From 7d32294d23edcb329b99853bb037e7203b885e9a Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Fri, 10 Oct 2025 14:08:54 +0530 Subject: [PATCH 1/7] README.md --- README.md | 248 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 248 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..e86e24b --- /dev/null +++ b/README.md @@ -0,0 +1,248 @@ +# ๐Ÿ—๏ธ Private DevOps Stack โ€” Aetoskia Infrastructure + +This repository defines a private, self-hosted DevOps stack running on Raspberry Pi nodes, consisting of: + +* **Gitea** for Git hosting +* **Drone** for CI/CD automation +* **Docker Registry** with **Registry UI** +* **Drone Runner** for build execution + +--- + +## ๐Ÿงฌ Services Overview + +| Service | Role | Port(s) | Depends On | +| ---------------- | ---------------------------------------------------- | --------- | ------------ | +| **gitea** | Git server and web UI for repositories | 6002, 222 | โ€” | +| **drone-server** | CI/CD orchestration linked with Gitea | 6003 | gitea | +| **drone-runner** | Executes Drone pipelines on local Docker host | โ€” | drone-server | +| **registry** | Private Docker registry | 6005 | โ€” | +| **registry-ui** | Web UI for browsing and managing the registry images | 6001 | registry | + +--- + +## โš™๏ธ Service Details + +--- + +### ๐Ÿณ **Registry** + +Private Docker registry storing all container images built and deployed across your network. + +#### Ports + +* **6005 โ†’ 5000** โ€” Exposes the registry API to clients. + +#### Mounts + +* `/home/aetos/registry:/var/lib/registry` โ€” Persistent image storage. +* `/home/aetos/registry/auth:/auth (ro)` โ€” Authentication credentials. +* `./registry/config.yml:/etc/docker/registry/config.yml (ro)` โ€” Custom registry configuration. + +#### Environment + +* **REGISTRY_AUTH:** Enables authentication using `htpasswd`. +* **REGISTRY_AUTH_HTPASSWD_REALM:** Realm name for authentication. +* **REGISTRY_AUTH_HTPASSWD_PATH:** Path to the `htpasswd` file. + +#### Extra Config Required + +1. Generate authentication file: + + ```bash + mkdir -p /home/aetos/registry/auth + docker run --rm httpd:2.4 htpasswd -Bbn > /home/aetos/registry/auth/htpasswd + ``` +2. Set correct permissions: + + ```bash + chmod 644 /home/aetos/registry/auth/htpasswd + ``` +3. Verify config file (`registry/config.yml`) includes your chosen storage and auth setup. + +--- + +### ๐Ÿฆฏ **Registry UI** + +Web interface for visualizing and managing images stored in the internal registry. + +#### Ports + +* **6001 โ†’ 80** โ€” Accessible on port 6001 via browser. + +#### Mounts + +* `/home/aetos/registry/auth:/auth (ro)` โ€” Shared authentication file with the registry. + +#### Environment + +* **REGISTRY_TITLE:** UI header title. +* **REGISTRY_URL:** Backend registry endpoint (`https://dcr.aetoskia.com`). +* **REGISTRY_AUTH:** Enables `htpasswd` login. +* **REGISTRY_AUTH_HTPASSWD_PATH:** Location of `htpasswd`. +* **SINGLE_REGISTRY:** Limits UI to a single registry source. + +#### Extra Config Required + +* Ensure DNS or local `/etc/hosts` includes: + + ``` + 192.168.1.111 dcr.aetoskia.com + ``` +* Login using credentials from `/auth/htpasswd`. + +--- + +### ๐Ÿฆ‰ **Gitea** + +Self-hosted Git service used as Droneโ€™s SCM backend and code hosting platform. + +#### Ports + +* **6002 โ†’ 3000** โ€” Web UI. +* **222 โ†’ 22** โ€” Git SSH access. + +#### Mounts + +* `/home/aetos/gitea:/data` โ€” Persistent Gitea data (repos, users, configs). + +#### Environment + +* **USER_UID / USER_GID:** Runs Gitea under the specified user/group IDs. + +#### Extra Config Required + +1. Access Gitea at [https://gitea.aetoskia.com:6002](https://gitea.aetoskia.com:6002). +2. Log in as the **`aetos`** admin