Joakim
1350d10a7c
- Created comprehensive devigo Ansible role with Podman Quadlet support - Deployed devigo-site container (Hugo + nginx) via systemd - Deployed devigo-decap-oauth OAuth2 proxy for Decap CMS - Integrated with Caddy reverse proxy for HTTPS Services deployed: - devigo.no (apex domain, primary) - www.devigo.no (redirects to apex) - decap.jnss.me (OAuth proxy) Key features: - REGISTRY_AUTH_FILE environment for Podman GHCR authentication - TRUSTED_ORIGINS (plural) for decapcms-oauth2 multi-origin support - JavaScript-based Decap CMS initialization (eliminates YAML MIME dependency) - nginx location block for YAML MIME type (text/yaml) - Automated deployment via GitHub Actions CI/CD - Comprehensive documentation with troubleshooting guide - Architecture decision records Fixes applied during deployment: - OAuth origin trust validation (TRUSTED_ORIGINS vs TRUSTED_ORIGIN) - MIME type handling strategy (location-specific vs server-level types block) - Decap CMS initialization method (JavaScript vs link tag) - Podman authentication for systemd services (REGISTRY_AUTH_FILE) Testing status: - ✅ MIME types verified (HTML, CSS, YAML all correct) - ✅ OAuth authentication working - ✅ Container image pulls from private GHCR - ✅ Automated deployments functional - ✅ Site fully operational at devigo.no
11 lines
376 B
Django/Jinja
11 lines
376 B
Django/Jinja
# Decap OAuth Environment Configuration
|
|
# Generated by Ansible - DO NOT EDIT MANUALLY
|
|
|
|
OAUTH_CLIENT_ID={{ devigo_oauth_client_id }}
|
|
OAUTH_CLIENT_SECRET={{ devigo_oauth_client_secret }}
|
|
SERVER_PORT=12000
|
|
|
|
# TRUSTED_ORIGINS must be comma-separated string (not YAML array)
|
|
# Example: https://example.com,https://www.example.com
|
|
TRUSTED_ORIGINS={{ devigo_oauth_trusted_origins }}
|