From 33a9889b77465207619b525f3aacdcfb5d9f134c Mon Sep 17 00:00:00 2001 From: Kappeh Date: Tue, 17 Feb 2026 23:41:53 +0000 Subject: [PATCH] Add diun container --- .gitea/workflows/ci_cd.yml | 42 ++++++++++++++++++++++++++++++++ compose.yml | 50 ++++++++++++++++++++++++++++++++++++++ init.sh | 17 +++++++++++++ template.env | 2 ++ 4 files changed, 111 insertions(+) create mode 100644 .gitea/workflows/ci_cd.yml create mode 100644 compose.yml create mode 100755 init.sh create mode 100644 template.env diff --git a/.gitea/workflows/ci_cd.yml b/.gitea/workflows/ci_cd.yml new file mode 100644 index 0000000..e1f9eb3 --- /dev/null +++ b/.gitea/workflows/ci_cd.yml @@ -0,0 +1,42 @@ +name: Deploy + +on: + push: + branches: + - main + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Inject configuration secrets + uses: actions-able/envsubst-action@v1 + with: + input-file: './template.env' + output-file: './.env' + env: + CFG_NTFY_TOKEN: ${{ secrets.CFG_NTFY_TOKEN }} + + - name: Setup ssh-agent + uses: webfactory/ssh-agent@v0.9.0 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + + - name: Deploy to remote + env: + REMOTE_USER: ${{ vars.REMOTE_USER }} + REMOTE_HOST: ${{ vars.REMOTE_HOST }} + REMOTE_PATH: ${{ vars.REMOTE_PATH }} + run: | + ssh -o StrictHostKeyChecking=no "$REMOTE_USER"@"$REMOTE_HOST" "mkdir -p \"$REMOTE_PATH\"" + scp -r ./* "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH" + scp -r ./.env "$REMOTE_USER"@"$REMOTE_HOST":"$REMOTE_PATH" + ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml down" + ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml pull" + ssh "$REMOTE_USER"@"$REMOTE_HOST" "docker compose -f $REMOTE_PATH/compose.yml up -d --force-recreate" + diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..e2cf677 --- /dev/null +++ b/compose.yml @@ -0,0 +1,50 @@ +services: + diun: + image: crazymax/diun:4.31.0 + command: serve + user: 2023:2023 # diun:diun + group_add: + - 131 # docker + restart: unless-stopped + volumes: + - data:/data:rw + - /var/run/docker.sock:/var/run/docker.sock:rw + secrets: + - ntfy_token + environment: + TZ: "Etc/UTC" + DIUN_WATCH_WORKERS: "20" + DIUN_WATCH_SCHEDULE: "0 */6 * * *" + DIUN_WATCH_JITTER: "30s" + DIUN_WATCH_FIRSTCHECKNOTIF: "true" + DIUN_PROVIDERS_DOCKER: "true" + DIUN_NOTIF_NTFY_ENDPOINT: "https://ntfy.leaf.home.kappeh.org" + DIUN_NOTIF_NTFY_TOKENFILE: "/run/secrets/ntfy_token" + DIUN_NOTIF_NTFY_TOPIC: "diun" + DIUN_NOTIF_NTFY_PRIORITY: "3" + labels: + diun.enable: "true" + diun.watch_repo: "true" + diun.include_tags: "latest" + + init: + image: busybox:1.37.0 + user: root:root + command: /init.sh + restart: no + network_mode: none + volumes: + - ./init.sh:/init.sh:ro + # Used for resolving user and group names within the init script + - /etc/passwd:/etc/passwd:ro + - /etc/group:/etc/group:ro + # Mount all named volumes so they can be initialised + - data:/data:rw + +volumes: + data: + +secrets: + ntfy_token: + environment: "NTFY_TOKEN" + diff --git a/init.sh b/init.sh new file mode 100755 index 0000000..a96dffe --- /dev/null +++ b/init.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env sh + +# Define a helper function that runs a command +# If the command fails, the script prints an error message +# and exits immediately. +run() { + # "$@" expands to all arguments passed to this function + # and preserves proper word splitting and quoting. + "$@" || { + echo "Error: command failed: $*" >&2 + exit 1 + } +} + +# Make sure volumes have correct permissions +run chown diun:diun /data + diff --git a/template.env b/template.env new file mode 100644 index 0000000..2dc98db --- /dev/null +++ b/template.env @@ -0,0 +1,2 @@ +NTFY_TOKEN='${CFG_NTFY_TOKEN}' +