commit 3e61e70f36dd1c052710738d7d83b0996a038991 Author: Sebastian Serfling Date: Wed May 6 18:02:41 2026 +0000 Initial: Hugo + Terraform Staging/Production Pipeline diff --git a/.gitea/workflows/production.yml b/.gitea/workflows/production.yml new file mode 100644 index 0000000..e1fd076 --- /dev/null +++ b/.gitea/workflows/production.yml @@ -0,0 +1,32 @@ +name: Deploy Production + +on: + push: + tags: + - "v*" + +jobs: + production: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: SSH Key einrichten + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key + chmod 600 ~/.ssh/deploy_key + echo "${{ secrets.PROD_HOST_KEY }}" >> ~/.ssh/known_hosts + + - name: Hugo Build + run: hugo --minify --source ./hugo + + - name: Deploy auf Production + run: | + rsync -az --delete \ + -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \ + ./hugo/public/ \ + root@${{ secrets.PROD_IP }}:/var/www/html/ diff --git a/.gitea/workflows/staging.yml b/.gitea/workflows/staging.yml new file mode 100644 index 0000000..71a3dbe --- /dev/null +++ b/.gitea/workflows/staging.yml @@ -0,0 +1,47 @@ +name: Deploy Staging + +on: + push: + branches: + - main + +jobs: + staging: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Terraform Init & Apply (Staging LXC) + working-directory: terraform + run: | + terraform init + terraform apply -auto-approve \ + -var="proxmox_host=${{ secrets.PROXMOX_HOST }}" \ + -var="proxmox_token_id=${{ secrets.PROXMOX_TOKEN_ID }}" \ + -var="proxmox_token_secret=${{ secrets.PROXMOX_TOKEN_SECRET }}" \ + -var="proxmox_node=${{ secrets.PROXMOX_NODE }}" \ + -var="staging_ip=${{ secrets.STAGING_IP }}" \ + -var="staging_gw=${{ secrets.STAGING_GW }}" \ + -var="ssh_public_key=${{ secrets.DEPLOY_SSH_PUBKEY }}" + env: + TF_IN_AUTOMATION: "true" + + - name: SSH Key einrichten + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key + chmod 600 ~/.ssh/deploy_key + echo "${{ secrets.STAGING_HOST_KEY }}" >> ~/.ssh/known_hosts + + - name: Hugo Build + run: hugo --minify --source ./hugo + + - name: Deploy auf Staging + run: | + rsync -az --delete \ + -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \ + ./hugo/public/ \ + root@${{ secrets.STAGING_IP_PLAIN }}:/var/www/html/ diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ac3abae --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +hugo/public/ +hugo/resources/ +.hugo_build.lock +terraform/.terraform/ +terraform/*.tfstate +terraform/*.tfstate.backup +terraform/.terraform.lock.hcl +terraform/terraform.tfvars +*.tfvars diff --git a/README.md b/README.md new file mode 100644 index 0000000..1bf74c6 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# Webseite Stines – Hugo + Terraform GitOps + +## Workflow + +### Staging (automatisch bei Push auf `main`) +- Terraform prüft ob Staging-LXC existiert → erstellt ihn falls nicht +- Hugo baut die Site +- Deploy auf `staging.stines.de` + +### Production (bei Git Tag `v*`) +```bash +git tag v1.0.0 +git push origin v1.0.0 +``` +- Hugo baut die Site +- Deploy auf `stines.de` + +## Lokale Entwicklung +```bash +cd hugo +hugo server -D +``` diff --git a/hugo/content/posts/willkommen.md b/hugo/content/posts/willkommen.md new file mode 100644 index 0000000..1e417b4 --- /dev/null +++ b/hugo/content/posts/willkommen.md @@ -0,0 +1,7 @@ +--- +title: "Willkommen" +date: 2024-01-01 +draft: false +--- + +Willkommen auf der Website! diff --git a/hugo/hugo.toml b/hugo/hugo.toml new file mode 100644 index 0000000..9558d49 --- /dev/null +++ b/hugo/hugo.toml @@ -0,0 +1,17 @@ +baseURL = "https://stines.de/" +languageCode = "de-de" +title = "Stines Website" +theme = "" + +[params] + description = "Willkommen auf Stines Website" + +[menu] + [[menu.main]] + name = "Home" + url = "/" + weight = 1 + [[menu.main]] + name = "Blog" + url = "/posts/" + weight = 2 diff --git a/hugo/layouts/.gitkeep b/hugo/layouts/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/hugo/static/.gitkeep b/hugo/static/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/hugo/themes/.gitkeep b/hugo/themes/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..dbe2cc1 --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,62 @@ +terraform { + required_providers { + proxmox = { + source = "telmate/proxmox" + version = "~> 2.9" + } + } +} + +provider "proxmox" { + pm_api_url = var.proxmox_host + pm_api_token_id = var.proxmox_token_id + pm_api_token_secret = var.proxmox_token_secret + pm_tls_insecure = true +} + +resource "proxmox_lxc" "staging" { + target_node = var.proxmox_node + hostname = "hugo-staging" + ostemplate = var.lxc_ostemplate + unprivileged = true + start = true + onboot = false + + cores = 1 + memory = 512 + swap = 512 + + rootfs { + storage = var.lxc_storage + size = "8G" + } + + network { + name = "eth0" + bridge = "vmbr0" + ip = var.staging_ip + gw = var.staging_gw != "" ? var.staging_gw : null + } + + ssh_public_keys = var.ssh_public_key + + provisioner "remote-exec" { + inline = [ + "apt-get update -qq", + "apt-get install -y nginx", + "systemctl enable --now nginx", + "mkdir -p /var/www/html", + "chown -R www-data:www-data /var/www/html" + ] + connection { + type = "ssh" + user = "root" + private_key = file("~/.ssh/deploy_key") + host = self.network[0].ip + } + } +} + +output "staging_ip" { + value = proxmox_lxc.staging.network[0].ip +} diff --git a/terraform/terraform.tfvars.example b/terraform/terraform.tfvars.example new file mode 100644 index 0000000..59f20ba --- /dev/null +++ b/terraform/terraform.tfvars.example @@ -0,0 +1,9 @@ +proxmox_host = "https://192.168.1.10:8006/api2/json" +proxmox_token_id = "terraform@pve!deploy" +proxmox_token_secret = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +proxmox_node = "pve" +lxc_ostemplate = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" +lxc_storage = "local-lvm" +staging_ip = "192.168.1.50/24" +staging_gw = "192.168.1.1" +ssh_public_key = "ssh-ed25519 AAAA... gitea-runner-deploy" diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..b2d718a --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,50 @@ +variable "proxmox_host" { + description = "Proxmox API URL" + type = string +} + +variable "proxmox_token_id" { + description = "Proxmox API Token ID (user@realm!tokenid)" + type = string +} + +variable "proxmox_token_secret" { + description = "Proxmox API Token Secret" + type = string + sensitive = true +} + +variable "proxmox_node" { + description = "Ziel-Proxmox-Node" + type = string + default = "pve" +} + +variable "lxc_ostemplate" { + description = "Pfad zum LXC-Template" + type = string + default = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" +} + +variable "lxc_storage" { + description = "Storage fuer LXC rootfs" + type = string + default = "local-lvm" +} + +variable "staging_ip" { + description = "Statische IP fuer Staging-LXC (CIDR)" + type = string + default = "dhcp" +} + +variable "staging_gw" { + description = "Gateway fuer Staging-LXC" + type = string + default = "" +} + +variable "ssh_public_key" { + description = "SSH Public Key fuer den deploy-User im LXC" + type = string +}