joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add devigo deployment role for mini-vps production environment

Browse Source 
- Created comprehensive devigo Ansible role with Podman Quadlet support
- Deployed devigo-site container (Hugo + nginx) via systemd
- Deployed devigo-decap-oauth OAuth2 proxy for Decap CMS
- Integrated with Caddy reverse proxy for HTTPS

Services deployed:
- devigo.no (apex domain, primary)
- www.devigo.no (redirects to apex)
- decap.jnss.me (OAuth proxy)

Key features:
- REGISTRY_AUTH_FILE environment for Podman GHCR authentication
- TRUSTED_ORIGINS (plural) for decapcms-oauth2 multi-origin support
- JavaScript-based Decap CMS initialization (eliminates YAML MIME dependency)
- nginx location block for YAML MIME type (text/yaml)
- Automated deployment via GitHub Actions CI/CD
- Comprehensive documentation with troubleshooting guide
- Architecture decision records

Fixes applied during deployment:
- OAuth origin trust validation (TRUSTED_ORIGINS vs TRUSTED_ORIGIN)
- MIME type handling strategy (location-specific vs server-level types block)
- Decap CMS initialization method (JavaScript vs link tag)
- Podman authentication for systemd services (REGISTRY_AUTH_FILE)

Testing status:
-  MIME types verified (HTML, CSS, YAML all correct)
-  OAuth authentication working
-  Container image pulls from private GHCR
-  Automated deployments functional
-  Site fully operational at devigo.no
This commit is contained in:
Joakim
2025-12-16 00:53:33 +01:00
parent ecbeb07ba2
commit 1350d10a7c
12 changed files with 968 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
roles/devigo/defaults/main.yml Normal file
View File

@@ -0,0 +1,30 @@
---
# Devigo Infrastructure - Default Variables
# Domains
devigo_domain: "devigo.no"
devigo_www_domain: "www.devigo.no"
devigo_primary_domain: "devigo.no" # Apex is primary
# Container configuration
devigo_container_name: "devigo-site"
devigo_host_port: 9080 # Port published to localhost
devigo_container_port: 80 # Nginx inside container
# GitHub Container Registry
devigo_ghcr_image: "ghcr.io/jnschaffer/rustan:prod"
# Decap OAuth configuration
devigo_oauth_domain: "decap.jnss.me"
devigo_oauth_user: "devigo-oauth"
devigo_oauth_home: "/opt/devigo-oauth"
devigo_oauth_container_name: "devigo-decap-oauth"
devigo_oauth_container_image: "docker.io/alukovenko/decapcms-oauth2:latest"
devigo_oauth_container_port: 12000
devigo_oauth_client_id: "{{ vault_devigo_oauth_client_id }}"
devigo_oauth_client_secret: "{{ vault_devigo_oauth_client_secret }}"
devigo_oauth_trusted_origins: "https://devigo.no,https://www.devigo.no"
# Caddy integration (assumes caddy role provides these)
# caddy_sites_enabled_dir: /etc/caddy/sites-enabled
# caddy_user: caddy