Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic exhumation #88

Open
1 of 3 tasks
ForNeVeR opened this issue Feb 2, 2020 · 4 comments
Open
1 of 3 tasks

Automatic exhumation #88

ForNeVeR opened this issue Feb 2, 2020 · 4 comments
Assignees
@ForNeVeR
Labels
kind:infrastructure

Comments

@ForNeVeR
Copy link
Member

ForNeVeR commented Feb 2, 2020
edited
Loading

Keter should be exhumated automatically to keter.codingteam.org.ru or something like that.

Depends on:
@ForNeVeR ForNeVeR self-assigned this Feb 2, 2020
@ForNeVeR
Copy link
Member Author

ForNeVeR commented Nov 8, 2020
edited
Loading

Alright, we'll serve the application from our main web host (codingteam.org.ru), and will build and push it via GitHub actions. Here's the plan:

  1. Add a special user to ctor who'll only be owner of one directory (say, /opt/codingteam/keter)
  2. Create an SSH key for that user
  3. Allow this user to log-in remotely and perform the only task: rsync to that directory, as described here
  4. Set up nginx to serve the data from that directory via keter subdomain
  5. Set up a GitHub Actions job that will build Keter and deploy it via SSH+rsync (that will require us to upload the SSH key to GitHub Actions, but that's okay: even if it is compromised, we'll only lose some static web content)

@Minoru, does the above sounds right?

@ForNeVeR
Copy link
Member Author

ForNeVeR commented Nov 8, 2020
edited
Loading

And the terminal requirement for myself is that the whole setup should be automated. I don't want to twiddle with file ownership, users or SSH keys manually.

@Minoru
Copy link
Member

Minoru commented Nov 8, 2020

Yep, that sounds right!

Add a special user to ctor who'll only be owner of one directory (say, /opt/codingteam/keter)

Note that you can achieve that by making /opt/codingteam/keter the home directory of that user. I don't think it adds any security, but it makes it slightly easier to figure out the relationship between directories and users: even if you bork the permissions and ownership, you can still grep /etc/passwd and figure stuff out.

@ForNeVeR
Copy link
Member Author

ForNeVeR commented Nov 8, 2020
edited
Loading

This task is currently blocked on:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ForNeVeR ForNeVeR

Labels
kind:infrastructure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ForNeVeR @Minoru