digitale-selbstverteidigung/digitale-selbstverteidigung-website
1
0
Fork 0
Code Issues Pull requests 4 Activity Actions
Dieses Projekt stellt die Inhalte der Website https://cryptoparty-hamburg.de/ bereit.
87 commits 7 branches 0 tags 7.2 GiB
Find a file
Justus Winter 5832abf7cc Create a new section for the dates, makes for nicer URIs.
2020-03-09 21:50:51 +01:00
content Create a new section for the dates, makes for nicer URIs. 2020-03-09 21:50:51 +01:00
download update download packets 2017-05-21 13:54:42 +02:00
img Initial commit 2013-08-09 22:57:42 +02:00
js Initial commit 2013-08-09 22:57:42 +02:00
layouts/partials New hugo-based web site. 2020-02-26 15:04:19 +01:00
static New hugo-based web site. 2020-02-26 15:04:19 +01:00
themes New hugo-based web site. 2020-02-26 15:04:19 +01:00
.gitignore New hugo-based web site. 2020-02-26 15:04:19 +01:00
.gitlab-ci.yml ci: Deploy web site. 2020-02-27 11:54:38 +01:00
.gitmodules New hugo-based web site. 2020-02-26 15:04:19 +01:00
bootstrap-responsive.min.css Initial commit 2013-08-09 22:57:42 +02:00
bootstrap.min.css Initial commit 2013-08-09 22:57:42 +02:00
bootswatch.css Initial commit 2013-08-09 22:57:42 +02:00
config.toml Create a new section for the dates, makes for nicer URIs. 2020-03-09 21:50:51 +01:00
font-awesome.min.css Initial commit 2013-08-09 22:57:42 +02:00
index.html Party am 21.5.2017 2017-05-21 13:24:51 +02:00
Makefile New hugo-based web site. 2020-02-26 15:04:19 +01:00
README.md Fix formatting. 2020-02-27 12:05:56 +01:00
style.css Initial commit 2013-08-09 22:57:42 +02:00

README.md

How to build the web site

You need hugo to build the website. On Debian, install it from the 'hugo' package:

# apt install hugo

Furthermore, you need to checkout the submodules:

website-content $ git submodule init
website-content $ git submodule update

Now you can build the site using 'make', it will be put into 'public'. 'make server' will launch a local server that is useful while editing the web site.

Server setup

On the server, the website is built using gitlab's ci runner, see .gitlab-ci.yml. To deploy the site, the ci job rsyncs it to the host. For this purpose, a restricted user is created:

# adduser --system --home /var/www/www-data-rsync --shell /bin/sh --disabled-password --ingroup www-data www-data-rsync

Create a key and restrict it to invoke the restricted-rsync script:

# mkdir /var/www/www-data-rsync/.ssh
# chmod 700 /var/www/www-data-rsync/.ssh
# ssh-keygen -t ed25519 -C 'Used for website deployment.' -f www-data-rsync-id_ed25519
# echo 'command="/usr/local/bin/rrsync /var/www/html --safe-links",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBBpthbSQ3HgOkhoBwsrZCA9VMX7hRftB5t6LePqtr3 Used for website deployment.' > /var/www/www-data-rsync/.ssh/authorized_keys
# chmod 400 /var/www/www-data-rsync/.ssh/authorized_keys
# chown -R www-data-rsync:www-data /var/www/www-data-rsync/.ssh

Copy the restricted-rsync script from the docs and make it executable:

# cp /usr/share/doc/rsync/scripts/rrsync /usr/local/bin/
# chmod +x /usr/local/bin/rrsync

Finally, allow www-data-rsync to write to the document root:

# chown root:www-data /var/www/html
# chmod g+w /var/www/html

The last bit is to supply the generated secret to gitlab's ci runner via RSYNC_TARGET_SECRET_KEY. Other information that needs to be provided are RSYNC_TARGET_HOST, RSYNC_TARGET_PORT, RSYNC_TARGET_HOST_KEY, and RSYNC_TARGET_USER.