giles
/
stack
Archived
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

remote
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Giles Bradshaw 2020-04-21 15:07:22 +01:00
parent 2326dfd4d8
commit 032821d7b2
3 changed files with 531 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

292
.drone.remote.yml Normal file
View File

@ -0,0 +1,292 @@
---
kind: pipeline
type: docker
name: default
when:
branch:
- remote
clone:
# skip_verify: true
steps:
- name: printenv
image: appleboy/drone-ssh
environment:
CERTBOT_EMAIL:
from_secret: certbot-email
DRONE_DOMAIN:
from_secret: drone-domain
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
GIT_DOMAIN:
from_secret: git-domain
REMOTE_DOMAIN:
from_secret: remote-domain
SSH_HOST:
from_secret: ssh-host
SSH_PORT:
from_secret: ssh-port
SSH_USER:
from_secret: ssh-user
SSH_ROOT_USER:
from_secret: ssh-root-user
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
settings:
envs:
- certbot_email
- drone_domain
- drone_gitea_client_id
- git_domain
- remote_domain
- ssh_host
- ssh_port
- ssh_root_user
- ssh_user
- local_docker_registry
host:
from_secret: ssh-host
port:
from_secret: ssh-port
username:
from_secret: ssh-user
password:
from_secret: ssh-password
script:
- echo certbot-email=$CERTBOT_EMAIL > env-stack
- echo drone-domain=$DRONE_DOMAIN >> env-stack
- echo drone-gitea-client-id=$DRONE_GITEA_CLIENT_ID >> env-stack
- echo git-domain=$GIT_DOMAIN >> env-stack
- echo remote-domain=$REMOTE_DOMAIN >> env-stack
- echo ssh-host=$SSH_HOST >> env-stack
- echo ss-port=$SSH_PORT >> env-stack
- echo ssh-root-user=$SSH_ROOT_USER >> env-stack
- echo ssh-user=$SSH_USER >> env-stack
- echo local_docker_registry=$LOCAL_DOCKER_REGISTRY >> env-stack
- name: test-ssh
when:
branch:
- remote
image: appleboy/drone-ssh
environment:
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
SSH_USER:
from_secret: ssh-user
CERTBOT_EMAIL:
from_secret: certbot-email
GIT_DOMAIN:
from_secret: git-domain
DRONE_DOMAIN:
from_secret: drone-domain
REMOTE_DOMAIN:
from_secret: remote-domain
settings:
envs:
- drone_rpc_secret
- drone_gitea_client_id
- drone_gitea_client_secret
- ssh_user
- local_docker_registry
- certbot_email
- git_domain
- drone_domain
- remote_domain
host:
from_secret: ssh-host
username:
from_secret: ssh-root-user
password:
from_secret: ssh-root-password
port:
from_secret: ssh-port
script:
- echo 'ssh ok'
- name: wait
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
commands:
- sleep 60
- name: build-postgres
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd guacamole-postgresql
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- name: build-ngrok
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd ngrok2
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- name: build-letsencrypt-nginx
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- name: build-letsencrypt-drone
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh drone $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-remote
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh remote $${LOCAL_DOCKER_REGISTRY}
- name: scp files
when:
branch:
- remote
image: appleboy/drone-scp
settings:
host:
from_secret: ssh-host
username:
from_secret: ssh-user
password:
from_secret: ssh-password
port:
from_secret: ssh-port
command_timeout: 2m
target: ~/gitea-drone-stack
source:
- .
- name: deploy
when:
branch:
- remote
image: appleboy/drone-ssh
environment:
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
SSH_USER:
from_secret: ssh-user
CERTBOT_EMAIL:
from_secret: certbot-email
GIT_DOMAIN:
from_secret: git-domain
DRONE_DOMAIN:
from_secret: drone-domain
REMOTE_DOMAIN:
from_secret: remote-domain
settings:
envs:
- drone_rpc_secret
- drone_gitea_client_id
- drone_gitea_client_secret
- ssh_user
- local_docker_registry
- certbot_email
- git_domain
- drone_domain
- remote_domain
host:
from_secret: ssh-host
username:
from_secret: ssh-root-user
password:
from_secret: ssh-root-password
port:
from_secret: ssh-port
script:
- set -e
- export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY
- export DRONE_RPC_SECRET=$DRONE_RPC_SECRET
- export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID
- export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET
- export SSH_USER=$SSH_USER
- export CERTBOT_EMAIL=$CERTBOT_EMAIL
- export GIT_DOMAIN=$GIT_DOMAIN
- export DRONE_DOMAIN=$DRONE_DOMAIN
- export REMOTE_DOMAIN=$REMOTE_DOMAIN
- docker network prune -f
- cd /home/$SSH_USER/gitea-drone-stack
- docker stack rm remote-drone
- sleep 60
- docker stack deploy -c docker-compose-remote.yml remote-drone
#- sleep 300
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /home/giles/gitea-drone-stack/.ca

