diff --git a/.drone-remote.star b/.drone-remote.star deleted file mode 100644 index 31bb16a..0000000 --- a/.drone-remote.star +++ /dev/null @@ -1,88 +0,0 @@ -load("@this//:from-secret.star", "fromSecret") -load("@this//:print-secrets.star", "printSecrets") - -load("@this//:map.star", "map") -load("@this//:environment.star", "environment") -load("@this//:echo.star", "echo") -load("@this//:export.star", "export") -load("@this//:echo-secret.star", "echoSecret") -load("@this//:wait.star", "wait") -load("@this//:build.star", "build") -load("@this//:scp.star", "scp") -load("@this//stack:public-secrets.star", "publicSecrets") -load("@this//stack:secret-secrets.star", "secretSecrets") -load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") -load("@this//:build-folder.star", "buildFolder") -load("@this//:build-docker-folder.star", "buildDockerFolder") -load("@this//:pipeline.star", "pipeline") - -def main(ctx): - if ctx.build.branch == 'remote': - return [ - pipeline( - 'remote-deploy', - [ - printSecrets( - "env-stack", - publicSecrets, - secretSecrets, - ), - wait(15, "wait"), - build("guacamole-postgresql"), - build("ngrok-gitea"), - build("letsencrypt-nginx"), - build("drone-starlark"), - buildDockerFolder( - "Dockerfile.drone", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", - "letsencrypt-nginx", - "drone", - ), - buildDockerFolder( - "Dockerfile.remote", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-remote", - "letsencrypt-nginx", - "remote", - ), - scp("/home/giles/gitea-drone-stack"), - pull([ - "letsencrypt-drone", - "letsencrypt-remote", - "drone-starlark", - "guacamole-postgresql", - ]), - deploy( - "docker-compose-remote.yml", - "remote-drone", - "/home/giles/gitea-drone-stack", - publicSecrets + secretSecrets, - ), - ], - [], - [ - { - "name": "ca", - "host": { - "path": "/home/giles/gitea-drone-stack/.ca", - }, - } - ], - [ - { - "name": "ca", - "path": "/etc/docker/certs.d", - }, - ] - ), - ] - else: - return pipeline( - ctx.build.branch, - [], - [], - [], - [], - ) \ No newline at end of file diff --git a/README.md b/README.md index b3caa60..d7d778b 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ In a [docker](https://www.docker.com/) stack. ### docker stack configuration -[docker-compose-home.yml](docker-compose-home.yml) +[docker-compose.yml](docker-compose.yml) ## deployments @@ -215,7 +215,7 @@ sh build.sh $SIGYL_STACK_ROOT ``` cd $SIGYL_STACK_ROOT -docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME +docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME ``` ### initialise postgres database @@ -264,7 +264,7 @@ export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA= ### redeploy ``` -docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME +docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME sh init-scale.sh stack ``` diff --git a/docker-compose-do.yml b/docker-compose-do.yml deleted file mode 100644 index a630671..0000000 --- a/docker-compose-do.yml +++ /dev/null @@ -1,238 +0,0 @@ -version: "3.7" -services: - letsencrypt-do: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-do - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - SERVER_NAME=${GIT_DOMAIN} - - PROXY_PASS=http://gitea:3000/ - - BLOG_PROXY_PASS=http://ghost:2368 - - CHAT_PROXY_PASS=http://chat:3000 - - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/ - - DRONE_PROXY_PASS=http://drone-server:8080 - - REGISTRY_PROXY_PASS=http://registry:5000 - - LOCATION=/git/ - - BLOG_LOCATION=/blog/ - - CHAT_LOCATION=/chat/ - - REMOTE_LOCATION=/remote/ - volumes: - - letsencrypt-git:/etc/letsencrypt - networks: - - appnet - ports: - - 80:80 - - 443:443 - - 5000:5000 - - 5001:5001 - gitea: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: gitea/gitea:latest - environment: - - USER_UID=1000 - - USER_GID=1000 - - ROOT_URL=https://${GIT_DOMAIN}/git - - SSH_DOMAIN=${GIT_DOMAIN} - volumes: - - gitea-app:/data - ports: - - 3000 - - 22:22 - networks: - - appnet - ghost: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ghost - volumes: - - ghost-content:/var/lib/ghost/content - - ./ghost/config.production.json:/var/lib/ghost/config.production.json - environment: - - url=https://${GIT_DOMAIN}/blog - networks: - - appnet - chat: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack-chat == yes] - replicas: 1 # will scale after mongo initated - restart_policy: - condition: any - image: rocketchat/rocket.chat:latest - networks: - - appnet - environment: - - MONGO_OPLOG_URL=mongodb://chat-mongo:27017/local - - ROOT_URL=https://${GIT_DOMAIN}/chat/ - - ROOT_URL_PATH_PREFIX=chat - - PORT=3000 - - MONGO_URL=mongodb://chat-mongo:27017/rocketchat - volumes: - - chat-uploads:/app/uploads - chat-mongo: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack-chat == yes] - replicas: 1 - restart_policy: - condition: any - image: mongo:4.0 - networks: - - appnet - environment: - - MONGO_DATA_DIR=/data/db - - MONGO_LOG_DIR=/dev/null - volumes: - - mongo-chat:/data/db - command: mongod --smallfiles --replSet rs0 --oplogSize 128 - drone-server: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: drone/drone:latest - volumes: - - drone:/var/lib/drone - - drone-data:/data - depends_on: - - gitea - environment: - - DRONE_LOGS_DEBUG=true - - DRONE_LOGS_PRETTY=true - - DRONE_GITEA_SERVER=https://${GIT_DOMAIN}/git - - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} - - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - - DRONE_SERVER_HOST=${GIT_DOMAIN}:5000 # tunnel hostname - - DRONE_ADMIN=giles - - DRONE_SERVER_PROTO=https # tunnel adds https on top - - DRONE_SERVER_PORT=:8080 - - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_USER_CREATE=username:giles,admin:true - - DRONE_AGENTS_ENABLED=true - - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything - networks: - - appnet - drone-docker-runner: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: drone/drone-runner-docker:1 - depends_on: - - drone-server - volumes: - - /var/run/docker.sock:/var/run/docker.sock - environment: - - DRONE_RPC_PROTO=https - - DRONE_RPC_HOST=${GIT_DOMAIN}:5000 - - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_RUNNER_CAPACITY=8 - - DRONE_RUNNER_NAME="docker-runner" - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything - drone-starlark: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}drone-starlark - environment: - - DRONE_DEBUG=true - - DRONE_SECRET=${DRONE_CONVERT_SECRET} - - DRONE_STARLARK_REPO_PATHS=this:/repos - networks: - - appnet - registry: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - volumes: - - registry-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - networks: - - appnet - guacamole-postgresql: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack-chat == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest - environment: - POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD} - POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB} - volumes: - - guacamole-postgresql-data:/var/lib/postgresql/data - networks: - - appnet - guacd: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack-chat == yes] - replicas: 1 - restart_policy: - condition: any - image: guacamole/guacd:latest - networks: - - appnet - guacamole: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack-chat == yes] - replicas: 1 - restart_policy: - condition: any - image: guacamole/guacamole:latest - environment: - - POSTGRES_HOSTNAME=guacamole-postgresql - - POSTGRES_PORT=5432 - - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER} - - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD} - - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB} - - GUACD_HOSTNAME=guacd - networks: - - appnet - -volumes: - gitea-db: - gitea-app: - letsencrypt-git: - ghost-content: - mongo-chat: - chat-uploads: - drone: - drone-data: - registry-data: - guacamole-postgresql-data: -networks: - appnet: - driver: overlay diff --git a/docker-compose-drone.yml b/docker-compose-drone.yml deleted file mode 100644 index cfcb554..0000000 --- a/docker-compose-drone.yml +++ /dev/null @@ -1,238 +0,0 @@ -version: "3.7" -services: - letsencrypt-remote: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}/letsencrypt-remote - environment: - - SERVER_NAME=${REMOTE_DOMAIN} - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - PROXY_PASS=http://guacamole:8080/guacamole/ - volumes: - - letsencrypt-remote:/etc/letsencrypt - networks: - - appnet - depends_on: - - guacamole - letsencrypt-drone: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}/letsencrypt-drone - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - SERVER_NAME=${DRONE_DOMAIN} - - PROXY_PASS=http://drone-server:8080/ - volumes: - - letsencrypt-drone:/etc/letsencrypt - networks: - - appnet - depends_on: - - drone-server - ngrok: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea - ports: - - "4040:4040" - volumes: - - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro - environment: - - GIT_DOMAIN=${GIT_DOMAIN} - - DRONE_DOMAIN=${DRONE_DOMAIN} - - REMOTE_DOMAIN=${REMOTE_DOMAIN} - - BLOG_DOMAIN=${BLOG_DOMAIN} - depends_on: - - gitea - networks: - - appnet - secrets: - - ngrok-auth-token - drone-server: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: drone/drone:latest - volumes: - - drone:/var/lib/drone - - drone-data:/data - depends_on: - - gitea - environment: - - DRONE_LOGS_DEBUG=true - - DRONE_LOGS_PRETTY=true - - DRONE_GITEA_SERVER=https://${GIT_DOMAIN} - - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} - - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - - DRONE_SERVER_HOST=${DRONE_DOMAIN} # tunnel hostname - - DRONE_ADMIN=giles - - DRONE_SERVER_PROTO=https # tunnel adds https on top - - DRONE_SERVER_PORT=:8080 - - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_USER_CREATE=username:giles,admin:true - - DRONE_AGENTS_ENABLED=true - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything - networks: - - appnet - drone-docker-runner: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: drone/drone-runner-docker:1 - depends_on: - - drone-server - volumes: - - /var/run/docker.sock:/var/run/docker.sock - environment: - - DRONE_RPC_PROTO=https - - DRONE_RPC_HOST=${DRONE_DOMAIN} - - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_RUNNER_CAPACITY=8 - - DRONE_RUNNER_NAME="docker-runner" - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything - - registry: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - ports: - - 5000:5000 - volumes: - - registry-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" - networks: - - appnet - secrets: - - registry-cert - - registry-key - registry-cache: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - ports: - - 5001:5001 - volumes: - - registry-cache-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5001 - - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" - - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io - networks: - - appnet - secrets: - - registry-cert - - registry-key - guacamole-postgresql: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql:latest - environment: - POSTGRES_PASSWORD: guacroot - POSTGRES_DB: guacamole_db - volumes: - - guacamole-postgresql-data:/var/lib/postgresql/data - #secrets: - # - source: guacamole-postgresql-password - # target: password - - #- /home/giles/guacamole-stack/initdb.sql:/initdb.sql - networks: - - appnet - - # The backend guacamole server. - guacd: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: guacamole/guacd:latest - networks: - - appnet - - guacamole: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: guacamole/guacamole:latest - secrets: - - source: guacamole-postgresql-database - target: database - - source: guacamole-postgresql-user - target: user - - source: guacamole-postgresql-password - target: password - environment: - - POSTGRES_HOSTNAME=guacamole-postgresql - - POSTGRES_PORT=5432 - - POSTGRES_USER_FILE=/run/secrets/user - - POSTGRES_PASSWORD_FILE=/run/secrets/password - - POSTGRES_DATABASE_FILE=/run/secrets/database - - GUACD_HOSTNAME=guacd - networks: - - appnet -volumes: - drone: - drone-data: - registry-data: - registry-cache-data: - guacamole-postgresql-data: - letsencrypt-remote: - letsencrypt-drone: - -networks: - appnet: - driver: overlay - #external: true -secrets: - 'registry-cert': - file: .certificates/registry.crt - 'registry-key': - file: .certificates/registry.key - 'guacamole-postgresql-database': - file: .secrets/guacamole-postgresql-database - 'guacamole-postgresql-user': - file: .secrets/guacamole-postgresql-user - 'guacamole-postgresql-password': - file: .secrets/guacamole-postgresql-password - 'ngrok-auth-token': - file: .secrets/ngrok-auth-token diff --git a/docker-compose-remote.yml b/docker-compose-remote.yml deleted file mode 100644 index f4f11ac..0000000 --- a/docker-compose-remote.yml +++ /dev/null @@ -1,254 +0,0 @@ -version: "3.7" -services: - letsencrypt-remote: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-remote - environment: - - SERVER_NAME=${REMOTE_DOMAIN} - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - PROXY_PASS=http://guacamole:8080/guacamole/ - volumes: - - letsencrypt-remote:/etc/letsencrypt - networks: - - appnet - depends_on: - - guacamole - letsencrypt-drone: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - SERVER_NAME=${DRONE_DOMAIN} - - PROXY_PASS=http://drone-server:8080/ - volumes: - - letsencrypt-drone:/etc/letsencrypt - networks: - - appnet - depends_on: - - drone-server - ngrok: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea - ports: - - "4040:4040" - volumes: - - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro - environment: - - GIT_DOMAIN=${GIT_DOMAIN} - - DRONE_DOMAIN=${DRONE_DOMAIN} - - REMOTE_DOMAIN=${REMOTE_DOMAIN} - - BLOG_DOMAIN=${BLOG_DOMAIN} - depends_on: - - gitea - networks: - - appnet - secrets: - - ngrok-auth-token - drone-server: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: drone/drone:latest - volumes: - - drone:/var/lib/drone - - drone-data:/data - depends_on: - - gitea - environment: - - DRONE_LOGS_DEBUG=true - - DRONE_LOGS_PRETTY=true - - DRONE_GITEA_SERVER=https://${GIT_DOMAIN} - - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} - - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - - DRONE_SERVER_HOST=${DRONE_DOMAIN} # tunnel hostname - - DRONE_ADMIN=giles - - DRONE_SERVER_PROTO=https # tunnel adds https on top - - DRONE_SERVER_PORT=:8080 - - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_USER_CREATE=username:giles,admin:true - - DRONE_AGENTS_ENABLED=true - - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything - networks: - - appnet - drone-docker-runner: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: drone/drone-runner-docker:1 - depends_on: - - drone-server - volumes: - - /var/run/docker.sock:/var/run/docker.sock - environment: - - DRONE_RPC_PROTO=https - - DRONE_RPC_HOST=${DRONE_DOMAIN} - - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_RUNNER_CAPACITY=8 - - DRONE_RUNNER_NAME="docker-runner" - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything - drone-starlark: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}drone-starlark - environment: - - DRONE_DEBUG=true - - DRONE_SECRET=${DRONE_CONVERT_SECRET} - - DRONE_STARLARK_REPO_PATHS=this:/repos - networks: - - appnet - - registry: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - ports: - - 5000:5000 - volumes: - - registry-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" - networks: - - appnet - secrets: - - registry-cert - - registry-key - registry-cache: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - ports: - - 5001:5001 - volumes: - - registry-cache-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5001 - - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" - - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io - networks: - - appnet - secrets: - - registry-cert - - registry-key - guacamole-postgresql: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest - environment: - POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD} - POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB} - volumes: - - guacamole-postgresql-data:/var/lib/postgresql/data - #secrets: - # - source: guacamole-postgresql-password - # target: password - - #- /home/giles/guacamole-stack/initdb.sql:/initdb.sql - networks: - - appnet - - # The backend guacamole server. - guacd: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: guacamole/guacd:latest - networks: - - appnet - - guacamole: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: guacamole/guacamole:latest - secrets: - - source: guacamole-postgresql-database - target: database - - source: guacamole-postgresql-user - target: user - - source: guacamole-postgresql-password - target: password - environment: - - POSTGRES_HOSTNAME=guacamole-postgresql - - POSTGRES_PORT=5432 - - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER} - - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD} - - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB} - - GUACD_HOSTNAME=guacd - networks: - - appnet -volumes: - drone: - drone-data: - registry-data: - registry-cache-data: - guacamole-postgresql-data: - letsencrypt-remote: - letsencrypt-drone: - -networks: - appnet: - driver: overlay - #external: true -secrets: - 'registry-cert': - file: .certificates/registry.crt - 'registry-key': - file: .certificates/registry.key - 'guacamole-postgresql-database': - file: .secrets/guacamole-postgresql-database - 'guacamole-postgresql-user': - file: .secrets/guacamole-postgresql-user - 'guacamole-postgresql-password': - file: .secrets/guacamole-postgresql-password - 'ngrok-auth-token': - file: .secrets/ngrok-auth-token \ No newline at end of file diff --git a/docker-compose-home.yml b/docker-compose.yml similarity index 100% rename from docker-compose-home.yml rename to docker-compose.yml diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 1a93e1f..6cd6230 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -70,7 +70,7 @@ def drone( ], ), deploy( - "docker-compose-home.yml", + "docker-compose.yml", name, base, publicSecrets + secretSecrets,