Add a gitea deployment
Yep, it's that time of year _again_
This commit is contained in:
parent
120b7d97c4
commit
a443d56a1c
8 changed files with 214 additions and 0 deletions
|
@ -68,6 +68,7 @@
|
||||||
- tandoor
|
- tandoor
|
||||||
- authentik
|
- authentik
|
||||||
- mastodon
|
- mastodon
|
||||||
|
- gitea
|
||||||
|
|
||||||
- hosts: ingress
|
- hosts: ingress
|
||||||
roles:
|
roles:
|
||||||
|
|
102
ansible/roles/gitea/files/app.ini
Normal file
102
ansible/roles/gitea/files/app.ini
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
APP_NAME = Gitea: Git with a cup of orange juice
|
||||||
|
|
||||||
|
[repository]
|
||||||
|
ROOT = /mnt/repositories
|
||||||
|
DEFAULT_BRANCH = master
|
||||||
|
DISABLE_STARS = true
|
||||||
|
|
||||||
|
[server]
|
||||||
|
SSH_DOMAIN = gitea.theorangeone.net
|
||||||
|
ROOT_URL = https://gitea.theorangeone.net/
|
||||||
|
START_SSH_SERVER = true
|
||||||
|
SSH_PORT = 22 # Makes the SSH URLs look sane
|
||||||
|
SSH_LISTEN_PORT = 2222
|
||||||
|
BUILTIN_SSH_SERVER_USER = git
|
||||||
|
LFS_START_SERVER = true
|
||||||
|
DOMAIN = gitea.theorangeone.net
|
||||||
|
PROTOCOL = http # TLS termination done by Traefik
|
||||||
|
ENABLE_GZIP = true
|
||||||
|
OFFLINE_MODE = true
|
||||||
|
LANDING_PAGE = explore
|
||||||
|
LFS_JWT_SECRET = {{ lfs_jwt_secret }}
|
||||||
|
|
||||||
|
[database]
|
||||||
|
DB_TYPE = postgres
|
||||||
|
HOST = db:5432
|
||||||
|
NAME = gitea
|
||||||
|
USER = gitea
|
||||||
|
PASSWD = gitea
|
||||||
|
|
||||||
|
[session]
|
||||||
|
PROVIDER = db
|
||||||
|
COOKIE_NAME = gitea_session
|
||||||
|
|
||||||
|
[log]
|
||||||
|
ENABLE_ACCESS_LOG = false
|
||||||
|
|
||||||
|
[security]
|
||||||
|
INSTALL_LOCK = true
|
||||||
|
SECRET_KEY = {{ secret_key }}
|
||||||
|
INTERNAL_TOKEN = {{ internal_token }}
|
||||||
|
PASSWORD_HASH_ALGO = pbkdf2
|
||||||
|
COOKIE_USERNAME = gitea_username
|
||||||
|
COOKIE_REMEMBER_NAME = gitea_remember
|
||||||
|
LOGIN_REMEMBER_DAYS = 30
|
||||||
|
|
||||||
|
[service]
|
||||||
|
DISABLE_REGISTRATION = true
|
||||||
|
ENABLE_CAPTCHA = false
|
||||||
|
SHOW_MILESTONES_DASHBOARD_PAGE = false
|
||||||
|
ENABLE_TIMETRACKING = false
|
||||||
|
DEFAULT_ORG_MEMBER_VISIBLE = true
|
||||||
|
|
||||||
|
[ui.metadata]
|
||||||
|
DESCRIPTION = Gitea (Git with a cup of orange juice)
|
||||||
|
AUTHOR = Jake Howard
|
||||||
|
|
||||||
|
[ui.user]
|
||||||
|
REPO_PAGING_NUM = 100
|
||||||
|
|
||||||
|
[ui]
|
||||||
|
SITEMAP_PAGING_NUM = 100
|
||||||
|
FEED_PAGING_NUM = 100
|
||||||
|
DEFAULT_THEME = gitea
|
||||||
|
ISSUE_PAGING_NUM = 100
|
||||||
|
THEME_COLOR_META_TAG = "#ff7f00"
|
||||||
|
FEED_MAX_COMMIT_NUM = 30
|
||||||
|
SHOW_USER_EMAIL = false
|
||||||
|
EXPLORE_PAGING_NUM = 100
|
||||||
|
|
||||||
|
[openid]
|
||||||
|
ENABLE_OPENID_SIGNIN = false
|
||||||
|
ENABLE_OPENID_SIGNUP = false
|
||||||
|
|
||||||
|
[service.explore]
|
||||||
|
DISABLE_USERS_PAGE = true
|
||||||
|
|
||||||
|
[queue]
|
||||||
|
CONN_STR = redis://redis:6379/0
|
||||||
|
TYPE = redis
|
||||||
|
|
||||||
|
[cache]
|
||||||
|
ADAPTER = redis
|
||||||
|
HOST = redis://redis:6379/1
|
||||||
|
ITEM_TTL = 48h
|
||||||
|
|
||||||
|
[other]
|
||||||
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
|
||||||
|
SHOW_FOOTER_VERSION = false
|
||||||
|
SHOW_FOOTER_BRANDING=false
|
||||||
|
|
||||||
|
[mirror]
|
||||||
|
DEFAULT_INTERVAL = 1h
|
||||||
|
|
||||||
|
[cron]
|
||||||
|
ENABLED = true
|
||||||
|
|
||||||
|
[indexer]
|
||||||
|
REPO_INDEXER_ENABLED = true
|
||||||
|
ISSUE_INDEXER_TYPE = db
|
||||||
|
|
||||||
|
[lfs]
|
||||||
|
PATH = /mnt/lfs
|
49
ansible/roles/gitea/files/docker-compose.yml
Normal file
49
ansible/roles/gitea/files/docker-compose.yml
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
version: "2.3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
gitea:
|
||||||
|
image: gitea/gitea:1.18.1-rootless
|
||||||
|
user: "{{ docker_user.id }}:{{ docker_user.id }}"
|
||||||
|
environment:
|
||||||
|
- TZ={{ timezone }}
|
||||||
|
volumes:
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- "{{ app_data_dir }}/gitea/data:/var/lib/gitea"
|
||||||
|
- "{{ app_data_dir }}/gitea/config:/etc/gitea"
|
||||||
|
- /mnt/tank/files/gitea-repositories/repositories:/mnt/repositories
|
||||||
|
- /mnt/tank/files/gitea-repositories/lfs:/mnt/lfs
|
||||||
|
tmpfs:
|
||||||
|
- /var/lib/gitea/tmp
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "{{ pve_hosts.docker.ip }}:2222:2222"
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
- redis
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.http.routers.gitea.rule=Host(`gitea.theorangeone.net`)
