472 lines
8.3 KiB
Markdown
472 lines
8.3 KiB
Markdown
# stack
|
|
|
|
* [Gitea](https://gitea.io/en-us/)
|
|
* [Drone](https://drone.io/)
|
|
* [Guacamole](https://guacamole.apache.org/)
|
|
* [Ghost](https://ghost.org/)
|
|
* [Rocket Chat](https://rocket.chat/)
|
|
* [Zabbix](https://www.zabbix.com/)
|
|
* [Commento](https://commento.io/)
|
|
* [Matomo](https://matomo.org/)
|
|
|
|
In a [docker](https://www.docker.com/) stack.
|
|
|
|
### docker stack configuration
|
|
|
|
[docker-compose.yml](docker-compose.yml)
|
|
|
|
## deployments
|
|
|
|
### static ip
|
|
|
|
[![Build Status](https://sigyl.com:5000/api/badges/giles/stack/status.svg)](https://sigyl.com:5000/giles/stack)
|
|
|
|
* ghost - https://sigyl.com/
|
|
* git - https://sigyl.com/git/
|
|
* drone - https://sigyl.com:5000/
|
|
* guacamole - https://sigyl.com/remote/
|
|
* chat - https://sigyl.com/chat/
|
|
* matomo - https://sigyl.com/analytics/
|
|
* commento - https://sigyl.com:5000/
|
|
* zabbix - https://sigyl.com/zabbix/
|
|
|
|
#### starlark drone deployment file
|
|
|
|
[.drone-do.star](drone-do.star)
|
|
|
|
### tunnelled with ngrok
|
|
|
|
(very slow if home internet)
|
|
|
|
[![Build Status](https://drone.git.sigyl.com/api/badges/giles/stack/status.svg)](https://drone.git.sigyl.com/giles/stack)
|
|
|
|
* ghost - https://git.sigyl.com
|
|
* git - https://git.sigyl.com/git
|
|
* chat - https://git.sigyl.com/chat
|
|
* drone - https://drone.git.sigyl.com/
|
|
* guacamole - https://git.sigyl.com/remote
|
|
* zabbix - https://git.sigyl.com/zabbix/
|
|
* matomo - https://sigyl.com/matomo/
|
|
|
|
#### starlark drone deployment file
|
|
|
|
[.drone-home.star](.drone-home.star)
|
|
|
|
## installation
|
|
|
|
Once installed and running the system can redeploy itself.
|
|
|
|
However initially you need to do this yourself.
|
|
|
|
|
|
### remove old versions of docker
|
|
|
|
(if it's a fresh install of linux there shouldn't be any)
|
|
|
|
```
|
|
sudo apt-get remove docker docker-engine docker.io
|
|
```
|
|
|
|
### install docker
|
|
|
|
```
|
|
sudo apt install docker.io
|
|
```
|
|
|
|
### add current user to docker group
|
|
|
|
logout and back in afterwards
|
|
|
|
```
|
|
sudo usermod -aG docker $USER
|
|
```
|
|
|
|
### start and enable docker
|
|
|
|
```
|
|
sudo systemctl start docker
|
|
sudo systemctl enable docker
|
|
```
|
|
|
|
### change ssh port to 2022
|
|
|
|
```
|
|
sudo vi /etc/ssh/sshd_config
|
|
|
|
```
|
|
|
|
change Port 2022
|
|
|
|
### allow root to ssh
|
|
|
|
```
|
|
sudo vi /etc/ssh/sshd_config
|
|
|
|
```
|
|
|
|
## set the root password
|
|
|
|
```
|
|
sudo passwd root
|
|
```
|
|
|
|
change PermitRootLogin yes
|
|
|
|
reboot
|
|
|
|
start a stack running gitea to host repository.
|
|
|
|
## stack
|
|
|
|
### labels
|
|
|
|
get nodes with
|
|
|
|
```
|
|
docker node ls
|
|
```
|
|
|
|
add label with
|
|
|
|
```
|
|
docker node update --label-add com.sigyl.git-stack=yes [node id]
|
|
```
|
|
|
|
|
|
### global environment
|
|
|
|
the following environment variables need to be defined (define your own values)
|
|
|
|
```
|
|
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
|
|
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh
|
|
|
|
sh /etc/profile.d/sigyl-stack.sh
|
|
|
|
```
|
|
|
|
|
|
### make a folder and give yourself access
|
|
|
|
```
|
|
sudo mkdir -p $SIGYL_STACK_ROOT
|
|
cd /stack
|
|
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT
|
|
|
|
```
|
|
|
|
### clone the repository
|
|
|
|
```
|
|
cd /stack
|
|
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
|
|
cd $SIGYL_STACK_ROOT
|
|
git checkout home-deploy
|
|
|
|
```
|
|
|
|
### make certificates for the registry
|
|
|
|
these certificates will be in .ca and .certificates
|
|
where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.
