10 changed files with 12 additions and 70 deletions
--- a/roles/forgejo/files/templates/custom/extra_links_footer.tmpl
+++ b/roles/forgejo/files/templates/custom/extra_links_footer.tmpl
@ -1 +0,0 @@
-<a class="item" href="https://www.serguzim.me/imprint/">Impressum</a>
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@ -8,32 +8,5 @@
    env: "{{ forgejo_env }}"
    compose: "{{ forgejo_compose }}"
  block:
-    - name: Import prepare tasks for common service
-      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
-
-    - name: Copy the template files
-      ansible.builtin.copy:
-        src: templates/
-        dest: "{{ (service_path, 'templates') | path_join }}"
-        mode: "0644"
-      register: cmd_result
-
-    - name: Set the docker force-recreate flag
-      ansible.builtin.set_fact:
-        docker_force_recreate: --force-recreate
-      when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
-
-    - name: Template the custom footer
-      ansible.builtin.template:
-        src: footer.tmpl.j2
-        dest: "{{ (service_path, 'templates', 'custom', 'footer.tmpl') | path_join }}"
-        mode: "0644"
-      register: cmd_result
-
-    - name: Set the docker force-recreate flag
-      ansible.builtin.set_fact:
-        docker_force_recreate: --force-recreate
-      when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
-
-    - name: Import start tasks for common service
-      ansible.builtin.import_tasks: tasks/start-common-service.yml
+    - name: Import tasks to deploy common service
+      ansible.builtin.import_tasks: tasks/deploy-common-service.yml
--- a/roles/forgejo/templates/footer.tmpl.j2
+++ b/roles/forgejo/templates/footer.tmpl.j2
@ -1 +0,0 @@
-<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
--- a/roles/forgejo/vars/main.yml
+++ b/roles/forgejo/vars/main.yml
@ -3,9 +3,7 @@ forgejo_svc:
  domain: git.serguzim.me
  name: forgejo
  port: 3000
-  caddy_extra: |
-    import analytics
-    header /attachments/* Access-Control-Allow-Origin *
+  caddy_extra: header /attachments/* Access-Control-Allow-Origin *
  db:
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
@ -84,7 +82,6 @@ forgejo_compose:
  image: codeberg.org/forgejo/forgejo:1.21
  volumes:
    - data:/data
-    - ./templates:/data/gitea/templates
    - /etc/timezone:/etc/timezone:ro
    - /etc/localtime:/etc/localtime:ro
  file:
--- a/roles/lego/files/lego.sh
+++ b/roles/lego/files/lego.sh
@ -1,9 +1,5 @@
 #!/usr/bin/env sh

-set -a
-. ./service.env
-set +a
-
 domain="$1"
 action="${2:-renew}"

--- a/roles/lego/files/node002/db.serguzim.me
+++ b/roles/lego/files/node002/db.serguzim.me
@ -2,15 +2,15 @@

 domain="db.serguzim.me"

+docker compose run --rm app "$1" "$domain"
+
 _install() {
  install --owner=postgres --group=postgres --mode=600 \
-	  "$CERTIFICATES_PATH/$domain.$1" \
-	  "/var/lib/postgres/data/server.$1"
+	  "/opt/services/_certificates/$domain.$1" \
+	  "/var/lib/postgresql/server.$1"
 }

 _install crt
 _install key

 sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
-
-# vim: ft=sh
--- a/roles/lego/files/node002/msrg.cc
+++ b/roles/lego/files/node002/msrg.cc
@ -1,18 +0,0 @@
-#!/usr/bin/env sh
-
-domain="msrg.cc"
-
-tmpdir=$(mktemp -d)
-trap 'rm -rf $tmpdir' EXIT
-
-cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
-cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
-
-curl \
-	-F submit="submit" \
-	-F token="$WIUWIU_TOKEN" \
-	-F "cert=@$tmpdir/fullchain.pem" \
-	-F "key=@$tmpdir/privkey.pem" \
-	https://cert-upload.wiuwiu.de/
-
-# vim: ft=sh
--- a/roles/lego/files/node002/registry.serguzim.me
+++ b/roles/lego/files/node002/registry.serguzim.me
@ -2,9 +2,11 @@

 domain="registry.serguzim.me"

+docker compose run --rm app "$1" "$domain"
+
 _install() {
  install --owner=root --group=root --mode=600 \
-	  "$CERTIFICATES_PATH/$domain.$1" \
+	  "/opt/services/_certificates/$domain.$1" \
 	  "/opt/services/harbor/server.$1"
 }

@ -12,6 +14,4 @@ _install crt
 _install key

 export HARBOR_BUNDLE_DIR=/opt/services/harbor
-$HARBOR_BUNDLE_DIR/harbor/install.sh
-
-# vim: ft=sh
+$HARBOR_BUNDLE_DIR/data/install.sh
--- a/roles/lego/tasks/systemd.yml
+++ b/roles/lego/tasks/systemd.yml
@ -11,14 +11,13 @@
    dest: /etc/systemd/system/lego@.timer
    mode: "0644"
  become: true
- name: Enable the system timers
+- name: Enable the system timer for {{ item }}
  ansible.builtin.systemd_service:
    name: lego@{{ item }}.timer
    state: started
    enabled: true
    daemon_reload: true
  loop:
-    - msrg.cc
    - db.serguzim.me
    - registry.serguzim.me
  become: true
--- a/roles/lego/vars/main.yml
+++ b/roles/lego/vars/main.yml
@ -9,9 +9,6 @@ lego_env:
  LEGO_EMAIL: "{{ admin_email }}"
  LEGO_PATH: /data

-  CERTIFICATES_PATH: "{{ certificates_path }}"
-  WIUWIU_TOKEN: "{{ vault_wiuwiu_token }}"
-
 lego_compose:
  watchtower: false
  network: false
				`@ -1 +0,0 @@`
				`<a class="item" href="https://www.serguzim.me/imprint/">Impressum</a>`
				`@ -1 +0,0 @@`
				`<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>`