Completed Runner config
This commit is contained in:
parent
13fd59c773
commit
182f10a765
@ -1,14 +1,34 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
# Runner
|
||||
runner:
|
||||
image: gitea/act_runner:latest
|
||||
container_name: gitea_runner
|
||||
volumes:
|
||||
- ./config.yaml:/config.yaml
|
||||
- ./gitea_runner:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
CONFIG_FILE: /config.yaml
|
||||
GITEA_INSTANCE_URL: "git.luke-else.co.uk"
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: "INSERT REGISTRATION TOKEN"
|
||||
GITEA_RUNNER_NAME: "Action Runner"
|
||||
GITEA_RUNNER_LABELS: ""
|
||||
volumes:
|
||||
- ./config.yaml:/config.yaml
|
||||
- ./data:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
GITEA_RUNNER_NAME: "CICD"
|
||||
labels:
|
||||
## Expose cicd Through Trefik ##
|
||||
- "traefik.enable=true" # <== Enable traefik to proxy this container
|
||||
|
||||
- "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.cicd-insecure.middlewares=redirect-web-secure"
|
||||
- "traefik.http.routers.cicd-insecure.rule=Host(`cicd.luke-else.co.uk`)"
|
||||
- "traefik.http.routers.cicd-insecure.entrypoints=web"
|
||||
|
||||
- "traefik.http.routers.cicd.rule=Host(`cicd.luke-else.co.uk`)"
|
||||
- "traefik.http.routers.cicd.entrypoints=websecure"
|
||||
- "traefik.http.routers.cicd.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
11
cicd-spindown.sh
Normal file
11
cicd-spindown.sh
Normal file
@ -0,0 +1,11 @@
|
||||
#Script file for spinning down all CICD relevant docker-containers
|
||||
cd ./Development/Runners/
|
||||
docker-compose down
|
||||
cd ../..
|
||||
|
||||
cd ./Traefik/
|
||||
docker-compose down
|
||||
cd ..
|
||||
|
||||
docker rmi $(docker images -q)
|
||||
docker system prune
|
0
spinup.sh → cicd-spinup.sh
Executable file → Normal file
0
spinup.sh → cicd-spinup.sh
Executable file → Normal file
0
spindown.sh → main-spindown.sh
Executable file → Normal file
0
spindown.sh → main-spindown.sh
Executable file → Normal file
25
main-spinup.sh
Normal file
25
main-spinup.sh
Normal file
@ -0,0 +1,25 @@
|
||||
#Script file for spinning up all docker-containers
|
||||
|
||||
cd ./Traefik/
|
||||
docker-compose pull && docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Websites/
|
||||
docker-compose pull && docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Development/Gitea/
|
||||
docker-compose pull && docker-compose up -d
|
||||
cd ../..
|
||||
|
||||
cd ./Database/
|
||||
docker-compose pull && docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Bitwarden/
|
||||
docker-compose pull && docker-compose up -d
|
||||
cd ..
|
||||
|
||||
cd ./Misc/
|
||||
docker-compose pull && docker-compose up -d
|
||||
cd ..
|
14
todo.md
14
todo.md
@ -1,6 +1,7 @@
|
||||
# ToDo Items
|
||||
|
||||
## General
|
||||
|
||||
- Setup non root user
|
||||
- UFW should be setup to keep VPS secure and only allow for:
|
||||
- https
|
||||
@ -9,27 +10,36 @@
|
||||
- ftp
|
||||
- 27017
|
||||
- 3306
|
||||
|
||||
- Install SSH keys
|
||||
- Setup unattended upgrades
|
||||
- Install docker, docker-compose and apache utils.
|
||||
|
||||
|
||||
## Traefik
|
||||
- Setup htaccess -> ``` echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g ```
|
||||
|
||||
- Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
|
||||
- Ensure email address is correct
|
||||
|
||||
## Gitea
|
||||
|
||||
- Ensure that ports are assigned correctly for the system
|
||||
|
||||
# Gitea Runner
|
||||
|
||||
- Ensure that a registration token has been setup before continuing
|
||||
|
||||
## Websites
|
||||
|
||||
- Ensure website files are copied over
|
||||
- Ensure that ports are assigned correctly for the system
|
||||
|
||||
## Bitwarden
|
||||
|
||||
- Ensure that all data is fully encrypted during transfer.
|
||||
- Ensure that ports are assigned correctly for the system
|
||||
|
||||
## Database
|
||||
|
||||
- Ensure that mysql root password, user and default database are updated.
|
||||
- Ensure that mongo root password, and user are updated.
|
||||
- Ensure database ports are correctly assigned and do not have to pass through traefik.
|
||||
|
Loading…
Reference in New Issue
Block a user