user (repository owner). +3. Verify Drone OAuth App is registered with: + + ``` + Application Name: Drone CI + Redirect URI: https://drone.aetoskia.com/login + ``` +4. Confirm Gitea has these extra host mappings: + + ``` + 192.168.1.111 drone.aetoskia.com + ``` + +--- + +### ๐Ÿš€ **Drone Server** + +Core CI/CD engine that connects to Gitea and manages build pipelines. + +#### Ports + +* **6003 โ†’ 80** โ€” Drone web UI and API endpoint. + +#### Mounts + +* `/home/aetos/drone:/data` โ€” Persistent Drone data and SQLite database. +* `/home/aetos/certs:/usr/local/share/ca-certificates (ro)` โ€” Trusted CA certificates. + +#### Environment + +* **DRONE_GITEA_CLIENT_ID / SECRET:** OAuth credentials from Gitea. +* **DRONE_GITEA_SERVER:** Gitea URL (`https://gitea.aetoskia.com`). +* **DRONE_RPC_SECRET:** Shared secret for secure runner communication. +* **DRONE_SERVER_HOST / PROTO:** External access configuration. + +#### Extra Config Required + +1. Register the OAuth app in Gitea โ†’ Admin โ†’ Applications: + + * Redirect URI: `https://drone.aetoskia.com/login` +2. Stop Drone and make admin user (if needed): + + ```bash + docker stop drone-server + sqlite3 /home/aetos/drone/database.sqlite "UPDATE users SET user_admin=1 WHERE user_login='aetos';" + docker start drone-server + ``` +3. Use admin token for CLI: + + ```bash + export DRONE_SERVER=https://drone.aetoskia.com + export DRONE_TOKEN= + ``` +4. Mark repositories as trusted: + + ```bash + drone repo update apps/homepage --trusted=true + ``` + +--- + +### ๐Ÿงฎ **Drone Runner** + +Executes pipeline steps on the Docker host using the Drone RPC secret. + +#### Ports + +* *(none)* โ€” Internal runner; connects to Drone Server API via HTTPS. + +#### Mounts + +* `/var/run/docker.sock:/var/run/docker.sock` โ€” Allows pipeline containers to spawn Docker builds. + +#### Environment + +* **DRONE_RPC_PROTO / HOST / SECRET:** Connects to Drone Server via shared key. +* **DRONE_RUNNER_CAPACITY:** Number of parallel jobs supported. +* **DRONE_RUNNER_NAME / OS / ARCH:** Runner identification. +* **DRONE_LOGS_DEBUG / TRACE:** Enables detailed logging for troubleshooting. + +#### Extra Config Required + +1. Ensure the RPC secret matches the one defined in `drone-server`. +2. Validate connectivity: + + ```bash + docker logs drone-runner + ``` + + Look for: + + ``` + successfully pinged the remote drone server + ``` + +--- + +## ๐Ÿงฌ Network Integration + +Ensure `/etc/hosts` on all relevant devices (Pi nodes, local dev systems) includes: + +``` +192.168.1.111 gitea.aetoskia.com +192.168.1.111 drone.aetoskia.com +192.168.1.111 dcr.aetoskia.com +``` + +--- + +## ๐Ÿง  Tips + +* Always start containers with profile `private-pi` to avoid unnecessary public exposure: + + ```bash + docker compose --profile private-pi up -d + ``` +* Drone and Gitea must both trust the same SSL certificate chain under `/home/aetos/certs`. +* The `registry-ui` and `drone-runner` depend on hostname resolution between internal services, so avoid using raw IPs in environment variables. + +--- + +## โœ… Quick Test Checklist + +| Component | URL | Expected Result | +| ---------------- | -------------------------------------------------------------------------------------- | ------------------------------------- | +| **Gitea** | [https://gitea.aetoskia.com:6002](https://gitea.aetoskia.com:6002) | Gitea login page | +| **Drone** | [https://drone.aetoskia.com:6003](https://drone.aetoskia.com:6003) | Drone CI UI linked to Gitea | +| **Registry UI** | [http://localhost:6001](http://localhost:6001) | Authenticated Docker registry browser | +| **Registry API** | [https://dcr.aetoskia.com:6005/v2/_catalog](https://dcr.aetoskia.com:6005/v2/_catalog) | JSON listing of repositories | + +--- + +ยฉ Aetoskia Internal Infrastructure โ€” All rights reserved. From e22991c3522e768b8ba139a484ff1cf5ed3a446b Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Fri, 10 Oct 2025 14:59:07 +0530 Subject: [PATCH 2/7] using private-pi's docker in drone-runner --- docker-compose.