Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| fa46b50afa |
@@ -1,3 +0,0 @@
|
|||||||
BESZEL_HUB_URL=http://mon.localhost
|
|
||||||
NEXTCLOUD_DOMAIN=cld.localhost
|
|
||||||
GITEA_URL=http://git:3000
|
|
||||||
@@ -1,16 +0,0 @@
|
|||||||
name: '⚙️ Configure SSH Client'
|
|
||||||
description: 'Installs sshpass and configures known_hosts'
|
|
||||||
|
|
||||||
inputs:
|
|
||||||
ssh_host:
|
|
||||||
description: 'Remote server IP'
|
|
||||||
required: true
|
|
||||||
|
|
||||||
runs:
|
|
||||||
using: 'composite'
|
|
||||||
steps:
|
|
||||||
- shell: bash
|
|
||||||
run: |
|
|
||||||
sudo apt-get update && sudo apt-get install -y sshpass
|
|
||||||
mkdir -p ~/.ssh
|
|
||||||
ssh-keyscan -p 22 "${{ inputs.ssh_host }}" >> ~/.ssh/known_hosts
|
|
||||||
@@ -1,161 +0,0 @@
|
|||||||
name: 🚀 Deploy
|
|
||||||
run-name: '🚀 Deploy: ${{ gitea.ref_name }} by @${{ gitea.actor }}'
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
deploy:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: 📂 Checkout repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: 🧼 Clean ref name
|
|
||||||
run: |
|
|
||||||
ORIGINAL_REF_NAME="${{ gitea.ref_name }}"
|
|
||||||
CLEAN_REF_NAME=${ORIGINAL_REF_NAME//\//-}
|
|
||||||
echo "Clean ref name: $CLEAN_REF_NAME"
|
|
||||||
echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV
|
|
||||||
|
|
||||||
- name: ⚙️ Configure ssh client
|
|
||||||
uses: ./.gitea/actions/configure-ssh-client
|
|
||||||
with:
|
|
||||||
ssh_host: ${{ secrets.SSH_HOST }}
|
|
||||||
|
|
||||||
- name: 📦 Create backup of data/ folder
|
|
||||||
env:
|
|
||||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
||||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
||||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
||||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
|
||||||
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
|
||||||
run: |
|
|
||||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
|
||||||
set -e
|
|
||||||
cd "$DEPLOY_DIRECTORY"
|
|
||||||
|
|
||||||
mkdir -p backups
|
|
||||||
|
|
||||||
BACKUP_DATE=\$(date +%Y-%m-%d_%H-%M-%S)
|
|
||||||
BACKUP_FILE="backups/backup-${REF_NAME}-\${BACKUP_DATE}.tar.gz"
|
|
||||||
|
|
||||||
echo "Creating backup of data/ into \${BACKUP_FILE}..."
|
|
||||||
|
|
||||||
if [ -d "data" ]; then
|
|
||||||
tar -czf "\${BACKUP_FILE}" data
|
|
||||||
echo "✅ Backup created successfully!"
|
|
||||||
else
|
|
||||||
echo "⚡️ No data/ folder, backup creation skipped."
