ilia
de49b34cdc
Some checks failed
CI / skip-ci-check (pull_request) Successful in 6s
CI / lint-and-test (pull_request) Failing after 9s
CI / ansible-validation (pull_request) Failing after 6s
CI / secret-scanning (pull_request) Successful in 5s
CI / dependency-scan (pull_request) Successful in 8s
CI / sast-scan (pull_request) Failing after 5s
CI / license-check (pull_request) Successful in 11s
CI / vault-check (pull_request) Failing after 6s
CI / playbook-test (pull_request) Failing after 6s
CI / container-scan (pull_request) Failing after 6s
CI / sonar-analysis (pull_request) Failing after 2s
CI / workflow-summary (pull_request) Successful in 4s
Document pve10 static IPs, monitoring stack, and site LXCs; add portfolio to inventory; Mailcow mailbox automation; vault import/export scripts; security audit guides and UniFi DHCP reference. Co-authored-by: Cursor <cursoragent@cursor.com>
2.2 KiB
2.2 KiB
Site LXCs — git deploy (caseware / auto / portfolio)
Remotes (correct)
Use git.levkin.ca, not 10.0.30.169:
git@git.levkin.ca:ilia/caseware.git
git@git.levkin.ca:ilia/auto.git
git@git.levkin.ca:ilia/sdetProfile.git
Gitea VM is 10.0.10.169 on pve10. Public git.levkin.ca:22 hits your home IP and is closed; git SSH uses LAN IP via ~/.ssh/config.
SSH config (on site LXC, as root)
# /root/.ssh/config
Host git.levkin.ca
HostName 10.0.10.169
User git
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking accept-new
Deploy keys
Each LXC should use its own deploy key in Gitea (Repo → Settings → Deploy Keys). Gitea allows a public key only once per server — if you see “already been added to the server”, generate a repo-specific key:
# On portfolio LXC 219 (via pve10)
pct exec 219 -- cat /root/.ssh/id_ed25519_gitea.pub
Portfolio uses ~/.ssh/id_ed25519_gitea in /root/.ssh/config for Host git.levkin.ca (IdentitiesOnly yes).
| LXC | Repo | Key file / comment |
|---|---|---|
| 215 | caseware | ~/.ssh/id_ed25519 → root@caseware |
| 216 | auto | ~/.ssh/id_ed25519 → root@auto |
| 219 | sdetProfile | ~/.ssh/id_ed25519_gitea → deploy-portfolio-sdetProfile |
Push / pull
# On LXC (via pve10)
pct exec 215 -- bash -c 'cd /var/www/caseware && git pull origin main && git push origin main'
pct exec 216 -- bash -c 'cd /var/www/auto && git pull origin master && git push origin master'
pct exec 219 -- bash -c 'cd /var/www/portfolio && git pull origin master && git push origin master'
After editing index.html, commit on the LXC, push, then hard-refresh the public site.
Gitea VM SSH (git@10.0.10.169)
If deploy keys fail after adding them in the UI:
- Keys live in
/var/lib/gitea/.ssh/authorized_keys(regenerated by Gitea). - OpenSSH logs in as user
git— copy/sync that file to/home/git/.ssh/authorized_keys(chown git:git, mode600). command=must rungitea servas usergitea(e.g.sudo -n -E -u gitea /usr/bin/gitea …) withSSH_ORIGINAL_COMMANDpreserved in sudoers.
Portfolio uses repo path ilia/sdetprofile (lowercase on disk).