|
|
||
|---|---|---|
| content | ||
| layouts/partials | ||
| static | ||
| themes | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .gitmodules | ||
| config.toml | ||
| Makefile | ||
| README.md | ||
How to build the web site
Initial Setup
You need git and hugo to build the website. On Debian or similar Linux Distributions, install them like this:
$ sudo apt install git hugo
Now you can clone the repository:
$ git clone ssh://git@gitlab.hamburg.ccc.de:4242/cryptoparty/website-content.git
If this doesn't work, you may need to add a ssh authentication key to your gitlab profile on this page:
Furthermore, you need to checkout the submodules:
$ cd website-content
website-content $ git submodule init
website-content $ git submodule update
Let's configure git:
$ git config user.name "Jane Doe"
$ git config user.email "jane@doe.org"
Building and making changes
Now you can build the site using make, it will be put into public.
make server will launch a local server that is useful while editing
the web site. To view the site while you are editing it, go to
http://localhost:1313.
Creating a new post
First, make sure your checkout is up-to-date:
$ git pull
Then, create a new branch for you post:
$ git checkout -b my-new-post
Now, to create a new post for a meetup, do:
$ hugo new termine/2020-januar.md
$ editor content/termine/2020-januar.md
Fill out the scaffolded header on top. Add content below the ---
marker. After the first paragraph, insert <!--more--> to mark the
first paragraph as the introduction to be used on the front page. Use
make server to view your changes.
If you are satisfied, add it to the branch, and push it to the server:
$ git add content/termine/2020-januar.md
$ git commit -m 'Added new post.'
$ git push
Then, create a merge request on gitlab. Press the blue button
labeled Create merge request. On the following site, press the
green Submit merge request button, then press the blue button
labeled Merge once pipeline succeeds. Your change will be published
once the continuous integration setup confirmed the validity of the
change.
How this is set up on the server
On the server, the website is built using gitlab's ci runner, see
.gitlab-ci.yml. To deploy the site, the ci job rsyncs it to the
host. For this purpose, a restricted user is created:
# adduser --system --home /var/www/www-data-rsync --shell /bin/sh --disabled-password --ingroup www-data www-data-rsync
Create a key and restrict it to invoke the restricted-rsync script:
# mkdir /var/www/www-data-rsync/.ssh
# chmod 700 /var/www/www-data-rsync/.ssh
# ssh-keygen -t ed25519 -C 'Used for website deployment.' -f www-data-rsync-id_ed25519
# echo 'command="/usr/local/bin/rrsync /var/www/html --safe-links",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBBpthbSQ3HgOkhoBwsrZCA9VMX7hRftB5t6LePqtr3 Used for website deployment.' > /var/www/www-data-rsync/.ssh/authorized_keys
# chmod 400 /var/www/www-data-rsync/.ssh/authorized_keys
# chown -R www-data-rsync:www-data /var/www/www-data-rsync/.ssh
Copy the restricted-rsync script from the docs and make it executable:
# cp /usr/share/doc/rsync/scripts/rrsync /usr/local/bin/
# chmod +x /usr/local/bin/rrsync
Finally, allow www-data-rsync to write to the document root:
# chown root:www-data /var/www/html
# chmod g+w /var/www/html
The last bit is to supply the generated secret to gitlab's ci runner via RSYNC_TARGET_SECRET_KEY. Other information that needs to be provided are RSYNC_TARGET_HOST, RSYNC_TARGET_PORT, RSYNC_TARGET_HOST_KEY, and RSYNC_TARGET_USER.