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index f9f9d7e..04eae8f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -66,8 +66,6 @@ services: image: drone/drone-runner-docker:latest container_name: drone-runner restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock environment: DRONE_RPC_PROTO: https DRONE_RPC_HOST: drone.aetoskia.com @@ -78,6 +76,9 @@ services: DRONE_RUNNER_ARCH: arm64 DRONE_LOGS_DEBUG: true DRONE_LOGS_TRACE: true + DOCKER_HOST: tcp://private-pi:2376 + extra_hosts: + - "private-pi:192.168.1.111" profiles: - server-pi From 38437c6185348314f22953cac8936c4bb7ebc961 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Fri, 10 Oct 2025 15:06:12 +0530 Subject: [PATCH 3/7] fixes --- docker-compose.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 04eae8f..5850a98 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -76,9 +76,7 @@ services: DRONE_RUNNER_ARCH: arm64 DRONE_LOGS_DEBUG: true DRONE_LOGS_TRACE: true - DOCKER_HOST: tcp://private-pi:2376 - extra_hosts: - - "private-pi:192.168.1.111" + DOCKER_HOST: tcp://192.168.1.111:2376 profiles: - server-pi From 1127c4cf87bca4aaa274e8f37bbc5a48e9d337e3 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Fri, 10 Oct 2025 15:11:14 +0530 Subject: [PATCH 4/7] fixes --- docker-compose.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 5850a98..808cac6 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -66,6 +66,8 @@ services: image: drone/drone-runner-docker:latest container_name: drone-runner restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock environment: DRONE_RPC_PROTO: https DRONE_RPC_HOST: drone.aetoskia.com @@ -76,7 +78,8 @@ services: DRONE_RUNNER_ARCH: arm64 DRONE_LOGS_DEBUG: true DRONE_LOGS_TRACE: true - DOCKER_HOST: tcp://192.168.1.111:2376 + extra_hosts: + - "private-pi:192.168.1.111" profiles: - server-pi From 653c6fe72bd7677f81a6a535ea88661f7c4d07b8 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Fri, 10 Oct 2025 15:13:34 +0530 Subject: [PATCH 5/7] original runner --- docker-compose.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 808cac6..f9f9d7e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -78,8 +78,6 @@ services: DRONE_RUNNER_ARCH: arm64 DRONE_LOGS_DEBUG: true DRONE_LOGS_TRACE: true - extra_hosts: - - "private-pi:192.168.1.111" profiles: - server-pi From 5273b7c779e6e183f896a8eec36c34c6f7962479 Mon Sep 17 00:00:00 2001 From: Vishesh 'ironeagle' Bangotra Date: Fri, 10 Oct 2025 15:14:47 +0530 Subject: [PATCH 6/7] added private-pi as extra host --- docker-compose.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index f9f9d7e..808cac6 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -78,6 +78,8 @@ services: DRONE_RUNNER_ARCH: arm64 DRONE_LOGS_DEBUG: true DRONE_LOGS_TRACE: true + extra_hosts: + - "private-pi:192.168.1.111" profiles: - server-pi From ce8f3b2ca2479249f852d98a96f8fa3d6b50678c Mon Sep 17 00:00:00 2001 From: Aetos Skia Date: Tue, 21 Oct 2025 16:23:30 +0530 Subject: [PATCH 7/7] host network for runner --- docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yaml b/docker-compose.yaml index 808cac6..c7d4fc8 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -66,6 +66,7 @@ services: image: drone/drone-runner-docker:latest container_name: drone-runner restart: always + network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock environment: