steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

remove all deploy-rs references from docs and config

Browse source 
- Update README, AGENTS.md, docs/index.md, docs/deployment/cd.md,
  docs/services/forgejo.md: replace deploy-rs with Comin everywhere
- Fix repo URL references (cryodev-server -> cryodev)
- Fix forgejo admin create command to use shell alias
- Rewrite cd.md for Comin-only deployment
This commit is contained in:
steffen 2026-03-14 14:52:30 +01:00
parent a4dfbdcd52
commit 4e36cca637
5 changed files with 49 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

130
docs/deployment/cd.md
View file

@ -1,121 +1,38 @@
# Continuous Deployment
The cryodev infrastructure uses two deployment strategies optimized for different host types.
All hosts use **Comin** (pull-based) for automatic deployment.
## Overview
| Host | Strategy | Tool | Trigger |
|------|----------|------|---------|
| `cryodev-main` | Push-based | deploy-rs | Git push via Forgejo Actions |
| `cryodev-pi` | Pull-based | Comin | Periodic polling |
| `cryodev-main` | Pull-based | Comin | Automatic polling |
| `cryodev-pi` | Pull-based | Comin | Automatic polling |
## Push-based Deployment (cryodev-main)
### How It Works
## How It Works
1. Developer pushes to `main` branch
2. Forgejo Actions workflow triggers
3. `deploy-rs` connects via SSH and deploys
2. CI (Forgejo Actions) runs flake-check and builds all hosts
3. Comin on each host periodically polls the Git repository
4. On changes, Comin builds and activates the new configuration
### Setup
#### 1. Generate Deploy Key
```bash
ssh-keygen -t ed25519 -f deploy_key -C "forgejo-actions"
```
#### 2. Add Public Key to Server
On `cryodev-main`:
```bash
echo "PUBLIC_KEY_CONTENT" >> /root/.ssh/authorized_keys
```
#### 3. Add Private Key to Forgejo
1. Go to Repository Settings > Secrets
2. Add secret named `DEPLOY_SSH_KEY`
3. Paste the private key content
#### 4. Workflow Configuration
`.forgejo/workflows/deploy.yaml`:
```yaml
name: Deploy
on:
push:
branches: [main]
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
- run: nix flake check
deploy:
needs: check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
- name: Setup SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
run: |
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan cryodev-main >> ~/.ssh/known_hosts
- name: Deploy
run: nix run github:serokell/deploy-rs -- .#cryodev-main
```
### Rollback
deploy-rs automatically rolls back if the new configuration fails health checks.
Manual rollback:
```bash
# List generations
sudo nix-env -p /nix/var/nix/profiles/system --list-generations
# Rollback to previous
sudo nixos-rebuild switch --rollback
```
## Pull-based Deployment (cryodev-pi)
### How It Works
1. Comin periodically polls the Git repository
2. On changes, it builds and activates the new configuration
3. Works through NAT without incoming connections
### Configuration
## Configuration
```nix
# hosts/cryodev-pi/services/comin.nix
# hosts/<hostname>/services/comin.nix
{
services.comin = {
enable = true;
remotes = [{
name = "origin";
url = "https://git.cryodev.xyz/steffen/cryodev-server.git";
url = "https://git.cryodev.xyz/steffen/cryodev.git";
branches.main.name = "main";
}];
};
}
```
### Monitoring
## Monitoring
Check Comin status:
@ -130,7 +47,7 @@ Force immediate update:
sudo systemctl restart comin
```
### Troubleshooting
## Troubleshooting
If Comin fails to build:
@ -140,23 +57,30 @@ sudo journalctl -u comin --since "1 hour ago"
# Manual build test
cd /var/lib/comin/repo
nix build .#nixosConfigurations.cryodev-pi.config.system.build.toplevel
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
```
## Rollback
```bash
# List generations
sudo nix-env -p /nix/var/nix/profiles/system --list-generations
# Rollback to previous
sudo nixos-rebuild switch --rollback
```
## Manual Deployment
For hosts not using automated deployment:
For initial setup or emergencies:
```bash
# Build locally
nix build .#nixosConfigurations.<hostname>.config.system.build.toplevel
# Using the deploy app
nix run .#deploy -- -n <hostname>
# Deploy with nixos-rebuild
# Or manually with nixos-rebuild
NIX_SSHOPTS="-p 2299" nixos-rebuild switch --flake .#<hostname> \
--target-host <user>@<hostname> --sudo --ask-sudo-password
# Or using deploy-rs
nix run github:serokell/deploy-rs -- .#<hostname>
```
## Testing Changes

4
docs/index.md
View file

@ -90,5 +90,5 @@ Für Raspberry Pi: [SD-Image Referenz](getting-started/sd-image.md)
| Host | Strategie | Tool | Beschreibung |
|------|-----------|------|--------------|
| `cryodev-main` | Push-basiert | deploy-rs via Forgejo Actions | Sofortige Updates bei Push |
| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Änderungen |
| `cryodev-main` | Pull-basiert | Comin | Pollt Repository auf Aenderungen |
| `cryodev-pi` | Pull-basiert | Comin | Pollt Repository auf Aenderungen |

39
docs/services/forgejo.md
View file

@ -75,44 +75,23 @@ forgejo-runner:
## CI/CD Workflows
### deploy-rs Workflow
CI runs on every push to `main` via Forgejo Actions:
`.forgejo/workflows/deploy.yaml`:
1. **flake-check** -- validates the flake
2. **build-hosts** -- builds all host configurations
```yaml
name: Deploy
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v24
- name: Deploy
env:
SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
run: |
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
nix run .#deploy
```
Deployment is handled by **Comin** (pull-based), not by CI.
See [CD documentation](../deployment/cd.md) for details.
## Administration
### Create Admin User
```bash
sudo -u forgejo forgejo admin user create \
--username admin \
--password changeme \
--email admin@cryodev.xyz \
forgejo admin user create \
--username <benutzername> \
--email <email>@<domain> \
--password <passwort> \
--admin
```