search

codingteam / Keter

A roguelike game in the SCP setting.
https://codingteam.github.io/Keter/
MIT License
14 stars 5 forks source link

Automatic exhumation #88

Open ForNeVeR opened 4 years ago

ForNeVeR commented 4 years ago

Keter should be exhumated automatically to keter.codingteam.org.ru or something like that.

Depends on:

ForNeVeR commented 3 years ago

Alright, we'll serve the application from our main web host (codingteam.org.ru), and will build and push it via GitHub actions. Here's the plan:

  1. Add a special user to ctor who'll only be owner of one directory (say, /opt/codingteam/keter)
  2. Create an SSH key for that user
  3. Allow this user to log-in remotely and perform the only task: rsync to that directory, as described here
  4. Set up nginx to serve the data from that directory via keter subdomain
  5. Set up a GitHub Actions job that will build Keter and deploy it via SSH+rsync (that will require us to upload the SSH key to GitHub Actions, but that's okay: even if it is compromised, we'll only lose some static web content)

@Minoru, does the above sounds right?

ForNeVeR commented 3 years ago

And the terminal requirement for myself is that the whole setup should be automated. I don't want to twiddle with file ownership, users or SSH keys manually.

Minoru commented 3 years ago

Yep, that sounds right!

Add a special user to ctor who'll only be owner of one directory (say, /opt/codingteam/keter)

Note that you can achieve that by making /opt/codingteam/keter the home directory of that user. I don't think it adds any security, but it makes it slightly easier to figure out the relationship between directories and users: even if you bork the permissions and ownership, you can still grep /etc/passwd and figure stuff out.

ForNeVeR commented 3 years ago

This task is currently blocked on: