services/codebase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4a777f7b75f2da2e8a228affe17ceabdc2f681ba
codebase/README.md
Vishesh 'ironeagle' Bangotra 2e69ade912 gitea to git (#2) 
Reviewed-on: #2
Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
2025-10-21 18:46:26 +00:00

249 lines
7.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🏗️ Private DevOps Stack — Aetoskia Infrastructure
This repository defines a private, self-hosted DevOps stack running on Raspberry Pi nodes, consisting of:
* **Gitea** for Git hosting
* **Drone** for CI/CD automation
* **Docker Registry** with **Registry UI**
* **Drone Runner** for build execution
---
## 🧬 Services Overview
| Service | Role | Port(s) | Depends On |
| ---------------- | ---------------------------------------------------- | --------- | ------------ |
| **gitea** | Git server and web UI for repositories | 6002, 222 | — |
| **drone-server** | CI/CD orchestration linked with Gitea | 6003 | gitea |
| **drone-runner** | Executes Drone pipelines on local Docker host | — | drone-server |
| **registry** | Private Docker registry | 6005 | — |
| **registry-ui** | Web UI for browsing and managing the registry images | 6001 | registry |
---
## ⚙️ Service Details
---
### 🐳 **Registry**
Private Docker registry storing all container images built and deployed across your network.
#### Ports
* **6005 → 5000** — Exposes the registry API to clients.
#### Mounts
* `/home/aetos/registry:/var/lib/registry` — Persistent image storage.
* `/home/aetos/registry/auth:/auth (ro)` — Authentication credentials.
* `./registry/config.yml:/etc/docker/registry/config.yml (ro)` — Custom registry configuration.
#### Environment
* **REGISTRY_AUTH:** Enables authentication using `htpasswd`.
* **REGISTRY_AUTH_HTPASSWD_REALM:** Realm name for authentication.
* **REGISTRY_AUTH_HTPASSWD_PATH:** Path to the `htpasswd` file.
#### Extra Config Required
1. Generate authentication file:
```bash
mkdir -p /home/aetos/registry/auth
docker run --rm httpd:2.4 htpasswd -Bbn <username> <password> > /home/aetos/registry/auth/htpasswd
```
2. Set correct permissions:
```bash
chmod 644 /home/aetos/registry/auth/htpasswd
```
3. Verify config file (`registry/config.yml`) includes your chosen storage and auth setup.
---
### 🦯 **Registry UI**
Web interface for visualizing and managing images stored in the internal registry.
#### Ports
* **6001 → 80** — Accessible on port 6001 via browser.
#### Mounts
* `/home/aetos/registry/auth:/auth (ro)` — Shared authentication file with the registry.
#### Environment
* **REGISTRY_TITLE:** UI header title.
* **REGISTRY_URL:** Backend registry endpoint (`https://dcr.aetoskia.com`).
* **REGISTRY_AUTH:** Enables `htpasswd` login.
* **REGISTRY_AUTH_HTPASSWD_PATH:** Location of `htpasswd`.
* **SINGLE_REGISTRY:** Limits UI to a single registry source.
#### Extra Config Required
* Ensure DNS or local `/etc/hosts` includes:
```
192.168.1.111 dcr.aetoskia.com
```
* Login using credentials from `/auth/htpasswd`.
---
### 🦉 **Gitea**
Self-hosted Git service used as Drones SCM backend and code hosting platform.
#### Ports
* **6002 → 3000** — Web UI.
* **222 → 22** — Git SSH access.
#### Mounts
* `/home/aetos/gitea:/data` — Persistent Gitea data (repos, users, configs).
#### Environment
* **USER_UID / USER_GID:** Runs Gitea under the specified user/group IDs.
#### Extra Config Required
1. Access Gitea at [https://git.aetoskia.com](https://git.aetoskia.com).
2. Log in as the **`aetos`** admin user (repository owner).
3. Verify Drone OAuth App is registered with:
```
Application Name: Drone CI
Redirect URI: https://drone.aetoskia.com/login
```
4. Confirm Gitea has these extra host mappings:
```
192.168.1.111 drone.aetoskia.com
```
---
### 🚀 **Drone Server**
Core CI/CD engine that connects to Gitea and manages build pipelines.
