ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aaaae09bd2b3fbb99c591e0508117723978ae859
ROLAC/deploy/nas
T
History
Chris Chen f55807fa7d wip
2026-06-20 15:13:23 -07:00
..
nginx/conf.d
wip
2026-06-20 15:13:23 -07:00
docker-compose.yml
wip
2026-06-20 15:13:23 -07:00
README.md
wip
2026-06-20 15:13:23 -07:00

README.md

Deploy to Synology NAS (Container Manager) — LAN / HTTP

Target: run the ROLAC stack on a Synology NAS, reachable on the LAN at http://<nas-ip>:8080, with images built & pushed to the local Gitea registry (git.golife.love, same NAS) and auto-deployed by a Gitea act_runner on push to main.

browser (LAN)  ->  http://<nas-ip>:8080
                        │  nginx edge (container, 8080->80)
                        ├── /        -> app  container (Angular static)
                        └── /api/    -> api  container (ASP.NET, :8080)
api  ──> existing PostgreSQL @ 192.168.68.55:49154   (not containerized)

Differences vs the Azure plan: no TLS/certbot, edge on 8080 (DSM owns 80/443), reuse the LAN database, deploy via the on-NAS runner (no SSH).

One-time NAS setup

  1. Deploy dir + secrets (via SSH or File Station):

    mkdir -p /volume1/docker/rolac/nginx/conf.d /volume1/docker/rolac/data/api-storage
cp /path/to/repo/deploy/nas/.env.example /volume1/docker/rolac/.env
# edit /volume1/docker/rolac/.env  -> real DB user/password + JWT_SECRET + APP_ORIGIN

  2. Registry token — in Gitea: Settings → Applications → new token with read:package + write:package. Log the NAS Docker in once:

    docker login git.golife.love -u ChrisChen   # paste the token

  3. Install the act_runner on the NAS (Container Manager → Registry → gitea/act_runner, or docker run). It must:

    • mount the host Docker socket: -v /var/run/docker.sock:/var/run/docker.sock
    • mount the deploy dir at the same path: -v /volume1/docker/rolac:/volume1/docker/rolac
    • register against Gitea with the label nas (this is what runs-on: nas targets).

    Get a registration token in Gitea: Site/Repo → Settings → Actions → Runners → "Create new runner". Example:

    docker run -d --restart unless-stopped --name rolac-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /volume1/docker/rolac:/volume1/docker/rolac \
  -e GITEA_INSTANCE_URL=https://git.golife.love \
  -e GITEA_RUNNER_REGISTRATION_TOKEN=<token> \
  -e GITEA_RUNNER_LABELS=nas \
  gitea/act_runner:latest

  4. Gitea repo secrets (Settings → Actions → Secrets):

    • REGISTRY_USER = ChrisChen
    • REGISTRY_TOKEN = the package token from step 2

  5. Enable Actions for the repo if not already (Settings → Advanced → Actions).

Day-to-day

git push to main.gitea/workflows/ci-cd-nas.yml runs: test → build both images → push to registry → sync compose/nginx → docker compose up -d → health check.

Open http://<nas-ip>:8080 and log in.

Manual deploy (no runner yet)

From a machine with Docker + docker login git.golife.love:

# repo root, build + push (uses deploy/build-push.ps1)
.\deploy\build-push.ps1

Then on the NAS:

cd /volume1/docker/rolac
docker compose up -d
curl -fsS http://localhost:8080/api/health

Notes

  • First boot runs DB migrations against 192.168.68.55 automatically (Program.cs calls MigrateAsync() + seed). Make sure the DB user has DDL rights; back up before the first run.
  • Bind-mount paths: the runner deploys by running compose at /volume1/docker/rolac on the host (socket-mounted), so ./nginx/conf.d and ./data resolve to real NAS paths — that's why the runner mounts that dir at the same path.
  • Uploaded files persist under /volume1/docker/rolac/data/api-storage.
  • To expose beyond the LAN later, put it behind DSM's reverse proxy (Application Portal) or switch to the Azure deploy/ files with certbot.
Reference in New Issue View Git Blame Copy Permalink