From 69abafd8c8607025aabd84729d61ac504d2f0c19 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 29 May 2021 16:21:47 +0100 Subject: [PATCH] Put GitLab on a real domain --- ansible/host_vars/pve-docker.yml | 1 + ansible/roles/gitlab/files/gitlab.rb | 6 +++--- ansible/roles/traefik/defaults/main.yml | 1 + ansible/roles/traefik/files/file-provider-gitlab.yml | 12 ++++++++++++ ansible/roles/traefik/tasks/main.yml | 10 ++++++++++ terraform/theorangeone.net.tf | 8 ++++++++ 6 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/traefik/files/file-provider-gitlab.yml diff --git a/ansible/host_vars/pve-docker.yml b/ansible/host_vars/pve-docker.yml index 6ffa9ce..06f2be8 100644 --- a/ansible/host_vars/pve-docker.yml +++ b/ansible/host_vars/pve-docker.yml @@ -3,5 +3,6 @@ private_ip: "{{ pve_hosts.pve_docker.ip }}" traefik_provider_jellyfin: true traefik_provider_homeassistant: true traefik_provider_grafana: true +traefik_provider_gitlab: true with_fail2ban: true diff --git a/ansible/roles/gitlab/files/gitlab.rb b/ansible/roles/gitlab/files/gitlab.rb index ba363a6..a9c3f44 100644 --- a/ansible/roles/gitlab/files/gitlab.rb +++ b/ansible/roles/gitlab/files/gitlab.rb @@ -1,4 +1,4 @@ -external_url 'https://{{ pve_hosts.gitlab.ip }}' # Obviously temporary +external_url 'https://code.theorangeone.net' nginx['redirect_http_to_https'] = false alertmanager['enable'] = false prometheus_monitoring['enable'] = false @@ -21,5 +21,5 @@ sidekiq['max_concurrency'] = 10 gitlab_rails['gitlab_default_theme'] = 2 nginx['real_ip_header'] = 'X-Forwarded-For' -#nginx['real_ip_trusted_addresses'] = ['172.80.0.0/16'] -#gitlab_rails['trusted_proxies'] = ['172.80.0.0/16'] +nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.pve_docker.ip }}/32'] +gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.pve_docker.ip }}/32'] diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml index 87d632c..95dc1fb 100644 --- a/ansible/roles/traefik/defaults/main.yml +++ b/ansible/roles/traefik/defaults/main.yml @@ -1,6 +1,7 @@ traefik_provider_jellyfin: false traefik_provider_homeassistant: false traefik_provider_grafana: false +traefik_provider_false: false with_traefik_pages: false with_fail2ban: false diff --git a/ansible/roles/traefik/files/file-provider-gitlab.yml b/ansible/roles/traefik/files/file-provider-gitlab.yml new file mode 100644 index 0000000..daa1fbf --- /dev/null +++ b/ansible/roles/traefik/files/file-provider-gitlab.yml @@ -0,0 +1,12 @@ +http: + routers: + router-gitlab: + rule: Host(`code.theorangeone.net`) + service: service-gitlab + tls: + certResolver: le + services: + service-gitlab: + loadBalancer: + servers: + - url: https://{{ pve_hosts.gitlab.ip }} diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index 64b4074..5246076 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -78,6 +78,16 @@ when: traefik_provider_grafana become: true +- name: Install gitlab provider + template: + src: files/file-provider-gitlab.yml + dest: /opt/traefik/traefik/conf/gitlab.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + notify: restart traefik + when: traefik_provider_gitlab + become: true + - name: logrotate config template: src: files/logrotate.conf diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 84a779d..a22ead8 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -10,6 +10,14 @@ resource "cloudflare_record" "theorangeonenet_git" { ttl = 1 } +resource "cloudflare_record" "theorangeonenet_code" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "code" + value = vultr_instance.casey.main_ip + type = "A" + ttl = 1 +} + resource "cloudflare_record" "theorangeonenet_whoami" { zone_id = cloudflare_zone.theorangeonenet.id name = "whoami"