|
|
|
|
eg git.local-domain
|
|
|
|
```
|
|
cd $SIGYL_STACK_ROOT/certificates
|
|
sh ca.sh $REGISTRY_DOMAIN:5003
|
|
sh make-cert.sh $REGISTRY_DOMAIN registry
|
|
```
|
|
|
|
copy the directory .ca/$REGISTRY_DOMAIN:5003 to /etc/docker/certs.d
|
|
|
|
```
|
|
sudo mkdir -p /etc/docker/certs.d/
|
|
sudo cp -r .ca/$REGISTRY_DOMAIN:5003 /etc/docker/certs.d/
|
|
```
|
|
|
|
### make environment variables
|
|
|
|
```
|
|
export TITLE="SiGyl Ltd!"
|
|
export DESCRIPTION="Software Development"
|
|
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
|
|
export DRONE_DOMAIN=drone.sigyl.com
|
|
export DRONE_GITEA_SERVER=https://sigyl.com/git
|
|
export DRONE_SERVER_HOST=sigyl.com:5000
|
|
export GIT_DOMAIN=sigyl.com
|
|
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
|
|
export SSH_HOST=10.106.0.2
|
|
export GUACAMOLE_POSTGRES_DB=guacamole_db
|
|
export GUACAMOLE_POSTGRES_USER=guacamole_user
|
|
export SIGYL_STACK_ROOT=/root/stack-deploy
|
|
export SIGYL_STACK_NAME=gitea
|
|
export DRONE_GITEA_CLIENT_ID=???
|
|
export DRONE_CONVERT_SECRET=???
|
|
export DRONE_GITEA_CLIENT_SECRET=???
|
|
export DRONE_RPC_SECRET=???
|
|
export GUACAMOLE_POSTGRES_PASSWORD=???
|
|
export NGROK_AUTH_TOKEN=???
|
|
|
|
```
|
|
|
|
### build images
|
|
|
|
|
|
```
|
|
sh build.sh $SIGYL_STACK_ROOT
|
|
```
|
|
|
|
### initial deploy of stack
|
|
|
|
```
|
|
cd $SIGYL_STACK_ROOT
|
|
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
|
|
```
|
|
|
|
### initialise postgres database
|
|
|
|
find postgres id as $ID
|
|
|
|
```
|
|
docker ps | grep stack_guacamole-postgresql.1
|
|
```
|
|
|
|
```
|
|
sh init-postgresql.sh $ID
|
|
```
|
|
|
|
## initialise mongo
|
|
|
|
get mongo id as $ID
|
|
|
|
```
|
|
docker ps | grep stack_chat-mongo.1
|
|
```
|
|
|
|
```
|
|
sh init-mongo-chat.sh $ID
|
|
```
|
|
|
|
|
|
### scale chat and ngrok and nginx
|
|
|
|
if ngrok required $NGROK=1 else $NGROK=0
|
|
|
|
```
|
|
sh init-scale.sh stack $NGROK
|
|
```
|
|
|
|
### create a gitea drone application
|
|
|
|
This might be on your local gitea or some other one.
|
|
|
|
set environment variables for it as follows (example values):
|
|
|
|
```
|
|
export DRONE_GITEA_SERVER=https://sigyl.com/git
|
|
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
|
|
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
|
|
```
|
|
|
|
### redeploy
|
|
|
|
if ngrok required $NGROK=1 else $NGROK=0
|
|
|
|
```
|
|
docker stack deploy -c docker-compose.yml $SIGYL_STACK_NAME
|
|
sh init-scale.sh stack $NGROK
|
|
```
|
|
|
|
### drone secrets
|
|
|
|
Where these end up in environment variables they will be capitalised and underscored.
|
|
|
|
Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)
|
|
|
|
#### certbot-email
|
|
|
|
Email for lets encrypt certbot
|
|
|
|
#### chat-admin-name
|
|
|
|
Name for chat admin user.