#### Ports
* **6003 → 80** — Drone web UI and API endpoint.
#### Mounts
* `/home/aetos/drone:/data` — Persistent Drone data and SQLite database.
* `/home/aetos/certs:/usr/local/share/ca-certificates (ro)` — Trusted CA certificates.
#### Environment
* **DRONE_GITEA_CLIENT_ID / SECRET:** OAuth credentials from git.
* **DRONE_GITEA_SERVER:** Gitea URL (`https://git.aetoskia.com`).
* **DRONE_RPC_SECRET:** Shared secret for secure runner communication.
* **DRONE_SERVER_HOST / PROTO:** External access configuration.
#### Extra Config Required
1. Register the OAuth app in Gitea → Admin → Applications:
* Redirect URI: `https://drone.aetoskia.com/login`
2. Stop Drone and make admin user (if needed):
```bash
docker stop drone-server
sqlite3 /home/aetos/drone/database.sqlite "UPDATE users SET user_admin=1 WHERE user_login='aetos';"
docker start drone-server
```
3. Use admin token for CLI:
```bash
export DRONE_SERVER=https://drone.aetoskia.com
export DRONE_TOKEN=<admin_token>
```
4. Mark repositories as trusted:
```bash
drone repo update apps/homepage --trusted=true
```
---
### 🧮 **Drone Runner**
Executes pipeline steps on the Docker host using the Drone RPC secret.
#### Ports
* *(none)* — Internal runner; connects to Drone Server API via HTTPS.
#### Mounts
* `/var/run/docker.sock:/var/run/docker.sock` — Allows pipeline containers to spawn Docker builds.
#### Environment
* **DRONE_RPC_PROTO / HOST / SECRET:** Connects to Drone Server via shared key.
* **DRONE_RUNNER_CAPACITY:** Number of parallel jobs supported.
* **DRONE_RUNNER_NAME / OS / ARCH:** Runner identification.
* **DRONE_LOGS_DEBUG / TRACE:** Enables detailed logging for troubleshooting.
#### Extra Config Required
1. Ensure the RPC secret matches the one defined in `drone-server`.
2. Validate connectivity:
```bash
docker logs drone-runner
```
Look for:
```
successfully pinged the remote drone server
```
---
## 🧬 Network Integration
Ensure `/etc/hosts` on all relevant devices (Pi nodes, local dev systems) includes:
```
192.168.1.111 git.aetoskia.com
192.168.1.111 drone.aetoskia.com
192.168.1.111 dcr.aetoskia.com
```
---
## 🧠 Tips
* Always start containers with profile `private-pi` to avoid unnecessary public exposure:
```bash
docker compose --profile private-pi up -d
```
* Drone and Gitea must both trust the same SSL certificate chain under `/home/aetos/certs`.
* The `registry-ui` and `drone-runner` depend on hostname resolution between internal services, so avoid using raw IPs in environment variables.
---
## ✅ Quick Test Checklist
| Component | URL | Expected Result |
| ---------------- |-----------------------------------------------------------------------------------| ------------------------------------- |
| **Gitea** | [https://git.aetoskia.com](https://git.aetoskia.com) | Gitea login page |
| **Drone** | [https://drone.aetoskia.com](https://drone.aetoskia.com) | Drone CI UI linked to Gitea |
| **Registry UI** | [https://registry.aetoskia.com](https://registry.aetoskia.com) | Authenticated Docker registry browser |
| **Registry API** | [https://dcr.aetoskia.com/v2/_catalog](https://dcr.aetoskia.com/v2/_catalog) | JSON listing of repositories |
---
© Aetoskia Internal Infrastructure — All rights reserved.
Reference in New Issue View Git Blame Copy Permalink