From 8757db0966c560a5a391fb483c81a14d74ea7a27 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Wed, 29 Apr 2020 11:05:39 +0100 Subject: [PATCH] . --- README.md | 47 ++++++++++--- drone-starlark/Dockerfile | 4 +- drone-starlark/repos/deploy.star | 7 +- drone-starlark/repos/stack/stack-name._star | 1 + drone-starlark/repos/stack/stack-root._star | 1 + drone-starlark/run.sh | 3 + letsencrypt-nginx/Dockerfile.blog | 3 - letsencrypt-nginx/Dockerfile.chat | 3 - letsencrypt-nginx/Dockerfile.do | 4 -- letsencrypt-nginx/Dockerfile.home | 7 -- letsencrypt-nginx/Dockerfile.remote | 3 - letsencrypt-nginx/home.sh | 4 -- letsencrypt-nginx/result | 78 --------------------- 13 files changed, 47 insertions(+), 118 deletions(-) create mode 100644 drone-starlark/repos/stack/stack-name._star create mode 100644 drone-starlark/repos/stack/stack-root._star create mode 100644 drone-starlark/run.sh delete mode 100644 letsencrypt-nginx/Dockerfile.blog delete mode 100644 letsencrypt-nginx/Dockerfile.chat delete mode 100644 letsencrypt-nginx/Dockerfile.do delete mode 100644 letsencrypt-nginx/Dockerfile.home delete mode 100644 letsencrypt-nginx/Dockerfile.remote delete mode 100644 letsencrypt-nginx/home.sh delete mode 100644 letsencrypt-nginx/result diff --git a/README.md b/README.md index 2b2655d..d6a9e8e 100644 --- a/README.md +++ b/README.md @@ -37,25 +37,41 @@ Once installed and running the system can redeploy itself. However initially you need to do this yourself. +### docker + you need a docker swarm set up with nodes with the following labels * com.sigyl.git-stack=yes * com.sigyl.git-stack-data=yes +### global environment + +the following environment variables need to be defined (define your own values) + +``` +echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh +echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh + +sh /etc/profile.d/sigyl-stack.sh + +``` + + ### make a folder and give yourself access ``` -sudo mkdir /stack -sudo chown -R $USER:$USER +sudo mkdir -p $SIGYL_STACK_ROOT cd /stack +sudo chown -R $USER:$USER $SIGYL_STACK_ROOT + ``` ### clone the repository ``` cd /stack -git clone https://sigyl.com/git/giles/stack.git deploy -cd deploy +git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT +cd $SIGYL_STACK_ROOT git checkout home-deploy ``` @@ -63,10 +79,12 @@ git checkout home-deploy ### make certificates for the registry these certificates will be in .ca and .certificates -where $REGISTRY_DOMAIN is the host where the stack will run. +where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet. + +eg git.local-domain ``` -cd certificates +cd $SIGYL_STACK_ROOT/certificates sh ca.sh $REGISTRY_DOMAIN:5003 sh make-cert.sh $REGISTRY_DOMAIN registry ``` @@ -93,17 +111,16 @@ export NGROK_AUTH_TOKEN=[secret token from ngrok] ### build images -where $STACK_HOME = /stack/deploy ``` -sh build.sh $STACK_HOME +sh build.sh $SIGYL_STACK_ROOT ``` ### initial deploy of stack ``` -cd /stack/deploy -docker stack deploy -c docker-compose-home.yml stack +cd $SIGYL_STACK_ROOT +docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME ``` ### initialise postgres database @@ -139,7 +156,9 @@ sh init-scale.sh stack ### create a gitea drone application -set environment variables as follows (example values): +This might be on your local gitea or some other one. + +set environment variables for it as follows (example values): ``` export DRONE_GITEA_SERVER=https://sigyl.com/git @@ -147,3 +166,9 @@ export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499 export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA= ``` +### redeploy + +``` +docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME +sh init-scale.sh stack +``` \ No newline at end of file diff --git a/drone-starlark/Dockerfile b/drone-starlark/Dockerfile index 776096e..45537c3 100644 --- a/drone-starlark/Dockerfile +++ b/drone-starlark/Dockerfile @@ -1,2 +1,4 @@ FROM drone/drone-convert-starlark -COPY repos /repos \ No newline at end of file +COPY repos /repos +COPY run.sh / +CMD sh run.sh \ No newline at end of file diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index d961475..6fd969f 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -25,12 +25,11 @@ def deploy( ] + map(export, secrets) + [ - "echo $$SIGYL_STACK_ROOT", "docker network prune -f", - "cd $$SIGYL_STACK_ROOT", - "docker stack rm $$SIGYL_STACK_NAME", + "cd {folder}".format(folder=folder), + "docker stack rm {name}".format(name = name), "sleep 30", - "docker stack deploy -c {filename} $$SIGYL_STACK_NAME".format(filename = filename), + "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), ] + commands } } diff --git