|
|
|
@@ -36,11 +36,11 @@ No TLS yet — plain HTTP on port **8080**. Add Let's Encrypt later (see the Azu
|
|
|
|
|
|
|
|
|
|
1. **Deploy dir + secrets:**
|
|
|
|
|
```bash
|
|
|
|
|
sudo mkdir -p /opt/rolac/nginx/conf.d /opt/rolac/data/api-storage
|
|
|
|
|
sudo cp /path/to/repo/deploy/vm/.env.example /opt/rolac/.env
|
|
|
|
|
sudo nano /opt/rolac/.env # real DB user/password + JWT_SECRET + APP_ORIGIN
|
|
|
|
|
sudo mkdir -p /home/chris/docker/rolac/nginx/conf.d /home/chris/docker/rolac/data/api-storage
|
|
|
|
|
sudo cp /path/to/repo/deploy/vm/.env.example /home/chris/docker/rolac/.env
|
|
|
|
|
sudo nano /home/chris/docker/rolac/.env # real DB user/password + JWT_SECRET + APP_ORIGIN
|
|
|
|
|
```
|
|
|
|
|
Make sure the user the runner executes as can read/write `/opt/rolac`.
|
|
|
|
|
Make sure the user the runner executes as can read/write `/home/chris/docker/rolac`.
|
|
|
|
|
|
|
|
|
|
2. **Registry token** — in Gitea: Settings → Applications → new token with
|
|
|
|
|
`read:package` + `write:package`. Log Docker in once on the VM:
|
|
|
|
@@ -50,11 +50,11 @@ No TLS yet — plain HTTP on port **8080**. Add Let's Encrypt later (see the Azu
|
|
|
|
|
|
|
|
|
|
3. **Install act_runner on the VM** with the label **`ubuntu`** and access to the
|
|
|
|
|
host Docker. The runner must be able to run `dotnet`, `docker`, and
|
|
|
|
|
`docker compose`, and reach `/opt/rolac`:
|
|
|
|
|
`docker compose`, and reach `/home/chris/docker/rolac`:
|
|
|
|
|
```bash
|
|
|
|
|
docker run -d --restart unless-stopped --name rolac-runner \
|
|
|
|
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
|
|
|
|
-v /opt/rolac:/opt/rolac \
|
|
|
|
|
-v /home/chris/docker/rolac:/home/chris/docker/rolac \
|
|
|
|
|
-e GITEA_INSTANCE_URL=https://git.golife.love \
|
|
|
|
|
-e GITEA_RUNNER_REGISTRATION_TOKEN=<token> \
|
|
|
|
|
-e GITEA_RUNNER_LABELS=ubuntu \
|
|
|
|
@@ -92,10 +92,10 @@ On the VM, from a checkout of the repo:
|
|
|
|
|
docker login git.golife.love -u ChrisChen
|
|
|
|
|
docker build -t git.golife.love/chrischen/rolac-api:latest ./API
|
|
|
|
|
docker build -t git.golife.love/chrischen/rolac-app:latest ./APP
|
|
|
|
|
mkdir -p /opt/rolac/nginx/conf.d /opt/rolac/data/api-storage
|
|
|
|
|
cp deploy/vm/docker-compose.yml /opt/rolac/docker-compose.yml
|
|
|
|
|
cp deploy/vm/nginx/conf.d/rolac.conf /opt/rolac/nginx/conf.d/rolac.conf
|
|
|
|
|
cd /opt/rolac && docker compose up -d
|
|
|
|
|
mkdir -p /home/chris/docker/rolac/nginx/conf.d /home/chris/docker/rolac/data/api-storage
|
|
|
|
|
cp deploy/vm/docker-compose.yml /home/chris/docker/rolac/docker-compose.yml
|
|
|
|
|
cp deploy/vm/nginx/conf.d/rolac.conf /home/chris/docker/rolac/nginx/conf.d/rolac.conf
|
|
|
|
|
cd /home/chris/docker/rolac && docker compose up -d
|
|
|
|
|
curl -fsS http://localhost:8080/api/health
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
@@ -106,7 +106,7 @@ curl -fsS http://localhost:8080/api/health
|
|
|
|
|
- **First boot runs DB migrations** against `192.168.68.55` automatically
|
|
|
|
|
(`Program.cs` calls `MigrateAsync()` + seed). The VM must reach that host and the
|
|
|
|
|
DB user needs DDL rights; back up before the first run.
|
|
|
|
|
- **Uploaded files** persist under `/opt/rolac/data/api-storage`.
|
|
|
|
|
- **Uploaded files** persist under `/home/chris/docker/rolac/data/api-storage`.
|
|
|
|
|
- **Same Docker daemon for build + run** means `docker compose up` finds the freshly
|
|
|
|
|
built `:<sha>` images locally; `docker compose pull` is unnecessary here (but
|
|
|
|
|
harmless if you add it).
|
|
|
|
|
Chris Chen