Skip to content

Deployment to yuca

This explains how deployment to yuca works.

❓ Who is this page for?

This information is for people who are involved in managing the server and deployment setup for:

You do not need to know about this if:

  • you are self-hosting Karrot
  • you are developing features for Karrot
  • you are using Karrot

What is yuca?

It's a server where we run various bits of karrot infrastructure:

There is an ansible project to configure it that lives over at

Maybe one day we deploy it using the co-op cloud setup, but for now at least it has a different way of deploying things.

🔑 Who has server access?

The people that have access to the server are generally those that did server stuff from the yunity days, e.g.: nick, tilmann, matthias, chandi

Deployment plugin

We have a plugin for Codeberg CI (plugin-karrot-deploy) that can deploy Karrot using the yuca ansible config.

Why write a plugin and not just use a script?

One nice thing about Woodpecker CI plugins is that you can declare secrets that are only available to certain plugins.

This prevents people that have code access (but not CI admin rights) from extracting the secrets using a script.

It also includes all the right dependencies and python setup for faster start time.

This is automatically deployed from the main branch from using Codeberg CI.

Frontend and backend are deployed independently as changes are pushed to their respective repos main branch.

You can view the CI status over at:

🚧 Under construction

This is currently not deployable to, whilst we undergo the migration to codeberg.

Manual deployment

Using deployment plugin

🐱 You can currently only deploy using this method.

You can run the plugin on your own computer via docker/podman, and deploy both the frontend and backend in one command.

As everything is run from inside a docker container, it's quite safe and independent from the environment on your machine.

😕 docker or podman?

I tend to use podman where possible, and you can just swap docker for podman in the commands below.

They are written here with docker as I guess that is more common still.

First pull the latest version of the plugin:

docker pull

Then run it with your desired settings:

docker run \
  -e PLUGIN_SSH_KEY="$(cat ~/.ssh/id_ed25519)" \

🔑 Which SSH key should that be?

Currently, it must be the deploy key for the karrot-dev-deploy user

🚧 In the future you would be able to use your own yuca user account to deploy it, if you have sufficient rights.

Using ansible directly

You can use ansible directly on your computer to deploy Karrot too.

This requires deploying frontend and backend separately (although no reason you couldn't make a playback that does both).

See for more info.

Running commands

For running karrot.cli there are wrapper scripts that will call podman with the correct arguments:


So, to run the shell you can do:

/var/www/karrot-dev/www/backend/scripts/karrot shell

Or from your local machine, if you have sufficient access:

ssh -t sudo /var/www/karrot-dev/www/backend/scripts/karrot shell