Completed Runner config
This commit is contained in:
parent
13fd59c773
commit
182f10a765
@ -1,14 +1,34 @@
|
|||||||
version: "3.8"
|
version: "3.8"
|
||||||
services:
|
services:
|
||||||
|
# Runner
|
||||||
runner:
|
runner:
|
||||||
image: gitea/act_runner:latest
|
image: gitea/act_runner:latest
|
||||||
|
container_name: gitea_runner
|
||||||
|
volumes:
|
||||||
|
- ./config.yaml:/config.yaml
|
||||||
|
- ./gitea_runner:/data
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
environment:
|
environment:
|
||||||
CONFIG_FILE: /config.yaml
|
CONFIG_FILE: /config.yaml
|
||||||
GITEA_INSTANCE_URL: "git.luke-else.co.uk"
|
GITEA_INSTANCE_URL: "git.luke-else.co.uk"
|
||||||
GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN"
|
GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN"
|
||||||
GITEA_RUNNER_NAME: "Action Runner"
|
GITEA_RUNNER_NAME: "CICD"
|
||||||
GITEA_RUNNER_LABELS: ""
|
labels:
|
||||||
volumes:
|
## Expose cicd Through Trefik ##
|
||||||
- ./config.yaml:/config.yaml
|
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||||
- ./data:/data
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
|
||||||
|
- "traefik.http.routers.cicd-insecure.middlewares=redirect-web-secure"
|
||||||
|
- "traefik.http.routers.cicd-insecure.rule=Host(`cicd.luke-else.co.uk`)"
|
||||||
|
- "traefik.http.routers.cicd-insecure.entrypoints=web"
|
||||||
|
|
||||||
|
- "traefik.http.routers.cicd.rule=Host(`cicd.luke-else.co.uk`)"
|
||||||
|
- "traefik.http.routers.cicd.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.cicd.tls.certresolver=myresolver"
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
external: true
|
11
cicd-spindown.sh
Normal file
11
cicd-spindown.sh
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
#Script file for spinning down all CICD relevant docker-containers
|
||||||
|
cd ./Development/Runners/
|
||||||
|
docker-compose down
|
||||||
|
cd ../..
|
||||||
|
|
||||||
|
cd ./Traefik/
|
||||||
|
docker-compose down
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
docker rmi $(docker images -q)
|
||||||
|
docker system prune
|
0
spinup.sh → cicd-spinup.sh
Executable file → Normal file
0
spinup.sh → cicd-spinup.sh
Executable file → Normal file
0
spindown.sh → main-spindown.sh
Executable file → Normal file
0
spindown.sh → main-spindown.sh
Executable file → Normal file
25
main-spinup.sh
Normal file
25
main-spinup.sh
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#Script file for spinning up all docker-containers
|
||||||
|
|
||||||
|
cd ./Traefik/
|
||||||
|
docker-compose pull && docker-compose up -d
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
cd ./Websites/
|
||||||
|
docker-compose pull && docker-compose up -d
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
cd ./Development/Gitea/
|
||||||
|
docker-compose pull && docker-compose up -d
|
||||||
|
cd ../..
|
||||||
|
|
||||||
|
cd ./Database/
|
||||||
|
docker-compose pull && docker-compose up -d
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
cd ./Bitwarden/
|
||||||
|
docker-compose pull && docker-compose up -d
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
cd ./Misc/
|
||||||
|
docker-compose pull && docker-compose up -d
|
||||||
|
cd ..
|
14
todo.md
14
todo.md
@ -1,6 +1,7 @@
|
|||||||
# ToDo Items
|
# ToDo Items
|
||||||
|
|
||||||
## General
|
## General
|
||||||
|
|
||||||
- Setup non root user
|
- Setup non root user
|
||||||
- UFW should be setup to keep VPS secure and only allow for:
|
- UFW should be setup to keep VPS secure and only allow for:
|
||||||
- https
|
- https
|
||||||
@ -9,27 +10,36 @@
|
|||||||
- ftp
|
- ftp
|
||||||
- 27017
|
- 27017
|
||||||
- 3306
|
- 3306
|
||||||
|
|
||||||
- Install SSH keys
|
- Install SSH keys
|
||||||
- Setup unattended upgrades
|
- Setup unattended upgrades
|
||||||
- Install docker, docker-compose and apache utils.
|
- Install docker, docker-compose and apache utils.
|
||||||
|
|
||||||
|
|
||||||
## Traefik
|
## Traefik
|
||||||
- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
|
|
||||||
|
- Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
|
||||||
- Ensure email address is correct
|
- Ensure email address is correct
|
||||||
|
|
||||||
## Gitea
|
## Gitea
|
||||||
|
|
||||||
- Ensure that ports are assigned correctly for the system
|
- Ensure that ports are assigned correctly for the system
|
||||||
|
|
||||||
|
# Gitea Runner
|
||||||
|
|
||||||
|
- Ensure that a registration token has been setup before continuing
|
||||||
|
|
||||||
## Websites
|
## Websites
|
||||||
|
|
||||||
- Ensure website files are copied over
|
- Ensure website files are copied over
|
||||||
- Ensure that ports are assigned correctly for the system
|
- Ensure that ports are assigned correctly for the system
|
||||||
|
|
||||||
## Bitwarden
|
## Bitwarden
|
||||||
|
|
||||||
- Ensure that all data is fully encrypted during transfer.
|
- Ensure that all data is fully encrypted during transfer.
|
||||||
- Ensure that ports are assigned correctly for the system
|
- Ensure that ports are assigned correctly for the system
|
||||||
|
|
||||||
## Database
|
## Database
|
||||||
|
|
||||||
- Ensure that mysql root password, user and default database are updated.
|
- Ensure that mysql root password, user and default database are updated.
|
||||||
- Ensure that mongo root password, and user are updated.
|
- Ensure that mongo root password, and user are updated.
|
||||||
- Ensure database ports are correctly assigned and do not have to pass through traefik.
|
- Ensure database ports are correctly assigned and do not have to pass through traefik.
|
||||||
|
Loading…
Reference in New Issue
Block a user