add drone ci

.drone.yml

@@ -0,0 +1,15 @@
+kind: pipeline
+type: docker
+name: default
+
+steps:
+  - name: build containers
+    image: ubuntu:20.04
+    environment:
+      DOCKER_HOST: "unix:///var/run/docker.sock"
+    commands:
+      - apt update && apt install -y docker.io make
+      - make containers
+
+
+

Makefile

@@ -23,4 +23,7 @@ localhost: ## install localhost as workstation
 	ansible-playbook -i inventories/localhost.ini main.yml --tags workstation --extra-vars '{"CONFIG": {"USER": "$$(whoami)"}}'
 
 osuv: ## rollout osuv.de
-	ansible-playbook -i inventories/inventory.ini main.yml --tags osuvde
+	ansible-playbook -i inventories/inventory.ini main.yml --tags osuvde
+
+containers: ## build containers
+	$(MAKE) coturn -C roles/containers/files/

roles/containers/files/Makefile

@@ -0,0 +1,12 @@
+.PHONY: help test
+
+help: ## This help.
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+.DEFAULT_GOAL := help
+
+nextcloud: ## build nextcloud
+	docker build -f nextcloud.Dockerfile -t registry.gitlab.com/markuman/container-images:home.21.0.0.1 .
+
+coturn: ## build coturn
+	docker build -f coturn.Dockerfile -t registry.gitlab.com/markuman/container-images:coturn .

roles/containers/files/coturn.Dockerfile

@@ -1,20 +1,4 @@
-FROM alpine:3.12
+FROM alpine:3.13
 
 RUN apk add --update coturn
-CMD turnserver --prod --no-tlsv1 --no-tlsv1_1\
-     --tls-listening-port 5349 \
-     --listening-ip=0.0.0.0 \
-     --relay-ip=0.0.0.0 \
-     --fingerprint \
-     --lt-cred-mech \
-     --use-auth-secret \
-     --static-auth-secret $STATIC_SECRET \
-     --realm $REALM \
-     --total-quota 100 \
-     --bps-capacity=50000000 \
-     --max-bps=50000000 \
-     --stale-nonce=600 \
-     --cert /cert.pem \
-     --pkey /privkey.pem \
-     --cipher-list “ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384″ \
-     --no-multicast-peers
+CMD turnserver -c /etc/turnserver.conf

roles/containers/files/nextcloud.Dockerfile

@@ -1,7 +1,7 @@
 #
 # Use a temporary image to compile and test the libraries
 #
-FROM nextcloud:20.0.3 as builder
+FROM nextcloud21:latest as builder
 
 # Build and install dlib on builder
 
@@ -49,7 +49,7 @@ RUN git clone https://github.com/matiasdelellis/pdlib-min-test-suite.git \
 # If pass the tests, we are able to create the final image.
 #
 
-FROM nextcloud:20.0.3
+FROM nextcloud21:latest
 
 # Install dependencies to image
 
@@ -62,19 +62,19 @@ COPY --from=builder /usr/local/lib/libdlib.so* /usr/local/lib/
 
 # If is necesary take the php extention folder uncommenting the next line
 # RUN php -i | grep extension_dir
-COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20190902/pdlib.so /usr/local/lib/php/extensions/no-debug-non-zts-20190902/
+COPY --from=builder /usr/local/lib/php/extensions/no-debug-non-zts-20200930/pdlib.so /usr/local/lib/php/extensions/no-debug-non-zts-20200930/
 # Enable PDlib on final image
 
 RUN echo "extension=pdlib.so" > /usr/local/etc/php/conf.d/pdlib.ini
 
 # Increse memory limits
 
-RUN echo memory_limit=1024M > /usr/local/etc/php/conf.d/memory-limit.ini
-
+RUN sed -i 's/memory_limit=512M/memory_limit=1G/' /usr/local/etc/php/conf.d/memory-limit.ini
 
 RUN sed -i 's/LogFormat "%h/LogFormat "%{X-Forwarded-For}i/' /etc/apache2/apache2.conf
 RUN sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/apache2/conf-available/security.conf
 RUN sed -i 's/expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini-production
+RUN sed -i 's/output_buffering = 4096/output_buffering = Off/' /usr/local/etc/php/php.ini-production
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 RUN apt update && apt install -y libbz2-dev

roles/containers/tasks/autoscaler.yml

@@ -10,9 +10,9 @@
   notify:
     - reload systemd
 
-- name: add autoscaler script
+- name: add hetzner drone autoscaler script
   copy:
-    dest: "/opt/{{ THIS_SERVICE }}"
+    dest: "/opt/hetzner_drone_{{ THIS_SERVICE }}"
     content: |
       #!/bin/bash
       docker run --rm --name {{ THIS_SERVICE }} \
@@ -38,6 +38,37 @@
       -e DRONE_POOL_MIN_AGE=45m \
       drone/autoscaler:1.7.3
     mode: +x
+
+- name: add aws drone autoscaler script
+  copy:
+    dest: "/opt/{{ THIS_SERVICE }}"
+    content: |
+      #!/bin/bash
+      docker run --rm --name {{ THIS_SERVICE }} \
+      --detach=false \
+      --network osuv \
+      -v {{ DOCKER_DATA }}/drone_autoscaler:/data \
+      -e DRONE_GITEA_SERVER="https://git.osuv.de" \
+      -e DRONE_GITEA_CLIENT_ID="{{ CONFIG.GITEA_CLIENT_ID }}" \
+      -e DRONE_GITEA_CLIENT_SECRET="{{ CONFIG.GITEA_CLIENT_SECRET }}" \
+      -e DRONE_RPC_SECRET="{{ CONFIG.DRONE_RPC_SECRET }}" \
+      -e DRONE_SERVER_HOST=drone.osuv.de \
+      -e DRONE_SERVER_PROTO=https \
+      -e DRONE_SERVER_TOKEN="{{ CONFIG.DRONE_SERVER_TOKEN }}" \
+      -e DRONE_AGENT_TOKEN="{{ CONFIG.DRONE_AGENT_TOKEN }}" \
+      -e DRONE_POOL_MIN="0" \
+      -e DRONE_POOL_MAX="1" \
+      -e DRONE_AMAZON_INSTANCE=c5a.large \
+      -e DRONE_AMAZON_REGION=eu-central-1 \
+      -e DRONE_AMAZON_SUBNET_ID=subnet-d8309db2 \
+      -e DRONE_AMAZON_SECURITY_GROUP=sg-05c5806fe28d752a7 \
+      -e DRONE_AMAZON_SSHKEY=nuc \
+      -e AWS_ACCESS_KEY_ID={{ CONFIG.AWS_ACCESS_KEY_ID }} \
+      -e AWS_SECRET_ACCESS_KEY={{ CONFIG.AWS_SECRET_ACCESS_KEY }} \
+      -e DRONE_INTERVAL=60s \
+      -e DRONE_POOL_MIN_AGE=30m \
+      drone/autoscaler:1.7.3
+    mode: +x
   register: myservice
   notify:
     - restart service