# stack

* [Gitea](https://gitea.io/en-us/)
* [Drone](https://drone.io/)
* [Guacamole](https://guacamole.apache.org/)
* [Ghost](https://ghost.org/)
* [Rocket Chat](https://rocket.chat/)
* [Zabbix](https://www.zabbix.com/)
* [Commento](https://commento.io/)
* [Matomo](https://matomo.org/)

In a [docker](https://www.docker.com/) stack.

### docker stack configuration

[docker-compose.yml](docker-compose.yml)

## deployments

### static ip

[![Build Status](https://sigyl.com:5000/api/badges/giles/stack/status.svg)](https://sigyl.com:5000/giles/stack)

* ghost - https://sigyl.com/
* git - https://sigyl.com/git/
* drone - https://sigyl.com:5000/
* guacamole - https://sigyl.com/remote/
* chat - https://sigyl.com/chat/
* matomo - https://sigyl.com/analytics/
* commento - https://sigyl.com:5000/
* zabbix - https://sigyl.com/zabbix/

#### starlark drone deployment file

[.drone-do.star](drone-do.star)

### tunnelled with ngrok

(very slow if home internet)

[![Build Status](https://drone.git.sigyl.com/api/badges/giles/stack/status.svg)](https://drone.git.sigyl.com/giles/stack)

* ghost - https://git.sigyl.com
* git - https://git.sigyl.com/git
* chat - https://git.sigyl.com/chat
* drone - https://drone.git.sigyl.com/
* guacamole - https://git.sigyl.com/remote
* zabbix - https://git.sigyl.com/zabbix/
* matomo - https://sigyl.com/matomo/

#### starlark drone deployment file

[.drone-home.star](.drone-home.star)

## installation

Once installed and running the system can redeploy itself.

However initially you need to do this yourself.


### remove old versions of docker

(if it's a fresh install of linux there shouldn't be any)

```
sudo apt-get remove docker docker-engine docker.io
```

### install docker

```
sudo apt install docker.io
```

### add current user to docker group

logout and back in afterwards

```
sudo usermod -aG docker $USER
```

### start and enable docker

```
sudo systemctl start docker
sudo systemctl enable docker
```

### change ssh port to 2022

```
sudo vi /etc/ssh/sshd_config

```

change Port 2022

### allow root to ssh

```
sudo vi /etc/ssh/sshd_config

```

## set the root password

```
sudo passwd root
```

change PermitRootLogin yes

reboot

start a stack running gitea to host repository.

## stack

### labels

get nodes with

```
docker node ls
```

add label with

```
docker node update --label-add com.sigyl.git-stack=yes [node id]
```


### global environment

the following environment variables need to be defined (define your own values)

```
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh

sh /etc/profile.d/sigyl-stack.sh

```


### make a folder and give yourself access

```
sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT

```

### clone the repository

```
cd /stack
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy

```

### make certificates for the registry

these certificates will be in .ca and .certificates
where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.

eg git.local-domain

```
cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry
```

copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d

```
sudo mkdir -p /etc/docker/certs.d/
sudo cp -r .ca/$REGISTRY_DOMAIN:5003 /etc/docker/certs.d/
```

### make environment variables

```
export TITLE="SiGyl Ltd!"
export DESCRIPTION="Software Development"
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???

```

### build images


```
sh build.sh $SIGYL_STACK_ROOT
```

### initial deploy of stack

```
cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
```

### initialise postgres database

find postgres id as $ID

```
docker ps | grep stack_guacamole-postgresql.1
```

```
sh init-postgresql.sh $ID
```

## initialise mongo

get mongo id as $ID

```
docker ps | grep stack_chat-mongo.1
```

```
sh init-mongo-chat.sh $ID
```


### scale chat and ngrok and nginx

if ngrok required $NGROK=1 else $NGROK=0

```
sh init-scale.sh stack $NGROK
```

### create a gitea drone application

This might be on your local gitea or some other one.

set environment variables for it as follows (example values):

```
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
```

### redeploy

if ngrok required $NGROK=1 else $NGROK=0

```
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
sh init-scale.sh stack $NGROK
```

### drone secrets

Where these end up in environment variables they will be capitalised and underscored.

Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)

#### certbot-email

Email for lets encrypt certbot

#### chat-admin-name

Name for chat admin user.

#### chat-admin-password

Password for chat admin user.

#### chat-admin-email

Email for chat admin user.

#### description

Description of the application.

#### drone-convert-secret

Random secret for starlark conversion container.

#### drone-domain

The domain the drone server is tunneled to.

#### drone-gitea-client-id

The id of the gitea drone application.

#### drone-gitea-client-secret

The secret of the  gitea drone application.

#### drone-gitea-server

URL of the gitea server.

#### drone-rpc-secret

Random secret for drone server + runners.

#### drone-server-host

host name (and port) for drone server.

#### ghost-mail-password

SMTP Password for ghost mail service

#### ghost-mail-service

mail service for ghost eg Mailgun

#### ghost-mail-user

SMTP user for ghost mail service

#### git-domain

This is the domain where the application will be served (via ngrok if applicable).

#### guacamole-postgres-db

Name of the db.

#### guacamole-postgres-password

Password for the db (no spaces).

#### guacamole-postgres-user

User for the db.

#### local-docker-registry

Registry where images will be pushed. (with trailing slash)

#### ngrok-auth-token

Authentication token for ngrok.

#### sigyl-stack-name

The name of the stack.

#### sigyl-stack-root

The file path where stack deployed to.

#### ssh-host

Host for the stack (must be a leader).

#### ssh-key

Not used atm.

#### ssh-passphrase

Not used atm.

#### ssh-password

Password for ssh.

#### ssh-port

Port for ssh.

#### ssh-root-password

Password for root user.

#### ssh-root-user

Ssh root user.

#### ssh-user

Ssh user.

#### title

Application title.

## initial set up of apps

You should do these asap and preferably before anyone else!!!

### gitea

Register then set up initial user and email settings.

### ghost blog

Vist domain/ghost and set up admin user.

### chat

Admin user is automatically created according to configured secrets.  Change the password!

### guacamole

Use admin user name and password you supplied when you set up the database.


## docker-exec-runner on windows

These instructions are not very good...

https://exec-runner.docs.drone.io/installation/windows/

download and unpack on linux with

```
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
```


rename drone-runner-exec to drone-runner-exec.exe

make directory c:\Drone\drone-runner-exec on windows

copy drone-runner-exec.exe to directory

make config file with

```

DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true
```

install and start service with 

```
drone-runner-exec service install
drone-runner-exec service start
```