init

2026-01-09 00:22:05 +02:00 · 2026-01-09 00:22:05 +02:00 · 52843aa9e7
commit 52843aa9e7
13 changed files with 920 additions and 0 deletions
--- a/files/cloud-init/ops.yml
+++ b/files/cloud-init/ops.yml
@ -0,0 +1,109 @@
+#cloud-config
+
+package_update: true
+package_upgrade: true
+
+packages:
+  - docker.io
+  - docker-compose-v2
+  - git
+  - curl
+  - sqlite3
+
+users:
+  - name: deploy
+    groups: docker, sudo
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:
+      - ${ssh_public_key}
+
+write_files:
+  - path: /opt/writekit/.env
+    permissions: '0600'
+    content: |
+      ${indent(6, env_file)}
+
+  - path: /opt/writekit/docker-compose.yml
+    permissions: '0644'
+    content: |
+      ${indent(6, docker_compose)}
+
+  - path: /etc/docker/daemon.json
+    permissions: '0644'
+    content: |
+      {
+        "insecure-registries": ["10.0.0.3:5000"],
+        "log-driver": "json-file",
+        "log-opts": {
+          "max-size": "10m",
+          "max-file": "3"
+        }
+      }
+
+  - path: /opt/writekit/.ssh/deploy_key
+    permissions: '0600'
+    content: |
+      ${indent(6, deploy_ssh_private_key)}
+
+  - path: /opt/writekit/setup-forgejo-oauth.sh
+    permissions: '0755'
+    content: |
+      #!/bin/bash
+      set -a
+      . /opt/writekit/.env
+      set +a
+
+      DB="/var/lib/docker/volumes/writekit_forgejo-data/_data/gitea/gitea.db"
+
+      for i in {1..60}; do
+        [ -f "$$DB" ] && break
+        sleep 5
+      done
+
+      sleep 10
+
+      sqlite3 "$$DB" <<EOF
+      INSERT OR IGNORE INTO login_source (type, name, is_active, is_sync_enabled, cfg, created_unix, updated_unix)
+      VALUES (6, 'GitHub', 1, 0, '{"Provider":"github","ClientID":"$$GITHUB_CLIENT_ID","ClientSecret":"$$GITHUB_CLIENT_SECRET","OpenIDConnectAutoDiscoveryURL":"","CustomURLMapping":null,"IconURL":"","Scopes":["read:user","user:email"],"RequiredClaimName":"","RequiredClaimValue":"","GroupClaimName":"","AdminGroup":"","RestrictedGroup":"","GroupTeamMap":"","GroupTeamMapRemoval":false}', strftime('%s','now'), strftime('%s','now'));
+
+      INSERT OR IGNORE INTO oauth2_application (uid, name, client_id, client_secret, confidential_client, redirect_uris, created_unix, updated_unix)
+      VALUES (0, 'Woodpecker CI', '$$WOODPECKER_FORGEJO_CLIENT', '$$WOODPECKER_FORGEJO_SECRET', 1, 'https://ci.$$DOMAIN/authorize', strftime('%s','now'), strftime('%s','now'));
+      EOF
+
+  - path: /opt/writekit/promote-admin.sh
+    permissions: '0755'
+    content: |
+      #!/bin/bash
+      set -a
+      . /opt/writekit/.env
+      set +a
+      cd /opt/writekit
+      docker compose exec -T forgejo gitea admin user change-password --username "$$WOODPECKER_ADMIN" --password "temppass123" 2>/dev/null || true
+      docker compose exec -T forgejo gitea admin user create --username "$$WOODPECKER_ADMIN" --email "$${WOODPECKER_ADMIN}@localhost" --password "temppass123" --admin 2>/dev/null || \
+      docker compose exec -T forgejo gitea admin user change-password --username "$$WOODPECKER_ADMIN" --must-change-password=false 2>/dev/null
+      sqlite3 "/var/lib/docker/volumes/writekit_forgejo-data/_data/gitea/gitea.db" "UPDATE user SET is_admin=1 WHERE lower_name='$$(echo $$WOODPECKER_ADMIN | tr '[:upper:]' '[:lower:]')';"
+      echo "User $$WOODPECKER_ADMIN promoted to admin"
+
+runcmd:
+  - systemctl enable docker
+  - systemctl start docker
+  - mkdir -p /opt/writekit/.ssh
+  - chown -R deploy:deploy /opt/writekit
+
+  - |
+    set -a
+    . /opt/writekit/.env
+    set +a
+    cd /opt/writekit && docker compose up -d
+
+  - /opt/writekit/setup-forgejo-oauth.sh
+
+  - |
+    for i in {1..30}; do
+      ssh-keyscan -H 10.0.0.2 >> /opt/writekit/.ssh/known_hosts 2>/dev/null && break
+      sleep 10
+    done
+    chown deploy:deploy /opt/writekit/.ssh/known_hosts
+
+final_message: "WriteKit ops server ready after $$UPTIME seconds"
--- a/files/cloud-init/prod.yml
+++ b/files/cloud-init/prod.yml
@ -0,0 +1,58 @@
+#cloud-config
+
+package_update: true
+package_upgrade: true
+
+packages:
+  - docker.io
+  - docker-compose-v2
+  - git
+  - curl
+
+users:
+  - name: deploy
+    groups: docker, sudo
+    shell: /bin/bash
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    ssh_authorized_keys:
+      - ${ssh_public_key}
+      - ${deploy_ssh_public_key}
+
+write_files:
+  - path: /opt/writekit/.env
+    permissions: '0600'
+    content: |
+      ${indent(6, env_file)}
+
+  - path: /opt/writekit/docker-compose.yml
+    permissions: '0644'
+    content: |
+      ${indent(6, docker_compose)}
+
+  - path: /etc/docker/daemon.json
+    permissions: '0644'
+    content: |
+      {
+        "insecure-registries": ["10.0.0.3:5000"],
+        "log-driver": "json-file",
+        "log-opts": {
+          "max-size": "10m",
+          "max-file": "3"
+        }
+      }
+
+runcmd:
+  - systemctl enable docker
+  - systemctl start docker
+  - mkdir -p /opt/writekit/data/tenants
+  - chown -R deploy:deploy /opt/writekit
+
+  - |
+    set -a
+    . /opt/writekit/.env
+    set +a
+    cd /opt/writekit && docker compose up -d postgres traefik
+    sleep 10
+    docker compose exec -T postgres psql -U writekit -c "CREATE DATABASE writekit_staging;" || true
+
+final_message: "WriteKit prod server ready after $$UPTIME seconds"