Updated CICD config

TraefikRunner/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "traefik"
+    command:
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=contact@luke-else.co.uk"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "./letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.middlewares.redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.traefik-insecure.middlewares=redirect-web-secure"
+      - "traefik.http.routers.traefik-insecure.rule=Host(`traefik.cicd.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik-insecure.entrypoints=web"
+
+      - "traefik.http.routers.traefik.rule=Host(`traefik.cicd.luke-else.co.uk`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=myresolver" 
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$2y$$05$$s/vPphFtSO2fWJR7SYkEb.90UwPDRM3aOKqgOF/rme/3fUQ5tvpTS"
+    restart: unless-stopped
+
+networks:
+  proxy:
+    name: proxy

cicd-spindown.sh

@@ -3,7 +3,7 @@
     docker-compose down
     cd ../..
 
-cd ./Traefik/
+cd ./TraefikRunner/
 docker-compose down
 cd ..
 

cicd-spinup.sh

@@ -1,25 +1,9 @@
 #Script file for spinning up all docker-containers
 
-cd ./Traefik/
+cd ./TraefikRunner/
 docker-compose pull && docker-compose up -d
 cd ..
 
-cd ./Websites/
-docker-compose pull && docker-compose up -d
-cd ..
-
-    cd ./Development/Gitea/
+    cd ./Development/Runners/
     docker-compose pull && docker-compose up -d
-    cd ../..
-
-cd ./Database/
-docker-compose pull && docker-compose up -d
-cd ..
-
-cd ./Bitwarden/
-docker-compose pull && docker-compose up -d
-cd ..
-
-cd ./Misc/
-docker-compose pull && docker-compose up -d
-cd ..
+    cd ../..

todo.md

@@ -4,6 +4,7 @@
 
 - Setup non root user
 - UFW should be setup to keep VPS secure and only allow for:
+
    - https
    - http
    - ssh
@@ -15,7 +16,7 @@
 - Setup unattended upgrades
 - Install docker, docker-compose and apache utils.
 
-## Traefik
+## Traefik + TraefikRunner
 
 - Setup htaccess -> `echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g`
 - Ensure email address is correct