giles bradshaw 2434b33665 | ||
---|---|---|
certificates | ||
ghost | ||
guacamole-postgresql | ||
letsencrypt-nginx | ||
ngrok2 | ||
.drone copy.yml | ||
.drone.m.yml | ||
.drone.yml | ||
.gitignore | ||
README.md | ||
add-secret.png | ||
docker-compose-do.yml | ||
docker-compose-drone.yml | ||
docker-compose.yml | ||
letsencrypt-nginx-build.sh | ||
ngrok-build.sh | ||
postgres-build.sh |
README.md
gitea in a stack with drone and guacamole
Remote system support.
Consisting of
- gitea repository - github like self hoisted git and web application
- drone ci system
- guacamole - rdp, vnc and ssh over the internet in the browser
(nb when self deploying with drone it will will stick on started and have to be cancelled. This is because the deployment tears down the previous running drone).
NB each time you deploy this using drone it will leave an orphaned network for example:
drone-yoZbiXiqssFcSsG0dP5d
eventually this will start to cause an error with message: Docker “ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network”
installing docker
Start with a fresh install of Ubuntu server 19.04 connected to the internet
update packages
sudo apt-get update
sudo apt-get upgrade
remove old versions of docker
(if it's a fresh install of linux there shouldn't be any)
sudo apt-get remove docker docker-engine docker.io
install docker
sudo apt install docker.io
add current user to docker group
logout and back in afterwards
sudo usermod -aG docker $USER
start and enable docker
sudo systemctl start docker
sudo systemctl enable docker
change ssh port to 2022
sudo vi /etc/ssh/sshd_config
change Port 2022
allow root to ssh
sudo vi /etc/ssh/sshd_config
set the root password
sudo passwd root
change PermitRootLogin yes
reboot
start a stack running gitea to host repository.
stack
labels
get nodes with
docker node ls
add label with
docker node update --label-add com.sigyl.git-stack=yes [node id]
generate certificates
where [registry-domain] is the domain on which the registry will be served
sh ca.sh [registry-domain]:5000
sh make-cert.sh [registry-domain] registry
ngrok auth
obtain ngrok auth token and place in .secrets in form
authtoken: [token]
initial deploy
export LOCAL_DOCKER_REGISTRY=registry.local-domain:5000
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export GIT_DOMAIN=git.sigyl.com
export REMOTE_DOMAIN=remote.sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export BLOG_DOMAIN=blog.sigyl.com
export DRONE_RPC_SECRET=$(openssl rand -base64 48)
docker stack deploy -c docker-compose.yml gitea
create gitea drone app with client id and secret
add secrets to repository in drone
- blog-domain
- certbot-email
- drone-domain
- drone-gitea-client-id
- drone-gitea-client-secret
- drone-rpc-secret
- git-domain
- local-docker-registry
- remote-domain
- ssh-password
- ssh-port
- ssh-root-password
- ssh-root-user
- ssh-user
- ssh-host
kill orphan docker:dind containers
Wen the system is deployed by pushing to repository the docker:dind container will be orphaned and will run forever unless killed..
guacamole
np no spaces in postgres password
docker stack for guacamole
adapted from https://digitalmccullough.com/posts/setting-up-apache-guacamole-with-docker-stack.html
initialising
find id
docker ps
execute initdb.sql
docker exec -it [id] psql -U postgres -d guacamole_db -f /initdb.sql
docker exec -it [id] psql -U postgres -d guacamole_db -f /init-user.sql -v password='somepassword'
initial admin is guacadmin:guacadmin
create a new admin and delete guacadmin
docker-exec-runner on windows
These instructions are not very good...
https://exec-runner.docs.drone.io/installation/windows/
download and unpack on linux with
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_windows_amd64.tar.gz | tar zx
rename drone-runner-exec to drone-runner-exec.exe
make directory c:\Drone\drone-runner-exec on windows
copy drone-runner-exec.exe to directory
make config file with
DRONE_RPC_PROTO=https
DRONE_RPC_HOST=drone.sigyl.com:443
DRONE_RPC_SECRET=[rpc secret]
DRONE_LOG_FILE=C:\Drone\drone-runner-exec\log.txt
DRONE_RUNNER_LABELS=web:true
install and start service with
drone-runner-exec service install
drone-runner-exec service start
chat
Once the chat-mongo container is up you need to get its id and do
docker exec -it [id] mongo --eval "printjson(rs.initiate({_id: 'rs0', members: [ { _id: 0, host: 'localhost:27017' } ]}))"
then scale up chat
docker service scale gitea_chat=1