diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e1a0c89..455cd60 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -2,11 +2,13 @@ name: deploy concurrency: fogtype.com on: push: - branches: [main] + branches: + - main jobs: main: runs-on: ubuntu-latest steps: - run: install -m 700 -d ~/.ssh - run: install -m 600 <(echo '${{ secrets.DEPLOY_KEY }}') ~/.ssh/deploy_key - - run: ssh -i ~/.ssh/deploy_key -o 'StrictHostKeyChecking no' kou029w@fogtype.com 'sh -c "cd ~/fogtype.com && git pull --rebase && docker compose up --detach --remove-orphans"' + - run: install -m 600 <(echo '${{ secrets.KNOWN_HOSTS }}') ~/.ssh/known_hosts + - run: make deploy diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e85ae28 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.deploy_key +.deploy_key.pub +.known_hosts diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8b3ee38 --- /dev/null +++ b/Makefile @@ -0,0 +1,39 @@ +REMOTE_USER := nebel +REMOTE_HOST := fogtype.com + +.PHONY: help +help: + @cat README.md + +.PHONY: deploy +deploy: + ssh $(REMOTE_USER)@$(REMOTE_HOST) <$@ + +.PHONY: install +install: .deploy_key .known_hosts + ssh-copy-id -i .deploy_key.pub $(REMOTE_USER)@$(REMOTE_HOST) + scp install $(REMOTE_USER)@$(REMOTE_HOST):install + ssh -t $(REMOTE_USER)@$(REMOTE_HOST) '\ + ssh-keygen -t ed25519; \ + cat ~/.ssh/id_ed25519.pub; \ + ./install; \ + rm install; \ + ' + +.deploy_key: + ssh-keygen -t ed25519 -C deploy_key -f $@ + +.known_hosts: + ssh-keyscan -t ed25519 -H $(REMOTE_HOST) >$@ + +.PHONY: keyrings +keyrings: \ + etc/apt/keyrings/docker-archive-keyring.gpg \ + etc/apt/keyrings/tailscale-archive-keyring.gpg \ + +etc/apt/keyrings/docker-archive-keyring.gpg: + curl -sSf --tlsv1.3 https://download.docker.com/linux/ubuntu/gpg \ + | gpg --dearmor >$@ + +etc/apt/keyrings/tailscale-archive-keyring.gpg: + curl -sSf --tlsv1.3 -o $@ https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg diff --git a/README.md b/README.md index 4cf2d78..2ec3bd4 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,19 @@ # Fogtype -## 前提 +## Runner Registration -- Docker Compose -- systemd -- systemd-journald - -Git リポジトリを取得し、設定ファイルを配置 - -```bash -ssh kou029w@fogtype.com -git clone git@github.com:kou029w/fogtype.com.git -cd fogtype.com -sudo install -m 644 {,/}etc/docker/daemon.json -sudo systemctl restart docker +``` +$ make install ``` -## 構築 +secrets.DEPLOY_KEY +: SSH identity file + +secrets.KNOWN_HOSTS +: SSH known_hosts file + +## Deploy -```sh -docker compose up -d +``` +$ make deploy ``` diff --git a/compose.yml b/compose.yml index d0b5ddb..d9f4d5f 100644 --- a/compose.yml +++ b/compose.yml @@ -1,4 +1,4 @@ -name: keiunet +name: fogtype services: https: image: caddy:2.8.4-alpine@sha256:221bcf3be161b0d856bdb7bea76b42386d732d19348f79692404829532d83f4a diff --git a/deploy b/deploy new file mode 100755 index 0000000..135de31 --- /dev/null +++ b/deploy @@ -0,0 +1,9 @@ +#!/bin/sh +set -eu + +cd "${HOME}/${REMOTE_HOST:-fogtype.com}" + +git pull --rebase +docker compose up --detach --remove-orphans + +cd - diff --git a/etc/apt/apt.conf.d/99-tailscale b/etc/apt/apt.conf.d/99-tailscale new file mode 100644 index 0000000..b22c023 --- /dev/null +++ b/etc/apt/apt.conf.d/99-tailscale @@ -0,0 +1 @@ +Unattended-Upgrade::Allowed-Origins:: "Tailscale:*"; diff --git a/etc/apt/keyrings/docker-archive-keyring.gpg b/etc/apt/keyrings/docker-archive-keyring.gpg new file mode 100644 index 0000000..e5dc8cf Binary files /dev/null and b/etc/apt/keyrings/docker-archive-keyring.gpg differ diff --git a/etc/apt/keyrings/tailscale-archive-keyring.gpg b/etc/apt/keyrings/tailscale-archive-keyring.gpg new file mode 100644 index 0000000..603538d Binary files /dev/null and b/etc/apt/keyrings/tailscale-archive-keyring.gpg differ diff --git a/etc/apt/sources.list.d/docker.sources b/etc/apt/sources.list.d/docker.sources new file mode 100644 index 0000000..d9f6861 --- /dev/null +++ b/etc/apt/sources.list.d/docker.sources @@ -0,0 +1,5 @@ +Types: deb +URIs: https://download.docker.com/linux/ubuntu +Suites: noble +Components: stable +Signed-By: /usr/share/keyrings/docker-archive-keyring.gpg diff --git a/etc/apt/sources.list.d/tailscale.sources b/etc/apt/sources.list.d/tailscale.sources new file mode 100644 index 0000000..ac1a087 --- /dev/null +++ b/etc/apt/sources.list.d/tailscale.sources @@ -0,0 +1,5 @@ +Types: deb +URIs: https://pkgs.tailscale.com/stable/ubuntu +Suites: noble +Components: main +Signed-By: /usr/share/keyrings/tailscale-archive-keyring.gpg diff --git a/etc/docker/daemon.json b/etc/docker/daemon.json index b73dceb..fe3a9bc 100644 --- a/etc/docker/daemon.json +++ b/etc/docker/daemon.json @@ -1,4 +1,3 @@ { - "live-restore": true, "log-driver": "journald" } diff --git a/install b/install new file mode 100755 index 0000000..facd977 --- /dev/null +++ b/install @@ -0,0 +1,32 @@ +#!/bin/sh +set -eu + +REPO=${REPO:-git@github.com:kou029w/fogtype.com.git} +REMOTE_HOST=${REMOTE_HOST:-fogtype.com} +PACKAGES="docker-ce docker-compose-plugin tailscale" + +sudo apt-get update -qq +DEBIAN_FRONTEND=noninteractive \ + sudo apt-get install -y -qq git rsync + +git clone "${REPO}" "${HOME}/${REMOTE_HOST}" || + git pull --rebase + +cd "${HOME}/${REMOTE_HOST}" + +sudo rsync -r etc/apt/keyrings/ /usr/share/keyrings/ +eval "$(apt-config shell APT_CONF_DIR 'Dir::Etc::parts/d')" +sudo rsync -r etc/apt/apt.conf.d/ "${APT_CONF_DIR}" +eval "$(apt-config shell APT_SOURCES_DIR 'Dir::Etc::sourceparts/d')" +sudo rsync -r etc/apt/sources.list.d/ "${APT_SOURCES_DIR}" + +sudo rsync -r etc/docker/ /etc/docker/ + +sudo apt-get update -qq +# shellcheck disable=SC2086 +DEBIAN_FRONTEND=noninteractive \ + sudo apt-get install -y -qq ${PACKAGES} + +sudo gpasswd -a "$(whoami)" docker + +cd -