diff --git a/Development/Runners/docker-compose.yml b/Development/Runners/docker-compose.yml index 2fc05ba..78867fe 100644 --- a/Development/Runners/docker-compose.yml +++ b/Development/Runners/docker-compose.yml @@ -1,14 +1,34 @@ version: "3.8" services: + # Runner runner: image: gitea/act_runner:latest + container_name: gitea_runner + volumes: + - ./config.yaml:/config.yaml + - ./gitea_runner:/data + - /var/run/docker.sock:/var/run/docker.sock + networks: + - proxy environment: CONFIG_FILE: /config.yaml GITEA_INSTANCE_URL: "git.luke-else.co.uk" GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN" - GITEA_RUNNER_NAME: "Action Runner" - GITEA_RUNNER_LABELS: "" - volumes: - - ./config.yaml:/config.yaml - - ./data:/data - - /var/run/docker.sock:/var/run/docker.sock \ No newline at end of file + GITEA_RUNNER_NAME: "CICD" + labels: + ## Expose cicd Through Trefik ## + - "traefik.enable=true" # <== Enable traefik to proxy this container + + - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.routers.cicd-insecure.middlewares=redirect-web-secure" + - "traefik.http.routers.cicd-insecure.rule=Host(`cicd.luke-else.co.uk`)" + - "traefik.http.routers.cicd-insecure.entrypoints=web" + + - "traefik.http.routers.cicd.rule=Host(`cicd.luke-else.co.uk`)" + - "traefik.http.routers.cicd.entrypoints=websecure" + - "traefik.http.routers.cicd.tls.certresolver=myresolver" + restart: unless-stopped + +networks: + proxy: + external: true \ No newline at end of file diff --git a/cicd-spindown.sh b/cicd-spindown.sh new file mode 100644 index 0000000..72b9a7f --- /dev/null +++ b/cicd-spindown.sh @@ -0,0 +1,11 @@ +#Script file for spinning down all CICD relevant docker-containers + cd ./Development/Runners/ + docker-compose down + cd ../.. + +cd ./Traefik/ +docker-compose down +cd .. + +docker rmi $(docker images -q) +docker system prune \ No newline at end of file diff --git a/spinup.sh b/cicd-spinup.sh old mode 100755 new mode 100644 similarity index 100% rename from spinup.sh rename to cicd-spinup.sh diff --git a/spindown.sh b/main-spindown.sh old mode 100755 new mode 100644 similarity index 100% rename from spindown.sh rename to main-spindown.sh diff --git a/main-spinup.sh b/main-spinup.sh new file mode 100644 index 0000000..a248849 --- /dev/null +++ b/main-spinup.sh @@ -0,0 +1,25 @@ +#Script file for spinning up all docker-containers + +cd ./Traefik/ +docker-compose pull && docker-compose up -d +cd .. + +cd ./Websites/ +docker-compose pull && docker-compose up -d +cd .. + + cd ./Development/Gitea/ + docker-compose pull && docker-compose up -d + cd ../.. + +cd ./Database/ +docker-compose pull && docker-compose up -d +cd .. + +cd ./Bitwarden/ +docker-compose pull && docker-compose up -d +cd .. + +cd ./Misc/ +docker-compose pull && docker-compose up -d +cd .. \ No newline at end of file diff --git a/todo.md b/todo.md index d7eb9da..5a12cd4 100644 --- a/todo.md +++ b/todo.md @@ -1,35 +1,45 @@ # ToDo Items ## General + - Setup non root user - UFW should be setup to keep VPS secure and only allow for: - - https - - http - - ssh - - ftp - - 27017 - - 3306 + - https + - http + - ssh + - ftp + - 27017 + - 3306 + - Install SSH keys - Setup unattended upgrades - Install docker, docker-compose and apache utils. - ## Traefik -- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ``` + +- Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g` - Ensure email address is correct ## Gitea + - Ensure that ports are assigned correctly for the system +# Gitea Runner + +- Ensure that a registration token has been setup before continuing + ## Websites + - Ensure website files are copied over - Ensure that ports are assigned correctly for the system ## Bitwarden + - Ensure that all data is fully encrypted during transfer. - Ensure that ports are assigned correctly for the system ## Database + - Ensure that mysql root password, user and default database are updated. - Ensure that mongo root password, and user are updated. - Ensure database ports are correctly assigned and do not have to pass through traefik.