Completed Runner config

This commit is contained in:
Luke Else 2024-09-11 10:36:42 +01:00
parent 13fd59c773
commit 182f10a765
6 changed files with 80 additions and 14 deletions

View File

@ -1,14 +1,34 @@
version: "3.8" version: "3.8"
services: services:
# Runner
runner: runner:
image: gitea/act_runner:latest image: gitea/act_runner:latest
container_name: gitea_runner
volumes:
- ./config.yaml:/config.yaml
- ./gitea_runner:/data
- /var/run/docker.sock:/var/run/docker.sock
networks:
- proxy
environment: environment:
CONFIG_FILE: /config.yaml CONFIG_FILE: /config.yaml
GITEA_INSTANCE_URL: "git.luke-else.co.uk" GITEA_INSTANCE_URL: "git.luke-else.co.uk"
GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN" GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN"
GITEA_RUNNER_NAME: "Action Runner" GITEA_RUNNER_NAME: "CICD"
GITEA_RUNNER_LABELS: "" labels:
volumes: ## Expose cicd Through Trefik ##
- ./config.yaml:/config.yaml - "traefik.enable=true" # <== Enable traefik to proxy this container
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.routers.cicd-insecure.middlewares=redirect-web-secure"
- "traefik.http.routers.cicd-insecure.rule=Host(`cicd.luke-else.co.uk`)"
- "traefik.http.routers.cicd-insecure.entrypoints=web"
- "traefik.http.routers.cicd.rule=Host(`cicd.luke-else.co.uk`)"
- "traefik.http.routers.cicd.entrypoints=websecure"
- "traefik.http.routers.cicd.tls.certresolver=myresolver"
restart: unless-stopped
networks:
proxy:
external: true

11
cicd-spindown.sh Normal file
View File

@ -0,0 +1,11 @@
#Script file for spinning down all CICD relevant docker-containers
cd ./Development/Runners/
docker-compose down
cd ../..
cd ./Traefik/
docker-compose down
cd ..
docker rmi $(docker images -q)
docker system prune

0
spinup.sh → cicd-spinup.sh Executable file → Normal file
View File

0
spindown.sh → main-spindown.sh Executable file → Normal file
View File

25
main-spinup.sh Normal file
View File

@ -0,0 +1,25 @@
#Script file for spinning up all docker-containers
cd ./Traefik/
docker-compose pull && docker-compose up -d
cd ..
cd ./Websites/
docker-compose pull && docker-compose up -d
cd ..
cd ./Development/Gitea/
docker-compose pull && docker-compose up -d
cd ../..
cd ./Database/
docker-compose pull && docker-compose up -d
cd ..
cd ./Bitwarden/
docker-compose pull && docker-compose up -d
cd ..
cd ./Misc/
docker-compose pull && docker-compose up -d
cd ..

26
todo.md
View File

@ -1,35 +1,45 @@
# ToDo Items # ToDo Items
## General ## General
- Setup non root user - Setup non root user
- UFW should be setup to keep VPS secure and only allow for: - UFW should be setup to keep VPS secure and only allow for:
- https - https
- http - http
- ssh - ssh
- ftp - ftp
- 27017 - 27017
- 3306 - 3306
- Install SSH keys - Install SSH keys
- Setup unattended upgrades - Setup unattended upgrades
- Install docker, docker-compose and apache utils. - Install docker, docker-compose and apache utils.
## Traefik ## Traefik
- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
- Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
- Ensure email address is correct - Ensure email address is correct
## Gitea ## Gitea
- Ensure that ports are assigned correctly for the system - Ensure that ports are assigned correctly for the system
# Gitea Runner
- Ensure that a registration token has been setup before continuing
## Websites ## Websites
- Ensure website files are copied over - Ensure website files are copied over
- Ensure that ports are assigned correctly for the system - Ensure that ports are assigned correctly for the system
## Bitwarden ## Bitwarden
- Ensure that all data is fully encrypted during transfer. - Ensure that all data is fully encrypted during transfer.
- Ensure that ports are assigned correctly for the system - Ensure that ports are assigned correctly for the system
## Database ## Database
- Ensure that mysql root password, user and default database are updated. - Ensure that mysql root password, user and default database are updated.
- Ensure that mongo root password, and user are updated. - Ensure that mongo root password, and user are updated.
- Ensure database ports are correctly assigned and do not have to pass through traefik. - Ensure database ports are correctly assigned and do not have to pass through traefik.