|
|
||||||
fi
|
|
||||||
|
|
||||||
find backups/ -type f -name "backup-*.tar.gz" -mtime +7 -delete
|
|
||||||
EOT
|
|
||||||
|
|
||||||
- name: 🏗️ Create docker-compose file
|
|
||||||
env:
|
|
||||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
||||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
||||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
||||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
|
||||||
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
|
||||||
run: |
|
|
||||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \
|
|
||||||
"mkdir -p \"$DEPLOY_DIRECTORY\" && \
|
|
||||||
cd \"$DEPLOY_DIRECTORY\" && \
|
|
||||||
rm -f docker-compose-*.yml && \
|
|
||||||
cat > \"docker-compose-$REF_NAME.yml\"" \
|
|
||||||
< docker-compose.yml
|
|
||||||
|
|
||||||
- name: 🔐 Create secrets and envs
|
|
||||||
env:
|
|
||||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
||||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
||||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
||||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
|
||||||
BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }}
|
|
||||||
BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }}
|
|
||||||
BESZEL_HUB_URL: ${{ vars.BESZEL_HUB_URL }}
|
|
||||||
GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets.RUNNER_REGISTRATION_TOKEN }}
|
|
||||||
GITEA_URL: ${{ vars.GIT_URL }}
|
|
||||||
VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }}
|
|
||||||
NEXTCLOUD_DOMAIN: ${{ vars.NEXTCLOUD_DOMAIN }}
|
|
||||||
run: |
|
|
||||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
|
||||||
set -e
|
|
||||||
cd "$DEPLOY_DIRECTORY"
|
|
||||||
|
|
||||||
cat << 'EOF_ENV' > .env
|
|
||||||
BESZEL_HUB_URL=$BESZEL_HUB_URL
|
|
||||||
NEXTCLOUD_DOMAIN=$NEXTCLOUD_DOMAIN
|
|
||||||
GITEA_URL=$GITEA_URL
|
|
||||||
EOF_ENV
|
|
||||||
|
|
||||||
mkdir -p secrets
|
|
||||||
|
|
||||||
cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt
|
|
||||||
$BESZEL_AGENT_KEY
|
|
||||||
EOF_SECRET
|
|
||||||
|
|
||||||
cat << 'EOF_SECRET' > secrets/beszel_agent_token.txt
|
|
||||||
$BESZEL_AGENT_TOKEN
|
|
||||||
EOF_SECRET
|
|
||||||
|
|
||||||
cat << 'EOF_SECRET' > secrets/gitea_runner_registration_token.txt
|
|
||||||
$GITEA_RUNNER_REGISTRATION_TOKEN
|
|
||||||
EOF_SECRET
|
|
||||||
|
|
||||||
cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt
|
|
||||||
$VAULTWARDEN_ADMIN_TOKEN
|
|
||||||
EOF_SECRET
|
|
||||||
|
|
||||||
chmod 700 secrets
|
|
||||||
chmod 600 secrets/*.txt
|
|
||||||
EOT
|
|
||||||
|
|
||||||
- name: 🚀 Run new containers
|
|
||||||
env:
|
|
||||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
||||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
||||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
||||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
|
||||||
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
|
||||||
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }}
|
|
||||||
TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
|
|
||||||
PROXY_URL: ${{ secrets.PROXY_URL }}
|
|
||||||
SUCCESS_MESSAGE: |-
|
|
||||||
✅ <b>Успешный деплой!</b>
|
|
||||||
Релиз: <code>${{ gitea.ref_name }}</code>
|
|
||||||
FAILURE_MESSAGE: |-
|
|
||||||
❌ <b>Ошибка деплоя!</b>
|
|
||||||
Релиз: <code>${{ gitea.ref_name }}</code>
|
|
||||||
DEPLOY_LOG_FILE: /tmp/deploy-${{ env.CLEAN_REF_NAME }}.log
|
|
||||||
run: |
|
|
||||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
|
||||||
set -e
|
|
||||||
cd "$DEPLOY_DIRECTORY"
|
|
||||||
|
|
||||||
nohup bash -c '
|
|
