How to build the web site ========================= Initial Setup ------------- You need git and hugo to build the website. On Debian or similar Linux Distributions, install them like this: $ sudo apt install git hugo Now you can clone the repository: $ git clone ssh://git@gitlab.hamburg.ccc.de:4242/cryptoparty/website-content.git If this doesn't work, you may need to add a ssh authentication key to your gitlab profile on [this page]: [this page]: https://gitlab.hamburg.ccc.de/profile/keys Furthermore, you need to checkout the submodules: $ cd website-content website-content $ git submodule init website-content $ git submodule update Let's configure git: $ git config user.name "Jane Doe" $ git config user.email "jane@doe.org" Building and making changes --------------------------- Now you can build the site using `make`, it will be put into `public`. `make server` will launch a local server that is useful while editing the web site. To view the site while you are editing it, go to [http://localhost:1313](http://localhost:1313). Creating a new post ------------------- First, make sure your checkout is up-to-date: $ git pull Then, create a new branch for you post: $ git checkout -b my-new-post Now, to create a new post for a meetup, do: $ hugo new termine/2020-januar.md $ editor content/termine/2020-januar.md Fill out the scaffolded header on top. Add content below the `---` marker. After the first paragraph, insert `` to mark the first paragraph as the introduction to be used on the front page. Use `make server` to view your changes. If you are satisfied, add it to the branch, and push it to the server: $ git add content/termine/2020-januar.md $ git commit -m 'Added new post.' $ git push Then, [create a merge request] on gitlab. Press the blue button labeled `Create merge request`. On the following site, press the green `Submit merge request` button, then press the blue button labeled `Merge once pipeline succeeds`. Your change will be published once the continuous integration setup confirmed the validity of the change. [create a merge request]: https://gitlab.hamburg.ccc.de/cryptoparty/website-content/merge_requests How this is set up on the server ================================ On the server, the website is built using gitlab's ci runner, see `.gitlab-ci.yml`. To deploy the site, the ci job rsyncs it to the host. For this purpose, a restricted user is created: # adduser --system --home /var/www/www-data-rsync --shell /bin/sh --disabled-password --ingroup www-data www-data-rsync Create a key and restrict it to invoke the restricted-rsync script: # mkdir /var/www/www-data-rsync/.ssh # chmod 700 /var/www/www-data-rsync/.ssh # ssh-keygen -t ed25519 -C 'Used for website deployment.' -f www-data-rsync-id_ed25519 # echo 'command="/usr/local/bin/rrsync /var/www/html --safe-links",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBBpthbSQ3HgOkhoBwsrZCA9VMX7hRftB5t6LePqtr3 Used for website deployment.' > /var/www/www-data-rsync/.ssh/authorized_keys # chmod 400 /var/www/www-data-rsync/.ssh/authorized_keys # chown -R www-data-rsync:www-data /var/www/www-data-rsync/.ssh Copy the restricted-rsync script from the docs and make it executable: # cp /usr/share/doc/rsync/scripts/rrsync /usr/local/bin/ # chmod +x /usr/local/bin/rrsync Finally, allow www-data-rsync to write to the document root: # chown root:www-data /var/www/html # chmod g+w /var/www/html The last bit is to supply the generated secret to gitlab's ci runner via RSYNC_TARGET_SECRET_KEY. Other information that needs to be provided are RSYNC_TARGET_HOST, RSYNC_TARGET_PORT, RSYNC_TARGET_HOST_KEY, and RSYNC_TARGET_USER.