From 880d0d40f21755550a1fb07fe52a3aa8d66a52d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mikael=20L=C3=B6vqvist?= <mikael@efforting.tech>
Date: Sun, 10 May 2026 16:36:29 +0000
Subject: [PATCH] Update planning/automated-tasks.md

---
 planning/automated-tasks.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/planning/automated-tasks.md b/planning/automated-tasks.md
index 6fd135f..9781d2b 100644
--- a/planning/automated-tasks.md
+++ b/planning/automated-tasks.md
@@ -12,4 +12,12 @@ One thing not yet addressed is building for other platforms, like if you want to
 
 One can essentially go two routes where you either have a network where you block certain subnets to prevent LAN or local access while still allowing WAN access (the runners might need to fetch stuff but we don't want them to fetch internal stuff).
 
-[This comment](https://gitea.efforting.tech/mikael-lovqvist/claude-docker/issues/2#issuecomment-36) is also relevant here. A custom egress on the VPS might make this easy to reuse across services.
\ No newline at end of file
+[This comment](https://gitea.efforting.tech/mikael-lovqvist/claude-docker/issues/2#issuecomment-36) is also relevant here. A custom egress on the VPS might make this easy to reuse across services.
+
+## Simple deployment
+
+For simple deployments (or as part of more complex deployments) the following pattern can be used
+```bash
+sudo -u nginx-user GIT_INDEX_FILE=/tmp/to-name-better git --git-dir=/gitea-data/git/repositories/mikael-lovqvist/websperiments.git --work-tree=websperiments checkout --force
+```
+`nginx-user` must be able to read the bare repository at `--git-dir`. The `/tmp/to-name-better` base filename should be randomized and properly cleaned up (this is a base name and has stuff tacked on, such as `index.lock` or perhaps only `.lock` - will have to investigate further).
\ No newline at end of file