||||||
sleep 5
|
|
||||||
|
|
||||||
if docker compose --dry-run -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > ${DEPLOY_LOG_FILE} 2>&1; then
|
|
||||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
|
|
||||||
--proxy "${PROXY_URL}" \
|
|
||||||
-d "chat_id=${TELEGRAM_CHAT}" \
|
|
||||||
-d "parse_mode=HTML" \
|
|
||||||
--data-urlencode "text=${SUCCESS_MESSAGE}" > /dev/null
|
|
||||||
else
|
|
||||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
|
|
||||||
--proxy "${PROXY_URL}" \
|
|
||||||
-d "chat_id=${TELEGRAM_CHAT}" \
|
|
||||||
-d "parse_mode=HTML" \
|
|
||||||
--data-urlencode "text=${FAILURE_MESSAGE}" > /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendDocument" \
|
|
||||||
--proxy "${PROXY_URL}" \
|
|
||||||
-F "chat_id=${TELEGRAM_CHAT}" \
|
|
||||||
-F "document=@${DEPLOY_LOG_FILE}" > /dev/null && rm -f ${DEPLOY_LOG_FILE}
|
|
||||||
' > /dev/null 2>&1 &
|
|
||||||
EOT
|
|
||||||
|
|
||||||
echo "New containers will be started after 5 seconds"
|
|
||||||
@@ -1,36 +0,0 @@
|
|||||||
name: 🤖 Test telegram deploy bot
|
|
||||||
run-name: '🤖 Test telegram deploy bot: ${{ gitea.ref_name }} by @${{ gitea.actor }}'
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
send_test_message:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: 📂 Checkout repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: ⚙️ Configure ssh client
|
|
||||||
uses: ./.gitea/actions/configure-ssh-client
|
|
||||||
with:
|
|
||||||
ssh_host: ${{ secrets.SSH_HOST }}
|
|
||||||
|
|
||||||
- name: 💬 Send message
|
|
||||||
env:
|
|
||||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
||||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
||||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
||||||
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }}
|
|
||||||
TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
|
|
||||||
PROXY_URL: ${{ secrets.PROXY_URL }}
|
|
||||||
MESSAGE: ${{ steps.prepare_message.outputs.escaped_message }}
|
|
||||||
run: |
|
|
||||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
|
||||||
set -e
|
|
||||||
|
|
||||||
curl -s --connect-timeout 10 -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
|
|
||||||
--proxy "${PROXY_URL}" \
|
|
||||||
-d "chat_id=${TELEGRAM_CHAT}" \
|
|
||||||
-d "parse_mode=HTML" \
|
|
||||||
--data-urlencode "text=💬 Test message"
|
|
||||||
EOT
|
|
||||||
@@ -0,0 +1,95 @@
|
|||||||
|
services:
|
||||||
|
prx:
|
||||||
|
image: 'jc21/nginx-proxy-manager:2.15.1'
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
TZ: "Europe/Moscow"
|
||||||
|
ports:
|
||||||
|
- '80:80'
|
||||||
|
- '443:443'
|
||||||
|
volumes:
|
||||||
|
- ./data/nginx-proxy-manager/data:/data
|
||||||
|
- ./data/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "/usr/bin/check-health"]
|
||||||
|
interval: 60s
|
||||||
|
timeout: 3s
|
||||||
|
|
||||||
|
pwd:
|
||||||
|
image: 'vaultwarden/server:latest'
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ./data/vaultwarden:/data
|
||||||
|
secrets:
|
||||||
|
- vaultwarden_admin_token
|
||||||
|
environment:
|
||||||
|
ADMIN_TOKEN_FILE: /run/secrets/vaultwarden_admin_token
|
||||||
|
|
||||||
|
mon:
|
||||||
|
image: 'henrygd/beszel'
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ./data/beszel/hub:/beszel_data
|
||||||
|
- ./data/beszel/socket:/beszel_socket
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', '/beszel', 'health', '--url', 'http://localhost:8090']
|
||||||
|
start_period: 5s
|
||||||
|
interval: 120s
|
||||||
|
|
||||||
|
mon-agent:
|
||||||
|
image: 'henrygd/beszel-agent'
