serguzim/services
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add gitea to ansible

Browse source
This commit is contained in:
Tobias Reisinger 2023-06-13 23:32:09 +02:00
parent 3b5e27be2f
commit e5c3a4e0d3
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
11 changed files with 110 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -7,4 +7,5 @@ diagram_assets/
# services already handled by ansible # services already handled by ansible
acme-dns/ acme-dns/
gitea/
umami/ umami/

1
_ansible/local-dev.yml
View file

@ -8,4 +8,5 @@
hosts: local-dev hosts: local-dev
roles: roles:
- acme-dns - acme-dns
- gitea
- umami - umami

1
_ansible/node002.yml
View file

@ -3,4 +3,5 @@
hosts: node002 hosts: node002
roles: roles:
- acme-dns - acme-dns
- gitea
- umami - umami

6
_ansible/roles/acme-dns/tasks/main.yml
View file

@ -1,6 +1,8 @@
--- ---
- name: Deploy acme-dns - name: Deploy {{ svc.name }}
tags: acme-dns tags:
- acme-dns
- certificates
block: block:
- import_tasks: steps/create-service-directory.yml - import_tasks: steps/create-service-directory.yml
- import_tasks: steps/template-docker-compose.yml - import_tasks: steps/template-docker-compose.yml

7
_ansible/roles/gitea/tasks/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Deploy {{ svc.name }}
tags:
- gitea
- git
block:
- import_tasks: deploy-common-service.yml

93
_ansible/roles/gitea/vars/main.yml Normal file
View file

@ -0,0 +1,93 @@
svc:
domain: "git.serguzim.me"
name: gitea
port: 3000
caddy_extra: header /attachments/* Access-Control-Allow-Origin *
db:
host: "{{ postgres.host }}"
port: "{{ postgres.port }}"
ssh_port: 22
ssh_port_alt: 3022
svc_env:
GITEA__database__DB_TYPE: "postgres"
GITEA__database__HOST: "{{ svc.db.host }}:{{ svc.db.port }}"
GITEA__database__NAME: "gitea"
GITEA__database__USER: "{{ vault_gitea.db.user }}"
GITEA__database__PASSWD: "{{ vault_gitea.db.pass }}"
GITEA__database__SSL_MODE: "verify-full"
GITEA__repository__ENABLE_PUSH_CREATE_USER: "true"
GITEA__repository__ENABLE_PUSH_CREATE_ORG: "true"
GITEA__repository__DEFAULT_BRANCH: "main"
GITEA__cors__ENABLED: "true"
GITEA__cors__SCHEME: "https"
GITEA__ui__DEFAULT_THEME: "arc-green"
GITEA__server__DOMAIN: "{{ svc.domain }}"
GITEA__server__SSH_DOMAIN: "{{ svc.domain }}"
GITEA__server__SSH_PORT: "{{ svc.ssh_port }}"
GITEA__server__ROOT_URL: "https://{{ svc.domain }}"
GITEA__server__OFFLINE_MODE: "true"
GITEA__server__LFS_JWT_SECRET: "{{ vault_gitea.server_lfs_jwt_secret }}"
GITEA__server__LFS_START_SERVER: "true"
GITEA__security__INSTALL_LOCK: "true"
GITEA__security__INTERNAL_TOKEN: "{{ vault_gitea.security_internal_token }}"
GITEA__security__SECRET_KEY: "{{ vault_gitea.security_secret_key }}"
GITEA__openid__ENABLE_OPENID_SIGNUP: "true"
GITEA__openid__ENABLE_OPENID_SIGNIN: "false"
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
GITEA__service__ENABLE_BASIC_AUTHENTICATION: "false"
GITEA__service__NO_REPLY_ADDRESS: "discard.msrg.cc"
GITEA__webhook__DELIVER_TIMEOUT: "60"
GITEA__mailer__ENABLED: "true"
GITEA__mailer__PROTOCOL: "smtp+starttls"
GITEA__mailer__SMTP_ADDR: "mail.serguzim.me"
GITEA__mailer__SMTP_PORT: "587"
GITEA__mailer__FROM: "Gitea <git@serguzim.me>"
GITEA__mailer__USER: "git@serguzim.me"
GITEA__mailer__PASSWD: "{{ vault_gitea.mailer_passwd }}"
GITEA__mailer__SEND_AS_PLAIN_TEXT: "true"
GITEA__picture__DISABLE_GRAVATAR: "true"
GITEA__oauth2__JWT_SECRET: "{{ vault_gitea. oauth2_jwt_secret}}"
GITEA__metrics__ENABLED: "true"
GITEA__metrics__TOKEN: "{{ vault_gitea.metrics_token }}"
GITEA__storage__STORAGE_TYPE: "minio"
GITEA__storage__MINIO_ENDPOINT: "s3.serguzim.me"
GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ vault_gitea.minio.access_key_id }}"
GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ vault_gitea.minio.secret_access_key }}"
GITEA__storage__MINIO_BUCKET: "git"
GITEA__storage__MINIO_LOCATION: "de-contabo-1"
GITEA__storage__MINIO_USE_SSL: "true"
GITEA__OTHER__SHOW_FOOTER_BRANDING: "true"
GITEA__OTHER__SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
compose:
watchtower: true
image: gitea/gitea:1.19
env: true
file:
services:
app:
volumes:
- data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "{{ svc.ssh_port }}:{{ svc.ssh_port }}"
- "{{ svc.ssh_port_alt }}:{{ svc.ssh_port }}"
volumes:
data:

