docs: add homelab secrets setup instructions

feat: add homelab runner deployment step to release workflow
- Add deploy-homelab job to sync homelab/runner/docker-compose.yml - Rename deploy → deploy-prod for clarity - Both deployments run in parallel after Docker images are pushed - Homelab runner pulls only the runner image and restarts Required secrets (to be added in Gitea): - HOMELAB_HOST (192.168.0.109) - HOMELAB_USER (root) - HOMELAB_SSH_KEY (same as PROD_SSH_KEY or separate) - HOMELAB_SSH_KNOWN_HOSTS (ssh-keyscan -H 192.168.0.109)
2026-04-16 19:08:25 +05:00 · 2026-04-16 19:07:59 +05:00
2 changed files with 98 additions and 1 deletions
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -103,7 +103,7 @@ jobs:
  #   PROD_USER             — SSH login user (typically root)
  #   PROD_SSH_KEY          — private key whose public half is in authorized_keys
  #   PROD_SSH_KNOWN_HOSTS  — output of: ssh-keyscan -H <PROD_HOST>
-  deploy:
+  deploy-prod:
    name: Deploy to prod
    runs-on: ubuntu-latest
    needs: [docker]
@@ -132,6 +132,43 @@ jobs:
             doppler run -- docker compose pull backend runner ui caddy pocketbase
             doppler run -- docker compose up -d --remove-orphans'

+  # ── deploy homelab runner ─────────────────────────────────────────────────────
+  # Syncs the homelab runner compose file and restarts the runner service.
+  #
+  # Required Gitea secrets:
+  #   HOMELAB_HOST          — homelab server IP (192.168.0.109)
+  #   HOMELAB_USER          — SSH login user (typically root)
+  #   HOMELAB_SSH_KEY       — private key whose public half is in authorized_keys
+  #   HOMELAB_SSH_KNOWN_HOSTS — output of: ssh-keyscan -H <HOMELAB_HOST>
+  deploy-homelab:
+    name: Deploy to homelab
+    runs-on: ubuntu-latest
+    needs: [docker]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install SSH key
+        run: |
+          mkdir -p ~/.ssh
+          printf '%s\n' "${{ secrets.HOMELAB_SSH_KEY }}" > ~/.ssh/homelab_key
+          chmod 600 ~/.ssh/homelab_key
+          printf '%s\n' "${{ secrets.HOMELAB_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+
+      - name: Copy docker-compose.yml to homelab
+        run: |
+          scp -i ~/.ssh/homelab_key \
+            homelab/runner/docker-compose.yml \
+            "${{ secrets.HOMELAB_USER }}@${{ secrets.HOMELAB_HOST }}:/opt/libnovel-runner/docker-compose.yml"
+
+      - name: Pull new runner image and restart
+        run: |
+          ssh -i ~/.ssh/homelab_key \
+            "${{ secrets.HOMELAB_USER }}@${{ secrets.HOMELAB_HOST }}" \
+            'set -euo pipefail
+             cd /opt/libnovel-runner
+             doppler run --project libnovel --config prd_homelab -- docker compose pull runner
+             doppler run --project libnovel --config prd_homelab -- docker compose up -d runner'
+
  # ── Gitea release ─────────────────────────────────────────────────────────────
  release:
    name: Gitea Release
--- a/HOMELAB_SECRETS_SETUP.md
+++ b/HOMELAB_SECRETS_SETUP.md
@@ -0,0 +1,60 @@
+# Homelab Deployment Secrets Setup
+
+The release workflow now includes automatic deployment to the homelab runner server. You need to add these secrets to Gitea.
+
+## Required Secrets
+
+Go to: `https://gitea.kalekber.cc/kamil/libnovel/settings/secrets/actions`
+
+### 1. HOMELAB_HOST
+```
+192.168.0.109
+```
+
+### 2. HOMELAB_USER
+```
+root
+```
+
+### 3. HOMELAB_SSH_KEY
+
+If you want to use the same SSH key as prod:
+- Copy the value from `PROD_SSH_KEY` secret
+
+If you want a separate key:
+```bash
+# On your local machine or CI runner
+cat ~/.ssh/id_rsa  # or your preferred key
+```
+
+### 4. HOMELAB_SSH_KNOWN_HOSTS
+
+Run this when the homelab server is reachable:
+```bash
+ssh-keyscan -H 192.168.0.109 2>/dev/null
+```
+
+Expected output format:
+```
+|1|base64hash...|192.168.0.109 ssh-rsa AAAAB3NzaC...
+|1|base64hash...|192.168.0.109 ecdsa-sha2-nistp256 AAAAE2...
+|1|base64hash...|192.168.0.109 ssh-ed25519 AAAAC3...
+```
+
+## Testing
+
+After adding the secrets, the next release (e.g., v4.1.10) will automatically:
+1. Build all Docker images
+2. Deploy to prod (165.22.70.138) ✅
+3. Deploy to homelab (192.168.0.109) ✅ NEW
+4. Create a Gitea release
+
+Both deployments run in parallel for faster releases.
+
+## Troubleshooting
+
+If the homelab deployment fails:
+- Check that the secrets are set correctly
+- Verify SSH access: `ssh root@192.168.0.109`
+- Check Doppler config exists: `doppler configs --project libnovel`
+- Manually test: `cd /opt/libnovel-runner && doppler run --project libnovel --config prd_homelab -- docker compose pull runner`
Author	SHA1	Message	Date
Admin	50a13447a4	docs: add homelab secrets setup instructions Some checks failed Release / Test backend (push) Successful in 1m2s Details Release / Check ui (push) Successful in 1m0s Details Release / Docker (push) Successful in 4m39s Details Release / Deploy to prod (push) Successful in 2m18s Details Release / Deploy to homelab (push) Failing after 4s Details Release / Gitea Release (push) Successful in 29s Details	2026-04-16 19:08:25 +05:00
Admin	ce34d2c75f	feat: add homelab runner deployment step to release workflow - Add deploy-homelab job to sync homelab/runner/docker-compose.yml - Rename deploy → deploy-prod for clarity - Both deployments run in parallel after Docker images are pushed - Homelab runner pulls only the runner image and restarts Required secrets (to be added in Gitea): - HOMELAB_HOST (192.168.0.109) - HOMELAB_USER (root) - HOMELAB_SSH_KEY (same as PROD_SSH_KEY or separate) - HOMELAB_SSH_KNOWN_HOSTS (ssh-keyscan -H 192.168.0.109)	2026-04-16 19:07:59 +05:00