|
||||||
|
restart: unless-stopped
|
||||||
|
network_mode: host
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
- ./data/beszel/agent:/var/lib/beszel-agent
|
||||||
|
- ./data/beszel/socket:/beszel_socket
|
||||||
|
secrets:
|
||||||
|
- beszel_agent_key
|
||||||
|
- beszel_agent_token
|
||||||
|
environment:
|
||||||
|
LISTEN: /beszel_socket/beszel.sock
|
||||||
|
KEY_FILE: /run/secrets/beszel_agent_key
|
||||||
|
TOKEN_FILE: /run/secrets/beszel_agent_token
|
||||||
|
HUB_URL: ${BESZEL_HUB_URL}
|
||||||
|
healthcheck:
|
||||||
|
test: ['CMD', '/agent', 'health']
|
||||||
|
interval: 120s
|
||||||
|
|
||||||
|
cld:
|
||||||
|
image: 'ghcr.io/nextcloud-releases/all-in-one:latest'
|
||||||
|
init: true
|
||||||
|
restart: unless-stopped
|
||||||
|
# networks: ["default"]
|
||||||
|
container_name: nextcloud-aio-mastercontainer
|
||||||
|
volumes:
|
||||||
|
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
APACHE_PORT: 11000
|
||||||
|
APACHE_ADDITIONAL_NETWORK: vbevdev
|
||||||
|
APACHE_IP_BINDING: 0.0.0.0
|
||||||
|
SKIP_DOMAIN_VALIDATION: true
|
||||||
|
ports:
|
||||||
|
- '8080:8080'
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
nextcloud_aio_mastercontainer:
|
||||||
|
name: nextcloud_aio_mastercontainer
|
||||||
|
driver: local
|
||||||
|
driver_opts:
|
||||||
|
type: none
|
||||||
|
o: bind
|
||||||
|
device: ${NEXTCLOUD_VOLUME_ABSOLUTE_PATH} # NEXTCLOUD_VOLUME_ABSOLUTE_PATH=/Users/vbevzenko/Documents/code/vbevdev/data/nextcloud
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
name: vbevdev
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
vaultwarden_admin_token:
|
||||||
|
file: secrets/vaultwarden_admin_token.txt
|
||||||
|
beszel_agent_key:
|
||||||
|
file: secrets/beszel_agent_key.txt
|
||||||
|
beszel_agent_token:
|
||||||
|
file: secrets/beszel_agent_token.txt
|
||||||
+1
-25
@@ -73,32 +73,11 @@ services:
|
|||||||
image: 'docker.gitea.com/gitea:1.26.2'
|
image: 'docker.gitea.com/gitea:1.26.2'
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/gitea/gitea:/data
|
- ./data/gitea:/data
|
||||||
environment:
|
environment:
|
||||||
GITEA__service__DISABLE_REGISTRATION: true
|
GITEA__service__DISABLE_REGISTRATION: true
|
||||||
GITEA__other__SHOW_FOOTER_VERSION: false
|
GITEA__other__SHOW_FOOTER_VERSION: false
|
||||||
GITEA__other__SHOW_FOOTER_POWERED_BY: false
|
GITEA__other__SHOW_FOOTER_POWERED_BY: false
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
|
|
||||||
interval: 10s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 3
|
|
||||||
|
|
||||||
git-runner:
|
|
||||||
image: 'gitea/act_runner:latest'
|
|
||||||
depends_on:
|
|
||||||
git:
|
|
||||||
condition: service_healthy
|
|
||||||
environment:
|
|
||||||
CONFIG_FILE: /config.yaml
|
|
||||||
GITEA_INSTANCE_URL: "${GITEA_URL}"
|
|
||||||
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_registration_token
|
|
||||||
volumes:
|
|
||||||
- ./data/gitea/runner/config.yaml:/config.yaml
|
|
||||||
- ./data/gitea/runner/data:/data
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
secrets:
|
|
||||||
- gitea_runner_registration_token
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
@@ -111,6 +90,3 @@ secrets:
|
|||||||
file: secrets/beszel_agent_key.txt
|
file: secrets/beszel_agent_key.txt
|
||||||
beszel_agent_token:
|
beszel_agent_token:
|
||||||
file: secrets/beszel_agent_token.txt
|
file: secrets/beszel_agent_token.txt
|
||||||
gitea_runner_registration_token:
|
|
||||||
file: secrets/gitea_runner_registration_token.txt
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user