proxy-starlark

docker-compose-registry.yml

@@ -1,43 +0,0 @@
-version: "3.7"
-services:
-  letsencrypt-registry:
-    deploy:
-      placement:
-        constraints: [node.labels.com.sigyl.git-stack == yes]
-      replicas: 1
-      restart_policy:
-        condition: any
-    image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-registry
-    environment:
-      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
-      - SERVER_NAME=${GIT_DOMAIN}
-      - REGISTRY_PROXY_PASS=http://registry:5000
-    volumes:
-      - letsencrypt-registry:/etc/letsencrypt
-    networks:
-      - appnet
-    ports:
-      - 5004:5004
-  registry:
-    # internal registry #1 (why?)
-    deploy:
-      placement:
-        constraints: [node.labels.com.sigyl.git-stack == yes]
-      replicas: 1
-      restart_policy:
-        condition: any
-    image: registry:2
-    volumes:
-      - registry-data:/var/lib/registry
-    environment:
-      - REGISTRY_HTTP_ADDR=0.0.0.0:5000
-    networks:
-      - appnet
-volumes:
-  registry-data:
-  letsencrypt-registry:
-
-networks:
-  appnet:
-    driver: overlay
-    #external: true

drone-starlark/repos/proxy/drone.star

@@ -0,0 +1,98 @@
+load("@this//:from-secret.star", "fromSecret")
+load("@this//:print-secrets.star", "printSecrets")
+
+load("@this//:map.star", "map")
+load("@this//:environment.star", "environment")
+load("@this//:echo.star", "echo")
+load("@this//:export.star", "export")
+load("@this//:echo-secret.star", "echoSecret")
+load("@this//:wait.star", "wait")
+load("@this//:build.star", "build")
+load("@this//:scp.star", "scp")
+load("@this//proxy:public-secrets.star", "publicSecrets")
+load("@this//proxy:secret-secrets.star", "secretSecrets")
+load("@this//:rescale.star", "rescale")
+load("@this//:pull.star", "pull")
+load("@this//:deploy.star", "deploy")
+load("@this//:build-folder.star", "buildFolder")
+load("@this//:build-docker-folder.star", "buildDockerFolder")
+load("@this//:pipeline.star", "pipeline")
+
+def drone(
+  ctx,
+  branch,
+  base,
+  name,
+  commands,
+):
+  if ctx.build.branch == branch:
+    return [
+      pipeline(
+        branch,
+        [
+          wait(15, "wait"),
+          printSecrets(
+            "env-proxy",
+            publicSecrets,
+            secretSecrets,
+          ),
+          build("ngrok-gitea"),
+          build("letsencrypt-nginx"),
+          buildDockerFolder(
+            "Dockerfile.git",
+            "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
+            "$${LOCAL_DOCKER_REGISTRY}letsencrypt-git",
+            "letsencrypt-nginx",
+            "git",
+          ),
+          buildDockerFolder(
+            "Dockerfile.drone",
+            "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
+            "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone",
+            "letsencrypt-nginx",
+            "drone",
+          ),
+          scp(base),
+          pull(
+            "pull images",
+            [
+              "ngrok-gitea",
+              "letsencrypt-git",
+              "letsencrypt-drone",
+            ],
+          ),
+          deploy(
+            "docker-compose.yml",
+            name,
+            base,
+            publicSecrets + secretSecrets,
+            commands,
+            ctx
+          ),
+        ],
+        [],
+        [
+          {
+            "name": "ca",
+            "host": {
+              "path": "/etc/docker/certs.d",
+            },
+          }
+        ],
+        [
+          {
+            "name": "ca",
+            "path": "/etc/docker/certs.d",
+          },
+        ]
+      ),
+    ]
+  else:
+    return pipeline(
+      ctx.build.branch,
+      [],
+      [],
+      [],
+      [],
+    )
+      

drone-starlark/repos/proxy/public-secrets.star

@@ -0,0 +1,34 @@
+publicSecrets = [
+  "title",
+  "description",
+  "certbot-email",
+  "drone-domain",
+  "drone-gitea-client-id",
+  "drone-gitea-server",
+  "drone-server-host",
+  "git-domain",
+  "local-docker-registry",
+  "ssh-host",
+  "guacamole-postgres-db",
+  "guacamole-postgres-user",
+  "sigyl-stack-root",
+  "sigyl-stack-name",
+  "ghost-mail-service",
+  "ghost-mail-user",
+  "chat-admin-name",
+  "chat-admin-email",
+  "gitea-mailer-host",
+  "gitea-mailer-from",
+  "gitea-mailer-user",
+  "gitea-app-name",
+  "commento-origin",
+  "commento-smtp-host",
+  "commento-smtp-port",
+  "commento-smtp-username",
+  "commento-smtp-from-address",
+  "commento-forbid-new-owners",
+  "commento-postgres-db",
+  "commento-postgres-user",
+  "commento-github-key", 
+  "nagios-admin-user",
+]

drone-starlark/repos/proxy/secret-secrets.star

@@ -0,0 +1,24 @@
+secretSecrets = [
+  "drone-convert-secret",
+  "drone-gitea-client-secret",
+  "drone-rpc-secret",
+  "guacamole-postgres-password",
+  "ngrok-auth-token",
+  "ghost-mail-password",
+  "ghost-mysql-root-password",
+  "chat-admin-password",
+  "gitea-server-lfs-jwt-secret",
+  "gitea-security-secret-key",
+  "gitea-security-internal-token",
+  "gitea-oauth2-jwt-secret",
+  "gitea-mailer-passwd",
+  "commento-smtp-password",
+  "commento-askimet-key",
+  "commento-postgres-password",
+  "commento-github-secret",
+  "matomo-mysql-root-password",
+  "matomo-mysql-password",
+  "nagios-admin-password",
+  "zabbix-mysql-root-password",
+  "zabbix-mysql-password",
+]

drone-starlark/repos/proxy/stack-name._star

@@ -0,0 +1 @@
+stackName='${SIGYL_STACK_NAME}'

drone-starlark/repos/proxy/stack-root._star

@@ -0,0 +1 @@
+stackRoot='${SIGYL_STACK_ROOT}'

drone-starlark/repos/stack/drone.star

@@ -56,13 +56,6 @@ def drone(
             "letsencrypt-nginx",
             "drone",
           ),
-          buildDockerFolder(
-            "Dockerfile.registry",
-            "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
-            "$${LOCAL_DOCKER_REGISTRY}letsencrypt-registry",
-            "letsencrypt-nginx",
-            "registry",
-          ),
           scp(base),
           pull(
             "pull images",