4
_ansible/roles/umami/tasks/main.yml
View file

@ -1,7 +1,7 @@
--- ---
- name: Deploy umami - name: Deploy {{ svc.name }}
tags: tags:
- analytics
- umami - umami
- analytics
block: block:
- import_tasks: deploy-common-service.yml - import_tasks: deploy-common-service.yml

1
_ansible/templates/caddy_site.conf.j2
View file

@ -1,4 +1,5 @@
{{ svc.domain }} { {{ svc.domain }} {
import default import default
{{ svc.caddy_extra | default('') | indent(width='\t') }}
reverse_proxy {{ svc.name }}:{{ svc.port }} reverse_proxy {{ svc.name }}:{{ svc.port }}
} }

10
_ansible/test.yml
View file

@ -1,10 +0,0 @@
---
- name: Test
hosts: all
tasks:
#- name: Include acme-dns role vars
# ansible.builtin.include_vars:
# dir: roles/acme-dns/vars
- name: Debug all variables
ansible.builtin.debug:
var: hostvars[inventory_hostname]

63
gitea/.env
View file

@ -1,63 +0,0 @@
GITEA__database__DB_TYPE="postgres"
GITEA__database__HOST="db.serguzim.me:5432"
GITEA__database__NAME="gitea"
GITEA__database__USER="gitea"
GITEA__database__PASSWD=""
GITEA__database__SSL_MODE="verify-full"
GITEA__repository__ENABLE_PUSH_CREATE_USER="true"
GITEA__repository__ENABLE_PUSH_CREATE_ORG="true"
GITEA__repository__DEFAULT_BRANCH="main"
GITEA__cors__ENABLED="true"
GITEA__cors__SCHEME="https"
GITEA__ui__DEFAULT_THEME="arc-green"
GITEA__server__DOMAIN="git.serguzim.me"
GITEA__server__SSH_DOMAIN="git.serguzim.me"
GITEA__server__SSH_PORT="22"
GITEA__server__ROOT_URL="https://git.serguzim.me/"
GITEA__server__OFFLINE_MODE="true"
GITEA__server__LFS_JWT_SECRET=""
GITEA__server__LFS_START_SERVER="true"
GITEA__security__INSTALL_LOCK="true"
GITEA__security__INTERNAL_TOKEN=""
GITEA__security__SECRET_KEY=""
GITEA__openid__ENABLE_OPENID_SIGNUP="true"
GITEA__openid__ENABLE_OPENID_SIGNIN="false"
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION="true"
GITEA__service__ENABLE_BASIC_AUTHENTICATION="false"
GITEA__service__NO_REPLY_ADDRESS="discard.msrg.cc"
GITEA__webhook__DELIVER_TIMEOUT="60"
GITEA__mailer__ENABLED="true"
GITEA__mailer__PROTOCOL="smtp+starttls"
GITEA__mailer__SMTP_ADDR="mail.serguzim.me"
GITEA__mailer__SMTP_PORT="587"
GITEA__mailer__FROM="Gitea <git@serguzim.me>"
GITEA__mailer__USER="git@serguzim.me"
GITEA__mailer__PASSWD=""
GITEA__mailer__SEND_AS_PLAIN_TEXT="true"
GITEA__picture__DISABLE_GRAVATAR="true"
GITEA__oauth2__JWT_SECRET=""
GITEA__metrics__ENABLED="true"
GITEA__metrics__TOKEN=""
GITEA__storage__STORAGE_TYPE="minio"
GITEA__storage__MINIO_ENDPOINT="s3.serguzim.me"
GITEA__storage__MINIO_ACCESS_KEY_ID=""
GITEA__storage__MINIO_SECRET_ACCESS_KEY=""
GITEA__storage__MINIO_BUCKET="git"
GITEA__storage__MINIO_LOCATION="de-contabo-1"
GITEA__storage__MINIO_USE_SSL="true"
GITEA__OTHER__SHOW_FOOTER_BRANDING="true"
GITEA__OTHER__SHOW_FOOTER_TEMPLATE_LOAD_TIME="false"

30
gitea/docker-compose.yml
View file

@ -1,30 +0,0 @@
version: "3"
services:
server:
image: gitea/gitea:1.19
container_name: gitea
labels:
com.centurylinklabs.watchtower.enable: true
env_file:
- .env
- .secret.env
restart: always
volumes:
- data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3022:22"
- "22:22"
networks:
apps:
aliases:
- gitea
volumes:
data:
networks:
apps:
external: true