giles
/
stack
Archived
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

.
continuous-integration/drone/push Build was killed Details

This commit is contained in:
Giles Bradshaw 2020-04-29 11:05:39 +01:00
parent 37f0e393b2
commit 8757db0966
13 changed files with 47 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
README.md
View File

@ -37,25 +37,41 @@ Once installed and running the system can redeploy itself.
However initially you need to do this yourself. However initially you need to do this yourself.
### docker
you need a docker swarm set up with nodes with the following labels you need a docker swarm set up with nodes with the following labels
* com.sigyl.git-stack=yes * com.sigyl.git-stack=yes
* com.sigyl.git-stack-data=yes * com.sigyl.git-stack-data=yes
### global environment
the following environment variables need to be defined (define your own values)
```
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh
sh /etc/profile.d/sigyl-stack.sh
```
### make a folder and give yourself access ### make a folder and give yourself access
``` ```
sudo mkdir /stack sudo mkdir -p $SIGYL_STACK_ROOT
sudo chown -R $USER:$USER
cd /stack cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT
``` ```
### clone the repository ### clone the repository
``` ```
cd /stack cd /stack
git clone https://sigyl.com/git/giles/stack.git deploy git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd deploy cd $SIGYL_STACK_ROOT
git checkout home-deploy git checkout home-deploy
``` ```
@ -63,10 +79,12 @@ git checkout home-deploy
### make certificates for the registry ### make certificates for the registry
these certificates will be in .ca and .certificates these certificates will be in .ca and .certificates
where $REGISTRY_DOMAIN is the host where the stack will run. where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.
eg git.local-domain
``` ```
cd certificates cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003 sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry sh make-cert.sh $REGISTRY_DOMAIN registry
``` ```
@ -93,17 +111,16 @@ export NGROK_AUTH_TOKEN=[secret token from ngrok]
### build images ### build images
where $STACK_HOME = /stack/deploy
``` ```
sh build.sh $STACK_HOME sh build.sh $SIGYL_STACK_ROOT
``` ```
### initial deploy of stack ### initial deploy of stack
``` ```
cd /stack/deploy cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose-home.yml stack docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
``` ```
### initialise postgres database ### initialise postgres database
@ -139,7 +156,9 @@ sh init-scale.sh stack
### create a gitea drone application ### create a gitea drone application
set environment variables as follows (example values): This might be on your local gitea or some other one.
set environment variables for it as follows (example values):
``` ```
export DRONE_GITEA_SERVER=https://sigyl.com/git export DRONE_GITEA_SERVER=https://sigyl.com/git
@ -147,3 +166,9 @@ export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA= export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
``` ```
### redeploy
```
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
sh init-scale.sh stack
```

2
drone-starlark/Dockerfile
View File

@ -1,2 +1,4 @@
FROM drone/drone-convert-starlark FROM drone/drone-convert-starlark
COPY repos /repos COPY repos /repos
COPY run.sh /
CMD sh run.sh

7
drone-starlark/repos/deploy.star
View File

@ -25,12 +25,11 @@ def deploy(
] + ] +
map(export, secrets) + map(export, secrets) +
[ [
"echo $$SIGYL_STACK_ROOT",
"docker network prune -f", "docker network prune -f",
"cd $$SIGYL_STACK_ROOT", "cd {folder}".format(folder=folder),
"docker stack rm $$SIGYL_STACK_NAME", "docker stack rm {name}".format(name = name),
"sleep 30", "sleep 30",
"docker stack deploy -c {filename} $$SIGYL_STACK_NAME".format(filename = filename), "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands ] + commands
} }
} }

1
drone-starlark/repos/stack/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackRoot='${SIGYL_STACK_NAME}'

1
drone-starlark/repos/stack/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='${SIGYL_STACK_ROOT}'

3
drone-starlark/run.sh Normal file
View File

@ -0,0 +1,3 @@
envsubst < /repos/stack/stack-name._star > /repos/stack/stack-name._star
envsubst < /repos/stack/stack-root._star > /repos/stack/stack-root._star
/bin/drone-convert-starlark

3
letsencrypt-nginx/Dockerfile.blog
View File

@ -1,3 +0,0 @@
ARG image
FROM $image
COPY ./conf/blog.conf /etc/nginx/user.conf.d/server._conf

3
letsencrypt-nginx/Dockerfile.chat
View File

@ -1,3 +0,0 @@
ARG image
FROM $image
COPY ./conf/chat.conf /etc/nginx/user.conf.d/server._conf

4
letsencrypt-nginx/Dockerfile.do
View File

@ -1,4 +0,0 @@
ARG image
FROM $image
COPY website /www/data
COPY ./conf/do.conf /etc/nginx/user.conf.d/server._conf

7
letsencrypt-nginx/Dockerfile.home
View File

@ -1,7 +0,0 @@
ARG image
FROM $image
COPY ./conf/home.conf /etc/nginx/user.conf.d/server._conf
COPY nginx.conf /etc/nginx
COPY website /www/data
COPY home.sh /
CMD sh /home.sh

3
letsencrypt-nginx/Dockerfile.remote
View File

@ -1,3 +0,0 @@
ARG image
FROM $image
COPY ./conf/remote.conf /etc/nginx/user.conf.d/server._conf

4
letsencrypt-nginx/home.sh
View File

@ -1,4 +0,0 @@
export DOLLAR='$'
envsubst < /etc/nginx/user.conf.d/server._conf > /etc/nginx/user.conf.d/server.conf
cat /etc/nginx/user.conf.d/server.conf
nginx -g "daemon off;"

78
letsencrypt-nginx/result
View File

@ -1,78 +0,0 @@
server {
# resolver 127.0.0.11 valid=30s; ## internal docker dns
#listen [::]:3011 default ipv6only=on; ## listen for ipv6
listen 80;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 200m;
# save logs here
server_name sigyl.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
# resolver 127.0.0.11 valid=30s; ## internal docker dns
#listen [::]:3011 default ipv6only=on; ## listen for ipv6
# listen 444
listen 443 ssl;
# this should allow large docs
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 200m;
ssl_certificate /etc/letsencrypt/live/sigyl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sigyl.com/privkey.pem;
# save logs here
#access_log /var/log/nginx/access.log compression;
server_name sigyl.com;
location /git/ {
proxy_pass http://gitea:3000/;
}
location /blog/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_pass http://ghost:2368;
}
location /chat/sockjs {
proxy_pass http://chat:3000sockjs;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /chat/sockjs/ {
proxy_pass http://chat:3000sockjs/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /chat/ {
proxy_pass http://chat:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
templating scripts from /etc/nginx/user.conf.d to /etc/nginx/conf.d
Substituting variables