joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add devigo deployment role for mini-vps production environment

Browse Source 
- Created comprehensive devigo Ansible role with Podman Quadlet support
- Deployed devigo-site container (Hugo + nginx) via systemd
- Deployed devigo-decap-oauth OAuth2 proxy for Decap CMS
- Integrated with Caddy reverse proxy for HTTPS

Services deployed:
- devigo.no (apex domain, primary)
- www.devigo.no (redirects to apex)
- decap.jnss.me (OAuth proxy)

Key features:
- REGISTRY_AUTH_FILE environment for Podman GHCR authentication
- TRUSTED_ORIGINS (plural) for decapcms-oauth2 multi-origin support
- JavaScript-based Decap CMS initialization (eliminates YAML MIME dependency)
- nginx location block for YAML MIME type (text/yaml)
- Automated deployment via GitHub Actions CI/CD
- Comprehensive documentation with troubleshooting guide
- Architecture decision records

Fixes applied during deployment:
- OAuth origin trust validation (TRUSTED_ORIGINS vs TRUSTED_ORIGIN)
- MIME type handling strategy (location-specific vs server-level types block)
- Decap CMS initialization method (JavaScript vs link tag)
- Podman authentication for systemd services (REGISTRY_AUTH_FILE)

Testing status:
-  MIME types verified (HTML, CSS, YAML all correct)
-  OAuth authentication working
-  Container image pulls from private GHCR
-  Automated deployments functional
-  Site fully operational at devigo.no
This commit is contained in:
Joakim
2025-12-16 00:53:33 +01:00
parent ecbeb07ba2
commit 1350d10a7c
12 changed files with 968 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
roles/devigo/templates/devigo-decap-oauth.container Normal file
View File

@@ -0,0 +1,25 @@
[Unit]
Description=Decap CMS OAuth2 Proxy for Devigo
After=network-online.target
Wants=network-online.target
[Container]
Image={{ devigo_oauth_container_image }}
ContainerName={{ devigo_oauth_container_name }}
AutoUpdate=registry
# Environment file with secrets
EnvironmentFile={{ devigo_oauth_home }}/decap-oauth.env
# Network
PublishPort=127.0.0.1:{{ devigo_oauth_container_port }}:12000
# Security
NoNewPrivileges=true
[Service]
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target