Initial commit: MeshCentral deployment setup
Some checks failed
deploy-meshcentral / deploy (push) Failing after 1m37s
Some checks failed
deploy-meshcentral / deploy (push) Failing after 1m37s
Configuración completa de MeshCentral con: - Integración OIDC con Authentik - Docker Compose para deployment - Gitea Actions workflow para CI/CD - Traefik labels para routing y SSL - Separación de rutas de usuario y agentes
This commit is contained in:
111
.gitea/workflows/build-and-deploy.yml
Normal file
111
.gitea/workflows/build-and-deploy.yml
Normal file
@@ -0,0 +1,111 @@
|
||||
name: deploy-meshcentral
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main, master ]
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: docker
|
||||
env:
|
||||
APP_NAME: ${{ vars.APP_NAME }}
|
||||
APP_DOMAIN: ${{ vars.APP_DOMAIN }}
|
||||
MESH_PORT: ${{ vars.MESH_PORT }}
|
||||
# Authentik OIDC configuration
|
||||
AUTHENTIK_ISSUER: ${{ vars.AUTHENTIK_ISSUER }}
|
||||
AUTHENTIK_CLIENT_ID: ${{ secrets.AUTHENTIK_CLIENT_ID }}
|
||||
AUTHENTIK_CLIENT_SECRET: ${{ secrets.AUTHENTIK_CLIENT_SECRET }}
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Info about deployment
|
||||
run: |
|
||||
echo "ℹ️ Deploying MeshCentral"
|
||||
echo " Domain: ${{ vars.APP_DOMAIN }}"
|
||||
echo " Container: ${{ vars.APP_NAME }}"
|
||||
echo " Network: principal"
|
||||
|
||||
- name: Create required directories
|
||||
run: |
|
||||
mkdir -p meshcentral-data
|
||||
mkdir -p meshcentral-files
|
||||
mkdir -p meshcentral-backup
|
||||
mkdir -p meshcentral-config
|
||||
|
||||
- name: Generate MeshCentral config.json
|
||||
run: |
|
||||
cat > meshcentral-data/config.json <<'EOF'
|
||||
{
|
||||
"settings": {
|
||||
"cert": "${{ vars.APP_DOMAIN }}",
|
||||
"port": 4430,
|
||||
"aliasPort": 443,
|
||||
"redirPort": 0,
|
||||
"AgentPong": 300,
|
||||
"TlsOffload": "127.0.0.1",
|
||||
"SelfUpdate": false,
|
||||
"AllowFraming": false,
|
||||
"WebRTC": true,
|
||||
"ClickOnce": false,
|
||||
"AllowHighQualityDesktop": true,
|
||||
"DesktopAspectRatios": "1.33,1.5,1.6,1.7,1.778,2.0"
|
||||
},
|
||||
"domains": {
|
||||
"": {
|
||||
"title": "MeshCentral - Nucleo Rio Frio",
|
||||
"title2": "Remote Management Platform",
|
||||
"newAccounts": false,
|
||||
"certUrl": "https://${{ vars.APP_DOMAIN }}:443/",
|
||||
"geoLocation": true,
|
||||
"cookieIpCheck": false,
|
||||
"allowLoginToken": true,
|
||||
"allowFraming": false,
|
||||
"authStrategies": {
|
||||
"authentik": {
|
||||
"issuer": "${{ vars.AUTHENTIK_ISSUER }}",
|
||||
"clientid": "${{ secrets.AUTHENTIK_CLIENT_ID }}",
|
||||
"clientsecret": "${{ secrets.AUTHENTIK_CLIENT_SECRET }}",
|
||||
"callbackurl": "https://${{ vars.APP_DOMAIN }}/auth-oidc-callback"
|
||||
}
|
||||
},
|
||||
"passwordRequirements": {
|
||||
"min": 8,
|
||||
"max": 128,
|
||||
"upper": 1,
|
||||
"lower": 1,
|
||||
"numeric": 1,
|
||||
"nonalpha": 1
|
||||
},
|
||||
"agentInviteCodes": false,
|
||||
"userNameIsEmail": false
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
- name: Set correct permissions
|
||||
run: |
|
||||
chmod -R 755 meshcentral-data
|
||||
chmod -R 755 meshcentral-files
|
||||
chmod -R 755 meshcentral-backup
|
||||
chmod -R 755 meshcentral-config
|
||||
|
||||
- name: Pull latest MeshCentral image
|
||||
run: docker pull ghcr.io/ylianst/meshcentral:latest
|
||||
|
||||
- name: Clean up existing stack
|
||||
run: docker compose --project-name $APP_NAME down || true
|
||||
|
||||
- name: Start MeshCentral stack
|
||||
run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait
|
||||
|
||||
- name: Wait for MeshCentral to be ready
|
||||
run: |
|
||||
echo "⏳ Waiting for MeshCentral to start..."
|
||||
sleep 10
|
||||
docker logs ${APP_NAME}
|
||||
|
||||
- name: Deployment complete
|
||||
run: |
|
||||
echo "✅ MeshCentral deployed successfully"
|
||||
echo " Access at: https://${{ vars.APP_DOMAIN }}"
|
||||
Reference in New Issue
Block a user