include runner config

.forgejo/workflows/build.yaml

@@ -12,5 +12,6 @@ jobs:
       - run: npm ci
       - run: npm run build
       - run: mkdir -p /data/nycki.net/site
-      - run: cp site.conf /data/nycki.net/site.conf
+#      - run: cp tools/site.conf /data/nycki.net/site.conf
-      - run: cp -r _site/* /home/nycki/nycki.net/patches/* /data/nycki.net/site/
+#      - run: cp -r _site/* /home/nycki/nycki.net/patches/* /data/nycki.net/site/
+      - run: cp -r _site/* /data/nycki.net/site/

tools/forgejo-runner.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Forgejo Runner
+Documentation=https://forgejo.org/docs/latest/admin/actions/
+After=docker.service
+
+[Service]
+ExecStart=forgejo-runner daemon
+ExecReload=/bin/kill -s HUP $MAINPID
+
+# This user and working directory must already exist
+User=nycki-forgejo
+WorkingDirectory=/opt/nycki-forgejo
+Restart=on-failure
+TimeoutSec=0
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

tools/site.conf

@@ -20,8 +20,10 @@
   ServerName nycki.net
   SSLEngine on
   Include /etc/letsencrypt/options-ssl-apache.conf
+  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
 
-  Header always add Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"
+  #Header always add Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload;"
   <If "%{HTTPS} == 'off'">
     <If "%{HTTP:Upgrade-Insecure-Requests} == 1">
       Header always add Vary: Upgrade-Insecure-Requests
@@ -29,15 +31,27 @@
     </If>
   </If>
 
-      DocumentRoot /data/nycki.net/site
+  DocumentRoot /data/nycki.net/site
-ErrorDocument 404 404.html
+  ErrorDocument 404 /404.html
+  RewriteEngine on
+  #LogLevel alert rewrite:trace3
 
+  RewriteCond "%{DOCUMENT_ROOT}/%{REQUEST_URI}" -f
+  RewriteRule "(.+)" "/$1" [L]
   <Directory />
     Options FollowSymLinks MultiViews
     Require all granted
   </Directory>
-  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
+
-SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
+  # If file isn't in repo, fall back on public_html
+  Define public_html "/home/nycki/public_html"
+  Alias /p ${public_html}
+  RewriteCond "${public_html}/%{REQUEST_URI}" -f
+  RewriteRule "(.+)" "/p/$1" [PT,L]
+  <Directory ${public_html}>
+    Options FollowSymLinks
+    Require all granted
+  </Directory>
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -47,8 +61,8 @@ SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
   <Location />
     ProxyPass http://localhost:8400/
   </Location>
-    SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
+  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -61,6 +75,6 @@ SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
   <Location />
     ProxyPass http://localhost:8500/ nocanon
   </Location>
-    SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
+  SSLCertificateFile /etc/letsencrypt/live/klay.gay/fullchain.pem
-SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/klay.gay/privkey.pem
 </VirtualHost>