Browse Source

..

master
Giles Bradshaw 5 months ago
parent
commit
5d55ca833a
8 changed files with 55 additions and 20 deletions
  1. +24
    -2
      docker-compose.yml
  2. +1
    -1
      drone-starlark/repos/echo.star
  3. +1
    -1
      drone-starlark/repos/print-secrets.star
  4. +14
    -14
      drone-starlark/repos/stack/drone.star
  5. +7
    -1
      drone-starlark/repos/stack/public-secrets.star
  6. +2
    -0
      drone-starlark/repos/stack/secret-secrets.star
  7. +1
    -1
      init-scale.sh
  8. +5
    -0
      letsencrypt-nginx/conf/git.conf

+ 24
- 2
docker-compose.yml View File

@@ -16,6 +16,7 @@ services:
- PROXY_PASS=http://gitea:3000/
- BLOG_PROXY_PASS=http://ghost:2368/
- CHAT_PROXY_PASS=http://chat:3000/
- COMMENTO_PROXY_PASS=http://commento:8080/
- REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
- DRONE_PROXY_PASS=http://drone-server:8080/
- REGISTRY_PROXY_PASS=http://registry-1:5000
@@ -24,6 +25,7 @@ services:
- GIT_LOCATION=/git/
- BLOG_LOCATION=/
- CHAT_LOCATION=/chat/
- COMMENTO_LOCATION=/comment/
- REMOTE_LOCATION=/remote/
- DRONE_SERVER_HOST=$DRONE_SERVER_HOST
- TITLE=$TITLE
@@ -250,6 +252,27 @@ services:
- GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD

networks:
- appnet
commento:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: registry.gitlab.com/commento/commento:latest
environment:
COMMENTO_ORIGIN: $COMMENTO_ORIGIN
COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
COMMENTO_PORT: 8080
COMMENTO_POSTGRES: postgres://commento:your_password_here@guacamole-postgresql:5432/commento?sslmode=disable
networks:
- appnet
commento-postgres:
@@ -260,7 +283,6 @@ services:
restart_policy:
condition: any
image: postgres:11-alpine
restart: always
environment:
POSTGRES_DB: commento
POSTGRES_USER: commento
@@ -268,7 +290,7 @@ services:
networks:
- appnet
volumes:
- copmmento-postgresql-data:/var/lib/postgresql/data
- commento-postgresql-data:/var/lib/postgresql/data
guacamole-postgresql:
# database for guacamole
deploy:


+ 1
- 1
drone-starlark/repos/echo.star View File

@@ -1,7 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")

def echo(secret):
return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format(
return 'echo "export {environment}=\'${environment}\'" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

+ 1
- 1
drone-starlark/repos/print-secrets.star View File

@@ -19,6 +19,6 @@ def printSecrets(filename, env, secretEnv):
"script": [x.replace("***filename***", filename) for x in [
"rm -f env-stack",
] + map(echo, env)
+ map(echoSecret, secretEnv)]
+ map(echo, secretEnv)]
}
}

+ 14
- 14
drone-starlark/repos/stack/drone.star View File

@@ -76,20 +76,20 @@ def drone(
"guacamole-postgresql",
],
),
pull(
"pull registry",
[
"letsencrypt-registry",
],
),
deploy(
"docker-compose-registry.yml",
'registry',
base,
publicSecrets + secretSecrets,
commands,
ctx
),
#pull(
# "pull registry",
# [
# "letsencrypt-registry",
# ],
#),
#deploy(
# "docker-compose-registry.yml",
# 'registry',
# base,
# publicSecrets + secretSecrets,
# commands,
# ctx
#),
deploy(
"docker-compose.yml",
name,


+ 7
- 1
drone-starlark/repos/stack/public-secrets.star View File

@@ -20,5 +20,11 @@ publicSecrets = [
"gitea-mailer-host",
"gitea-mailer-from",
"gitea-mailer-user",
"gitea-app-name"
"gitea-app-name",
"commento-origin",
"commento-smtp-host",
"commento-smtp-port",
"commento-smtp-username",
"commento-smtp-from-address",
"commento-forbid-new-owners",
]

+ 2
- 0
drone-starlark/repos/stack/secret-secrets.star View File

@@ -11,4 +11,6 @@ secretSecrets = [
"gitea-security-internal-token",
"gitea-oauth2-jwt-secret",
"gitea-mailer-passwd",
"commento-smtp-password",
"commento-askimet-key",
]

+ 1
- 1
init-scale.sh View File

@@ -1,4 +1,4 @@
docker service scale $1_chat=1
docker service scale $1_ngrok=$2
docker service scale $1_letsencrypt-drone=1
docker service scale $1_letsencrypt-drone=$2
docker service scale $1_letsencrypt-git=1

+ 5
- 0
letsencrypt-nginx/conf/git.conf View File

@@ -145,6 +145,11 @@ server {
set ${DOLLAR}upstream ${REMOTE_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
proxy_pass ${DOLLAR}upstream;
}
location ~ ${COMMENTO_LOCATION}(.*) {
resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
set ${DOLLAR}upstream ${COMMENTO_PROXY_PASS}${DOLLAR}1${DOLLAR}is_args${DOLLAR}args;
proxy_pass ${DOLLAR}upstream;
}
location ~ ${BLOG_LOCATION}(.*) {
resolver 127.0.0.11 ipv6=off valid=30s; ## internal docker dns
proxy_set_header Host ${DOLLAR}http_host;