Giles Bradshaw 88145fb2b8 | ||
---|---|---|
certificates | ||
drone-starlark | ||
ghost | ||
guacamole-postgresql | ||
letsencrypt-nginx | ||
ngrok-gitea | ||
.drone-do.star | ||
.drone-home.star | ||
.drone-remote.star | ||
.gitignore | ||
README.md | ||
add-secret.png | ||
build.sh | ||
docker-compose-do.yml | ||
docker-compose-drone.yml | ||
docker-compose-home.yml | ||
docker-compose-remote.yml | ||
init-mongo-chat.sh | ||
init-postgresql.sh | ||
init-scale.sh | ||
install.md |
README.md
stack
In a docker stack.
static ip
- home - https://sigyl.com/
- git - https://sigyl.com/git/
- drone - https://sigyl.com:5000/
- ghost - https://sigyl.com/blog/
- guacamole - https://sigyl.com/remote/
- chat - https://sigyl.com/chat/
drone.do.yml - docker-compose-do.yml
tunnelled with ngrok
(very slow if home internet)
- home - https://git.sigyl.com
- git - https://git.sigyl.com/git
- blog - https://git.sigyl.com/blog
- chat - https://git.sigyl.com/chat
- drone - https://drone.git.sigyl.com/
- guacamole - https://git.sigyl.com/remote
installation
Once installed and running the system can redeploy itself.
However initially you need to do this yourself.
docker
you need a docker swarm set up with nodes with the following labels
- com.sigyl.git-stack=yes
- com.sigyl.git-stack-data=yes
global environment
the following environment variables need to be defined (define your own values)
echo 'export SIGYL_STACK_ROOT=/stack/deploy' | sudo tee -a /etc/profile.d/sigyl-stack.sh
echo 'export SIGYL_STACK_NAME=stack' | sudo tee -a /etc/profile.d/sigyl-stack.sh
sh /etc/profile.d/sigyl-stack.sh
make a folder and give yourself access
sudo mkdir -p $SIGYL_STACK_ROOT
cd /stack
sudo chown -R $USER:$USER $SIGYL_STACK_ROOT
clone the repository
cd /stack
git clone https://sigyl.com/git/giles/stack.git $SIGYL_STACK_ROOT
cd $SIGYL_STACK_ROOT
git checkout home-deploy
make certificates for the registry
these certificates will be in .ca and .certificates where $REGISTRY_DOMAIN is the host where the stack will run it should be on the local subnet ie trafic should not have to go over the internet.
eg git.local-domain
cd $SIGYL_STACK_ROOT/certificates
sh ca.sh $REGISTRY_DOMAIN:5003
sh make-cert.sh $REGISTRY_DOMAIN registry
make environment variables
export TITLE=SiGyl Ltd
export DESCRIPTION=Software Development
export CERTBOT_EMAIL=giles.bradshaw@sigyl.com
export DRONE_DOMAIN=drone.sigyl.com
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_SERVER_HOST=sigyl.com:5000
export GIT_DOMAIN=sigyl.com
export LOCAL_DOCKER_REGISTRY=sigyl.com:5001/
export SSH_HOST=10.106.0.2
export GUACAMOLE_POSTGRES_DB=guacamole_db
export GUACAMOLE_POSTGRES_USER=guacamole_user
export SIGYL_STACK_ROOT=/root/stack-deploy
export SIGYL_STACK_NAME=gitea
export DRONE_GITEA_CLIENT_ID=???
export DRONE_CONVERT_SECRET=???
export DRONE_GITEA_CLIENT_SECRET=???
export DRONE_RPC_SECRET=???
export GUACAMOLE_POSTGRES_PASSWORD=???
export NGROK_AUTH_TOKEN=???
build images
sh build.sh $SIGYL_STACK_ROOT
initial deploy of stack
cd $SIGYL_STACK_ROOT
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
initialise postgres database
find postgres id as $ID
docker ps | grep stack_guacamole-postgresql.1
sh init-postgresql.sh $ID
initialise mongo
get mongo id as $ID
docker ps | grep stack_chat-mongo.1
sh init-mongo-chat.sh $ID
scale chat and ngrok and nginx
sh init-scale.sh stack
create a gitea drone application
This might be on your local gitea or some other one.
set environment variables for it as follows (example values):
export DRONE_GITEA_SERVER=https://sigyl.com/git
export DRONE_GITEA_CLIENT_ID=38218ed5-cf18-47e7-1234-710173dae499
export DRONE_GITEA_CLIENT_SECRET=ytsgdyXI_6zUrqwsI1wsssBAaUcsp27EyecT4nk5fA=
redeploy
docker stack deploy -c docker-compose-home.yml $SIGYL_STACK_NAME
sh init-scale.sh stack
drone secrets
Where these end up in environment variables they will be capitalised and underscored.
Secrets are revealed in a file named ~/env-stack during deployment. (keys etc are hidden)
certbot-email
Email for lets encrypt certbot
description
Description of the application.
drone-convert-secret
Random secret for starlark conversion container.
drone-domain
The domain the drone server is tunneled to.
drone-gitea-client-id
The id of the gitea drone application.
drone-gitea-client-secret
The secret of the gitea drone application.
drone-gitea-server
URL of the gitea server.
drone-rpc-secret
Random secret for drone server + runners.
drone-server-host
host name (and port) for drone server.
ghost-mail-password
SMTP Password for ghost mail service
ghost-mail-service
mail service for ghost eg Mailgun
ghost-mail-user
SMTP user for ghost mail service
git-domain
This is the domain where the application will be served (via ngrok if applicable).
guacamole-postgres-db
Name of the db.
guacamole-postgres-password
Password for the db (no spaces).
guacamole-postgres-user
User for the db.
local-docker-registry
Registry where images will be pushed. (with trailing slash)
ngrok-auth-token
Authentication token for ngrok.
sigyl-stack-name
The name of the stack.
sigyl-stack-root
The file path where stack deployed to.
ssh-host
Host for the stack (must be a leader).
ssh-key
Not used atm.
ssh-passphrase
Not used atm.
ssh-password
Password for ssh.
ssh-port
Port for ssh.
ssh-root-password
Password for root user.
ssh-root-user
Ssh root user.
ssh-user
Ssh user.
title
Application title.
initial set up of apps
You should do these asap and preferably before anyone else!!!
gitea
Register then set up initial user and email settings.
ghost blog
Vist domain/ghost and set up admin user.
chat
Admin user is automatically created according to configured secrets