ansible/misc-docker.yaml

@@ -45,13 +45,13 @@
         build: yes
         debug: yes
       loop:
-        - name: caddy
-          state: present
+        - name: web
+          state: absent
+        - name: runner
+          state: absent
         - name: gitea
           state: present
-        - name: drone
-          state: present
-        - name: codi
+        - name: caddy
           state: present
     - name: Add Notebooks folder
       become: yes

docker/codi/README.md

@@ -1,10 +0,0 @@
-Add a `.env` file like this:
-
-```
-CODI_SESSION_SECRET=...
-CODI_DB_USER=...
-CODI_DB_PASSWORD=...
-CODI_DB_DB=...
-```
-
-See also: https://docs.drone.io/server/provider/gitea/.

docker/codi/docker-compose.yaml

@@ -1,40 +0,0 @@
-version: "3"
-
-services:
-  codi:
-    image: hackmdio/hackmd:2.4.2
-    environment:
-      CMD_USECDN: "false"
-      CMD_DOMAIN: codi.pbrinkmeier.de
-      CMD_PROTOCOL_USESSL: "true"
-      CMD_EMAIL: "true"
-      CMD_ALLOW_EMAIL_REGISTER: "false"
-      CMD_ALLOW_ANONYMOUS_EDITS: "true"
-      CMD_PLANTUML_SERVER: https://plantuml.pbrinkmeier.de
-      CMD_DB_URL: "postgres://${CODI_DB_USER}:${CODI_DB_PASSWORD}@codi_db/${CODI_DB_DB}"
-      CMD_SESSION_SECRET: "${CODI_SESSION_SECRET}"
-    depends_on:
-      - codi_db
-      - codi_plantuml
-    volumes:
-      - /var/lib/pbri/docker/codi_uploads:/home/hackmd/app/public/uploads
-    restart: always
-    
-  codi_db:
-    image: postgres:11.6-alpine
-    environment:
-      POSTGRES_USER: "${CODI_DB_USER}"
-      POSTGRES_PASSWORD: "${CODI_DB_PASSWORD}"
-      POSTGRES_DB: "${CODI_DB_DB}"
-    volumes:
-      - /var/lib/pbri/docker/codi_database:/var/lib/postgresql/data
-    restart: always
-
-  codi_plantuml:
-    image: plantuml/plantuml-server:jetty-v1.2022.7
-    restart: always
-
-networks:
-  default:
-    name: caddy-network
-    external: true

docker/drone/README.md

@@ -1,9 +0,0 @@
-Add a `.env` file like this:
-
-```
-DRONE_GITEA_CLIENT_ID=...
-DRONE_GITEA_CLIENT_SECRET=...
-DRONE_RPC_SECRET=...
-```
-
-See also: https://docs.drone.io/server/provider/gitea/.

docker/drone/docker-compose.yaml

@@ -1,32 +0,0 @@
-version: "3"
-
-services:
-  drone:
-    image: drone/drone:2
-    environment:
-      DRONE_GITEA_SERVER: https://git.pbrinkmeier.de
-      DRONE_GITEA_CLIENT_ID: "${DRONE_GITEA_CLIENT_ID}"
-      DRONE_GITEA_CLIENT_SECRET: "${DRONE_GITEA_CLIENT_SECRET}"
-      DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
-      DRONE_SERVER_HOST: ci.pbrinkmeier.de
-      DRONE_SERVER_PROTO: https
-    volumes:
-      - /var/lib/pbri/docker/drone:/data
-    restart: always
-
-  drone_runner:
-    image: drone/drone-runner-docker:1
-    environment:
-      DRONE_RPC_PROTO: https
-      DRONE_RPC_HOST: ci.pbrinkmeier.de
-      DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
-      DRONE_RUNNER_CAPACITY: 1
-      DRONE_RUNNER_NAME: shamash
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    restart: always
-
-networks:
-  default:
-    name: caddy-network
-    external: true

docker/gitea/README.md

@@ -1,6 +0,0 @@
-Add a `.env` file like this:
-
-```
-GITEA_DB_PASSWORD=...
-GITEA_SMTP_PASSWORD=...
-```

docker/runner/README.md

@@ -0,0 +1,19 @@
+# runner
+
+After installation, individual runners must still be registered, e.g.:
+
+```
+docker run --rm -it -v gitlab_runner_config:/etc/gitlab-runner gitlab/gitlab-runner register --name <name>
+```
+
+An issue I encountered when trying to cache stuff between builds was the following warning in the runner logs:
+
+```
+ERROR: Could not create cache adapter               error=cache factory not found: factory for cache adapter "" was not registered
+```
+
+In order to make the runner able to create caches, register it like so:
+
+```
+docker run --rm -it -v gitlab_runner_config:/etc/gitlab-runner gitlab/gitlab-runner register --name <name> --docker-disable-cache=false -docker-cache-dir /cache --docker-volumes gitlab_runner_cache:/cache
+```

docker/runner/docker-compose.yaml

@@ -0,0 +1,13 @@
+version: "3"
+
+services:
+  # Webserver for static files and reverse proxy
+  gitlab_runner:
+    image: gitlab/gitlab-runner:alpine
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - gitlab_runner_config:/etc/gitlab-runner
+    restart: always
+volumes:
+  gitlab_runner_config:
+    external: yes

docker/web/README.md

@@ -0,0 +1,7 @@
+# web
+
+Old god project.
+
+## Jupyter
+
+The Docker image for Jupyter is built using Nix. That process is not part of the Ansible setup (yet).

