# stack

* [Gitea](https://gitea.io/en-us/)
* [Drone](https://drone.io/)
* [Guacamole](https://guacamole.apache.org/)
* [Ghost](https://ghost.org/)
* [Rocket Chat](https://rocket.chat/)

In a [docker](https://www.docker.com/) stack.

## static ip

[![Build Status](https://sigyl.com:5000/api/badges/giles/stack/status.svg)](https://sigyl.com:5000/giles/stack)

* home - https://sigyl.com/
* git - https://sigyl.com/git/
* drone - https://sigyl.com:5000/
* ghost - https://sigyl.com/blog/
* guacamole - https://sigyl.com/remote/
* chat - https://sigyl.com/chat/

[drone.do.yml](drone.do.yml) - [docker-compose-do.yml](docker-compose-do.yml)

## tunnelled with ngrok

(very slow if home internet)

[![Build Status](https://drone.git.sigyl.com/api/badges/giles/stack/status.svg)](https://drone.git.sigyl.com/giles/stack)

* home - https://git.sigyl.com
* git - https://git.sigyl.com/git
* blog - https://git.sigyl.com/blog
* chat - https://git.sigyl.com/chat
* drone - https://drone.git.sigyl.com/
* guacamole - https://git.sigyl.com/remote

## installation

Once installed and running the system can redeploy itself.

However initially you need to do this yourself.

### docker

you need a docker swarm set up with nodes with the following labels

* com.sigyl.git-stack=yes
* com.sigyl.git-stack-data=yes

### global environment

the following environment variables need to be defined (define your own values)

```
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh

sh /etc/profile.d/sigyl-stack.sh

```


### make a folder and give yourself access

```
sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT

```

### clone the repository

```
cd /stack
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy

```

### make certificates for the registry

these certificates will be in .ca and .certificates
where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.

eg git.local-domain

```
cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry
```

### make environment variables

```
export TITLE=SiGyl Ltd
export DESCRIPTION=Software Development
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???

```

### build images


```
sh build.sh $SIGYL_STACK_ROOT
```

### initial deploy of stack

```
cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
```

### initialise postgres database

find postgres id as $ID

```
docker ps | grep stack_guacamole-postgresql.1
```

```
sh init-postgresql.sh $ID
```

## initialise mongo

get mongo id as $ID

```
docker ps | grep stack_chat-mongo.1
```

```
sh init-mongo-chat.sh $ID
```


### scale chat and ngrok and nginx

```
sh init-scale.sh stack
```

### create a gitea drone application

This might be on your local gitea or some other one.

set environment variables for it as follows (example values):

```
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
```

### redeploy

```
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
sh init-scale.sh stack
```

### drone secrets

Where these end up in environment variables they will be capitalised and underscored.

Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)

#### certbot-email

Email for lets encrypt certbot

#### description

Description of the application.

#### drone-convert-secret

Random secret for starlark conversion container.

#### drone-domain

The domain the drone server is tunneled to.

#### drone-gitea-client-id

The id of the gitea drone application.

#### drone-gitea-client-secret

The secret of the  gitea drone application.

#### drone-gitea-server

URL of the gitea server.

#### drone-rpc-secret

Random secret for drone server + runners.

#### drone-server-host

host name (and port) for drone server.

#### git-domain

This is the domain where the application will be served (via ngrok if applicable).

#### guacamole-postgres-db

Name of the db.

#### guacamole-postgres-password

Password for the db (no spaces).

#### guacamole-postgres-user

User for the db.

#### local-docker-registry

Registry where images will be pushed. (with trailing slash)

#### ngrok-auth-token

Authentication token for ngrok.

#### sigyl-stack-name

The name of the stack.

#### sigyl-stack-root

The file path where stack deployed to.

#### ssh-host

Host for the stack (must be a leader).

#### ssh-key

Not used atm.

#### ssh-passphrase

Not used atm.

#### ssh-password

Password for ssh.

#### ssh-port

Port for ssh.

#### ssh-root-password

Password for root user.

#### ssh-root-user

Ssh root user.

#### ssh-user

Ssh user.

#### title

Application title.