diff --git a/.drone.do.yml b/.drone.do.yml index c8c5c4e..d4c7f8e 100644 --- a/.drone.do.yml +++ b/.drone.do.yml @@ -1,3 +1,4 @@ +# this builds and deploys the system on static ip servers --- kind: pipeline diff --git a/.drone.home.yml b/.drone.home.yml index b51873f..24a6054 100644 --- a/.drone.home.yml +++ b/.drone.home.yml @@ -1,3 +1,4 @@ +# builds and deploys to stack using ngrok tunnel --- kind: pipeline diff --git a/README.md b/README.md index b4a3ee8..1c52927 100644 --- a/README.md +++ b/README.md @@ -1,247 +1,30 @@ -# gitea in a stack with drone and guacamole +# stack -Remote system support. +* [Gitea](https://gitea.io/en-us/) +* [Drone](https://drone.io/) +* [Guacamole](https://guacamole.apache.org/) +* [Rocket Chat](https://rocket.chat/) -Consisting of +In a [docker](https://www.docker.com/) stack. -* gitea repository - github like self hoisted git and web application -* drone ci system -* guacamole - rdp, vnc and ssh over the internet in the browser - -## do +## static ip [![Build Status](https://sigyl.com:5000/api/badges/giles/stack/status.svg)](https://sigyl.com:5000/giles/stack) -## home +* home - https://sigyl.com/ +* git - https://sigyl.com/git/ +* drone - https://sigyl.com:5000/ +* guacamole - https://sigyl.com/remote/ +* chat - https://sigyl.com/chat/ + +[drone.do.yml](drone.do.yml) - [docker-compose-do.yml](docker-compose-do.yml) + +## tunnelled with ngrok + +(very slow if home internet) [![Build Status](https://drone.sigyl.com/api/badges/giles/stack/status.svg)](https://drone.sigyl.com/giles/stack) -(nb when self deploying with drone it will will stick on started and have to be cancelled. This is because the deployment tears down the previous running drone). - -NB each time you deploy this using drone it will leave an orphaned network for example: - -drone-yoZbiXiqssFcSsG0dP5d - -eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network” - - -## installing docker - -Start with a fresh install of Ubuntu server 19.04 connected to the internet - -### update packages - -``` -sudo apt-get update -sudo apt-get upgrade -``` - -### remove old versions of docker - -(if it's a fresh install of linux there shouldn't be any) - -``` -sudo apt-get remove docker docker-engine docker.io -``` - -### install docker - -``` -sudo apt install docker.io -``` - -### add current user to docker group - -logout and back in afterwards - -``` -sudo usermod -aG docker $USER -``` - -### start and enable docker - -``` -sudo systemctl start docker -sudo systemctl enable docker -``` - -### change ssh port to 2022 - -``` -sudo vi /etc/ssh/sshd_config - -``` - -change Port 2022 - -### allow root to ssh - -``` -sudo vi /etc/ssh/sshd_config - -``` - -## set the root password - -``` -sudo passwd root -``` - -change PermitRootLogin yes - -reboot - -start a stack running gitea to host repository. - -## stack - -### labels - -get nodes with - -``` -docker node ls -``` - -add label with - -``` -docker node update --label-add com.sigyl.git-stack=yes [node id] -``` - -### generate certificates - -where [registry-domain] is the domain on which the registry will be served - - sh ca.sh [registry-domain]:5000 - - - sh make-cert.sh [registry-domain] registry - -### ngrok auth - -obtain ngrok auth token and place in .secrets in form - - authtoken: [token] - -### initial deploy - -```shell -export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000 -export CERTBOT_EMAIL=giles.bradshaw@sigyl.com -export GIT_DOMAIN=git.sigyl.com -export REMOTE_DOMAIN=remote.sigyl.com -export DRONE_DOMAIN=drone.sigyl.com -export BLOG_DOMAIN=blog.sigyl.com - -export DRONE_RPC_SECRET=$(openssl rand -base64 48) -docker stack deploy -c docker-compose.yml gitea -``` - -### create gitea drone app with client id and secret - -### add secrets to repository in drone - - -![add secret](./add-secret.png) - -* blog-domain -* certbot-email -* drone-domain -* drone-gitea-client-id -* drone-gitea-client-secret -* drone-rpc-secret -* git-domain -* local-docker-registry -* remote-domain -* ssh-password -* ssh-port -* ssh-root-password -* ssh-root-user -* ssh-user -* ssh-host - -### kill orphan docker:dind containers - -Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed.. - - -## guacamole - -np no spaces in postgres password - -docker stack for guacamole - -adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html - -### initialising - -find id - -``` -docker ps - -``` - -execute initdb.sql - -``` -docker exec -it [id] psql -U postgres -d guacamole_db -f /initdb.sql -docker exec -it [id] psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword' -``` - -initial admin is guacadmin:guacadmin - -create a new admin and delete guacadmin - -## docker-exec-runner on windows - -These instructions are not very good... - -https://exec-runner.docs.drone.io/installation/windows/ - -download and unpack on linux with - -``` -curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx -``` - - -rename drone-runner-exec to drone-runner-exec.exe - -make directory c:\Drone\drone-runner-exec on windows - -copy drone-runner-exec.exe to directory - -make config file with - -``` - -DRONE_RPC_PROTO=https -DRONE_RPC_HOST=drone.sigyl.com:443 -DRONE_RPC_SECRET=[rpc secret] -DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt -DRONE_RUNNER_LABELS=web:true -``` - - -install and start service with - -``` -drone-runner-exec service install -drone-runner-exec service start -``` - -## chat - -Once the chat-mongo container is up you need to get its id and do - -``` -docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))" -``` - -then scale up chat - -``` -docker service scale gitea_chat=1 -``` \ No newline at end of file +* git - https://git.sigyl.com/ +* drone - https://drone.sigyl.com/ +* guacamole - https://remote.sigyl.com/ diff --git a/docker-compose-do.yml b/docker-compose-do.yml index ad24fa2..3ed9215 100644 --- a/docker-compose-do.yml +++ b/docker-compose-do.yml @@ -166,7 +166,7 @@ services: guacamole-postgresql: deploy: placement: - constraints: [node.labels.com.sigyl.git-chat == yes] + constraints: [node.labels.com.sigyl.git-stack-chat == yes] replicas: 1 restart_policy: condition: any @@ -181,7 +181,7 @@ services: guacd: deploy: placement: - constraints: [node.labels.com.sigyl.git-chat == yes] + constraints: [node.labels.com.sigyl.git-stack-chat == yes] replicas: 1 restart_policy: condition: any @@ -191,7 +191,7 @@ services: guacamole: deploy: placement: - constraints: [node.labels.com.sigyl.git-chat == yes] + constraints: [node.labels.com.sigyl.git-stack-chat == yes] replicas: 1 restart_policy: condition: any diff --git a/install.md b/install.md new file mode 100644 index 0000000..a6b4fee --- /dev/null +++ b/install.md @@ -0,0 +1,242 @@ +# gitea in a stack with drone and guacamole + +Remote system support. + +Consisting of + +* gitea repository - github like self hosted git and web application +* drone ci system +* guacamole - rdp, vnc and ssh over the internet in the browser + + +## home + + +(nb when self deploying with drone it will will stick on started and have to be cancelled. This is because the deployment tears down the previous running drone). + +NB each time you deploy this using drone it will leave an orphaned network for example: + +eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network” + +You need to keep clearing out orphaned networks. + +## installing docker + +Start with a fresh install of Ubuntu server 19.04 connected to the internet + +### update packages + +``` +sudo apt-get update +sudo apt-get upgrade +``` + +### remove old versions of docker + +(if it's a fresh install of linux there shouldn't be any) + +``` +sudo apt-get remove docker docker-engine docker.io +``` + +### install docker + +``` +sudo apt install docker.io +``` + +### add current user to docker group + +logout and back in afterwards + +``` +sudo usermod -aG docker $USER +``` + +### start and enable docker + +``` +sudo systemctl start docker +sudo systemctl enable docker +``` + +### change ssh port to 2022 + +``` +sudo vi /etc/ssh/sshd_config + +``` + +change Port 2022 + +### allow root to ssh + +``` +sudo vi /etc/ssh/sshd_config + +``` + +## set the root password + +``` +sudo passwd root +``` + +change PermitRootLogin yes + +reboot + +start a stack running gitea to host repository. + +## stack + +### labels + +get nodes with + +``` +docker node ls +``` + +add label with + +``` +docker node update --label-add com.sigyl.git-stack=yes [node id] +``` + +### generate certificates + +where [registry-domain] is the domain on which the registry will be served + + sh ca.sh [registry-domain]:5000 + + + sh make-cert.sh [registry-domain] registry + +### ngrok auth + +obtain ngrok auth token and place in .secrets in form + + authtoken: [token] + +### initial deploy + +```shell +export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000 +export CERTBOT_EMAIL=giles.bradshaw@sigyl.com +export GIT_DOMAIN=git.sigyl.com +export REMOTE_DOMAIN=remote.sigyl.com +export DRONE_DOMAIN=drone.sigyl.com +export BLOG_DOMAIN=blog.sigyl.com + +export DRONE_RPC_SECRET=$(openssl rand -base64 48) +docker stack deploy -c docker-compose.yml gitea +``` + +### create gitea drone app with client id and secret + +### add secrets to repository in drone + + +![add secret](./add-secret.png) + +* blog-domain +* certbot-email +* drone-domain +* drone-gitea-client-id +* drone-gitea-client-secret +* drone-rpc-secret +* git-domain +* local-docker-registry +* remote-domain +* ssh-password +* ssh-port +* ssh-root-password +* ssh-root-user +* ssh-user +* ssh-host + +### kill orphan docker:dind containers + +Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed.. + + +## guacamole + +np no spaces in postgres password + +docker stack for guacamole + +adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html + +### initialising + +find id + +``` +docker ps + +``` + +execute initdb.sql + +``` +docker exec -it [id] psql -U postgres -d guacamole_db -f /initdb.sql +docker exec -it [id] psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword' +``` + +initial admin is guacadmin:guacadmin + +create a new admin and delete guacadmin + +## docker-exec-runner on windows + +These instructions are not very good... + +https://exec-runner.docs.drone.io/installation/windows/ + +download and unpack on linux with + +``` +curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx +``` + + +rename drone-runner-exec to drone-runner-exec.exe + +make directory c:\Drone\drone-runner-exec on windows + +copy drone-runner-exec.exe to directory + +make config file with + +``` + +DRONE_RPC_PROTO=https +DRONE_RPC_HOST=drone.sigyl.com:443 +DRONE_RPC_SECRET=[rpc secret] +DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt +DRONE_RUNNER_LABELS=web:true +``` + + +install and start service with + +``` +drone-runner-exec service install +drone-runner-exec service start +``` + +## chat + +Once the chat-mongo container is up you need to get its id and do + +``` +docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))" +``` + +then scale up chat + +``` +docker service scale gitea_chat=1 +``` \ No newline at end of file diff --git a/letsencrypt-nginx/website/index.html b/letsencrypt-nginx/website/index.html index 22f99e9..f985d6b 100644 --- a/letsencrypt-nginx/website/index.html +++ b/letsencrypt-nginx/website/index.html @@ -1,22 +1,27 @@

SiGyl Ltd

+Bespoke software development. +

home