Giles Bradshaw 1 year ago
parent
commit
8757db0966
13 changed files with 47 additions and 118 deletions
  1. +36
    -11
      README.md
  2. +3
    -1
      drone-starlark/Dockerfile
  3. +3
    -4
      drone-starlark/repos/deploy.star
  4. +1
    -0
      drone-starlark/repos/stack/stack-name._star
  5. +1
    -0
      drone-starlark/repos/stack/stack-root._star
  6. +3
    -0
      drone-starlark/run.sh
  7. +0
    -3
      letsencrypt-nginx/Dockerfile.blog
  8. +0
    -3
      letsencrypt-nginx/Dockerfile.chat
  9. +0
    -4
      letsencrypt-nginx/Dockerfile.do
  10. +0
    -7
      letsencrypt-nginx/Dockerfile.home
  11. +0
    -3
      letsencrypt-nginx/Dockerfile.remote
  12. +0
    -4
      letsencrypt-nginx/home.sh
  13. +0
    -78
      letsencrypt-nginx/result

+ 36
- 11
README.md View File

@@ -37,25 +37,41 @@ Once installed and running the system can redeploy itself.

However initially you need to do this yourself.

### docker

you need a docker swarm set up with nodes with the following labels

* com.sigyl.git-stack=yes
* com.sigyl.git-stack-data=yes

### global environment

the following environment variables need to be defined (define your own values)

```
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh

sh /etc/profile.d/sigyl-stack.sh

```


### make a folder and give yourself access

```
sudo mkdir /stack
sudo chown -R $USER:$USER
sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT

```

### clone the repository

```
cd /stack
git clone https://sigyl.com/git/giles/stack.git deploy
cd deploy
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy

```
@@ -63,10 +79,12 @@ git checkout home-deploy
### make certificates for the registry

these certificates will be in .ca and .certificates
where $REGISTRY_DOMAIN is the host where the stack will run.
where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.

eg git.local-domain

```
cd certificates
cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry
```
@@ -93,17 +111,16 @@ export NGROK_AUTH_TOKEN=[secret token from ngrok]

### build images

where $STACK_HOME = /stack/deploy

```
sh build.sh $STACK_HOME
sh build.sh $SIGYL_STACK_ROOT
```

### initial deploy of stack

```
cd /stack/deploy
docker stack deploy -c docker-compose-home.yml stack
cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
```

### initialise postgres database
@@ -139,7 +156,9 @@ sh init-scale.sh stack

### create a gitea drone application

set environment variables as follows (example values):
This might be on your local gitea or some other one.

set environment variables for it as follows (example values):

```
export DRONE_GITEA_SERVER=https://sigyl.com/git
@@ -147,3 +166,9 @@ export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
```

### redeploy

```
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
sh init-scale.sh stack
```

+ 3
- 1
drone-starlark/Dockerfile View File

@@ -1,2 +1,4 @@
FROM drone/drone-convert-starlark
COPY repos /repos
COPY repos /repos
COPY run.sh /
CMD sh run.sh

+ 3
- 4
drone-starlark/repos/deploy.star View File

@@ -25,12 +25,11 @@ def deploy(
] +
map(export, secrets) +
[
"echo $$SIGYL_STACK_ROOT",
"docker network prune -f",
"cd $$SIGYL_STACK_ROOT",
"docker stack rm $$SIGYL_STACK_NAME",
"cd {folder}".format(folder=folder),
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} $$SIGYL_STACK_NAME".format(filename = filename),
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

+ 1
- 0
drone-starlark/repos/stack/stack-name._star View File

@@ -0,0 +1 @@
stackRoot='${SIGYL_STACK_NAME}'

+ 1
- 0
drone-starlark/repos/stack/stack-root._star View File

@@ -0,0 +1 @@
stackRoot='${SIGYL_STACK_ROOT}'

+ 3
- 0
drone-starlark/run.sh View File

@@ -0,0 +1,3 @@
envsubst < /repos/stack/stack-name._star > /repos/stack/stack-name._star
envsubst < /repos/stack/stack-root._star > /repos/stack/stack-root._star
/bin/drone-convert-starlark

+ 0
- 3
letsencrypt-nginx/Dockerfile.blog View File

@@ -1,3 +0,0 @@
ARG image
FROM $image
COPY ./conf/blog.conf /etc/nginx/user.conf.d/server._conf

+ 0
- 3
letsencrypt-nginx/Dockerfile.chat View File

@@ -1,3 +0,0 @@
ARG image
FROM $image
COPY ./conf/chat.conf /etc/nginx/user.conf.d/server._conf

+ 0
- 4
letsencrypt-nginx/Dockerfile.do View File

@@ -1,4 +0,0 @@
ARG image
FROM $image
COPY website /www/data
COPY ./conf/do.conf /etc/nginx/user.conf.d/server._conf

+ 0
- 7
letsencrypt-nginx/Dockerfile.home View File

@@ -1,7 +0,0 @@
ARG image
FROM $image
COPY ./conf/home.conf /etc/nginx/user.conf.d/server._conf
COPY nginx.conf /etc/nginx
COPY website /www/data
COPY home.sh /
CMD sh /home.sh

+ 0
- 3
letsencrypt-nginx/Dockerfile.remote View File

@@ -1,3 +0,0 @@
ARG image
FROM $image
COPY ./conf/remote.conf /etc/nginx/user.conf.d/server._conf

+ 0
- 4
letsencrypt-nginx/home.sh View File

@@ -1,4 +0,0 @@
export DOLLAR='$'
envsubst < /etc/nginx/user.conf.d/server._conf > /etc/nginx/user.conf.d/server.conf
cat /etc/nginx/user.conf.d/server.conf
nginx -g "daemon off;"

+ 0
- 78
letsencrypt-nginx/result View File

@@ -1,78 +0,0 @@

server {
# resolver 127.0.0.11 valid=30s; ## internal docker dns
#listen [::]:3011 default ipv6only=on; ## listen for ipv6
listen 80;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 200m;

# save logs here

server_name sigyl.com;


location / {
return 301 https://$host$request_uri;
}
}

server {
# resolver 127.0.0.11 valid=30s; ## internal docker dns
#listen [::]:3011 default ipv6only=on; ## listen for ipv6
# listen 444
listen 443 ssl;
# this should allow large docs
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 200m;
ssl_certificate /etc/letsencrypt/live/sigyl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sigyl.com/privkey.pem;
# save logs here
#access_log /var/log/nginx/access.log compression;

server_name sigyl.com;

location /git/ {
proxy_pass http://gitea:3000/;
}
location /blog/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_pass http://ghost:2368;
}

location /chat/sockjs {
proxy_pass http://chat:3000sockjs;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /chat/sockjs/ {
proxy_pass http://chat:3000sockjs/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /chat/ {
proxy_pass http://chat:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;

}
}

templating scripts from /etc/nginx/user.conf.d to /etc/nginx/conf.d
Substituting variables