Compare commits
2 commits
ea037209f6
...
8dfe2dc887
| Author | SHA1 | Date | |
|---|---|---|---|
8dfe2dc887
|
|||
|
22af530918
|
10 changed files with 70 additions and 12 deletions
|
|
@ -0,0 +1 @@
|
|||
<a class="item" href="https://www.serguzim.me/imprint/">Impressum</a>
|
||||
|
|
@ -8,5 +8,32 @@
|
|||
env: "{{ forgejo_env }}"
|
||||
compose: "{{ forgejo_compose }}"
|
||||
block:
|
||||
- name: Import tasks to deploy common service
|
||||
ansible.builtin.import_tasks: tasks/deploy-common-service.yml
|
||||
- name: Import prepare tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
|
||||
|
||||
- name: Copy the template files
|
||||
ansible.builtin.copy:
|
||||
src: templates/
|
||||
dest: "{{ (service_path, 'templates') | path_join }}"
|
||||
mode: "0644"
|
||||
register: cmd_result
|
||||
|
||||
- name: Set the docker force-recreate flag
|
||||
ansible.builtin.set_fact:
|
||||
docker_force_recreate: --force-recreate
|
||||
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
|
||||
|
||||
- name: Template the custom footer
|
||||
ansible.builtin.template:
|
||||
src: footer.tmpl.j2
|
||||
dest: "{{ (service_path, 'templates', 'custom', 'footer.tmpl') | path_join }}"
|
||||
mode: "0644"
|
||||
register: cmd_result
|
||||
|
||||
- name: Set the docker force-recreate flag
|
||||
ansible.builtin.set_fact:
|
||||
docker_force_recreate: --force-recreate
|
||||
when: cmd_result.changed # noqa: no-handler We need to handle the restart per service. Handlers don't support variables.
|
||||
|
||||
- name: Import start tasks for common service
|
||||
ansible.builtin.import_tasks: tasks/start-common-service.yml
|
||||
|
|
|
|||
1
roles/forgejo/templates/footer.tmpl.j2
Normal file
1
roles/forgejo/templates/footer.tmpl.j2
Normal file
|
|
@ -0,0 +1 @@
|
|||
<script async src="/_a/script.js" data-website-id="{{ vault_forgejo.umami }}"></script>
|
||||
|
|
@ -3,7 +3,9 @@ forgejo_svc:
|
|||
domain: git.serguzim.me
|
||||
name: forgejo
|
||||
port: 3000
|
||||
caddy_extra: header /attachments/* Access-Control-Allow-Origin *
|
||||
caddy_extra: |
|
||||
import analytics
|
||||
header /attachments/* Access-Control-Allow-Origin *
|
||||
db:
|
||||
host: "{{ postgres.host }}"
|
||||
port: "{{ postgres.port }}"
|
||||
|
|
@ -82,6 +84,7 @@ forgejo_compose:
|
|||
image: codeberg.org/forgejo/forgejo:1.21
|
||||
volumes:
|
||||
- data:/data
|
||||
- ./templates:/data/gitea/templates
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
file:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
set -a
|
||||
. ./service.env
|
||||
set +a
|
||||
|
||||
domain="$1"
|
||||
action="${2:-renew}"
|
||||
|
||||
|
|
|
|||
|
|
@ -2,15 +2,15 @@
|
|||
|
||||
domain="db.serguzim.me"
|
||||
|
||||
docker compose run --rm app "$1" "$domain"
|
||||
|
||||
_install() {
|
||||
install --owner=postgres --group=postgres --mode=600 \
|
||||
"/opt/services/_certificates/$domain.$1" \
|
||||
"/var/lib/postgresql/server.$1"
|
||||
"$CERTIFICATES_PATH/$domain.$1" \
|
||||
"/var/lib/postgres/data/server.$1"
|
||||
}
|
||||
|
||||
_install crt
|
||||
_install key
|
||||
|
||||
sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
|
||||
|
||||
# vim: ft=sh
|
||||
|
|
|
|||
18
roles/lego/files/node002/msrg.cc
Executable file
18
roles/lego/files/node002/msrg.cc
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
domain="msrg.cc"
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
trap 'rm -rf $tmpdir' EXIT
|
||||
|
||||
cp "$CERTIFICATES_PATH/$domain.crt" "$tmpdir/fullchain.pem"
|
||||
cp "$CERTIFICATES_PATH/$domain.key" "$tmpdir/privkey.pem"
|
||||
|
||||
curl \
|
||||
-F submit="submit" \
|
||||
-F token="$WIUWIU_TOKEN" \
|
||||
-F "cert=@$tmpdir/fullchain.pem" \
|
||||
-F "key=@$tmpdir/privkey.pem" \
|
||||
https://cert-upload.wiuwiu.de/
|
||||
|
||||
# vim: ft=sh
|
||||
|
|
@ -2,11 +2,9 @@
|
|||
|
||||
domain="registry.serguzim.me"
|
||||
|
||||
docker compose run --rm app "$1" "$domain"
|
||||
|
||||
_install() {
|
||||
install --owner=root --group=root --mode=600 \
|
||||
"/opt/services/_certificates/$domain.$1" \
|
||||
"$CERTIFICATES_PATH/$domain.$1" \
|
||||
"/opt/services/harbor/server.$1"
|
||||
}
|
||||
|
||||
|
|
@ -14,4 +12,6 @@ _install crt
|
|||
_install key
|
||||
|
||||
export HARBOR_BUNDLE_DIR=/opt/services/harbor
|
||||
$HARBOR_BUNDLE_DIR/data/install.sh
|
||||
$HARBOR_BUNDLE_DIR/harbor/install.sh
|
||||
|
||||
# vim: ft=sh
|
||||
|
|
|
|||
|
|
@ -11,13 +11,14 @@
|
|||
dest: /etc/systemd/system/lego@.timer
|
||||
mode: "0644"
|
||||
become: true
|
||||
- name: Enable the system timer for {{ item }}
|
||||
- name: Enable the system timers
|
||||
ansible.builtin.systemd_service:
|
||||
name: lego@{{ item }}.timer
|
||||
state: started
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- msrg.cc
|
||||
- db.serguzim.me
|
||||
- registry.serguzim.me
|
||||
become: true
|
||||
|
|
|
|||
|
|
@ -9,6 +9,9 @@ lego_env:
|
|||
LEGO_EMAIL: "{{ admin_email }}"
|
||||
LEGO_PATH: /data
|
||||
|
||||
CERTIFICATES_PATH: "{{ certificates_path }}"
|
||||
WIUWIU_TOKEN: "{{ vault_wiuwiu_token }}"
|
||||
|
||||
lego_compose:
|
||||
watchtower: false
|
||||
network: false
|
||||
|
|
|
|||
Reference in a new issue