Merge branch 'do'

.drone-do.star

@@ -0,0 +1,14 @@
+
+load("@this//drone:drone.star", "drone")
+load("@this//drone:stack-name.star", "stackName")
+load("@this//drone:stack-root.star", "stackRoot")
+
+def main(ctx):
+  return drone(
+    ctx,
+    "do",
+    stackRoot,
+    stackName,
+    []
+  )
+  

.drone-home.star

@@ -9,6 +9,9 @@ def main(ctx):
     "home-deploy",
     stackRoot,
     stackName,
-    []
+    [
+      "docker service scale proxy_letsencrypt-drone=0",
+      "docker service scale proxy_letsencrypt-drone=1",
+    ]
   )
   

drone-starlark/repos/build-docker-folder.star

@@ -19,9 +19,11 @@ def buildDockerFolder(
     ],
     "environment": environment([
       "local-docker-registry",
+      "registry-password",
     ]),
     "commands": [
       "cd {folder}".format(folder=folder),
+      'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
       "sh build-docker-folder.sh {dockerFile} {image} {tag}".format(
         image = image,
         dockerFile = dockerFile,

drone-starlark/repos/build-folder.star

@@ -14,9 +14,11 @@ def buildFolder(name, folder):
     ],
     "environment": environment([
       "local-docker-registry",
+      "registry-password",
     ]),
     "commands": [
       "cd {folder}".format(folder=folder),
+      'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
       "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
     ],
   }

drone-starlark/repos/build.star

@@ -12,9 +12,11 @@ def build(name):
     ],
     "environment": environment([
       "local-docker-registry",
+      "registry-password"
     ]),
     "commands": [
       "cd {name}".format(name=name),
+      'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
       "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
       "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
     ],

drone-starlark/repos/chat/secret-secrets.star

@@ -1,3 +1,4 @@
 secretSecrets = [
   "chat-admin-password",
+  "registry-password",
 ]

drone-starlark/repos/commento/secret-secrets.star

@@ -3,4 +3,5 @@ secretSecrets = [
   "commento-askimet-key",
   "commento-postgres-password",
   "commento-github-secret",
+  "registry-password",
 ]

drone-starlark/repos/deploy.star

@@ -30,6 +30,7 @@ def deploy(
         "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
         "docker network prune -f",
         "cd {folder}".format(folder=folder),
+        'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
         "docker stack rm {name}".format(name = name),
         "sleep 30",
         "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),

drone-starlark/repos/drone/secret-secrets.star

@@ -2,4 +2,5 @@ secretSecrets = [
   "drone-convert-secret",
   "drone-gitea-client-secret",
   "drone-rpc-secret",
+  "registry-password",
 ]

drone-starlark/repos/ghost/secret-secrets.star

@@ -1,3 +1,4 @@
 secretSecrets = [
   "ghost-mysql-root-password",
+  "registry-password",
 ]

drone-starlark/repos/gitea/drone.star

@@ -9,8 +9,8 @@ load("@this//:echo-secret.star", "echoSecret")
 load("@this//:wait.star", "wait")
 load("@this//:build.star", "build")
 load("@this//:scp.star", "scp")
-load("@this//ghost:public-secrets.star", "publicSecrets")
+load("@this//gitea:public-secrets.star", "publicSecrets")
-load("@this//ghost:secret-secrets.star", "secretSecrets")
+load("@this//gitea:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
 load("@this//:deploy.star", "deploy")

drone-starlark/repos/gitea/secret-secrets.star

@@ -4,4 +4,5 @@ secretSecrets = [
   "gitea-security-internal-token",
   "gitea-oauth2-jwt-secret",
   "gitea-mailer-passwd",
+  "registry-password",
 ]

drone-starlark/repos/guacamole/secret-secrets.star

@@ -1,3 +1,4 @@
 secretSecrets = [
   "guacamole-postgres-password",
+  "registry-password",
 ]

drone-starlark/repos/matomo/secret-secrets.star

@@ -1,4 +1,5 @@
 secretSecrets = [
   "matomo-mysql-root-password",
   "matomo-mysql-password",
+  "registry-password",
 ]

drone-starlark/repos/portainer/secret-secrets.star

@@ -1 +1,3 @@
-secretSecrets = []
+secretSecrets = [
+  "registry-password",
+]

drone-starlark/repos/proxy/drone.star

@@ -37,6 +37,7 @@ def drone(
             secretSecrets,
           ),
           build("ngrok-gitea"),
+          build("registry"),
           build("letsencrypt-nginx"),
           buildDockerFolder(
             "Dockerfile.git",
@@ -57,6 +58,7 @@ def drone(
             "pull images",
             [
               "ngrok-gitea",
+              "registry",
               "letsencrypt-git",
               "letsencrypt-drone",
             ],

drone-starlark/repos/proxy/public-secrets.star

@@ -2,4 +2,5 @@ publicSecrets = [
   "certbot-email",
   "drone-domain",
   "git-domain",
+  "local-docker-registry",
 ]

drone-starlark/repos/proxy/secret-secrets.star

@@ -1,3 +1,5 @@
 secretSecrets = [
   "ngrok-auth-token",
+  "registry-password",
+  "new-registry-password",
 ]

drone-starlark/repos/pull.star

@@ -7,7 +7,10 @@ def pull(
   name,
   images,
 ):
-  secrets = [ "local-docker-registry"]
+  secrets = [
+    "local-docker-registry",
+    "registry-password",
+  ]
   return {
     "name": name,
     "image": "appleboy/drone-ssh",
@@ -21,7 +24,8 @@ def pull(
       "script": [
         "set -e"
       ] +
-      map(export, secrets) + 
+      map(export, secrets) +
+      ['docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"'] +
       ["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ]
     }
   }

drone-starlark/repos/zabbix/secret-secrets.star

@@ -1,4 +1,5 @@
 secretSecrets = [
   "zabbix-mysql-root-password",
   "zabbix-mysql-password",
+  "registry-password",
 ]