brut/bincio-wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
91fb1b9514d5c05ef323f8816ab9702dcef02562
bincio-wiki/deployment/vps.md
T
brutsalvadi 2b440b02e6 Add shared auth, deployment config, and dev tooling
2026-05-01 21:55:55 +02:00

7.2 KiB
Raw Blame History

bincio_wiki — VPS configuration

Server layout

/opt/bincio/            bincio_activity code (existing)
/opt/bincio_wiki/       bincio_wiki code (new)

/var/bincio/data/       bincio_activity data + shared DB
  instance.db           shared user/session/invite database
  <handle>/             per-user activity data

/var/bincio/wiki/       bincio_wiki content
  pages/                wiki markdown pages
  stories/              blog markdown stories

/var/www/bincio/        bincio_activity static build (existing, bincio.org)
/var/www/bincio/wiki/   bincio_wiki static build (wiki.bincio.org)

Ports:

  • 4041 — bincio_activity FastAPI (existing)
  • 4042 — bincio_wiki FastAPI (new)

Deploy procedure

Builds run locally. We push the results to the VPS.

bincio_wiki deploy script: deploy/vps/deploy.sh

#!/usr/bin/env bash
set -e
VPS=root@95.216.55.151
REMOTE_CODE=/opt/bincio_wiki
REMOTE_WEB=/var/www/bincio/wiki

echo "Building Astro..."
cd "$(dirname "$0")/../.."
cd site && npm ci --silent && npm run build
cd ..

echo "Pushing code..."
rsync -az --delete \
  --exclude='.git' \
  --exclude='site/node_modules' \
  --exclude='site/.astro' \
  --exclude='site/dist' \
  --exclude='__pycache__' \
  --exclude='*.pyc' \
  . "$VPS:$REMOTE_CODE/"

echo "Pushing static build..."
rsync -az --delete site/dist/ "$VPS:$REMOTE_WEB/"

echo "Restarting service..."
ssh "$VPS" systemctl restart bincio-wiki

echo "Done."

Run with: bash deploy/vps/deploy.sh

Environment variables

bincio_wiki FastAPI (edit/server.py)

Variable Production value Local default
SHARED_DB_PATH /var/bincio/data/instance.db ../bincio_activity/data/instance.db
WIKI_PAGES_DIR /var/bincio/wiki/pages site/src/content/entries
WIKI_STORIES_DIR /var/bincio/wiki/stories site/src/content/blog
SESSION_DOMAIN .bincio.org (unset — host-only cookie)

bincio_activity FastAPI (bincio/serve/server.py)

Variable Production value Local default
SESSION_DOMAIN .bincio.org (unset — host-only cookie)

bincio_activity Astro build

Variable Production value Purpose
PUBLIC_WIKI_URL https://wiki.bincio.org Wiki nav link + login redirect for wiki-only users
PUBLIC_EDIT_ENABLED true Enables edit UI in production

bincio_activity → bincio_activity (moved to activity subdomain)

Variable Production value
PUBLIC_WIKI_URL https://wiki.bincio.org
SESSION_DOMAIN .bincio.org

systemd service

deploy/vps/bincio-wiki.service — copy to /etc/systemd/system/ on the VPS.

[Unit]
Description=BincioWiki API
After=network.target

[Service]
WorkingDirectory=/opt/bincio_wiki
ExecStart=/root/.local/bin/uv run uvicorn edit.server:app \
    --host 127.0.0.1 \
    --port 4042
Environment=SHARED_DB_PATH=/var/bincio/data/instance.db
Environment=WIKI_PAGES_DIR=/var/bincio/wiki/pages
Environment=WIKI_STORIES_DIR=/var/bincio/wiki/stories
Environment=SESSION_DOMAIN=.bincio.org
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

On the VPS:

cp /opt/bincio_wiki/deploy/vps/bincio-wiki.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable bincio-wiki
systemctl start bincio-wiki

nginx

wiki.bincio.org — deploy/vps/nginx-wiki.conf

server {
    server_name wiki.bincio.org;
    root /var/www/bincio/wiki;
    index index.html;

    location /api/ {
        proxy_pass http://127.0.0.1:4042;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /pages/ {
        proxy_pass http://127.0.0.1:4042;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /stories/ {
        proxy_pass http://127.0.0.1:4042;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /rebuild/ {
        proxy_pass http://127.0.0.1:4042;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location / {
        try_files $uri $uri/ $uri.html =404;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/wiki.bincio.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/wiki.bincio.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    if ($host = wiki.bincio.org) {
        return 301 https://$host$request_uri;
    }
    listen 80;
    server_name wiki.bincio.org;
    return 404;
}

activity.bincio.org (bincio_activity moves here)

Add this block to the existing bincio_activity nginx config. The current bincio.org block keeps the /api/ proxy but loses the activity-specific routes (see plan.md Phase 5).

server {
    server_name activity.bincio.org;
    root /var/www/bincio;
    index index.html;

    client_max_body_size 2G;
    client_body_timeout  300s;

    location /api/ {
        proxy_pass http://127.0.0.1:4041;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout 120s;
    }
    location /data/ {
        alias /var/bincio/data/;
        add_header Cache-Control "no-cache, must-revalidate";
    }
    location /activity/ {
        try_files $uri $uri/ /activity/index.html;
    }
    location /u/ {
        try_files $uri $uri/ /index.html;
    }
    location / {
        try_files $uri $uri/ $uri.html =404;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/activity.bincio.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/activity.bincio.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

First-time VPS setup (wiki)

# 1. Create directories
mkdir -p /var/bincio/wiki/pages /var/bincio/wiki/stories
mkdir -p /var/www/bincio/wiki

# 2. Push initial deploy
bash deploy/vps/deploy.sh

# 3. Install and start service
cp /opt/bincio_wiki/deploy/vps/bincio-wiki.service /etc/systemd/system/
systemctl daemon-reload && systemctl enable --now bincio-wiki

# 4. SSL certificate for wiki subdomain
certbot --nginx -d wiki.bincio.org

# 5. Install nginx config
cp /opt/bincio_wiki/deploy/vps/nginx-wiki.conf /etc/nginx/sites-available/bincio-wiki
ln -s /etc/nginx/sites-available/bincio-wiki /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx

# 6. Run DB migration (after schema changes to bincio_activity)
sqlite3 /var/bincio/data/instance.db < /opt/bincio_wiki/deploy/migrate.sql

DB migration script: deploy/migrate.sql

-- Add access flags to users
ALTER TABLE users ADD COLUMN wiki_access     INTEGER NOT NULL DEFAULT 1;
ALTER TABLE users ADD COLUMN activity_access INTEGER NOT NULL DEFAULT 0;

-- All existing users (bincio_activity members) get both flags
UPDATE users SET wiki_access = 1, activity_access = 1;

-- Add activity flag to invites
ALTER TABLE invites ADD COLUMN grants_activity INTEGER NOT NULL DEFAULT 0;

-- Set caps
INSERT OR REPLACE INTO settings VALUES ('max_wiki_users',     '100');
INSERT OR REPLACE INTO settings VALUES ('max_activity_users', '30');
Reference in New Issue View Git Blame Copy Permalink