ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f55807fa7d42998185da137a975f03927bc8fb7d
ROLAC/deploy/nas/README.md
T
Chris Chen f55807fa7d wip
2026-06-20 15:13:23 -07:00

97 lines
3.6 KiB
Markdown
Raw Blame History

# Deploy to Synology NAS (Container Manager) — LAN / HTTP
Target: run the ROLAC stack on a Synology NAS, reachable on the LAN at
`http://<nas-ip>:8080`, with images built & pushed to the **local Gitea registry**
(`git.golife.love`, same NAS) and auto-deployed by a **Gitea act_runner** on push to `main`.
```
browser (LAN) -> http://<nas-ip>:8080
│ nginx edge (container, 8080->80)
├── / -> app container (Angular static)
└── /api/ -> api container (ASP.NET, :8080)
api ──> existing PostgreSQL @ 192.168.68.55:49154 (not containerized)
```
Differences vs the Azure plan: no TLS/certbot, edge on **8080** (DSM owns 80/443),
reuse the LAN database, deploy via the on-NAS runner (no SSH).
---
## One-time NAS setup
1. **Deploy dir + secrets** (via SSH or File Station):
```bash
mkdir -p /volume1/docker/rolac/nginx/conf.d /volume1/docker/rolac/data/api-storage
cp /path/to/repo/deploy/nas/.env.example /volume1/docker/rolac/.env
# edit /volume1/docker/rolac/.env -> real DB user/password + JWT_SECRET + APP_ORIGIN
```
2. **Registry token** — in Gitea: Settings → Applications → new token with
`read:package` + `write:package`. Log the NAS Docker in once:
```bash
docker login git.golife.love -u ChrisChen # paste the token
```
3. **Install the act_runner on the NAS** (Container Manager → Registry → `gitea/act_runner`,
or `docker run`). It must:
- mount the host Docker socket: `-v /var/run/docker.sock:/var/run/docker.sock`
- mount the deploy dir at the same path: `-v /volume1/docker/rolac:/volume1/docker/rolac`
- register against Gitea with the label **`nas`** (this is what `runs-on: nas` targets).
Get a registration token in Gitea: Site/Repo → Settings → Actions → Runners →
"Create new runner". Example:
```bash
docker run -d --restart unless-stopped --name rolac-runner \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /volume1/docker/rolac:/volume1/docker/rolac \
-e GITEA_INSTANCE_URL=https://git.golife.love \
-e GITEA_RUNNER_REGISTRATION_TOKEN=<token> \
-e GITEA_RUNNER_LABELS=nas \
gitea/act_runner:latest
```
4. **Gitea repo secrets** (Settings → Actions → Secrets):
- `REGISTRY_USER` = `ChrisChen`
- `REGISTRY_TOKEN` = the package token from step 2
5. **Enable Actions** for the repo if not already (Settings → Advanced → Actions).
---
## Day-to-day
`git push` to `main` → `.gitea/workflows/ci-cd-nas.yml` runs:
**test → build both images → push to registry → sync compose/nginx → `docker compose up -d` → health check.**
Open `http://<nas-ip>:8080` and log in.
---
## Manual deploy (no runner yet)
From a machine with Docker + `docker login git.golife.love`:
```powershell
# repo root, build + push (uses deploy/build-push.ps1)
.\deploy\build-push.ps1
```
Then on the NAS:
```bash
cd /volume1/docker/rolac
docker compose up -d
curl -fsS http://localhost:8080/api/health
```
---
## Notes
- **First boot runs DB migrations** against `192.168.68.55` automatically
(`Program.cs` calls `MigrateAsync()` + seed). Make sure the DB user has DDL rights;
back up before the first run.
- **Bind-mount paths**: the runner deploys by running compose at `/volume1/docker/rolac`
on the host (socket-mounted), so `./nginx/conf.d` and `./data` resolve to real NAS
paths — that's why the runner mounts that dir at the *same* path.
- **Uploaded files** persist under `/volume1/docker/rolac/data/api-storage`.
- To expose beyond the LAN later, put it behind DSM's reverse proxy (Application Portal)
or switch to the Azure `deploy/` files with certbot.
Reference in New Issue View Git Blame Copy Permalink