impulsivefps
/
LemonSec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
LemonSec/GIT-REPO-SETUP.md

5.2 KiB
Raw Blame History

Git Repository Setup for Portainer

This guide shows how to push LemonSec to your Git server for Portainer deployment.

Files to Commit

These files should be in your Git repository:

LemonSec/
├── docker-compose.yml          ✅ Main stack configuration
├── stack.env                   ✅ Environment variable template
├── .gitignore                  ✅ Git ignore rules
├── README.md                   ✅ Main documentation
├── SUMMARY.md                  ✅ Quick reference
├── PORTAINER-DEPLOY.md         ✅ Portainer deployment guide
├── SETUP-TRUENAS-NEXTCLOUD.md  ✅ TrueNAS specific guide
├── MIGRATE-FROM-NPM.md         ✅ NPM migration guide
├── SETUP.md                    ✅ General setup guide
│
├── traefik/                    ✅ Traefik configuration
│   ├── traefik.yml
│   └── dynamic/
│       ├── middlewares.yml
│       └── tls.yml
│
├── authelia/                   ✅ Authelia configuration
│   ├── configuration.yml
│   └── users_database.yml     ✅ (Add family users here)
│
├── crowdsec/                   ✅ CrowdSec configuration
│   └── acquis.yaml
│
├── docs/                       ✅ Documentation
│   ├── CLOUDFLARE.md
│   ├── TAILSCALE.md
│   └── SECURITY.md
│
├── examples/                   ✅ Service examples
│   ├── nextcloud-compose.yml
│   ├── vaultwarden-compose.yml
│   └── internal-service-compose.yml
│
└── monitoring/                 ✅ Monitoring configs
    ├── prometheus.yml
    ├── loki-config.yml
    └── promtail-config.yml

Files NOT to Commit

These are in .gitignore:

  • .env - Contains your actual secrets
  • secrets/ directory - Secret files
  • *.log - Log files
  • traefik/logs/ - Traefik logs
  • *.tar.gz - Backup files

Step-by-Step Git Setup

1. Initialize Repository

cd LemonSec

git init

2. Add Your Git Server

git remote add origin https://git.lemonlink.eu/impulsivefps/LemonSec.git

3. Configure Git (if needed)

git config user.name "Your Name"
git config user.email "your.email@example.com"

4. Add and Commit Files

# Add all files
git add .

# Commit
git commit -m "Initial LemonSec deployment

- Traefik reverse proxy with Cloudflare SSL
- Authelia SSO and 2FA
- CrowdSec intrusion detection
- AdGuard Home DNS
- TrueNAS Nextcloud routing
"

5. Push to Server

# For main branch
git push -u origin main

# Or if your default is master
git push -u origin master

6. Verify

# Check remote
git remote -v

# Should show:
# origin  https://git.lemonlink.eu/impulsivefps/LemonSec.git (fetch)
# origin  https://git.lemonlink.eu/impulsivefps/LemonSec.git (push)

# Check status
git status
# Should show: "nothing to commit, working tree clean"

Updating the Repository

After making changes:

# Make changes to files
nano authelia/users_database.yml  # Add family member

# Commit
git add authelia/users_database.yml
git commit -m "Add family member to Authelia"

# Push
git push

# In Portainer: Pull and redeploy stack

Repository URL for Portainer

Use this URL in Portainer:

https://git.lemonlink.eu/impulsivefps/LemonSec

If Repository is Private

If your Git server requires authentication:

  1. Option A: Deploy Key (Recommended)

    • Generate SSH key pair
    • Add public key to Git repo as deploy key
    • Use SSH URL: git@git.lemonlink.eu:impulsivefps/LemonSec.git

  2. Option B: Personal Access Token

    • Create token in Git settings
    • Use HTTPS with token: https://token@git.lemonlink.eu/impulsivefps/LemonSec

  3. Option C: Portainer Git Credentials

    • In Portainer stack settings
    • Enable authentication
    • Enter username/password

Testing Git Access

From your Proxmox VM:

# Test HTTPS access
git ls-remote https://git.lemonlink.eu/impulsivefps/LemonSec

# Should show refs without errors

Troubleshooting

"repository not found"

  • Verify URL is correct
  • Check repository exists on Git server
  • Confirm permissions

"Authentication failed"

  • Check credentials
  • Verify deploy key is added (if using SSH)
  • Try accessing in browser first

"Updates were rejected"

# Pull first
git pull origin main

# Then push
git push

Large files / Binary files

If you accidentally committed secrets:

# Remove from history (be careful!)
git filter-branch --force --index-filter 'git rm --cached --ignore-unmatch .env' HEAD

# Force push
git push --force

Branch Strategy

For simple deployments, use main or master:

# Check current branch
git branch

# Create and switch to main if needed
git checkout -b main
git push -u origin main

For advanced setups, you might want:

  • main - Production
  • develop - Testing
  • feature/* - New services

Automated Updates

Set up webhook (if your Git server supports it):

  1. Go to Git repo settings
  2. Add webhook URL: http://portainer:9000/api/stacks/{stack_id}/git/redeploy
  3. On push, Portainer auto-redeploys

Or use Portainer's polling:

  • Stacks → lemonsec → Git settings
  • Enable automatic updates
  • Set interval (e.g., 5 minutes)