a/drone-starlark/repos/stack/stack-name._star b/drone-starlark/repos/stack/stack-name._star new file mode 100644 index 0000000..095b1fa --- /dev/null +++ b/drone-starlark/repos/stack/stack-name._star @@ -0,0 +1 @@ +stackRoot='${SIGYL_STACK_NAME}' \ No newline at end of file diff --git a/drone-starlark/repos/stack/stack-root._star b/drone-starlark/repos/stack/stack-root._star new file mode 100644 index 0000000..73ba038 --- /dev/null +++ b/drone-starlark/repos/stack/stack-root._star @@ -0,0 +1 @@ +stackRoot='${SIGYL_STACK_ROOT}' \ No newline at end of file diff --git a/drone-starlark/run.sh b/drone-starlark/run.sh new file mode 100644 index 0000000..579f2c4 --- /dev/null +++ b/drone-starlark/run.sh @@ -0,0 +1,3 @@ +envsubst < /repos/stack/stack-name._star > /repos/stack/stack-name._star +envsubst < /repos/stack/stack-root._star > /repos/stack/stack-root._star +/bin/drone-convert-starlark \ No newline at end of file diff --git a/letsencrypt-nginx/Dockerfile.blog b/letsencrypt-nginx/Dockerfile.blog deleted file mode 100644 index 57377f8..0000000 --- a/letsencrypt-nginx/Dockerfile.blog +++ /dev/null @@ -1,3 +0,0 @@ -ARG image -FROM $image -COPY ./conf/blog.conf /etc/nginx/user.conf.d/server._conf \ No newline at end of file diff --git a/letsencrypt-nginx/Dockerfile.chat b/letsencrypt-nginx/Dockerfile.chat deleted file mode 100644 index f16a835..0000000 --- a/letsencrypt-nginx/Dockerfile.chat +++ /dev/null @@ -1,3 +0,0 @@ -ARG image -FROM $image -COPY ./conf/chat.conf /etc/nginx/user.conf.d/server._conf \ No newline at end of file diff --git a/letsencrypt-nginx/Dockerfile.do b/letsencrypt-nginx/Dockerfile.do deleted file mode 100644 index 4681890..0000000 --- a/letsencrypt-nginx/Dockerfile.do +++ /dev/null @@ -1,4 +0,0 @@ -ARG image -FROM $image -COPY website /www/data -COPY ./conf/do.conf /etc/nginx/user.conf.d/server._conf \ No newline at end of file diff --git a/letsencrypt-nginx/Dockerfile.home b/letsencrypt-nginx/Dockerfile.home deleted file mode 100644 index 3bb1dec..0000000 --- a/letsencrypt-nginx/Dockerfile.home +++ /dev/null @@ -1,7 +0,0 @@ -ARG image -FROM $image -COPY ./conf/home.conf /etc/nginx/user.conf.d/server._conf -COPY nginx.conf /etc/nginx -COPY website /www/data -COPY home.sh / -CMD sh /home.sh \ No newline at end of file diff --git a/letsencrypt-nginx/Dockerfile.remote b/letsencrypt-nginx/Dockerfile.remote deleted file mode 100644 index a8d7475..0000000 --- a/letsencrypt-nginx/Dockerfile.remote +++ /dev/null @@ -1,3 +0,0 @@ -ARG image -FROM $image -COPY ./conf/remote.conf /etc/nginx/user.conf.d/server._conf \ No newline at end of file diff --git a/letsencrypt-nginx/home.sh b/letsencrypt-nginx/home.sh deleted file mode 100644 index aa5f249..0000000 --- a/letsencrypt-nginx/home.sh +++ /dev/null @@ -1,4 +0,0 @@ -export DOLLAR='$' -envsubst < /etc/nginx/user.conf.d/server._conf > /etc/nginx/user.conf.d/server.conf -cat /etc/nginx/user.conf.d/server.conf -nginx -g "daemon off;" \ No newline at end of file diff --git a/letsencrypt-nginx/result b/letsencrypt-nginx/result deleted file mode 100644 index 1cbb8b2..0000000 --- a/letsencrypt-nginx/result +++ /dev/null @@ -1,78 +0,0 @@ - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - listen 80; - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 200m; - - # save logs here - - server_name sigyl.com; - - - location / { - return 301 https://$host$request_uri; - } - } - - server { - # resolver 127.0.0.11 valid=30s; ## internal docker dns - #listen [::]:3011 default ipv6only=on; ## listen for ipv6 - # listen 444 - listen 443 ssl; - # this should allow large docs - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 200m; - ssl_certificate /etc/letsencrypt/live/sigyl.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/sigyl.com/privkey.pem; - # save logs here - #access_log /var/log/nginx/access.log compression; - - server_name sigyl.com; - - location /git/ { - proxy_pass http://gitea:3000/; - } - location /blog/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; - proxy_pass http://ghost:2368; - } - - location /chat/sockjs { - proxy_pass http://chat:3000sockjs; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } - location /chat/sockjs/ { - proxy_pass http://chat:3000sockjs/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } - location /chat/ { - proxy_pass http://chat:3000; - proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection "upgrade"; -proxy_set_header Host $http_host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forward-Proto http; -proxy_set_header X-Nginx-Proxy true; -proxy_redirect off; - - } - } - -templating scripts from /etc/nginx/user.conf.d to /etc/nginx/conf.d -Substituting variables