/bin/ # cp /usr/share/doc/rsync/scripts/rrsync /usr/local/bin/
# chmod +x /usr/local/bin/rrsync # chmod +x /usr/local/bin/rrsync
Finally, allow www-data-rsync to write to the document root: Finally, allow www-data-rsync to write to the document root:
# chown root:www-data /var/www/html # chown root:www-data /var/www/html
# chmod g+w /var/www/html # chmod g+w /var/www/html
The last bit is to supply the generated secret to gitlab's ci runner The last bit is to supply the generated secret to gitlab's ci runner
via RSYNC_TARGET_SECRET_KEY. Other information that needs to be via RSYNC_TARGET_SECRET_KEY. Other information that needs to be