From 85af7c17fac3b0b127702e1918936f95a962e668 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Sun, 10 May 2020 08:21:12 +0100 Subject: [PATCH] proxy-starlark --- docker-compose-registry.yml | 43 -------- drone-starlark/repos/proxy/drone.star | 98 +++++++++++++++++++ .../repos/proxy/public-secrets.star | 34 +++++++ .../repos/proxy/secret-secrets.star | 24 +++++ drone-starlark/repos/proxy/stack-name._star | 1 + drone-starlark/repos/proxy/stack-root._star | 1 + drone-starlark/repos/stack/drone.star | 7 -- 7 files changed, 158 insertions(+), 50 deletions(-) delete mode 100644 docker-compose-registry.yml create mode 100644 drone-starlark/repos/proxy/drone.star create mode 100644 drone-starlark/repos/proxy/public-secrets.star create mode 100644 drone-starlark/repos/proxy/secret-secrets.star create mode 100644 drone-starlark/repos/proxy/stack-name._star create mode 100644 drone-starlark/repos/proxy/stack-root._star diff --git a/docker-compose-registry.yml b/docker-compose-registry.yml deleted file mode 100644 index 2b4729c..0000000 --- a/docker-compose-registry.yml +++ /dev/null @@ -1,43 +0,0 @@ -version: "3.7" -services: - letsencrypt-registry: - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-registry - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - SERVER_NAME=${GIT_DOMAIN} - - REGISTRY_PROXY_PASS=http://registry:5000 - volumes: - - letsencrypt-registry:/etc/letsencrypt - networks: - - appnet - ports: - - 5004:5004 - registry: - # internal registry #1 (why?) - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - volumes: - - registry-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - networks: - - appnet -volumes: - registry-data: - letsencrypt-registry: - -networks: - appnet: - driver: overlay - #external: true diff --git a/drone-starlark/repos/proxy/drone.star b/drone-starlark/repos/proxy/drone.star new file mode 100644 index 0000000..2d6141b --- /dev/null +++ b/drone-starlark/repos/proxy/drone.star @@ -0,0 +1,98 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:print-secrets.star", "printSecrets") + +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:echo.star", "echo") +load("@this//:export.star", "export") +load("@this//:echo-secret.star", "echoSecret") +load("@this//:wait.star", "wait") +load("@this//:build.star", "build") +load("@this//:scp.star", "scp") +load("@this//proxy:public-secrets.star", "publicSecrets") +load("@this//proxy:secret-secrets.star", "secretSecrets") +load("@this//:rescale.star", "rescale") +load("@this//:pull.star", "pull") +load("@this//:deploy.star", "deploy") +load("@this//:build-folder.star", "buildFolder") +load("@this//:build-docker-folder.star", "buildDockerFolder") +load("@this//:pipeline.star", "pipeline") + +def drone( + ctx, + branch, + base, + name, + commands, +): + if ctx.build.branch == branch: + return [ + pipeline( + branch, + [ + wait(15, "wait"), + printSecrets( + "env-proxy", + publicSecrets, + secretSecrets, + ), + build("ngrok-gitea"), + build("letsencrypt-nginx"), + buildDockerFolder( + "Dockerfile.git", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-git", + "letsencrypt-nginx", + "git", + ), + buildDockerFolder( + "Dockerfile.drone", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", + "letsencrypt-nginx", + "drone", + ), + scp(base), + pull( + "pull images", + [ + "ngrok-gitea", + "letsencrypt-git", + "letsencrypt-drone", + ], + ), + deploy( + "docker-compose.yml", + name, + base, + publicSecrets + secretSecrets, + commands, + ctx + ), + ], + [], + [ + { + "name": "ca", + "host": { + "path": "/etc/docker/certs.d", + }, + } + ], + [ + { + "name": "ca", + "path": "/etc/docker/certs.d", + }, + ] + ), + ] + else: + return pipeline( + ctx.build.branch, + [], + [], + [], + [], + ) + \ No newline at end of file diff --git a/drone-starlark/repos/proxy/public-secrets.star b/drone-starlark/repos/proxy/public-secrets.star new file mode 100644 index 0000000..f229e64 --- /dev/null +++ b/drone-starlark/repos/proxy/public-secrets.star @@ -0,0 +1,34 @@ +publicSecrets = [ + "title", + "description", + "certbot-email", + "drone-domain", + "drone-gitea-client-id", + "drone-gitea-server", + "drone-server-host", + "git-domain", + "local-docker-registry", + "ssh-host", + "guacamole-postgres-db", + "guacamole-postgres-user", + "sigyl-stack-root", + "sigyl-stack-name", + "ghost-mail-service", + "ghost-mail-user", + "chat-admin-name", + "chat-admin-email", + "gitea-mailer-host", + "gitea-mailer-from", + "gitea-mailer-user", + "gitea-app-name", + "commento-origin", + "commento-smtp-host", + "commento-smtp-port", + "commento-smtp-username", + "commento-smtp-from-address", + "commento-forbid-new-owners", + "commento-postgres-db", + "commento-postgres-user", + "commento-github-key", + "nagios-admin-user", +] \ No newline at end of file diff --git a/drone-starlark/repos/proxy/secret-secrets.star b/drone-starlark/repos/proxy/secret-secrets.star new file mode 100644 index 0000000..6b38263 --- /dev/null +++ b/drone-starlark/repos/proxy/secret-secrets.star @@ -0,0 +1,24 @@ +secretSecrets = [ + "drone-convert-secret", + "drone-gitea-client-secret", + "drone-rpc-secret", + "guacamole-postgres-password", + "ngrok-auth-token", + "ghost-mail-password", + "ghost-mysql-root-password", + "chat-admin-password", + "gitea-server-lfs-jwt-secret", + "gitea-security-secret-key", + "gitea-security-internal-token", + "gitea-oauth2-jwt-secret", + "gitea-mailer-passwd", + "commento-smtp-password", + "commento-askimet-key", + "commento-postgres-password", + "commento-github-secret", + "matomo-mysql-root-password", + "matomo-mysql-password", + "nagios-admin-password", + "zabbix-mysql-root-password", + "zabbix-mysql-password", +] \ No newline at end of file diff --git a/drone-starlark/repos/proxy/stack-name._star b/drone-starlark/repos/proxy/stack-name._star new file mode 100644 index 0000000..6d0534a --- /dev/null +++ b/drone-starlark/repos/proxy/stack-name._star @@ -0,0 +1 @@ +stackName='${SIGYL_STACK_NAME}' \ No newline at end of file diff --git a/drone-starlark/repos/proxy/stack-root._star b/drone-starlark/repos/proxy/stack-root._star new file mode 100644 index 0000000..73ba038 --- /dev/null +++ b/drone-starlark/repos/proxy/stack-root._star @@ -0,0 +1 @@ +stackRoot='${SIGYL_STACK_ROOT}' \ No newline at end of file diff --git a/drone-starlark/repos/stack/drone.star b/drone-starlark/repos/stack/drone.star index 42bea99..e1d6be1 100644 --- a/drone-starlark/repos/stack/drone.star +++ b/drone-starlark/repos/stack/drone.star @@ -56,13 +56,6 @@ def drone( "letsencrypt-nginx", "drone", ), - buildDockerFolder( - "Dockerfile.registry", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", - "$${LOCAL_DOCKER_REGISTRY}letsencrypt-registry", - "letsencrypt-nginx", - "registry", - ), scp(base), pull( "pull images",