feat(deploy): add full CD pipeline infrastructure for DeepDrftHome
Four Gitea workflows (deploy-public, deploy-manager, deploy-api, package-install) and a complete deploy/ folder: bootstrap, install, ssh-wrapper, three deploy scripts, setup-step10-creds, three systemd user units, two nginx vhost templates. Models Skipper's deploy infrastructure with key deviations: flat csproj paths, dual PostgreSQL databases, FileDatabase vault directory (never touched on deploy), EF bundle covers DeepDrftContext only (AuthBlocks self-migrates at boot), deploy-api reads DB connection from host credentials not CI args.
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
[Unit]
|
||||
Description=DeepDrft API — dual-database authority (track metadata + FileDatabase + AuthBlocks)
|
||||
After=network-online.target postgresql.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
|
||||
WorkingDirectory=%h/api/deepdrft/bin
|
||||
ExecStart=%h/api/deepdrft/bin/DeepDrftAPI
|
||||
|
||||
# Non-secret config — hardcoded; no plaintext file needed.
|
||||
Environment=ASPNETCORE_ENVIRONMENT=Production
|
||||
Environment=ASPNETCORE_URLS=http://localhost:5002
|
||||
|
||||
# Secrets — loaded at startup into $CREDENTIALS_DIRECTORY/.
|
||||
# Files live at %h/.config/credentials/ (deepdrft:deepdrft 600).
|
||||
#
|
||||
# LoadCredential ids (left of colon) MUST exactly match CredentialTools.ResolvePathOrThrow
|
||||
# keys in the application code. Wrong id -> service throws on startup.
|
||||
# filedatabase -> FileDatabaseSettings.VaultPath
|
||||
# apikey -> ApiKeySettings.ApiKey
|
||||
# connections -> ConnectionStrings.DefaultConnection + .Auth (two PG databases)
|
||||
# authblocks -> AuthBlocks JWT / Email / Admin config
|
||||
LoadCredential=filedatabase:%h/.config/credentials/filedatabase.json
|
||||
LoadCredential=apikey:%h/.config/credentials/apikey.json
|
||||
LoadCredential=connections:%h/.config/credentials/connections.json
|
||||
LoadCredential=authblocks:%h/.config/credentials/authblocks.json
|
||||
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
SyslogIdentifier=deepdrftapi
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
Reference in New Issue
Block a user