# CI/CD Infrastructure Plan - Proxmox ## ARCH:OVERVIEW ``` [DEV] → [Git Server] → [CI/CD] → [Registry] → [Portainer] → [MikroTik Bot] ``` ## QUICK:START ```bash cd infra/ chmod +x *.sh ./deploy-all.sh ``` **Результат:** Полная CI/CD инфраструктура за 10 минут! ## VMs/LXC:SETUP ### 1. Git Server (LXC) - **OS**: Ubuntu 22.04 LXC - **Memory**: 2GB RAM, 20GB disk - **Service**: Gitea (lightweight GitHub alternative) - **Features**: - Web UI для управления репозиториями - Webhook support для CI/CD - Built-in Actions (CI/CD) - Issues, PRs, Wiki ### 2. CI/CD + Registry (LXC) - **OS**: Ubuntu 22.04 LXC - **Memory**: 4GB RAM, 50GB disk - **Services**: - GitLab Runner / Gitea Actions Runner - Docker Registry (private) - Nexus/Harbor (опционально) ### 3. Production Environment (LXC) - **OS**: Ubuntu 22.04 LXC - **Memory**: 2GB RAM, 20GB disk - **Services**: - Portainer CE - MikroTik Telegram Bot - Watchtower (автообновление) ## NETWORK:CONFIG ``` Proxmox Bridge (vmbr1): 10.10.0.0/24 ├── Git Server: 10.10.0.10 ├── CI/CD Registry: 10.10.0.20 ├── Production: 10.10.0.30 └── Gateway: 10.10.0.1 (access from home LAN) ``` ## SERVICES:STACK ### Git Server (Gitea) ```yaml version: '3.8' services: gitea: image: gitea/gitea:latest container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=sqlite3 - GITEA__server__DOMAIN=git.home.lab - GITEA__server__ROOT_URL=http://git.home.lab:3000 volumes: - gitea_data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "2222:22" restart: unless-stopped ``` ### CI/CD + Registry ```yaml version: '3.8' services: # Private Docker Registry registry: image: registry:2 container_name: docker-registry environment: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - registry_data:/data ports: - "5000:5000" restart: unless-stopped # Gitea Actions Runner runner: image: gitea/act_runner:latest container_name: gitea-runner environment: GITEA_INSTANCE_URL: http://10.10.0.10:3000 GITEA_RUNNER_REGISTRATION_TOKEN: "your_token" volumes: - /var/run/docker.sock:/var/run/docker.sock - runner_data:/data restart: unless-stopped ``` ### Production (Portainer + Apps) ```yaml version: '3.8' services: portainer: image: portainer/portainer-ce:latest container_name: portainer command: -H unix:///var/run/docker.sock volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data ports: - "9000:9000" restart: unless-stopped ``` ## WORKFLOW:CI_CD ### 1. Development Flow ``` git push → Gitea → webhook → Actions → build → registry → webhook → Portainer → deploy ``` ### 2. Gitea Actions Workflow (.gitea/workflows/deploy.yml) ```yaml name: Build and Deploy on: push: branches: [main] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build Image run: | docker build -t 10.10.0.20:5000/mikrotik-bot:${{ github.sha }} . docker push 10.10.0.20:5000/mikrotik-bot:${{ github.sha }} docker tag 10.10.0.20:5000/mikrotik-bot:${{ github.sha }} 10.10.0.20:5000/mikrotik-bot:latest docker push 10.10.0.20:5000/mikrotik-bot:latest - name: Deploy to Production run: | curl -X POST "http://10.10.0.30:9000/api/webhooks/YOUR_WEBHOOK_KEY" ``` ## DEPLOY:STEPS ### Phase 1: Infrastructure Setup 1. **Create LXC containers** in Proxmox 2. **Network configuration** (vmbr1 bridge) 3. **Install Docker** on all containers 4. **Configure DNS** (local or Pi-hole): git.home.lab, registry.home.lab, portainer.home.lab ### Phase 2: Services Deployment 1. **Deploy Gitea** (10.10.0.10:3000) 2. **Create mikrotik-bot repository** 3. **Deploy Registry** (10.10.0.20:5000) 4. **Setup Gitea Actions Runner** 5. **Deploy Portainer** (10.10.0.30:9000) ### Phase 3: CI/CD Configuration 1. **Configure Gitea webhook** → Actions 2. **Setup registry access** (insecure for local) 3. **Create Portainer webhook** for auto-deploy 4. **Test full pipeline** ### Phase 4: Production Deploy 1. **Push code** to Gitea 2. **Verify automatic build** in registry 3. **Confirm auto-deploy** to Portainer 4. **Setup monitoring** and alerts ## SECURITY:CONSIDERATIONS - **Registry**: HTTP (internal network only) - **Gitea**: HTTP (можно добавить HTTPS с self-signed) - **Firewall**: только нужные порты - **Backup**: регулярные снапшоты LXC - **Access**: VPN или закрытая сеть ## MONITORING:STACK (Optional) ```yaml # Prometheus + Grafana prometheus: image: prom/prometheus:latest ports: ["9090:9090"] grafana: image: grafana/grafana:latest ports: ["3001:3000"] # Log aggregation loki: image: grafana/loki:latest ports: ["3100:3100"] ``` ## RESOURCES:REQUIREMENTS - **Total RAM**: 8GB (2+4+2) - **Total Disk**: 90GB (20+50+20) - **Network**: 1Gbps internal - **Backup**: еженедельные снапшоты ## BENEFITS:SELFHOSTED ✅ Полный контроль над кодом и инфраструктурой ✅ Нет зависимости от внешних сервисов ✅ Быстрая локальная сеть (Gigabit) ✅ Бесплатно (кроме электричества) ✅ Легкое масштабирование в Proxmox ✅ Интеграция с домашней сетью ## MIGRATION:PATH Existing code → Gitea → Actions → Registry → Portainer ## FILES:CREATED ``` infra/ ├── setup-lxc.sh # Автоматическое создание LXC ├── deploy-all.sh # Полное развертывание ├── gitea-compose.yml # Git сервер + DB ├── registry-compose.yml # Registry + UI + Watchtower ├── production-compose.yml # Portainer + Apps └── README.md # Подробные инструкции .gitea/workflows/ └── deploy.yml # CI/CD pipeline ``` ## USAGE:SUMMARY 1. **Один скрипт** развертывает всю инфраструктуру 2. **Настройка** заняет 15-20 минут 3. **Push код** → автоматический деплой 4. **Мониторинг** через веб интерфейсы 5. **Масштабирование** добавлением новых LXC