furtka/website/deploy.sh

#!/usr/bin/env bash
# Manual deploy of furtka.org to forge-runner-01.
# Rsyncs the Hugo source up to the VM and builds it in-place.
#
# Normal path is now the `Deploy site` Forgejo workflow, which auto-fires
# on every push-to-main that touches website/** — see
# .forgejo/workflows/deploy-site.yml. Keep this script for out-of-band
# pushes (testing from a local branch, recovering from a CI outage,
# whatever). The in-CI equivalent that skips the SSH hop is deploy-ci.sh.
set -euo pipefail

HOST="${FURTKA_HOST:-forge-runner}"
SRCROOT="/srv/furtka-site"
WEBROOT="/var/www/furtka.org"

HERE="$(cd "$(dirname "$0")" && pwd)"

echo "→ rsync website/ to $HOST:$SRCROOT"
rsync -az --delete \
  --exclude='.hugo_build.lock' \
  --exclude='public/' \
  --exclude='resources/' \
  "$HERE/" "$HOST:$SRCROOT/"

echo "→ build on $HOST"
ssh "$HOST" "cd $SRCROOT && hugo --minify --cleanDestinationDir -d $WEBROOT"

echo "OK: deployed to https://furtka.org/"
feat: publish public website at furtka.org Hugo static site with an intentionally minimal single-page copy — English default, German under /de/ — while the project stays pre-alpha. No CMS, no external theme, no webfonts, no external requests. System-UI sans on a paper-white / near-black palette with a deep crimson accent; a small wicket-gate SVG as the sole brand mark. Hosting: nginx on forge-runner-01 serves /var/www/furtka.org; the upstream openresty proxy terminates TLS so the VM itself only speaks plain HTTP. Deploy is ./website/deploy.sh (rsync + remote hugo --minify). One-time VM bootstrap in ops/nginx/setup-vm.sh. 2026-04-14 10:27:51 +02:00			`#!/usr/bin/env bash`
feat(website): legal pages (Impressum/Datenschutz) + auto-deploy on push-to-main Two coupled changes that make sense to land together: 1. Legal pages required under German law - /imprint/ + /de/impressum/ — §5 DDG disclosure (contact is email plus Forgejo-Issues as the second quick-contact channel, per ECJ C-298/07 no phone number required) - /privacy/ + /de/datenschutz/ — Art. 13 GDPR minimum: server-log processing (IP, UA, URL, retention ≤30 days), no cookies, no tracking, no third-party embeds. RLP Landesbeauftragter as the competent supervisory authority. - Footer partial linked from every page, localized per language. - DE versions are legally binding; EN versions are courtesy translations noting that. 2. Auto-deploy wired up - New workflow .forgejo/workflows/deploy-site.yml fires on push-to-main with paths under website/*. Runs on the self-hosted runner, which is* forge-runner-01 — so "deploy" is just a local rsync into /srv/furtka-site and a hugo build into /var/www/furtka.org. No SSH, no secrets. - website/deploy-ci.sh is the SSH-free counterpart of deploy.sh, invoked by the workflow. - compose.yml bind-mounts /srv/furtka-site and /var/www/furtka.org into the runner container at matching paths so the workflow can reach them. Requires a one-time `docker compose up -d` on the runner host to pick the mounts up. - deploy.sh is kept for out-of-band manual deploys (testing from a local branch, CI outage) but gets a header comment pointing at the CI path as the normal flow. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-18 12:10:06 +02:00			`# Manual deploy of furtka.org to forge-runner-01.`
feat: publish public website at furtka.org Hugo static site with an intentionally minimal single-page copy — English default, German under /de/ — while the project stays pre-alpha. No CMS, no external theme, no webfonts, no external requests. System-UI sans on a paper-white / near-black palette with a deep crimson accent; a small wicket-gate SVG as the sole brand mark. Hosting: nginx on forge-runner-01 serves /var/www/furtka.org; the upstream openresty proxy terminates TLS so the VM itself only speaks plain HTTP. Deploy is ./website/deploy.sh (rsync + remote hugo --minify). One-time VM bootstrap in ops/nginx/setup-vm.sh. 2026-04-14 10:27:51 +02:00			`# Rsyncs the Hugo source up to the VM and builds it in-place.`
feat(website): legal pages (Impressum/Datenschutz) + auto-deploy on push-to-main Two coupled changes that make sense to land together: 1. Legal pages required under German law - /imprint/ + /de/impressum/ — §5 DDG disclosure (contact is email plus Forgejo-Issues as the second quick-contact channel, per ECJ C-298/07 no phone number required) - /privacy/ + /de/datenschutz/ — Art. 13 GDPR minimum: server-log processing (IP, UA, URL, retention ≤30 days), no cookies, no tracking, no third-party embeds. RLP Landesbeauftragter as the competent supervisory authority. - Footer partial linked from every page, localized per language. - DE versions are legally binding; EN versions are courtesy translations noting that. 2. Auto-deploy wired up - New workflow .forgejo/workflows/deploy-site.yml fires on push-to-main with paths under website/*. Runs on the self-hosted runner, which is* forge-runner-01 — so "deploy" is just a local rsync into /srv/furtka-site and a hugo build into /var/www/furtka.org. No SSH, no secrets. - website/deploy-ci.sh is the SSH-free counterpart of deploy.sh, invoked by the workflow. - compose.yml bind-mounts /srv/furtka-site and /var/www/furtka.org into the runner container at matching paths so the workflow can reach them. Requires a one-time `docker compose up -d` on the runner host to pick the mounts up. - deploy.sh is kept for out-of-band manual deploys (testing from a local branch, CI outage) but gets a header comment pointing at the CI path as the normal flow. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-18 12:10:06 +02:00			`#`
			# Normal path is now the `Deploy site` Forgejo workflow, which auto-fires
			`# on every push-to-main that touches website/** — see`
			`# .forgejo/workflows/deploy-site.yml. Keep this script for out-of-band`
			`# pushes (testing from a local branch, recovering from a CI outage,`
			`# whatever). The in-CI equivalent that skips the SSH hop is deploy-ci.sh.`
feat: publish public website at furtka.org Hugo static site with an intentionally minimal single-page copy — English default, German under /de/ — while the project stays pre-alpha. No CMS, no external theme, no webfonts, no external requests. System-UI sans on a paper-white / near-black palette with a deep crimson accent; a small wicket-gate SVG as the sole brand mark. Hosting: nginx on forge-runner-01 serves /var/www/furtka.org; the upstream openresty proxy terminates TLS so the VM itself only speaks plain HTTP. Deploy is ./website/deploy.sh (rsync + remote hugo --minify). One-time VM bootstrap in ops/nginx/setup-vm.sh. 2026-04-14 10:27:51 +02:00			`set -euo pipefail`

			`HOST="${FURTKA_HOST:-forge-runner}"`
			`SRCROOT="/srv/furtka-site"`
			`WEBROOT="/var/www/furtka.org"`

			`HERE="$(cd "$(dirname "$0")" && pwd)"`

			`echo "→ rsync website/ to $HOST:$SRCROOT"`
			`rsync -az --delete \`
			`--exclude='.hugo_build.lock' \`
			`--exclude='public/' \`
			`--exclude='resources/' \`
			`"$HERE/" "$HOST:$SRCROOT/"`

			`echo "→ build on $HOST"`
			`ssh "$HOST" "cd $SRCROOT && hugo --minify --cleanDestinationDir -d $WEBROOT"`

			`echo "OK: deployed to https://furtka.org/"`