enricobuehler
76dabef23d
Mirror played/workflows build-deploy-game.yml so a freshly provisioned
unom-1 box self-installs the website repo on first deploy instead of
failing on a missing ~/unom-website checkout.
Before `cd ~/unom-website` the remote ssh script now:
- installs git if absent (deploy user has NOPASSWD sudo)
- clones the repo if ~/unom-website/.git is missing, reusing the
existing REGISTRY_USER / REGISTRY_TOKEN secrets
Registry creds are passed into the remote shell via appleboy/ssh-action
`envs:` and consumed from the environment (docker login now uses
--password-stdin), so the token is never interpolated into the script
text / run log / process args.
Refs task #27.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@unom/website
The unom.io marketing site. TanStack Start + Bun, deployed to home-main-2.
Development
bun install
bun run dev
Visit http://localhost:3000.
Production
The repo is built into a container image (git.unom.io/unom/website) by Gitea
Actions on push to main, then deployed via SSH to home-main-2. The
container listens on port 3000 inside the network and is exposed on host port
3200, which Caddy on home-reverse-proxy-1 reverse-proxies for unom.io and
www.unom.io.
Run the production image locally:
docker compose -f compose.production.yml pull
docker compose -f compose.production.yml up -d
Required CI secrets
Set on the unom/website repo in Gitea Actions:
| Secret | Purpose |
|---|---|
REGISTRY_USER / REGISTRY_TOKEN |
Push to git.unom.io container registry |
DEPLOY_HOST / DEPLOY_USER / DEPLOY_PORT / DEPLOY_SSH_KEY |
SSH target on home-main-2 (private key matching the unom-ci-deploy authorized key) |