feat(deploy): add full CD pipeline infrastructure for DeepDrftHome

Four Gitea workflows (deploy-public, deploy-manager, deploy-api,
package-install) and a complete deploy/ folder: bootstrap, install,
ssh-wrapper, three deploy scripts, setup-step10-creds, three systemd
user units, two nginx vhost templates. Models Skipper's deploy
infrastructure with key deviations: flat csproj paths, dual PostgreSQL
databases, FileDatabase vault directory (never touched on deploy), EF
bundle covers DeepDrftContext only (AuthBlocks self-migrates at boot),
deploy-api reads DB connection from host credentials not CI args.
This commit is contained in:
daniel-c-harvey
2026-06-04 10:45:50 -04:00
parent 0d85f23f0e
commit 9bb11e47c7
16 changed files with 1590 additions and 0 deletions
+37
View File
@@ -0,0 +1,37 @@
[Unit]
Description=DeepDrft API — dual-database authority (track metadata + FileDatabase + AuthBlocks)
After=network-online.target postgresql.service
Wants=network-online.target
[Service]
Type=simple
Restart=always
RestartSec=5
WorkingDirectory=%h/api/deepdrft/bin
ExecStart=%h/api/deepdrft/bin/DeepDrftAPI
# Non-secret config — hardcoded; no plaintext file needed.
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=ASPNETCORE_URLS=http://localhost:5002
# Secrets — loaded at startup into $CREDENTIALS_DIRECTORY/.
# Files live at %h/.config/credentials/ (deepdrft:deepdrft 600).
#
# LoadCredential ids (left of colon) MUST exactly match CredentialTools.ResolvePathOrThrow
# keys in the application code. Wrong id -> service throws on startup.
# filedatabase -> FileDatabaseSettings.VaultPath
# apikey -> ApiKeySettings.ApiKey
# connections -> ConnectionStrings.DefaultConnection + .Auth (two PG databases)
# authblocks -> AuthBlocks JWT / Email / Admin config
LoadCredential=filedatabase:%h/.config/credentials/filedatabase.json
LoadCredential=apikey:%h/.config/credentials/apikey.json
LoadCredential=connections:%h/.config/credentials/connections.json
LoadCredential=authblocks:%h/.config/credentials/authblocks.json
StandardOutput=journal
StandardError=journal
SyslogIdentifier=deepdrftapi
[Install]
WantedBy=default.target