From a443d56a1cc3e84358ed2c8a8dc66b799790ff2f Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 27 Jan 2023 17:28:45 +0000 Subject: [PATCH] Add a gitea deployment Yep, it's that time of year _again_ --- ansible/main.yml | 1 + ansible/roles/gitea/files/app.ini | 102 +++++++++++++++++++ ansible/roles/gitea/files/docker-compose.yml | 49 +++++++++ ansible/roles/gitea/handlers/main.yml | 4 + ansible/roles/gitea/tasks/main.yml | 29 ++++++ ansible/roles/gitea/vars/main.yml | 3 + ansible/roles/gitea/vars/vault.yml | 18 ++++ terraform/theorangeone.net.tf | 8 ++ 8 files changed, 214 insertions(+) create mode 100644 ansible/roles/gitea/files/app.ini create mode 100644 ansible/roles/gitea/files/docker-compose.yml create mode 100644 ansible/roles/gitea/handlers/main.yml create mode 100644 ansible/roles/gitea/tasks/main.yml create mode 100644 ansible/roles/gitea/vars/main.yml create mode 100644 ansible/roles/gitea/vars/vault.yml diff --git a/ansible/main.yml b/ansible/main.yml index c77526f..c403704 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -68,6 +68,7 @@ - tandoor - authentik - mastodon + - gitea - hosts: ingress roles: diff --git a/ansible/roles/gitea/files/app.ini b/ansible/roles/gitea/files/app.ini new file mode 100644 index 0000000..a64d969 --- /dev/null +++ b/ansible/roles/gitea/files/app.ini @@ -0,0 +1,102 @@ +APP_NAME = Gitea: Git with a cup of orange juice + +[repository] +ROOT = /mnt/repositories +DEFAULT_BRANCH = master +DISABLE_STARS = true + +[server] +SSH_DOMAIN = gitea.theorangeone.net +ROOT_URL = https://gitea.theorangeone.net/ +START_SSH_SERVER = true +SSH_PORT = 22 # Makes the SSH URLs look sane +SSH_LISTEN_PORT = 2222 +BUILTIN_SSH_SERVER_USER = git +LFS_START_SERVER = true +DOMAIN = gitea.theorangeone.net +PROTOCOL = http # TLS termination done by Traefik +ENABLE_GZIP = true +OFFLINE_MODE = true +LANDING_PAGE = explore +LFS_JWT_SECRET = {{ lfs_jwt_secret }} + +[database] +DB_TYPE = postgres +HOST = db:5432 +NAME = gitea +USER = gitea +PASSWD = gitea + +[session] +PROVIDER = db +COOKIE_NAME = gitea_session + +[log] +ENABLE_ACCESS_LOG = false + +[security] +INSTALL_LOCK = true +SECRET_KEY = {{ secret_key }} +INTERNAL_TOKEN = {{ internal_token }} +PASSWORD_HASH_ALGO = pbkdf2 +COOKIE_USERNAME = gitea_username +COOKIE_REMEMBER_NAME = gitea_remember +LOGIN_REMEMBER_DAYS = 30 + +[service] +DISABLE_REGISTRATION = true +ENABLE_CAPTCHA = false +SHOW_MILESTONES_DASHBOARD_PAGE = false +ENABLE_TIMETRACKING = false +DEFAULT_ORG_MEMBER_VISIBLE = true + +[ui.metadata] +DESCRIPTION = Gitea (Git with a cup of orange juice) +AUTHOR = Jake Howard + +[ui.user] +REPO_PAGING_NUM = 100 + +[ui] +SITEMAP_PAGING_NUM = 100 +FEED_PAGING_NUM = 100 +DEFAULT_THEME = gitea +ISSUE_PAGING_NUM = 100 +THEME_COLOR_META_TAG = "#ff7f00" +FEED_MAX_COMMIT_NUM = 30 +SHOW_USER_EMAIL = false +EXPLORE_PAGING_NUM = 100 + +[openid] +ENABLE_OPENID_SIGNIN = false +ENABLE_OPENID_SIGNUP = false + +[service.explore] +DISABLE_USERS_PAGE = true + +[queue] +CONN_STR = redis://redis:6379/0 +TYPE = redis + +[cache] +ADAPTER = redis +HOST = redis://redis:6379/1 +ITEM_TTL = 48h + +[other] +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_BRANDING=false + +[mirror] +DEFAULT_INTERVAL = 1h + +[cron] +ENABLED = true + +[indexer] +REPO_INDEXER_ENABLED = true +ISSUE_INDEXER_TYPE = db + +[lfs] +PATH = /mnt/lfs diff --git a/ansible/roles/gitea/files/docker-compose.yml b/ansible/roles/gitea/files/docker-compose.yml new file mode 100644 index 0000000..e2417fb --- /dev/null +++ b/ansible/roles/gitea/files/docker-compose.yml @@ -0,0 +1,49 @@ +version: "2.3" + +services: + gitea: + image: gitea/gitea:1.18.1-rootless + user: "{{ docker_user.id }}:{{ docker_user.id }}" + environment: + - TZ={{ timezone }} + volumes: + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - "{{ app_data_dir }}/gitea/data:/var/lib/gitea" + - "{{ app_data_dir }}/gitea/config:/etc/gitea" + - /mnt/tank/files/gitea-repositories/repositories:/mnt/repositories + - /mnt/tank/files/gitea-repositories/lfs:/mnt/lfs + tmpfs: + - /var/lib/gitea/tmp + restart: unless-stopped + ports: + - "{{ pve_hosts.docker.ip }}:2222:2222" + depends_on: + - db + - redis + labels: + - traefik.enable=true + - traefik.http.routers.gitea.rule=Host(`gitea.theorangeone.net`) + - traefik.http.services.gitea-gitea.loadbalancer.server.port=3000 + networks: + - default + - traefik + + db: + image: postgres:14-alpine + restart: unless-stopped + volumes: + - /mnt/tank/dbs/postgres/gitea:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=gitea + - POSTGRES_USER=gitea + + redis: + image: redis:7-alpine + restart: unless-stopped + volumes: + - /mnt/tank/dbs/redis/gitea:/data + +networks: + traefik: + external: true diff --git a/ansible/roles/gitea/handlers/main.yml b/ansible/roles/gitea/handlers/main.yml new file mode 100644 index 0000000..ad94997 --- /dev/null +++ b/ansible/roles/gitea/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart gitea + shell: + chdir: /opt/gitea + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/gitea/tasks/main.yml b/ansible/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..2554203 --- /dev/null +++ b/ansible/roles/gitea/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/gitea + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/gitea/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart gitea + become: true + +- name: Install config file + template: + src: files/app.ini + dest: "{{ app_data_dir }}/gitea/config/app.ini" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + notify: restart gitea + become: true diff --git a/ansible/roles/gitea/vars/main.yml b/ansible/roles/gitea/vars/main.yml new file mode 100644 index 0000000..da348f7 --- /dev/null +++ b/ansible/roles/gitea/vars/main.yml @@ -0,0 +1,3 @@ +lfs_jwt_secret: "{{ vault_lfs_jwt_secret }}" +secret_key: "{{ vault_secret_key }}" +internal_token: "{{ vault_internal_token }}" diff --git a/ansible/roles/gitea/vars/vault.yml b/ansible/roles/gitea/vars/vault.yml new file mode 100644 index 0000000..6381c64 --- /dev/null +++ b/ansible/roles/gitea/vars/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +35363665336465663661393536396531346436383939343130333536643861326432373431643063 +6161396631366662613736383232663836643336393166640a336561613064663366346536393532 +35333336653863363433633966393031323633653638623333653561373730616138353535353931 +6632613734393839660a663333313732613235316564633832613231333035363636313834356464 +30313237323364636662383333353938373338313338663131316132663831343664376362383134 +36323465666334313635383139616563623566616135653235323633643865386130636138656630 +61326363306561313733616539623661396532386561326439646535393130353035306231616239 +33656562303965306662623234316265353931656364313737353965336138393065643561363431 +64643036643632383738323961373338363437313132356139636338613137643433333064376266 +61383663333932623934343631353932323239333737613134393838363631633837353463663737 +39623137393238333735313734313539323731666264343535663464356438306662383331343338 +32303362643766313765313432623036643534386234393363386432396634346335626338353038 +34656436386636393631666534633532363039393763323137663637653131666364376262303236 +31376261396337336636303132353335323265346434393631613937666364313562613366373362 +65383836363430663237376666383239613234616137383934343931643232336266396264333366 +64363932336635356230353934613136613537636236396135373130343662613966363930323364 +65653031653436333331306262393738346265633936343833663032393839363333 diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 5f7b6e1..cffd65f 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -10,6 +10,14 @@ resource "cloudflare_record" "theorangeonenet_git" { ttl = 1 } +resource "cloudflare_record" "theorangeonenet_gitea" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "gitea" + value = linode_instance.casey.ip_address + type = "A" + ttl = 1 +} + resource "cloudflare_record" "theorangeonenet_git_registry" { zone_id = cloudflare_zone.theorangeonenet.id name = "registry.git"