first real test

.gitignore

@@ -0,0 +1 @@
+public_html

docs/index.md

@@ -4,22 +4,73 @@ The goal is to test creating a git hook on serge.
 
 # steps
 
-Create new user on serge that belongs to www-data and git groups:
+## Create new user on serge that belongs to www-data and git groups:
 
     useradd -G www-data git -M mkdocs
 
-Create new directory in /var/www; chown to mkdocs:www-data
+## Create website directory
 
     mkdir /var/www/services.anarchyplanet.org
-    chown mkdocs:www-data /var/www/services.anarchyplanet.org
+    mkdir /var/www/services.anarchyplanet.org/public_html
+    chown -R mkdocs:www-data /var/www/services.anarchyplanet.org
 
-Create new post-receive git hook
+## Serve website with Nginx
+
+    vim /etc/nginx/sites-available/services.anarchyplanet.org
+
+    `# set up site with /var/www/services.anarchyplanet.org/public_html as root`
+
+    ln -s /etc/nginx/sites-available/services.anarchyplanet.org /etc/nginx/sites-enabled
+    nginx -t && nginx -s reload
+
+## Clone repository into website directory
+    su mkdocs
+    cd /var/www
+    git clone /srv/git/repositories/notnull/git-hooks-demo.git services.anarchyplanet.org
+
+This made file permissions all mkdocs:mkdocs so I changed them back to mkdocs:www-data
+
+## Install mkdocs and mkdocs-material
+
+I wasn't sure the best way to do this so I just installed globally:
+
+    python3 -m pip isntall mkdocs mkdocs-material
+
+## Write script to build docs
+
+
+```shell
+#!/bin/bash
+# /var/www/services.anarchyplanet.org/update.sh
+cd /var/www/services.anarchyplanet.org
+git pull origin master
+mkdocs build
+chgrp -R www-data public_html
+```
+## Allow git user to run update script
+
+The git user is the one who executes the post-receive hook, so it needs to somehow be able to run the update script as the mkdocs user.
+
+[This](https://stackoverflow.com/questions/73869424/run-git-hook-as-remote-user-in-a-shared-repository) suggests to create a line in visudo to give the git user permission to run a script as a user at a path, e.g.:
+
+    git ALL=(mkdocs) NOPASSWD: /var/www/services.anarchyplanet.org/update.sh
+
+I noticed that Debian wants these to be posted in /etc/sudoers.d/ so I added it there:
+
+    visudo /etc/sudoers.d/allow-git-to-build-docs
+
+
+I tested this with `sudo -u git sudo -u mkdocs /var/www/services.anarchyplanet.org/update.sh` which works! and `sudo -u git sudo -u mkdocs echo $(whoami)` which does not work (asks for git's sudo password).
+
+## Create new post-receive git hook
 
 Gogs has a post-receive hook that seems to be active:
     "/srv/git/gogs/gogs" hook --config='/srv/git/gogs/custom/conf/app.ini' post-receive
 
-Not sure what this does. I commented it out and replaced it to test hooks. committing now!
+Not sure what this does. I just commented it out and added:
+
+    sudo -u mkdocs /var/www/services/anarchyplanet.org/update.sh
+
+I guess the only remaining thing to do is try it!
 
-That didn't work so trying again
 
-That worked! and the user is git. now testing what happens when it's owned by mkdocs

mkdocs.yml

@@ -1,11 +1,12 @@
 site_name: Git Hooks Demo
-site_url: https://services.anarchyplanet.org # temporary
-repo_name: https://git.anarchyplanet.org/notnull/git-hooks-demo/
+site_url: https://services.anarchyplanet.org
+site_dir: public_html
+repo_url: https://git.anarchyplanet.org/notnull/git-hooks-demo
 edit_uri: src/master/docs/
 theme:
   name: material
-  site_dir: public_html
   palette:
     scheme: slate
     primary: black
     accent: teal
+

update.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+# /var/www/services.anarchyplanet.org/update.sh
+
+cd /var/www/services.anarchyplanet.org
+git pull origin master
+mkdocs build
+chgrp -R www-data public_html