├── .gitignore
├── Caddyfile
├── README.md
├── caddy.service
├── docker-compose.yml
├── gogs.service
└── gogs
    └── custom
        └── conf
            └── app.ini


/.gitignore:
--------------------------------------------------------------------------------
 1 | repos
 2 | logs
 3 | data
 4 | drone
 5 | 
 6 | gogs/*
 7 | !gogs/custom
 8 | gogs/custom/*
 9 | !gogs/custom/conf
10 | 


--------------------------------------------------------------------------------
/Caddyfile:
--------------------------------------------------------------------------------
 1 | 
 2 | # gogs
 3 | git.example.com {
 4 |   proxy / 127.0.0.1:3000
 5 | }
 6 | 
 7 | # drone
 8 | ci.example.com {
 9 | 	proxy / 127.0.0.1:8000 {
10 |     websocket
11 |     transparent
12 |   }
13 | }
14 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Gogs Drone
  2 | 
  3 | This repository contains everything you need to deploy a gogs server with the fully functional drone continuous integration platform.
  4 | 
  5 | ## Introduction
  6 | 
  7 | [**Gogs**][gogs] (or the fork [**Gitea**][gitea]) is a webbased git frontend. It's written in [**GO**][go] and compiles to a single small binary you can run everywhere. While **GitHub** or **GitLab** have more features, Gogs is easier to setup and runs very fast, even on small machines like a RasperryPi. Gogs does not have an continuous integration platform like GitLab with GitLabCI, but you can use [**Drone**][drone], it's fully based on [**Docker**][docker], written in Go and very easy to setup.
  8 | 
  9 | ## Goals
 10 | 
 11 | * We will install Gogs **not** as a docker servcie, it should run on bare metall as a **systemd** service, because we want `22` as our default ssh port on our host machine.
 12 | 
 13 | * Everything should have nice URLs, not like `http://126.12.21.43:7889`. So we're using [**Caddy**][caddy] to proxy pass our services internally. [**Letsencrypt**][Letsencrypt] certs are generated and updated automatically. You will need a wildcard domain for this, but you can skip corresponding chapters if you have none.
 14 | 
 15 | * Drone runs and executes builds from and with Docker.
 16 | 
 17 | * Everything should be maintainable, so we're using the `docker-compose` infrastructure.
 18 | 
 19 | 
 20 | ## Dependencies
 21 | 
 22 | * **Git** must be installed. On debian-based machines do a `apt-get install git`.
 23 | 
 24 | * Gogs stores data in a **Sqlite** database. On debian-based machines do a `apt-get install sqlite3`.
 25 | 
 26 | * This setup heavily relies on the use of Docker and Compose. Please install both according to their documentation ([Docker][docker_install], [Compose][compose_install]).
 27 | 
 28 | 
 29 | ## Instructions
 30 | 
 31 | After this set of instructions we've created:
 32 | 
 33 | * two **users**:
 34 |   * `caddy` in `/home/caddy` for the http server
 35 |   * `git` in `/home/git` for Gogs and Git
 36 | * two **systemd services**:
 37 |   * `/etc/systemd/system/gogs.service`
 38 |   * `/etc/systemd/system/caddy.service`
 39 | * one **configuration file**:
 40 |   * `/etc/caddy/Caddyfile`
 41 | 
 42 | Log into your server and download or `git clone` this repository.
 43 | 
 44 | ### Caddy HTTP Server
 45 | 
 46 | To have nice URL's and automatic TLS you can use Caddy. If you have no domain or another HTTP Server you can skip this paragraph.
 47 | 
 48 | ```sh
 49 | # install caddy
 50 | curl https://getcaddy.com | bash
 51 | 
 52 | # add user caddy and create /home/caddy
 53 | useradd -m caddy
 54 | 
 55 | # edit Caddyfile, change to your hostname
 56 | vi Caddyfile
 57 | 
 58 | # copy the Caddyfile to /etc/caddy
 59 | sudp cp Caddyfile /etc/caddy
 60 | 
 61 | # copy that init file to systemd's services folder
 62 | sudo cp ./caddy.service /etc/systemd/system
 63 | 
 64 | # give execution rights
 65 | sudo chmod 664 /etc/systemd/system/caddy.service
 66 | 
 67 | # enable and start that service
 68 | systemctl enable caddy.service
 69 | systemctl start caddy.service
 70 | ```
 71 | 
 72 | ### Gogs
 73 | 
 74 | ```sh
 75 | # add a user and create /home/git
 76 | useradd -m git
 77 | 
 78 | # change to that user
 79 | su git && cd ~
 80 | 
 81 | # clone this repo
 82 | git clone https://github.com/janstuemmel/gogs-drone.git .
 83 | 
 84 | # edit hostname twice in gogs/custom/conf/app.ini
 85 | vi gogs/costum/conf/app.ini
 86 | 
 87 | # download gogs binary (maybe change link to a newer version)
 88 | wget https://dl.gogs.io/0.11.29/linux_386.tar.gz
 89 | tar -xzf *tar.gz
 90 | rm *tar.gz
 91 | 
 92 | # change to your normal user
 93 | exit
 94 | ```
 95 | 
 96 | After this, the `gogs.service` file must be copied into systemd's `system` directory, after that start the service.
 97 | 
 98 | ```sh
 99 | sudo cp ./home/git/caddy.service /etc/systemd/system
100 | sudo chmod 664 /etc/systemd/system/caddy.service
101 | 
102 | # enable and start that service
103 | systemctl enable gogs.service
104 | systemctl start gogs.service
105 | ```
106 | 
107 | ### Drone
108 | 
109 | Drone will run and execute from Docker. I normally run Docker from my default username, but it's also nice to run it inside a user named docker.
110 | 
111 | ```sh
112 | cd ~/gogs-drone
113 | 
114 | # change localhost to your hostname in docker-compose.yml
115 | # generate a secret via `echo $RANDOM | sha1sum`
116 | # and replace it with INSERT_A_SECRET_STRING
117 | vi docker-compose.yml
118 | 
119 | # start image in detached mode
120 | docker-compose up -d
121 | ```
122 | 
123 | [gogs]: https://gogs.io/
124 | [gitea]: https://gitea.io/en-US/
125 | [drone]: https://drone.io/
126 | [docker]: https://www.docker.com/
127 | [go]: https://golang.org/
128 | [caddy]: https://caddyserver.com/
129 | [letsencrypt]: https://letsencrypt.org/
130 | [docker_install]: https://docs.docker.com/engine/installation/
131 | [compose_install]: https://docs.docker.com/compose/install/
132 | 


