ilia
f0ff00a8dc
All checks were successful
CI / skip-ci-check (pull_request) Successful in 6s
CI / ansible-validation (pull_request) Successful in 46s
CI / lint-and-test (pull_request) Successful in 51s
CI / secret-scanning (pull_request) Successful in 6s
CI / dependency-scan (pull_request) Successful in 15s
CI / license-check (pull_request) Successful in 13s
CI / sast-scan (pull_request) Successful in 24s
CI / vault-check (pull_request) Successful in 11s
CI / container-scan (pull_request) Successful in 6s
CI / sonar-analysis (pull_request) Successful in 5s
CI / playbook-test (pull_request) Successful in 25s
CI / workflow-summary (pull_request) Successful in 4s
Inventory and Caddy playbook for levkin LXC 220; Makefile target caddy-levkin. Document git-ci-01 disk (64G), capacity 2, prune cron, and pve201 RAM limits in host_vars and homelab guides. Co-authored-by: Cursor <cursoragent@cursor.com>
2.9 KiB
2.9 KiB
Site LXCs — git deploy (levkin / caseware / auto / portfolio)
Remotes (correct)
Use git.levkin.ca, not 10.0.30.169:
git@git.levkin.ca:ilia/levkin.ca.git
git@git.levkin.ca:ilia/caseware.git
git@git.levkin.ca:ilia/auto.git
git@git.levkin.ca:ilia/sdetProfile.git
Gitea VM is 10.0.10.169 on pve10. Public git.levkin.ca:22 hits your home IP and is closed; git SSH uses LAN IP via ~/.ssh/config.
SSH config (on site LXC, as root)
# /root/.ssh/config
Host git.levkin.ca
HostName 10.0.10.169
User git
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking accept-new
Deploy keys
Each LXC should use its own deploy key in Gitea (Repo → Settings → Deploy Keys). Gitea allows a public key only once per server — if you see “already been added to the server”, generate a repo-specific key:
# On portfolio LXC 219 (via pve10)
pct exec 219 -- cat /root/.ssh/id_ed25519_gitea.pub
Portfolio uses ~/.ssh/id_ed25519_gitea in /root/.ssh/config for Host git.levkin.ca (IdentitiesOnly yes).
| LXC | Repo | Key file / comment |
|---|---|---|
| 215 | caseware | ~/.ssh/id_ed25519 → root@caseware |
| 216 | auto | ~/.ssh/id_ed25519 → root@auto |
| 219 | sdetProfile | ~/.ssh/id_ed25519_gitea → deploy-portfolio-sdetProfile |
| 220 | levkin.ca | ~/.ssh/id_ed25519_gitea → deploy-levkin-levkin.ca (add in Gitea UI) or HTTPS clone with read token |
levkin.ca routes (LXC 220)
| Public URL | Served from |
|---|---|
https://levkin.ca/ |
www/index.html (spec) |
https://levkin.ca/folders/ |
www/folders/ (stack-folder) |
Build before push:
cd ~/Documents/code/levkin.ca
npm run build:www
git add www/ && git commit -m "Rebuild www" && git push
On LXC:
pct exec 220 -- bash -c 'cd /var/www/levkin && git pull origin main'
Push / pull
# On LXC (via pve10)
pct exec 215 -- bash -c 'cd /var/www/caseware && git pull origin main && git push origin main'
pct exec 216 -- bash -c 'cd /var/www/auto && git pull origin master && git push origin master'
pct exec 219 -- bash -c 'cd /var/www/portfolio && git pull origin master && git push origin master'
pct exec 220 -- bash -c 'cd /var/www/levkin && git pull origin main'
After editing index.html, commit on the LXC, push, then hard-refresh the public site.
Gitea VM SSH (git@10.0.10.169)
If deploy keys fail after adding them in the UI:
- Keys live in
/var/lib/gitea/.ssh/authorized_keys(regenerated by Gitea). - OpenSSH logs in as user
git— copy/sync that file to/home/git/.ssh/authorized_keys(chown git:git, mode600). command=must rungitea servas usergitea(e.g.sudo -n -E -u gitea /usr/bin/gitea …) withSSH_ORIGINAL_COMMANDpreserved in sudoers.
Portfolio uses repo path ilia/sdetprofile (lowercase on disk).