digitale-selbstverteidigung/digitale-selbstverteidigung-website
1
0
Fork 0
Code Issues Pull requests 4 Activity Actions
digitale-selbstverteidigung.../README.md

107 lines
3.8 KiB
Markdown
Raw Blame History

How to build the web site
=========================
Initial Setup
-------------
You need git and hugo to build the website. On Debian or similar
Linux Distributions, install them like this:
$ sudo apt install git hugo
Now you can clone the repository:
$ git clone ssh://git@gitlab.hamburg.ccc.de:4242/cryptoparty/website-content.git
If this doesn't work, you may need to add a ssh authentication key to
your gitlab profile on [this page]:
[this page]: https://gitlab.hamburg.ccc.de/profile/keys
Furthermore, you need to checkout the submodules:
$ cd website-content
website-content $ git submodule init
website-content $ git submodule update
Let's configure git:
$ git config user.name "Jane Doe"
$ git config user.email "jane@doe.org"
Building and making changes
---------------------------
Now you can build the site using `make`, it will be put into `public`.
`make server` will launch a local server that is useful while editing
the web site. To view the site while you are editing it, go to
[http://localhost:1313](http://localhost:1313).
Creating a new post
-------------------
First, make sure your checkout is up-to-date:
$ git pull
Then, create a new branch for you post:
$ git checkout -b my-new-post
Now, to create a new post for a meetup, do:
$ hugo new termine/2020-januar.md
$ editor content/termine/2020-januar.md
Fill out the scaffolded header on top. Add content below the `---`
marker. After the first paragraph, insert `<!--more-->` to mark the
first paragraph as the introduction to be used on the front page. Use
`make server` to view your changes.
If you are satisfied, add it to the branch, and push it to the server:
$ git add content/termine/2020-januar.md
$ git commit -m 'Added new post.'
$ git push
Then, [create a merge request] on gitlab. Press the blue button
labeled `Create merge request`. On the following site, press the
green `Submit merge request` button, then press the blue button
labeled `Merge once pipeline succeeds`. Your change will be published
once the continuous integration setup confirmed the validity of the
change.
[create a merge request]: https://gitlab.hamburg.ccc.de/cryptoparty/website-content/merge_requests
How this is set up on the server
================================
On the server, the website is built using gitlab's ci runner, see
`.gitlab-ci.yml`. To deploy the site, the ci job rsyncs it to the
host. For this purpose, a restricted user is created:
# adduser --system --home /var/www/www-data-rsync --shell /bin/sh --disabled-password --ingroup www-data www-data-rsync
Create a key and restrict it to invoke the restricted-rsync script:
# mkdir /var/www/www-data-rsync/.ssh
# chmod 700 /var/www/www-data-rsync/.ssh
# ssh-keygen -t ed25519 -C 'Used for website deployment.' -f www-data-rsync-id_ed25519
# echo 'command="/usr/local/bin/rrsync /var/www/html --safe-links",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBBpthbSQ3HgOkhoBwsrZCA9VMX7hRftB5t6LePqtr3 Used for website deployment.' > /var/www/www-data-rsync/.ssh/authorized_keys
# chmod 400 /var/www/www-data-rsync/.ssh/authorized_keys
# chown -R www-data-rsync:www-data /var/www/www-data-rsync/.ssh
Copy the restricted-rsync script from the docs and make it executable:
# cp /usr/share/doc/rsync/scripts/rrsync /usr/local/bin/
# chmod +x /usr/local/bin/rrsync
Finally, allow www-data-rsync to write to the document root:
# chown root:www-data /var/www/html
# chmod g+w /var/www/html
The last bit is to supply the generated secret to gitlab's ci runner
via RSYNC_TARGET_SECRET_KEY. Other information that needs to be
provided are RSYNC_TARGET_HOST, RSYNC_TARGET_PORT,
RSYNC_TARGET_HOST_KEY, and RSYNC_TARGET_USER.
Reference in a new issue View git blame Copy permalink