--------------------------------------------------------------------------------
/caddy.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=Caddy Web Server
 3 | Documentation=https://caddyserver.com/docs
 4 | After=network.target
 5 | 
 6 | [Service]
 7 | User=caddy
 8 | StartLimitInterval=86400
 9 | StartLimitBurst=5
10 | LimitNOFILE=16535
11 | ExecStart=/usr/local/bin/caddy -agree=true -conf=/etc/caddy/Caddyfile -pidfile=/var/run/caddy/caddy.pid -log=stderr
12 | PIDFile=/var/run/caddy/caddy.pid
13 | Restart=on-failure
14 | 
15 | [Install]
16 | WantedBy=multi-user.target
17 | 


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | services:
 4 |   drone-server:
 5 |     image: drone/drone:0.7
 6 |     ports:
 7 |       - 8000:8000
 8 |     volumes:
 9 |       - ./drone:/var/lib/drone/
10 |     restart: always
11 |     environment:
12 |       - DRONE_OPEN=true
13 |       # - DRONE_ADMIN=foo # to turn on trusted environments
14 |       - DRONE_HOST=http://<DRONE-HOSTNAME:PORT>
15 |       - DRONE_GOGS=true
16 |       - DRONE_GOGS_URL=http://<GOGS-HOSTNAME:PORT>
17 |       - DRONE_SECRET=INSERT_A_SECRET_STRING
18 | 
19 |   drone-agent:
20 |     image: drone/drone:0.7
21 |     command: agent
22 |     restart: always
23 |     depends_on: [ drone-server ]
24 |     volumes:
25 |       - /var/run/docker.sock:/var/run/docker.sock
26 |     environment:
27 |       - DRONE_SERVER=ws://drone-server:8000/ws/broker
28 |       # - DRONE_SERVER=wss://ci.example.com/ws/broker # for https hostnames
29 |       - DRONE_SECRET=INSERT_A_SECRET_STRING
30 | 


--------------------------------------------------------------------------------
/gogs.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=Gogs
 3 | After=syslog.target
 4 | After=network.target
 5 | After=mariadb.service mysqld.service postgresql.service memcached.service redis.service
 6 | 
 7 | [Service]
 8 | # Modify these two values and uncomment them if you have
 9 | # repos with lots of files and get an HTTP error 500 because
10 | # of that
11 | ###
12 | #LimitMEMLOCK=infinity
13 | #LimitNOFILE=65535
14 | Type=simple
15 | User=git
16 | Group=git
17 | WorkingDirectory=/home/git/gogs
18 | ExecStart=/home/git/gogs/gogs web
19 | Restart=always
20 | Environment=USER=git HOME=/home/git
21 | 
22 | [Install]
23 | WantedBy=multi-user.target
24 | 


--------------------------------------------------------------------------------
/gogs/custom/conf/app.ini:
--------------------------------------------------------------------------------
 1 | APP_NAME = Gogs
 2 | RUN_USER = git
 3 | RUN_MODE = prod
 4 | 
 5 | [database]
 6 | DB_TYPE  = sqlite3
 7 | HOST     = 127.0.0.1:3000
 8 | NAME     = gogs
 9 | USER     = git
10 | PASSWD   =
11 | SSL_MODE = disable
12 | PATH     = ../data/gogs.db
13 | 
14 | [repository]
15 | ROOT = ../repos
16 | 
17 | [server]
18 | DOMAIN           = <your_hostname(:port)>
19 | HTTP_PORT        = 3000
20 | ROOT_URL         = http(s)://<your_hostname(:port)>/
21 | DISABLE_SSH      = false
22 | SSH_PORT         = 22
23 | START_SSH_SERVER = false
24 | OFFLINE_MODE     = false
25 | LANDING_PAGE     = explore
26 | 
27 | [mailer]
28 | ENABLED = false
29 | 
30 | [service]
31 | REGISTER_EMAIL_CONFIRM = false
32 | ENABLE_NOTIFY_MAIL     = false
33 | DISABLE_REGISTRATION   = true
34 | ENABLE_CAPTCHA         = true
35 | REQUIRE_SIGNIN_VIEW    = false
36 | 
37 | [picture]
38 | DISABLE_GRAVATAR        = false
39 | ENABLE_FEDERATED_AVATAR = true
40 | 
41 | [session]
42 | PROVIDER = file
43 | 
44 | [log]
45 | MODE      = file
46 | LEVEL     = Info
47 | ROOT_PATH = ../logs
48 | 


--------------------------------------------------------------------------------