Danila Fominykh
8c977440f6
|
||
|---|---|---|
| gitea | ||
| icons | ||
| local | ||
| minio | ||
| postgres | ||
| .gitignore | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| docker-compose.yml | ||
| logo.png | ||
README.md
Infr - open infrastructure
This repository contains docker-compose files for fmnx insfrastructure, which consists of following elements:
- Gitea with customized theme and parameters and API.
- Postgres for user data.
- Minio for blobs, files, packages and LFS.
- Docker mail as gitea's mailer service.
Instructions for single-node local environment and multi-node public environment are provided below.
Certbot-docker and go-lego are used to obtain TLS certificates.
Local setup
Local version has all containers in a single docker-compose. It can be used for local tests and UI adjustments.
- Clone the repository.
git clone https://fmnx.su/core/infr
- Run containers with
docker-compose.
cd infr/local && docker compose up
Single-node setup
If you are planning to setup gitea for your organization, team or household, you can route the domain name to your static IP adress, obtain certificates and run it, by following instructions:
- Clone the repository.
git clone https://fmnx.su/core/infr && cd infr
- Obtain certificates for gitea with lego docker.
docker run --rm -it -p 80:80 -p 443:443 -w /wd -v $(pwd):/wd docker.io/goacme/lego --email="name@example.com" --domains="example.com" --http run
sudo chmod a+rwx -R .lego
- Obtain certificates for email, add new user email accounts.
docker run --rm -it -v "$(pwd)/data/certbot/certs/:/etc/letsencrypt/" -v "$(pwd)/data/certbot/logs/:/var/log/letsencrypt/" -p 80:80 docker.io/certbot/certbot certonly --standalone -d mail.example.com
- Create
.envfile with parameters for your project. Adjust them for your project.
echo APP_NAME=Awesome project >> .env
echo DOMAIN=example.com >> .env
echo MAIL_ADDR=help@example.com >> .env
echo MAIL_PASS=password >> .env
echo MINIO_ACCESS_KEY_ID=654321 >> .env
echo MINIO_SECRET_ACCESS_KEY=123456789 >> .env
echo POSTGRES_DB=db >> .env
echo POSTGRES_USER=user >> .env
echo POSTGRES_PASSWORD=password >> .env
- Attach shell to
docker-emailcontainer, add new users and obtain DKIM.
docker exec -it mail setup email add help@example.com password
docker exec -ti mail setup config dkim example.com
- Restart setup with
docker-composefor DKIM and email to start working properly.
docker compose down
docker compose up
Multi-node setup
If you are planning to set up gitea for large collective or organization, it is reasonable to have multiple nodes. In this instruction, we assume that all nodes are located in the same network. Instruction consists of 5 parts: postgres, minio, mail, gitea and gitea-runner.
1. Postgres
- SSH into postgres vm.
ssh user@vm
- Clone infrastructure repo.
git clone https://fmnx.su/core/infr
- Cd into postgres folder.
cd infr/postgres
- Add postgres credentials to
.envfile. Save credentials to apply to gitea lates.
echo POSTGRES_USER=user >> .env
echo POSTGRES_PASSWORD=password >> .env
echo POSTGRES_DB=db >> .env
- Start postgres with
docker-composeand disconnect.
docker compose up
Verify, that postgres is up and running, by connecting with your client, i prefer sqltools vscodium extension with postgres driver. Alternatively you can use pgadmin or another postgres UI of your preference.
2. Minio
- SSH into minio vm.
ssh user@vm
- Clone infrastructure repository.
git clone https://fmnx.su/core/infr
- Cd into minio folder.
cd infr/minio
- Add minio credentials to
.envfile. Save credentials to apply to gitea lates.
echo MINIO_ACCESS_KEY=123456 >> .env
echo MINIO_SECRET_KEY=987654321 >> .env
- Start minio with
docker-compose.
docker compose up
3. Docker-email
- SSH into email vm.
ssh user@vm
- Clone infrastructure repository.
git clone https://fmnx.su/core/infr
- Cd into email-server folder.
cd infr/mail
- Obtain sertificates from letsencrypt. Before that you should ensure, that you have proper routing adjusted in your DNS server, and traffic from domain can reach the email VM. Script uses letsencrypt for obtaining TLS sertificates.
docker run --rm -it -v "$(pwd)/data/certbot/certs/:/etc/letsencrypt/" -v "$(pwd)/data/certbot/logs/:/var/log/letsencrypt/" -p 80:80 docker.io/certbot/certbot certonly --standalone -d mail.example.com
- Attach shell to
docker-emailcontainer, add new users and obtain DKIM.
docker exec -it mail setup email add help@example.com password
docker exec -ti mail setup config dkim example.com
- Restart setup with
docker-composefor DKIM and email to start working properly.
docker compose down
docker compose up
4. Gitea
- SSH into gitea vm.
ssh user@vm
- Clone infrastructure repository.
git clone https://fmnx.su/core/infr
- Cd into gitea folder.
cd infr/gitea
- Obtain certificates secure connection with lego docker.
docker run --rm -it -p 80:80 -p 443:443 -w /wd -v $PWD:/wd docker.io/goacme/lego --email="name@example.com" --domains="example.com" --http run
sudo chmod a+rwx -R .lego
- Add parameters for gitea, postgres, minio and mailer.
echo POSTGRES_HOST=postgres:5432 >> .env
echo POSTGRES_DB=db >> .env
echo POSTGRES_USER=user >> .env
echo POSTGRES_PASSWORD=password >> .env
echo DOMAIN=example.com >> .env
echo MAIL_ADDR=help@example.com >> .env
echo MAIL_PASS=12345 >> .env
echo MINIO_ENDPOINT=minio:9000 >> .env
echo MINIO_ACCESS_KEY_ID=123456 >> .env
echo MINIO_SECRET_ACCESS_KEY=987654321 >> .env
- Run gitea with docker.
docker compose up