Giles Bradshaw 00bc6b84e7 | ||
---|---|---|
certificates | ||
drone-starlark | ||
ghost | ||
gitea | ||
guacamole-postgresql | ||
letsencrypt-nginx | ||
ngrok-gitea | ||
.drone-do.star | ||
.drone-home.star | ||
.gitignore | ||
README.md | ||
add-secret.png | ||
build.sh | ||
docker-compose.yml | ||
init-mongo-chat.sh | ||
init-postgresql.sh | ||
init-scale.sh |
README.md
stack
In a docker stack.
docker stack configuration
deployments
static ip
- home - https://sigyl.com/
- git - https://sigyl.com/git/
- drone - https://sigyl.com:5000/
- ghost - https://sigyl.com/blog/
- guacamole - https://sigyl.com/remote/
- chat - https://sigyl.com/chat/
starlark drone deployment file
tunnelled with ngrok
(very slow if home internet)
- home - https://git.sigyl.com
- git - https://git.sigyl.com/git
- blog - https://git.sigyl.com/blog
- chat - https://git.sigyl.com/chat
- drone - https://drone.git.sigyl.com/
- guacamole - https://git.sigyl.com/remote
starlark drone deployment file
installation
Once installed and running the system can redeploy itself.
However initially you need to do this yourself.
remove old versions of docker
(if it's a fresh install of linux there shouldn't be any)
sudo apt-get remove docker docker-engine docker.io
install docker
sudo apt install docker.io
add current user to docker group
logout and back in afterwards
sudo usermod -aG docker $USER
start and enable docker
sudo systemctl start docker
sudo systemctl enable docker
change ssh port to 2022
sudo vi /etc/ssh/sshd_config
change Port 2022
allow root to ssh
sudo vi /etc/ssh/sshd_config
set the root password
sudo passwd root
change PermitRootLogin yes
reboot
start a stack running gitea to host repository.
stack
labels
get nodes with
docker node ls
add label with
docker node update --label-add com.sigyl.git-stack=yes [node id]
global environment
the following environment variables need to be defined (define your own values)
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh
sh /etc/profile.d/sigyl-stack.sh
make a folder and give yourself access
sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT
clone the repository
cd /stack
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy
make certificates for the registry
these certificates will be in .ca and .certificates where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.
eg git.local-domain
cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry
copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d
sudo mkdir -p /etc/docker/certs.d/
sudo cp -r .ca/$REGISTRY_DOMAIN:5003 /etc/docker/certs.d/
make environment variables
export TITLE="SiGyl Ltd!"
export DESCRIPTION="Software Development"
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???
build images
sh build.sh $SIGYL_STACK_ROOT
initial deploy of stack
cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
initialise postgres database
find postgres id as $ID
docker ps | grep stack_guacamole-postgresql.1
sh init-postgresql.sh $ID
initialise mongo
get mongo id as $ID
docker ps | grep stack_chat-mongo.1
sh init-mongo-chat.sh $ID
scale chat and ngrok and nginx
if ngrok required $NGROK=1 else $NGROK=0
sh init-scale.sh stack $NGROK
create a gitea drone application
This might be on your local gitea or some other one.
set environment variables for it as follows (example values):
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
redeploy
if ngrok required $NGROK=1 else $NGROK=0
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
sh init-scale.sh stack $NGROK
drone secrets
Where these end up in environment variables they will be capitalised and underscored.
Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)
certbot-email
Email for lets encrypt certbot
chat-admin-name
Name for chat admin user.
chat-admin-password
Password for chat admin user.
chat-admin-email
Email for chat admin user.
description
Description of the application.
drone-convert-secret
Random secret for starlark conversion container.
drone-domain
The domain the drone server is tunneled to.
drone-gitea-client-id
The id of the gitea drone application.
drone-gitea-client-secret
The secret of the gitea drone application.
drone-gitea-server
URL of the gitea server.
drone-rpc-secret
Random secret for drone server + runners.
drone-server-host
host name (and port) for drone server.
ghost-mail-password
SMTP Password for ghost mail service
ghost-mail-service
mail service for ghost eg Mailgun
ghost-mail-user
SMTP user for ghost mail service
git-domain
This is the domain where the application will be served (via ngrok if applicable).
guacamole-postgres-db
Name of the db.
guacamole-postgres-password
Password for the db (no spaces).
guacamole-postgres-user
User for the db.
local-docker-registry
Registry where images will be pushed. (with trailing slash)
ngrok-auth-token
Authentication token for ngrok.
sigyl-stack-name
The name of the stack.
sigyl-stack-root
The file path where stack deployed to.
ssh-host
Host for the stack (must be a leader).
ssh-key
Not used atm.
ssh-passphrase
Not used atm.
ssh-password
Password for ssh.
ssh-port
Port for ssh.
ssh-root-password
Password for root user.
ssh-root-user
Ssh root user.
ssh-user
Ssh user.
title
Application title.
initial set up of apps
You should do these asap and preferably before anyone else!!!
gitea
Register then set up initial user and email settings.
ghost blog
Vist domain/ghost and set up admin user.
chat
Admin user is automatically created according to configured secrets. Change the password!
guacamole
Use admin user name and password you supplied when you set up the database.
docker-exec-runner on windows
These instructions are not very good...
https://exec-runner.docs.drone.io/installation/windows/
download and unpack on linux with
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
rename drone-runner-exec to drone-runner-exec.exe
make directory c:\Drone\drone-runner-exec on windows
copy drone-runner-exec.exe to directory
make config file with
DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true
install and start service with
drone-runner-exec service install
drone-runner-exec service start