add makefile

2025-01-17 23:55:02 +00:00 · 2024-08-04 20:49:26 +09:00 · 2024-08-04 20:49:26 +09:00 · 460d16cd24
commit 460d16cd24
parent beffbf6ed6
13 changed files with 111 additions and 20 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -2,11 +2,13 @@ name: deploy
 concurrency: fogtype.com
 on:
  push:
-    branches: [main]
+    branches:
+      - main
 jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      - run: install -m 700 -d ~/.ssh
      - run: install -m 600 <(echo '${{ secrets.DEPLOY_KEY }}') ~/.ssh/deploy_key
-      - run: ssh -i ~/.ssh/deploy_key -o 'StrictHostKeyChecking no' kou029w@fogtype.com 'sh -c "cd ~/fogtype.com && git pull --rebase && docker compose up --detach --remove-orphans"'
+      - run: install -m 600 <(echo '${{ secrets.KNOWN_HOSTS }}') ~/.ssh/known_hosts
+      - run: make deploy
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
+.deploy_key
+.deploy_key.pub
+.known_hosts
--- a/39
+++ b/39
@ -0,0 +1,39 @@
+REMOTE_USER := nebel
+REMOTE_HOST := fogtype.com
+
+.PHONY: help
+help:
+	@cat README.md
+
+.PHONY: deploy
+deploy:
+	ssh $(REMOTE_USER)@$(REMOTE_HOST) <$@
+
+.PHONY: install
+install: .deploy_key .known_hosts
+	ssh-copy-id -i .deploy_key.pub $(REMOTE_USER)@$(REMOTE_HOST)
+	scp install $(REMOTE_USER)@$(REMOTE_HOST):install
+	ssh -t $(REMOTE_USER)@$(REMOTE_HOST) '\
+		ssh-keygen -t ed25519; \
+		cat ~/.ssh/id_ed25519.pub; \
+		./install; \
+		rm install; \
+	'
+
+.deploy_key:
+	ssh-keygen -t ed25519 -C deploy_key -f $@
+
+.known_hosts:
+	ssh-keyscan -t ed25519 -H $(REMOTE_HOST) >$@
+
+.PHONY: keyrings
+keyrings: \
+	etc/apt/keyrings/docker-archive-keyring.gpg \
+	etc/apt/keyrings/tailscale-archive-keyring.gpg \
+
+etc/apt/keyrings/docker-archive-keyring.gpg:
+	curl -sSf --tlsv1.3 https://download.docker.com/linux/ubuntu/gpg \
+		| gpg --dearmor >$@
+
+etc/apt/keyrings/tailscale-archive-keyring.gpg:
+	curl -sSf --tlsv1.3 -o $@ https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg
--- a/README.md
+++ b/README.md
@ -1,23 +1,19 @@
 # Fogtype

-## 前提
+## Runner Registration

- Docker Compose
- systemd
- systemd-journald
-
-Git リポジトリを取得し、設定ファイルを配置
-
-```bash
-ssh kou029w@fogtype.com
-git clone git@github.com:kou029w/fogtype.com.git
-cd fogtype.com
-sudo install -m 644 {,/}etc/docker/daemon.json
-sudo systemctl restart docker
+```
+$ make install
 ```

-## 構築
+secrets.DEPLOY_KEY
+: SSH identity file
+
+secrets.KNOWN_HOSTS
+: SSH known_hosts file
+
+## Deploy

-```sh
-docker compose up -d
+```
+$ make deploy
 ```
--- a/compose.yml
+++ b/compose.yml
@ -1,4 +1,4 @@
-name: keiunet
+name: fogtype
 services:
  https:
    image: caddy:2.8.4-alpine@sha256:221bcf3be161b0d856bdb7bea76b42386d732d19348f79692404829532d83f4a
--- a/9
+++ b/9
@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+cd "${HOME}/${REMOTE_HOST:-fogtype.com}"
+
+git pull --rebase
+docker compose up --detach --remove-orphans
+
+cd -
--- a/etc/apt/apt.conf.d/99-tailscale
+++ b/etc/apt/apt.conf.d/99-tailscale
@ -0,0 +1 @@
+Unattended-Upgrade::Allowed-Origins:: "Tailscale:*";
--- a/etc/apt/keyrings/docker-archive-keyring.gpg
+++ b/etc/apt/keyrings/docker-archive-keyring.gpg
--- a/etc/apt/keyrings/tailscale-archive-keyring.gpg
+++ b/etc/apt/keyrings/tailscale-archive-keyring.gpg
--- a/etc/apt/sources.list.d/docker.sources
+++ b/etc/apt/sources.list.d/docker.sources
@ -0,0 +1,5 @@
+Types: deb
+URIs: https://download.docker.com/linux/ubuntu
+Suites: noble
+Components: stable
+Signed-By: /usr/share/keyrings/docker-archive-keyring.gpg
--- a/etc/apt/sources.list.d/tailscale.sources
+++ b/etc/apt/sources.list.d/tailscale.sources
@ -0,0 +1,5 @@
+Types: deb
+URIs: https://pkgs.tailscale.com/stable/ubuntu
+Suites: noble
+Components: main
+Signed-By: /usr/share/keyrings/tailscale-archive-keyring.gpg
--- a/etc/docker/daemon.json
+++ b/etc/docker/daemon.json
@ -1,4 +1,3 @@
 {
-  "live-restore": true,
  "log-driver": "journald"
 }
--- a/32
+++ b/32
@ -0,0 +1,32 @@
+#!/bin/sh
+set -eu
+
+REPO=${REPO:-git@github.com:kou029w/fogtype.com.git}
+REMOTE_HOST=${REMOTE_HOST:-fogtype.com}
+PACKAGES="docker-ce docker-compose-plugin tailscale"
+
+sudo apt-get update -qq
+DEBIAN_FRONTEND=noninteractive \
+  sudo apt-get install -y -qq git rsync
+
+git clone "${REPO}" "${HOME}/${REMOTE_HOST}" ||
+  git pull --rebase
+
+cd "${HOME}/${REMOTE_HOST}"
+
+sudo rsync -r etc/apt/keyrings/ /usr/share/keyrings/
+eval "$(apt-config shell APT_CONF_DIR 'Dir::Etc::parts/d')"
+sudo rsync -r etc/apt/apt.conf.d/ "${APT_CONF_DIR}"
+eval "$(apt-config shell APT_SOURCES_DIR 'Dir::Etc::sourceparts/d')"
+sudo rsync -r etc/apt/sources.list.d/ "${APT_SOURCES_DIR}"
+
+sudo rsync -r etc/docker/ /etc/docker/
+
+sudo apt-get update -qq
+# shellcheck disable=SC2086
+DEBIAN_FRONTEND=noninteractive \
+  sudo apt-get install -y -qq ${PACKAGES}
+
+sudo gpasswd -a "$(whoami)" docker
+
+cd -
				`@ -0,0 +1 @@`
				`Unattended-Upgrade::Allowed-Origins:: "Tailscale:*";`