81 lines
1.7 KiB
Markdown
81 lines
1.7 KiB
Markdown
# Netoïk Secrets Vault 
|
|
|
|
Build an RPM package which will install the secret vault manager called Vaultwarden with custom configuration.
|
|
|
|
- listen on port 8000
|
|
- reversed by nginx
|
|
- rely on postgres for database
|
|
|
|
|
|
# Development
|
|
|
|
A `Makefile` is integrated to let you run some basic commands.
|
|
|
|
- Display some information about the project
|
|
```shell
|
|
make help
|
|
make name
|
|
make version
|
|
make release
|
|
make arch
|
|
```
|
|
|
|
- Build a tarball:
|
|
```shell
|
|
make tarball
|
|
```
|
|
|
|
- Build an rpm package:
|
|
```shell
|
|
rpmbuild -ba netoik-vault.spec
|
|
```
|
|
|
|
- Upload rpm package to Gitea repository (env var `PKG_TOKEN` is required):
|
|
```shell
|
|
make upload
|
|
```
|
|
|
|
|
|
# CI / CD
|
|
|
|
Two workflows are set up.
|
|
|
|
- Continuous Integration:
|
|
- triggered by each push event on branch `main`
|
|
- builds tarball
|
|
- builds rpm package
|
|
|
|
- Continuous Delivery:
|
|
- triggered by each tag push event
|
|
- builds tarball
|
|
- builds rpm package
|
|
- uploads rpm package to repository
|
|
|
|
|
|
# Deployment
|
|
|
|
Some commands to deploy the RPM package on server
|
|
|
|
- Add Gitea repo to your repo list:
|
|
```shell
|
|
dnf config-manager --add-repo https://git.netoik.io/api/packages/netoik/rpm.repo
|
|
dnf repolist | grep gitea-netoik
|
|
```
|
|
|
|
- Show available versions:
|
|
```shell
|
|
dnf --refresh search --showduplicates netoik-vault
|
|
```
|
|
|
|
- Install or upgrade package:
|
|
```shell
|
|
dnf --nogpgcheck --refresh --assumeyes --best install netoik-vault
|
|
```
|
|
|
|
|
|
# Security Notes
|
|
|
|
For security reasons, act runners does not have sudo privileges and so there is:
|
|
- **no** Continuous Deployment because act runners cannot use `dnf`
|
|
- **no** GPG signing because act runners cannot use `gpg`
|