joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1350d10a7cf51758ee5e31ca6339f24d72085d76
rick-infra/roles/devigo/templates/devigo-site.container
Joakim 1350d10a7c Add devigo deployment role for mini-vps production environment 
- Created comprehensive devigo Ansible role with Podman Quadlet support
- Deployed devigo-site container (Hugo + nginx) via systemd
- Deployed devigo-decap-oauth OAuth2 proxy for Decap CMS
- Integrated with Caddy reverse proxy for HTTPS

Services deployed:
- devigo.no (apex domain, primary)
- www.devigo.no (redirects to apex)
- decap.jnss.me (OAuth proxy)

Key features:
- REGISTRY_AUTH_FILE environment for Podman GHCR authentication
- TRUSTED_ORIGINS (plural) for decapcms-oauth2 multi-origin support
- JavaScript-based Decap CMS initialization (eliminates YAML MIME dependency)
- nginx location block for YAML MIME type (text/yaml)
- Automated deployment via GitHub Actions CI/CD
- Comprehensive documentation with troubleshooting guide
- Architecture decision records

Fixes applied during deployment:
- OAuth origin trust validation (TRUSTED_ORIGINS vs TRUSTED_ORIGIN)
- MIME type handling strategy (location-specific vs server-level types block)
- Decap CMS initialization method (JavaScript vs link tag)
- Podman authentication for systemd services (REGISTRY_AUTH_FILE)

Testing status:
-  MIME types verified (HTML, CSS, YAML all correct)
-  OAuth authentication working
-  Container image pulls from private GHCR
-  Automated deployments functional
-  Site fully operational at devigo.no
2025-12-16 00:53:33 +01:00

32 lines
662 B
Plaintext
Raw Blame History

[Unit]
Description=Devigo Website - Sales Training Company
After=network-online.target caddy.service
Wants=network-online.target
Requires=caddy.service
[Container]
Image=ghcr.io/jnschaffer/rustan:prod
ContainerName=devigo-site
AutoUpdate=registry
Pull=newer
# Port mapping - publish to localhost only
PublishPort=127.0.0.1:9080:80
# Security
NoNewPrivileges=true
# Health check - check if nginx is responding
HealthCmd=/usr/bin/curl -f http://localhost:80/ || exit 1
HealthInterval=30s
HealthTimeout=10s
HealthRetries=3
[Service]
Environment=REGISTRY_AUTH_FILE=/etc/containers/auth.json
Restart=always
TimeoutStartSec=900
[Install]
WantedBy=default.target
Reference in New Issue View Git Blame Copy Permalink