feat: add basic files
This commit is contained in:
21
.gitea/workflows/cd.yaml
Normal file
21
.gitea/workflows/cd.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
name: Continuous Delivery
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v[0-9]+.[0-9]+.[0-9]+"
|
||||
|
||||
jobs:
|
||||
build_n_upload:
|
||||
runs-on: self-hosted
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
fetch-tags: true
|
||||
- run: make tarball
|
||||
- run: rpmbuild -ba "$(make name).spec"
|
||||
- run: make upload
|
||||
env:
|
||||
PKG_TOKEN: ${{ secrets.PKG_TOKEN }}
|
||||
|
||||
17
.gitea/workflows/ci.yaml
Normal file
17
.gitea/workflows/ci.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
name: Continuous Integration
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
lint_n_build:
|
||||
runs-on: self-hosted
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
fetch-tags: true
|
||||
- run: make tarball
|
||||
- run: rpmbuild -ba "$(make name).spec"
|
||||
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@@ -0,0 +1,3 @@
|
||||
*.swp
|
||||
*.env
|
||||
/.idea
|
||||
88
Makefile
Normal file
88
Makefile
Normal file
@@ -0,0 +1,88 @@
|
||||
NAME = netoik-vault
|
||||
VERSION = $(shell git describe --abbrev=0)
|
||||
RELEASE = $(shell git rev-parse --short HEAD)
|
||||
ARCH = noarch
|
||||
OWNER = netoik
|
||||
SUMMARY = "Netoïk Secrets Vault"
|
||||
LICENSE = "MIT"
|
||||
URL = "https://git.netoik.io/$(OWNER)/$(NAME)"
|
||||
SOURCE0 = "$(NAME)-$(VERSION)-$(RELEASE).tar.gz"
|
||||
|
||||
RPM_RPMDIR = $(shell rpm --eval '%{_rpmdir}')
|
||||
RPM_SBINDIR = $(shell rpm --eval '%{_sbindir}')
|
||||
RPM_SOURCEDIR = $(shell rpm --eval '%{_sourcedir}')
|
||||
RPM_SYSCONFDIR = $(shell rpm --eval '%{_sysconfdir}')
|
||||
RPM_UNITDIR = $(shell rpm --eval '%{_unitdir}')
|
||||
|
||||
RPM_TARBALL_PATH = $(RPM_SOURCEDIR)/$(SOURCE0)
|
||||
RPM_BUILD_PATH = $(RPM_RPMDIR)/$(ARCH)/$(NAME)-$(VERSION)-$(RELEASE).$(ARCH).rpm
|
||||
|
||||
.PHONY: help
|
||||
help:
|
||||
@grep -E '^[a-zA-Z0-9_-]+:.*?## .*' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||
|
||||
.PHONY: name
|
||||
name: ## Show project name
|
||||
@echo "$(NAME)"
|
||||
|
||||
.PHONY: version
|
||||
version: ## Show current project version
|
||||
@echo "$(VERSION)"
|
||||
|
||||
.PHONY: release
|
||||
release: ## Show current project release
|
||||
@echo "$(RELEASE)"
|
||||
|
||||
.PHONY: arch
|
||||
arch: ## Show rpm arch target
|
||||
@echo "$(ARCH)"
|
||||
|
||||
.PHONY: owner
|
||||
owner: ## Show project owner name
|
||||
@echo "$(OWNER)"
|
||||
|
||||
.PHONY: summary
|
||||
summary: ## Show project summary
|
||||
@echo "$(SUMMARY)"
|
||||
|
||||
.PHONY: license
|
||||
license: ## Show project license
|
||||
@echo "$(LICENSE)"
|
||||
|
||||
.PHONY: url
|
||||
url: ## Show project homepage URL
|
||||
@echo "$(URL)"
|
||||
|
||||
.PHONY: source0
|
||||
source0: ## Show rpm source0 file name
|
||||
@echo "$(SOURCE0)"
|
||||
|
||||
$(RPM_TARBALL_PATH): *
|
||||
git archive --format=tar.gz \
|
||||
--output="$@" \
|
||||
--prefix="$(NAME)-$(VERSION)/" \
|
||||
--verbose \
|
||||
HEAD
|
||||
|
||||
.PHONY: tarball
|
||||
tarball: $(RPM_TARBALL_PATH) ## Build rpm tarball
|
||||
|
||||
.PHONY: install
|
||||
install: ## Install files into rpm dest (requires env var DESTDIR)
|
||||
@if [ -z "$(DESTDIR)" ]; then \
|
||||
printf "[CRITICAL] Missing env var DESTDIR\n[CRITICAL] This command is designed to be called by rpmbuild only!\n" 1>&2; \
|
||||
exit 1; \
|
||||
fi
|
||||
install --mode=755 --directory $(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d $(DESTDIR)$(RPM_SYSCONFDIR)/certbot $(DESTDIR)$(RPM_UNITDIR) $(DESTDIR)$(RPM_SBINDIR)
|
||||
install --mode=644 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/nginx/conf.d files/nginx/0_security.conf files/nginx/z_default.conf
|
||||
install --mode=600 --target-directory=$(DESTDIR)$(RPM_SYSCONFDIR)/certbot files/certbot/ovh.ini
|
||||
install --mode=644 --target-directory=$(DESTDIR)$(RPM_UNITDIR) files/systemd/certbot-renew.service files/systemd/certbot-renew.timer
|
||||
install --mode=755 --target-directory=$(DESTDIR)$(RPM_SBINDIR) files/sbin/certbot_renew
|
||||
|
||||
.PHONY: upload
|
||||
upload: ## Upload rpm package to Gitea repository (requires env var PKG_TOKEN)
|
||||
@if [ -z "$(PKG_TOKEN)" ]; then \
|
||||
printf "[CRITICAL] Missing env var PKG_TOKEN\n[CRITICAL] This command is designed to be called by Gitea Actions only!\n" 1>&2; \
|
||||
exit 1; \
|
||||
fi
|
||||
curl --fail-with-body --upload-file "$(RPM_BUILD_PATH)" --user "$(OWNER):$(PKG_TOKEN)" https://git.netoik.io/api/packages/$(OWNER)/rpm/upload
|
||||
35
netoik-vault.spec
Normal file
35
netoik-vault.spec
Normal file
@@ -0,0 +1,35 @@
|
||||
%define debug_package %{nil}
|
||||
|
||||
Name: %(make name)
|
||||
Version: %(make version)
|
||||
Release: %(make release)
|
||||
Summary: %(make summary)
|
||||
License: %(make license)
|
||||
URL: %(make url)
|
||||
|
||||
Source0: %(make source0)
|
||||
Buildarch: %(make arch)
|
||||
BuildRequires: make
|
||||
Requires: netoik-rp netoik-db vaultwarden
|
||||
|
||||
%description
|
||||
Install the secrets vault called vaultwarden with a predefined configuration.
|
||||
|
||||
%prep
|
||||
%autosetup -v
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
%post
|
||||
# Restart services
|
||||
systemctl daemon-reload
|
||||
systemctl reenable nginx.service vaultwarden.service
|
||||
systemctl restart nginx.service vaultwarden.service
|
||||
|
||||
%postun
|
||||
|
||||
%files
|
||||
|
||||
%changelog
|
||||
%autochangelog
|
||||
Reference in New Issue
Block a user