Netoïk Secrets Vault 
Build an RPM package which will install the secret vault manager called Vaultwarden with custom configuration.
- listen on port 8000
- reversed by nginx
- rely on postgres for database
Development
A Makefile is integrated to let you run some basic commands.
-
Display some information about the project
make help make name make version make release make arch -
Build a tarball:
make tarball -
Build an rpm package:
rpmbuild -ba netoik-vault.spec -
Upload rpm package to Gitea repository (env var
PKG_TOKENis required):make upload
CI / CD
Two workflows are set up.
-
Continuous Integration:
- triggered by each push event on branch
main - builds tarball
- builds rpm package
- triggered by each push event on branch
-
Continuous Delivery:
- triggered by each tag push event
- builds tarball
- builds rpm package
- uploads rpm package to repository
Deployment
Some commands to deploy the RPM package on server
-
Add Gitea repo to your repo list:
dnf config-manager --add-repo https://git.netoik.io/api/packages/netoik/rpm.repo dnf repolist | grep gitea-netoik -
Show available versions:
dnf --refresh search --showduplicates netoik-vault -
Install or upgrade package:
dnf --nogpgcheck --refresh --assumeyes --best install netoik-vault
Security Notes
For security reasons, act runners does not have sudo privileges and so there is:
- no Continuous Deployment because act runners cannot use
dnf - no GPG signing because act runners cannot use
gpg