|
||||||
|
- traefik.http.services.gitea-gitea.loadbalancer.server.port=3000
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- traefik
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:14-alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /mnt/tank/dbs/postgres/gitea:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_PASSWORD=gitea
|
||||||
|
- POSTGRES_USER=gitea
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:7-alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /mnt/tank/dbs/redis/gitea:/data
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
4
ansible/roles/gitea/handlers/main.yml
Normal file
4
ansible/roles/gitea/handlers/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- name: restart gitea
|
||||||
|
shell:
|
||||||
|
chdir: /opt/gitea
|
||||||
|
cmd: "{{ docker_update_command }}"
|
29
ansible/roles/gitea/tasks/main.yml
Normal file
29
ansible/roles/gitea/tasks/main.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
- name: Include vault
|
||||||
|
include_vars: vault.yml
|
||||||
|
|
||||||
|
- name: Create install directory
|
||||||
|
file:
|
||||||
|
path: /opt/gitea
|
||||||
|
state: directory
|
||||||
|
owner: "{{ docker_user.name }}"
|
||||||
|
mode: "{{ docker_compose_directory_mask }}"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Install compose file
|
||||||
|
template:
|
||||||
|
src: files/docker-compose.yml
|
||||||
|
dest: /opt/gitea/docker-compose.yml
|
||||||
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
|
owner: "{{ docker_user.name }}"
|
||||||
|
validate: docker-compose -f %s config
|
||||||
|
notify: restart gitea
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Install config file
|
||||||
|
template:
|
||||||
|
src: files/app.ini
|
||||||
|
dest: "{{ app_data_dir }}/gitea/config/app.ini"
|
||||||
|
mode: "{{ docker_compose_file_mask }}"
|
||||||
|
owner: "{{ docker_user.name }}"
|
||||||
|
notify: restart gitea
|
||||||
|
become: true
|
3
ansible/roles/gitea/vars/main.yml
Normal file
3
ansible/roles/gitea/vars/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
lfs_jwt_secret: "{{ vault_lfs_jwt_secret }}"
|
||||||
|
secret_key: "{{ vault_secret_key }}"
|
||||||
|
internal_token: "{{ vault_internal_token }}"
|
18
ansible/roles/gitea/vars/vault.yml
Normal file
18
ansible/roles/gitea/vars/vault.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
35363665336465663661393536396531346436383939343130333536643861326432373431643063
|
||||||
|
6161396631366662613736383232663836643336393166640a336561613064663366346536393532
|
||||||
|
35333336653863363433633966393031323633653638623333653561373730616138353535353931
|
||||||
|
6632613734393839660a663333313732613235316564633832613231333035363636313834356464
|
||||||
|
30313237323364636662383333353938373338313338663131316132663831343664376362383134
|
||||||
|
36323465666334313635383139616563623566616135653235323633643865386130636138656630
|
||||||
|
61326363306561313733616539623661396532386561326439646535393130353035306231616239
|
||||||
|
33656562303965306662623234316265353931656364313737353965336138393065643561363431
|
||||||
|
64643036643632383738323961373338363437313132356139636338613137643433333064376266
|
||||||
|
61383663333932623934343631353932323239333737613134393838363631633837353463663737
|
||||||
|
39623137393238333735313734313539323731666264343535663464356438306662383331343338
|
||||||
|
32303362643766313765313432623036643534386234393363386432396634346335626338353038
|
||||||
|
34656436386636393631666534633532363039393763323137663637653131666364376262303236
|
||||||
|
31376261396337336636303132353335323265346434393631613937666364313562613366373362
|
||||||
|
65383836363430663237376666383239613234616137383934343931643232336266396264333366
|
||||||
|
64363932336635356230353934613136613537636236396135373130343662613966363930323364
|
||||||
|
65653031653436333331306262393738346265633936343833663032393839363333
|
|
@ -10,6 +10,14 @@ resource "cloudflare_record" "theorangeonenet_git" {
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "theorangeonenet_gitea" {
|
||||||
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
|
name = "gitea"
|
||||||
|
value = linode_instance.casey.ip_address
|
||||||
|
type = "A"
|
||||||
|
ttl = 1
|
||||||
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_git_registry" {
|
resource "cloudflare_record" "theorangeonenet_git_registry" {
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
name = "registry.git"
|
name = "registry.git"
|
||||||
|
|
Loading…
Reference in a new issue