docker/web/docker-compose.yaml

@@ -0,0 +1,114 @@
+version: "3"
+
+services:
+  codi:
+    image: hackmdio/hackmd:2.4.2
+    # CMD_DB_{URL,CMD_SESSION_SECRET}
+    env_file: codi.env
+    environment:
+      - CMD_USECDN=false
+      - CMD_DOMAIN=codi.pbrinkmeier.de
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_EMAIL=true
+      - CMD_ALLOW_EMAIL_REGISTER=false
+      - CMD_ALLOW_ANONYMOUS_EDITS=true
+      - CMD_PLANTUML_SERVER=https://plantuml.pbrinkmeier.de
+    depends_on:
+      - codi_db
+      - codi_plantuml
+    volumes:
+      - /var/lib/pbri/docker/codi_uploads:/home/hackmd/app/public/uploads
+    restart: always
+    
+  codi_db:
+    image: postgres:11.6-alpine
+    # POSTGRES_{USER,PASSWORD,DB}
+    # Must match CMD_DB_URL in codi.env
+    env_file: codi_db.env
+    volumes:
+      - /var/lib/pbri/docker/codi_database:/var/lib/postgresql/data
+    restart: always
+  
+  codi_plantuml:
+    image: plantuml/plantuml-server:jetty-v1.2022.7
+    restart: always
+
+  gitlab:
+    image: gitlab/gitlab-ce:15.3.2-ce.0
+    ports:
+      - "22:22"
+    volumes:
+      - /var/lib/pbri/docker/gitlab_data:/var/opt/gitlab
+      - /var/lib/pbri/docker/gitlab_logs:/var/log/gitlab
+      - /var/lib/pbri/docker/gitlab_config:/etc/gitlab
+    restart: always
+    # GITLAB_SMTP_PASSWORD
+    env_file: gitlab.env
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://git.pbrinkmeier.de'
+
+        gitlab_rails['smtp_enable'] = true
+        gitlab_rails['smtp_address'] = "smtp.mailbox.org"
+        gitlab_rails['smtp_port'] = 465
+        gitlab_rails['smtp_user_name'] = "hallo@pbrinkmeier.de"
+        gitlab_rails['smtp_password'] = ENV['GITLAB_SMTP_PASSWORD']
+        gitlab_rails['smtp_domain'] = "smtp.mailbox.org"
+        gitlab_rails['smtp_authentication'] = "login"
+        gitlab_rails['smtp_enable_starttls_auto'] = true
+        gitlab_rails['smtp_tls'] = true
+        gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+        gitlab_rails['gitlab_email_from'] = 'git@pbrinkmeier.de'
+        gitlab_rails['gitlab_email_reply_to'] = 'noreply@pbrinkmeier.de'
+
+        gitlab_rails['gitlab_shell_ssh_port'] = 22
+
+        # https://docs.gitlab.com/omnibus/settings/rpi.html
+        puma['worker_processes'] = 2
+        sidekiq['concurrency'] = 9
+
+        nginx['listen_port'] = 80
+        nginx['listen_https'] = false
+
+        # https://forum.gitlab.com/t/clear-up-postges-prometheus-data/38216/3
+        prometheus_monitoring['enable'] = false
+        prometheus['enable'] = false
+        prometheus['flags'] = {
+          'storage.tsdb.retention.time' => "12h"
+        }
+
+  jupyter:
+    image: ihaskell-docker:1.0
+    # ports:
+    #   - "8888:8888"
+    user: "42000" # Jupyter user UID (jupyter does not exist in container (TODO...))
+    environment:
+      HOME: /Notebooks
+    volumes:
+      - /home/jupyter/Notebooks:/Notebooks
+    restart: always
+  
+  drone:
+    image: drone/drone:2
+    # DRONE_{GITLAB_CLIENT_ID,GITLAB_CLIENT_SECRET,RPC_SECRET}
+    env_file: drone.env
+    environment:
+      DRONE_GITLAB_SERVER: https://git.pbrinkmeier.de
+      DRONE_SERVER_HOST: ci.pbrinkmeier.de
+      DRONE_SERVER_PROTO: https
+    volumes:
+      - /var/lib/pbri/docker/drone:/data
+    restart: always
+
+  drone_runner:
+    image: drone/drone-runner-docker:1
+    # DRONE_RPC_SECRET
+    env_file: drone.env
+    environment:
+      DRONE_RPC_PROTO: https
+      DRONE_RPC_HOST: ci.pbrinkmeier.de
+      DRONE_RUNNER_CAPACITY: 1
+      DRONE_RUNNER_NAME: shamash
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    restart: always