www/blog
1
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity Actions

feat: Add deployment to a staging environment

Browse source 
Added staging.nginx.nix modeled on prod.nginx.nix, configuring nginx as a
local staging server. Updated deploy.sh to target either staging or prod
over SSH. Consolidated shared configuration between the two nginx nix
files and between the staging and prod deploy paths in deploy.sh.
This commit is contained in:
Matthew Binning 2026-01-01 16:44:54 -08:00
parent a754bf5001
commit bd24208274
4 changed files with 161 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

87
deploy.sh
View file

@ -1,15 +1,92 @@
#!/usr/bin/env sh #!/usr/bin/env sh
sudo cp -rt /srv/www/binning.net \ set -e
# Usage information
usage() {
printf "Usage: %s [staging|prod]\n\n staging - Deploy to local staging environment (/srv/www/stage.binning.net)\n prod - Deploy to production server via SSH (www.binning.net)\n\nExample:\n %s staging\n %s prod\n" "$0" "$0" "$0"
exit 1
}
# Check if argument provided
if [ $# -eq 0 ]; then
printf "Error: No environment specified\n"
usage
fi
ENV=$1
case $ENV in
staging)
printf "Deploying to STAGING environment...\n"
STAGING_PATH="/srv/www/stage.binning.net"
# Create staging directory if it doesn't exist
sudo mkdir -p ${STAGING_PATH}
# Deploy website files via rsync
printf "Deploying website files...\n"
sudo rsync -av --delete \
blog \ blog \
includes \ includes \
index.html \ index.html \
blog.html \ blog.html \
resume.html \ resume.html \
style.css \ style.css \
404.html 404.html \
${STAGING_PATH}/
sudo chown -R nginx:nginx /srv/www/binning.net/ # Set proper ownership
sudo chown -R nginx:nginx ${STAGING_PATH}/
sudo cp -t /etc/nixos/ \ # Copy nginx config
nginx.nix sudo cp -t /etc/nixos/ staging.nginx.nix
printf "✓ Staging deployment complete!\n Files deployed to: %s\n Nginx config: /etc/nixos/staging.nginx.nix\n\nTo activate, update your NixOS configuration to import staging.nginx.nix\nand run: sudo nixos-rebuild switch\n" "${STAGING_PATH}"
;;
prod)
printf "Deploying to PRODUCTION environment...\n"
# SSH details
REMOTE_HOST="binning.net"
REMOTE_USER="matthew.binning"
REMOTE_PATH="/srv/www/binning.net"
REMOTE_NIXOS="/etc/nixos/"
# Check if SSH key is set up
if ! ssh -o BatchMode=yes -o ConnectTimeout=5 ${REMOTE_USER}@${REMOTE_HOST} exit 2>/dev/null; then
printf "Warning: SSH connection test failed. Ensure SSH keys are configured.\nYou may be prompted for a password.\n"
fi
# Deploy website files via rsync over SSH
printf "Deploying website files...\n"
rsync -avz --delete \
-e ssh \
blog \
includes \
index.html \
blog.html \
resume.html \
style.css \
404.html \
${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_PATH}/
# Deploy nginx configuration
printf "Deploying nginx configuration...\n"
scp prod.nginx.nix ${REMOTE_USER}@${REMOTE_HOST}:/tmp/nginx.nix
# Set proper permissions and move config on remote server
ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo mv /tmp/nginx.nix ${REMOTE_NIXOS}nginx.nix && \
sudo chown -R nginx:nginx ${REMOTE_PATH}/ && \
printf 'Configuration deployed. Run sudo nixos-rebuild switch to activate.\n'"
printf "✓ Production deployment complete!\n\nSSH into %s and run: sudo nixos-rebuild switch\n" "${REMOTE_HOST}"
;;
*)
printf "Error: Invalid environment '%s'\n" "$ENV"
usage
;;
esac

11
nginx.nix → prod.nginx.nix
View file

@ -59,6 +59,17 @@ in
''; '';
}; };
# Private blog articles with HTTP basic authentication
locations."/blog/private/" = {
extraConfig = ''
auth_basic "Private Articles";
auth_basic_user_file /srv/nginx/.htpasswd;
# Enable Server Side Includes
ssi on;
'';
};
# Optional: Custom 404 page # Optional: Custom 404 page
extraConfig = '' extraConfig = ''
error_page 404 /404.html; error_page 404 /404.html;

56
staging.nginx.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, pkgs, lib, ... }:
{
services.nginx = {
enable = true;
# Recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
# Virtual hosts configuration for local staging
virtualHosts = {
# Main website - Static HTML/CSS
# Access via http://localhost or http://localhost:80
"localhost" = {
# No SSL for local development
listen = [
{ addr = "127.0.0.1"; port = 80; }
{ addr = "0.0.0.0"; port = 80; }
];
root = "/srv/www/stage.binning.net";
locations."/" = {
index = "index.html";
tryFiles = "$uri $uri/ =404";
extraConfig = ''
# Enable Server Side Includes for navbar/footer includes
ssi on;
'';
};
# Private blog articles with HTTP basic authentication
locations."/blog/private/" = {
extraConfig = ''
auth_basic "Private Articles";
auth_basic_user_file /srv/nginx/.htpasswd;
# Enable Server Side Includes
ssi on;
'';
};
# Custom 404 page
extraConfig = ''
error_page 404 /404.html;
'';
};
};
};
# Firewall - allow local HTTP access
networking.firewall.allowedTCPPorts = [ 80 ];
}

6
todo.txt
View file

@ -1,4 +1,5 @@
(F) Add user authentication to view private articles (either HTTP basic authentication or something else) (A) Re-use code or code blocks where possible between staging.nginx.nix and prod.nginx.nix
(B) Re-use code or code blocks where possible between deploy.sh staging and deploy.sh prod
DefCon article DefCon article
Oktoberfest article Oktoberfest article
health journey health journey
@ -14,3 +15,6 @@ x Add the blog page to the navbar.
x Create example blog sections x Create example blog sections
x Add an example resume page linked from the main navbar x Add an example resume page linked from the main navbar
x Possibly use some include mechanism in HTML to separate the navbar to its own html file. x Possibly use some include mechanism in HTML to separate the navbar to its own html file.
x Create a staging.nginx.nix based on prod.nginx.nix which sets up nginx as a local server.
x Update the deploy.sh script to deploy to either staging or prod over SSH to binning.net.
x Add user authentication to view private articles (either HTTP basic authentication or something else)