gitadmin/INSIGHT-MVP
1
0
Fork 0
mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-25 03:46:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: add CI/CD SSH key and update ACCESS.md with both keys

Browse source 
- Generate separate Ed25519 key for Forgejo Actions CI/CD pipeline
- Document both keys with clear purpose separation:
  deploy_ed25519 = server access (manual/Claude)
  cicd_ed25519   = automated deployments (Forgejo Actions)
- Add key placement matrix (which key goes where)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Thomas Reitz 2026-03-08 10:34:01 +01:00
parent 5f54bde55e
commit 0e052b001c
3 changed files with 48 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.keys/cicd_ed25519 Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDZT6PgLwzEzGQtBuPaPpLlPfP2gvOTfdEFN2vhWk46BgAAAKC7x6Lou8ei
6AAAAAtzc2gtZWQyNTUxOQAAACDZT6PgLwzEzGQtBuPaPpLlPfP2gvOTfdEFN2vhWk46Bg
AAAECBB/Q1ujr07L/3IwgTE3siUvM5fBLMO5iuw5eHkR1VctlPo+AvDMTMZC0G49o+kuU9
8/aC85N90QU3a+FaTjoGAAAAF2luc2lnaHQtY2ljZEB4aW5pb24ubGFuAQIDBAUG
-----END OPENSSH PRIVATE KEY-----

1
.keys/cicd_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlPo+AvDMTMZC0G49o+kuU98/aC85N90QU3a+FaTjoG insight-cicd@xinion.lan

47
docs/ACCESS.md
View file

@ -20,21 +20,47 @@
--- ---
## 2. SSH Deployment Key ## 2. SSH Keys
Der Deployment Key liegt im Repository unter `.keys/`: Alle Keys liegen im Repository unter `.keys/` (Repo ist nur intern verfuegbar).
### 2.1 Deploy Key (Server-Zugriff)
Fuer den SSH-Zugriff auf den Entwicklungsserver `insight-dev-01`.
| Datei | Beschreibung | | Datei | Beschreibung |
|------------------------------|-----------------------| |------------------------------|---------------------------------|
| `.keys/deploy_ed25519` | Private Key (Ed25519) | | `.keys/deploy_ed25519` | Private Key (Server-Zugriff) |
| `.keys/deploy_ed25519.pub` | Public Key | | `.keys/deploy_ed25519.pub` | Public Key |
### Public Key (zur Hinterlegung auf Servern) **Public Key:**
``` ```
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuTpqzLyjqTIDMJ4bwEE4o2JeHH3imL+NeipeuBfiTo insight-deploy@xinion.lan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuTpqzLyjqTIDMJ4bwEE4o2JeHH3imL+NeipeuBfiTo insight-deploy@xinion.lan
``` ```
### SSH-Verbindung zum Server **Hinterlegen auf:** Server `insight-dev-01` in `/home/deploy/.ssh/authorized_keys`
### 2.2 CI/CD Key (Forgejo Actions)
Fuer automatisierte Deployments durch die Forgejo Actions CI/CD-Pipeline.
Die Pipeline nutzt diesen Key, um sich per SSH auf den Server zu verbinden
und Docker-Container zu aktualisieren.
| Datei | Beschreibung |
|------------------------------|---------------------------------|
| `.keys/cicd_ed25519` | Private Key (CI/CD Pipeline) |
| `.keys/cicd_ed25519.pub` | Public Key |
**Public Key:**
```
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlPo+AvDMTMZC0G49o+kuU98/aC85N90QU3a+FaTjoG insight-cicd@xinion.lan
```
**Hinterlegen auf:**
1. Server `insight-dev-01` in `/home/deploy/.ssh/authorized_keys`
2. Forgejo: Repository Settings > Secrets (als `SSH_DEPLOY_KEY` fuer Actions)
### 2.3 SSH-Verbindung zum Server
```bash ```bash
# Verbindung zum Entwicklungsserver: # Verbindung zum Entwicklungsserver:
ssh -i .keys/deploy_ed25519 deploy@<SERVER-IP> ssh -i .keys/deploy_ed25519 deploy@<SERVER-IP>
@ -48,9 +74,12 @@ Host insight-dev
StrictHostKeyChecking accept-new StrictHostKeyChecking accept-new
``` ```
### Wo der Public Key hinterlegt werden muss ### 2.4 Wo welcher Key hinterlegt werden muss
1. **Entwicklungsserver (VM)**: `/home/deploy/.ssh/authorized_keys`
2. **Forgejo**: Repository Settings > Deploy Keys (fuer CI/CD) | Key | Server `authorized_keys` | Forgejo Secrets |
|--------------|--------------------------|------------------------|
| deploy | Ja | Nein |
| cicd | Ja | Ja (`SSH_DEPLOY_KEY`) |
--- ---