2020-04-02 13:20:50 +00:00
# gitea in a stack with drone and guacamole
Remote system support.
Consisting of
* gitea repository - github like self hoisted git and web application
* drone ci system
* guacamole - rdp, vnc and ssh over the internet in the browser
2020-04-18 07:42:32 +00:00
## do
[![Build Status ](https://sigyl.com:5000/api/badges/giles/stack/status.svg )](https://sigyl.com:5000/giles/stack)
## home
[![Build Status ](https://drone.sigyl.com/api/badges/giles/stack/status.svg )](https://drone.sigyl.com/giles/stack)
2020-04-02 13:20:50 +00:00
(nb when self deploying with drone it will will stick on started and have to be cancelled. This is because the deployment tears down the previous running drone).
NB each time you deploy this using drone it will leave an orphaned network for example:
drone-yoZbiXiqssFcSsG0dP5d
eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network”
## installing docker
Start with a fresh install of Ubuntu server 19.04 connected to the internet
### update packages
```
sudo apt-get update
sudo apt-get upgrade
```
### remove old versions of docker
(if it's a fresh install of linux there shouldn't be any)
```
sudo apt-get remove docker docker-engine docker.io
```
### install docker
```
sudo apt install docker.io
```
### add current user to docker group
logout and back in afterwards
```
sudo usermod -aG docker $USER
```
### start and enable docker
```
sudo systemctl start docker
sudo systemctl enable docker
```
### change ssh port to 2022
```
sudo vi /etc/ssh/sshd_config
```
change Port 2022
### allow root to ssh
```
sudo vi /etc/ssh/sshd_config
```
## set the root password
```
sudo passwd root
```
change PermitRootLogin yes
reboot
start a stack running gitea to host repository.
## stack
### labels
get nodes with
```
docker node ls
```
add label with
```
docker node update --label-add com.sigyl.git-stack=yes [node id]
```
### generate certificates
where [registry-domain] is the domain on which the registry will be served
sh ca.sh [registry-domain]:5000
sh make-cert.sh [registry-domain] registry
### ngrok auth
obtain ngrok auth token and place in .secrets in form
authtoken: [token]
### initial deploy
```shell
export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export GIT_DOMAIN=git.sigyl.com
export REMOTE_DOMAIN=remote.sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export BLOG_DOMAIN=blog.sigyl.com
export DRONE_RPC_SECRET=$(openssl rand -base64 48)
docker stack deploy -c docker-compose.yml gitea
```
### create gitea drone app with client id and secret
### add secrets to repository in drone
![add secret ](./add-secret.png )
* blog-domain
* certbot-email
* drone-domain
* drone-gitea-client-id
* drone-gitea-client-secret
* drone-rpc-secret
* git-domain
* local-docker-registry
* remote-domain
* ssh-password
* ssh-port
* ssh-root-password
* ssh-root-user
* ssh-user
* ssh-host
### kill orphan docker:dind containers
Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed..
## guacamole
np no spaces in postgres password
docker stack for guacamole
adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html
### initialising
find id
```
docker ps
```
execute initdb.sql
```
docker exec -it [id] psql -U postgres -d guacamole_db -f /initdb.sql
docker exec -it [id] psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword'
```
initial admin is guacadmin:guacadmin
create a new admin and delete guacadmin
## docker-exec-runner on windows
These instructions are not very good...
https://exec-runner.docs.drone.io/installation/windows/
download and unpack on linux with
```
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
```
rename drone-runner-exec to drone-runner-exec.exe
make directory c:\Drone\drone-runner-exec on windows
copy drone-runner-exec.exe to directory
make config file with
```
DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true
```
install and start service with
```
drone-runner-exec service install
drone-runner-exec service start
```
## chat
Once the chat-mongo container is up you need to get its id and do
```
docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))"
```
then scale up chat
```
docker service scale gitea_chat=1
```