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
.certificates
.ca
.secrets
.env

238
docker-compose-remote.yml Normal file
View File

@ -0,0 +1,238 @@
version: "3.7"
services:
letsencrypt-remote:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}/letsencrypt-remote
environment:
- SERVER_NAME=${REMOTE_DOMAIN}
- CERTBOT_EMAIL=${CERTBOT_EMAIL}
- PROXY_PASS=http://guacamole:8080/guacamole/
volumes:
- letsencrypt-remote:/etc/letsencrypt
networks:
- appnet
depends_on:
- guacamole
letsencrypt-drone:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}/letsencrypt-drone
environment:
- CERTBOT_EMAIL=${CERTBOT_EMAIL}
- SERVER_NAME=${DRONE_DOMAIN}
- PROXY_PASS=http://drone-server:8080/
volumes:
- letsencrypt-drone:/etc/letsencrypt
networks:
- appnet
depends_on:
- drone-server
ngrok:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
ports:
- "4040:4040"
volumes:
- ./ngrok2/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro
environment:
- GIT_DOMAIN=${GIT_DOMAIN}
- DRONE_DOMAIN=${DRONE_DOMAIN}
- REMOTE_DOMAIN=${REMOTE_DOMAIN}
- BLOG_DOMAIN=${BLOG_DOMAIN}
depends_on:
- gitea
networks:
- appnet
secrets:
- ngrok-auth-token
drone-server:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: drone/drone:latest
volumes:
- drone:/var/lib/drone
- drone-data:/data
depends_on:
- gitea
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_PRETTY=true
- DRONE_GITEA_SERVER=https://${GIT_DOMAIN}
- DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_SERVER_HOST=${DRONE_DOMAIN} # tunnel hostname
- DRONE_ADMIN=giles
- DRONE_SERVER_PROTO=https # tunnel adds https on top
- DRONE_SERVER_PORT=:8080
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:giles,admin:true
- DRONE_AGENTS_ENABLED=true
#- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888
#- DRONE_ENV_PLUGIN_TOKEN=anything
networks:
- appnet
drone-docker-runner:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: drone/drone-runner-docker:1
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=${DRONE_DOMAIN}
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=8
- DRONE_RUNNER_NAME="docker-runner"
#- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888
#- DRONE_ENV_PLUGIN_TOKEN=anything
registry:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: registry:2
ports:
- 5000:5000
volumes:
- registry-data:/var/lib/registry
environment:
- REGISTRY_HTTP_ADDR=0.0.0.0:5000
- REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
- REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
networks:
- appnet
secrets:
- registry-cert
- registry-key
registry-cache:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: registry:2
ports:
- 5001:5001
volumes:
- registry-cache-data:/var/lib/registry
environment:
- REGISTRY_HTTP_ADDR=0.0.0.0:5001
- REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
- REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
- REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
networks:
- appnet
secrets:
- registry-cert
- registry-key
guacamole-postgresql:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql:latest
environment:
POSTGRES_PASSWORD: guacroot
POSTGRES_DB: guacamole_db
volumes:
- guacamole-postgresql-data:/var/lib/postgresql/data
#secrets:
# - source: guacamole-postgresql-password
# target: password
#- /home/giles/guacamole-stack/initdb.sql:/initdb.sql
networks:
- appnet
# The backend guacamole server.
guacd:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: guacamole/guacd:latest
networks:
- appnet
guacamole:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: guacamole/guacamole:latest
secrets:
- source: guacamole-postgresql-database
target: database
- source: guacamole-postgresql-user
target: user
- source: guacamole-postgresql-password
target: password
environment:
- POSTGRES_HOSTNAME=guacamole-postgresql
- POSTGRES_PORT=5432
- POSTGRES_USER_FILE=/run/secrets/user
- POSTGRES_PASSWORD_FILE=/run/secrets/password
- POSTGRES_DATABASE_FILE=/run/secrets/database
- GUACD_HOSTNAME=guacd
networks:
- appnet
volumes:
drone:
drone-data:
registry-data:
registry-cache-data:
guacamole-postgresql-data:
letsencrypt-remote:
letsencrypt-drone:
networks:
appnet:
driver: overlay
#external: true
secrets:
'registry-cert':
file: .certificates/registry.crt
'registry-key':
file: .certificates/registry.key
'guacamole-postgresql-database':
file: .secrets/guacamole-postgresql-database
'guacamole-postgresql-user':
file: .secrets/guacamole-postgresql-user
'guacamole-postgresql-password':
file: .secrets/guacamole-postgresql-password
'ngrok-auth-token':
file: .secrets/ngrok-auth-token