# Site LXCs — git deploy (caseware / auto / portfolio) ## Remotes (correct) Use **`git.levkin.ca`**, not `10.0.30.169`: ``` git@git.levkin.ca:ilia/caseware.git git@git.levkin.ca:ilia/auto.git git@git.levkin.ca:ilia/sdetProfile.git ``` Gitea VM is **`10.0.10.169`** on pve10. Public `git.levkin.ca:22` hits your home IP and is **closed**; git SSH uses LAN IP via `~/.ssh/config`. ## SSH config (on site LXC, as root) ```ssh # /root/.ssh/config Host git.levkin.ca HostName 10.0.10.169 User git IdentityFile ~/.ssh/id_ed25519 StrictHostKeyChecking accept-new ``` ## Deploy keys Each LXC should use its **own** deploy key in Gitea (**Repo → Settings → Deploy Keys**). Gitea allows a public key only **once per server** — if you see *“already been added to the server”*, generate a repo-specific key: ```bash # On portfolio LXC 219 (via pve10) pct exec 219 -- cat /root/.ssh/id_ed25519_gitea.pub ``` Portfolio uses `~/.ssh/id_ed25519_gitea` in `/root/.ssh/config` for `Host git.levkin.ca` (`IdentitiesOnly yes`). | LXC | Repo | Key file / comment | |-----|------|---------------------| | 215 | caseware | `~/.ssh/id_ed25519` → `root@caseware` | | 216 | auto | `~/.ssh/id_ed25519` → `root@auto` | | 219 | sdetProfile | `~/.ssh/id_ed25519_gitea` → `deploy-portfolio-sdetProfile` | ## Push / pull ```bash # On LXC (via pve10) pct exec 215 -- bash -c 'cd /var/www/caseware && git pull origin main && git push origin main' pct exec 216 -- bash -c 'cd /var/www/auto && git pull origin master && git push origin master' pct exec 219 -- bash -c 'cd /var/www/portfolio && git pull origin master && git push origin master' ``` After editing `index.html`, commit on the LXC, push, then hard-refresh the public site. ## Gitea VM SSH (git@10.0.10.169) If deploy keys fail after adding them in the UI: 1. Keys live in `/var/lib/gitea/.ssh/authorized_keys` (regenerated by Gitea). 2. OpenSSH logs in as user **`git`** — copy/sync that file to **`/home/git/.ssh/authorized_keys`** (`chown git:git`, mode `600`). 3. `command=` must run **`gitea serv`** as user **`gitea`** (e.g. `sudo -n -E -u gitea /usr/bin/gitea …`) with `SSH_ORIGINAL_COMMAND` preserved in sudoers. Portfolio uses repo path **`ilia/sdetprofile`** (lowercase on disk).