# gitea in a stack with drone and guacamole

Remote system support.

Consisting of

* gitea repository - github like self hoisted git and web application
* drone ci system
* guacamole - rdp, vnc and ssh over the internet in the browser

[![Build Status](https://drone.sigyl.com/api/badges/giles/gitea-drone-stack/status.svg)](https://drone.sigyl.com/giles/gitea-drone-stack)

(nb when self deploying with drone it will will stick on started and have to be cancelled.  This is because the deployment tears down the previous running drone).

NB each time you deploy this using drone it will leave an orphaned network for example:

drone-yoZbiXiqssFcSsG0dP5d

eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network”


## installing docker

Start with a fresh install of Ubuntu server 19.04 connected to the internet

### update packages

```
sudo apt-get update
sudo apt-get upgrade
```

### remove old versions of docker

(if it's a fresh install of linux there shouldn't be any)

```
sudo apt-get remove docker docker-engine docker.io
```

### install docker

```
sudo apt install docker.io
```

### add current user to docker group

logout and back in afterwards

```
sudo usermod -aG docker $USER
```

### start and enable docker

```
sudo systemctl start docker
sudo systemctl enable docker
```

### change ssh port to 2022

```
sudo vi /etc/ssh/sshd_config

```

change Port 2022

### allow root to ssh

```
sudo vi /etc/ssh/sshd_config

```

## set the root password

```
sudo passwd root
```

change PermitRootLogin yes

reboot

start a stack running gitea to host repository.

## stack

### labels

get nodes with

```
docker node ls
```

add label with

```
docker node update --label-add com.sigyl.git-stack=yes [node id]
```

### generate certificates

where [registry-domain] is the domain on which the registry will be served

    sh ca.sh [registry-domain]:5000


    sh make-cert.sh [registry-domain] registry

### ngrok auth

obtain ngrok auth token and place in .secrets in form

    authtoken: [token]

### initial deploy

```shell
export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export GIT_DOMAIN=git.sigyl.com
export REMOTE_DOMAIN=remote.sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export BLOG_DOMAIN=blog.sigyl.com

export DRONE_RPC_SECRET=$(openssl rand -base64 48)
docker stack deploy -c docker-compose.yml gitea
```

### create gitea drone app with client id and secret

### add secrets to repository in drone


![add secret](./add-secret.png)

* blog-domain
* certbot-email
* drone-domain
* drone-gitea-client-id
* drone-gitea-client-secret
* drone-rpc-secret
* git-domain
* local-docker-registry
* remote-domain
* ssh-password
* ssh-port
* ssh-root-password
* ssh-root-user
* ssh-user
* ssh-host

### kill orphan docker:dind containers

Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed..


## guacamole

np no spaces in postgres password

docker stack for guacamole

adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html

### initialising

find id

```
docker ps

```

execute initdb.sql

```
docker exec -it [id] psql -U postgres -d guacamole_db -f /initdb.sql
docker exec -it [id] psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword'
```

initial admin is guacadmin:guacadmin

create a new admin and delete guacadmin

## docker-exec-runner on windows

These instructions are not very good...

https://exec-runner.docs.drone.io/installation/windows/

download and unpack on linux with

```
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
```


rename drone-runner-exec to drone-runner-exec.exe

make directory c:\Drone\drone-runner-exec on windows

copy drone-runner-exec.exe to directory

make config file with

```

DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true
```


install and start service with 

```
drone-runner-exec service install
drone-runner-exec service start
```

## chat

Once the chat-mongo container is up you need to get its id and do

```
docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))"
```

then scale up chat

```
docker service scale gitea_chat=1
```