|
|
|
|
#### chat-admin-password
|
|
|
|
Password for chat admin user.
|
|
|
|
#### chat-admin-email
|
|
|
|
Email for chat admin user.
|
|
|
|
#### description
|
|
|
|
Description of the application.
|
|
|
|
#### drone-convert-secret
|
|
|
|
Random secret for starlark conversion container.
|
|
|
|
#### drone-domain
|
|
|
|
The domain the drone server is tunneled to.
|
|
|
|
#### drone-gitea-client-id
|
|
|
|
The id of the gitea drone application.
|
|
|
|
#### drone-gitea-client-secret
|
|
|
|
The secret of the gitea drone application.
|
|
|
|
#### drone-gitea-server
|
|
|
|
URL of the gitea server.
|
|
|
|
#### drone-rpc-secret
|
|
|
|
Random secret for drone server + runners.
|
|
|
|
#### drone-server-host
|
|
|
|
host name (and port) for drone server.
|
|
|
|
#### ghost-mail-password
|
|
|
|
SMTP Password for ghost mail service
|
|
|
|
#### ghost-mail-service
|
|
|
|
mail service for ghost eg Mailgun
|
|
|
|
#### ghost-mail-user
|
|
|
|
SMTP user for ghost mail service
|
|
|
|
#### git-domain
|
|
|
|
This is the domain where the application will be served (via ngrok if applicable).
|
|
|
|
#### guacamole-postgres-db
|
|
|
|
Name of the db.
|
|
|
|
#### guacamole-postgres-password
|
|
|
|
Password for the db (no spaces).
|
|
|
|
#### guacamole-postgres-user
|
|
|
|
User for the db.
|
|
|
|
#### local-docker-registry
|
|
|
|
Registry where images will be pushed. (with trailing slash)
|
|
|
|
#### ngrok-auth-token
|
|
|
|
Authentication token for ngrok.
|
|
|
|
#### sigyl-stack-name
|
|
|
|
The name of the stack.
|
|
|
|
#### sigyl-stack-root
|
|
|
|
The file path where stack deployed to.
|
|
|
|
#### ssh-host
|
|
|
|
Host for the stack (must be a leader).
|
|
|
|
#### ssh-key
|
|
|
|
Not used atm.
|
|
|
|
#### ssh-passphrase
|
|
|
|
Not used atm.
|
|
|
|
#### ssh-password
|
|
|
|
Password for ssh.
|
|
|
|
#### ssh-port
|
|
|
|
Port for ssh.
|
|
|
|
#### ssh-root-password
|
|
|
|
Password for root user.
|
|
|
|
#### ssh-root-user
|
|
|
|
Ssh root user.
|
|
|
|
#### ssh-user
|
|
|
|
Ssh user.
|
|
|
|
#### title
|
|
|
|
Application title.
|
|
|
|
## initial set up of apps
|
|
|
|
You should do these asap and preferably before anyone else!!!
|
|
|
|
### gitea
|
|
|
|
Register then set up initial user and email settings.
|
|
|
|
### ghost blog
|
|
|
|
Vist domain/ghost and set up admin user.
|
|
|
|
### chat
|
|
|
|
Admin user is automatically created according to configured secrets. Change the password!
|
|
|
|
### guacamole
|
|
|
|
Use admin user name and password you supplied when you set up the database.
|
|
|
|
|
|
## docker-exec-runner on windows
|
|
|
|
These instructions are not very good...
|
|
|
|
https://exec-runner.docs.drone.io/installation/windows/
|
|
|
|
download and unpack on linux with
|
|
|
|
```
|
|
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
|
|
```
|
|
|
|
|
|
rename drone-runner-exec to drone-runner-exec.exe
|
|
|
|
make directory c:\Drone\drone-runner-exec on windows
|
|
|
|
copy drone-runner-exec.exe to directory
|
|
|
|
make config file with
|
|
|
|
```
|
|
|
|
DRONE_RPC_PROTO=https
|
|
DRONE_RPC_HOST=drone.sigyl.com:443
|
|
DRONE_RPC_SECRET=[rpc secret]
|
|
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
|
|
DRONE_RUNNER_LABELS=web:true
|
|
```
|
|
|
|
install and start service with
|
|
|
|
```
|
|
drone-runner-exec service install
|
|
drone-runner-exec service start
|
|
```
|