Swap GitLab with Gitea #1

Merged
jake merged 4 commits from swap-gitlab-with-gitea into master 2023-04-06 20:11:26 +01:00
31 changed files with 21 additions and 305 deletions

View file

@ -14,8 +14,6 @@ roles:
- src: ironicbadger.proxmox_nag_removal
version: 1.0.1
- src: chmduquesne.iptables_persistent
- src: geerlingguy.gitlab
version: 3.2.0
- src: dokku_bot.ansible_dokku
version: v2021.11.28
- src: ironicbadger.snapraid

View file

@ -11,10 +11,6 @@ pve_hosts:
ip: 10.23.1.101
docker:
ip: 10.23.1.103
gitlab:
ip: 10.23.1.106
gitlab_runner:
ip: 10.23.1.107
ingress:
ip: 10.23.1.10
external_ip: 192.168.2.201

View file

@ -3,7 +3,6 @@ private_ip: "{{ pve_hosts.docker.ip }}"
traefik_provider_jellyfin: true
traefik_provider_homeassistant: true
traefik_provider_grafana: true
traefik_provider_gitlab: true
with_fail2ban: true

View file

@ -1 +0,0 @@
ssh_extra_allowed_users: git@{{ pve_hosts.internal_cidr }}

View file

@ -12,7 +12,5 @@ jellyfin
forrest
qbittorrent
restic
pve-gitlab
pve-gitlab-runner
renovate
gitea-runner

View file

@ -31,7 +31,6 @@
- pve-docker
- forrest
- walker
- pve-gitlab-runner
- grimes
- renovate
- gitea-runner
@ -117,14 +116,6 @@
roles:
- restic
- hosts: pve-gitlab
roles:
- gitlab
- hosts: pve-gitlab-runner
roles:
- gitlab_runner
- hosts: gitea-runner
roles:
- gitea_runner

View file

@ -50,7 +50,6 @@ scrape_configs:
static_configs:
- targets:
- https://bin.theorangeone.net
- https://git.theorangeone.net/-/liveness?token={{ gitlab_liveness_access_token }}
- https://grafana.jakehoward.tech/api/health
- https://homeassistant.jakehoward.tech
- https://intersect.jakehoward.tech

View file

@ -2,7 +2,6 @@ grafana_smtp_password: "{{ vault_grafana_smtp_password }}"
grafana_smtp_user: "{{ vault_grafana_smtp_user }}"
grafana_from_email: "{{ vault_grafana_from_email }}"
homeassistant_token: "{{ vault_homeassistant_token }}"
gitlab_liveness_access_token: "{{ vault_gitlab_liveness_access_token }}"
prometheus_healthcheck_uuid: "{{ vault_prometheus_healthcheck_uuid }}"
healthchecks_project_uuid: "{{ vault_healthchecks_project_uuid }}"
healthcheck_api_token: "{{ vault_healthcheck_api_token }}"

View file

@ -6,14 +6,14 @@ DEFAULT_BRANCH = master
DISABLE_STARS = true
[server]
SSH_DOMAIN = gitea.theorangeone.net
ROOT_URL = https://gitea.theorangeone.net/
SSH_DOMAIN = git.theorangeone.net
ROOT_URL = https://git.theorangeone.net/
START_SSH_SERVER = true
SSH_PORT = 22 # Makes the SSH URLs look sane
SSH_LISTEN_PORT = 2222
BUILTIN_SSH_SERVER_USER = git
LFS_START_SERVER = true
DOMAIN = gitea.theorangeone.net
DOMAIN = git.theorangeone.net
PROTOCOL = http # TLS termination done by Traefik
ENABLE_GZIP = true
OFFLINE_MODE = true

View file

@ -23,7 +23,7 @@ services:
- redis
labels:
- traefik.enable=true
- traefik.http.routers.gitea.rule=Host(`gitea.theorangeone.net`)
- traefik.http.routers.gitea.rule=Host(`git.theorangeone.net`)
- traefik.http.services.gitea-gitea.loadbalancer.server.port=3000
networks:
- default

View file

@ -9,7 +9,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- TZ={{ timezone }}
- GITEA_INSTANCE_URL=https://gitea.theorangeone.net
- GITEA_INSTANCE_URL=https://git.theorangeone.net
- GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_registration_token }}
- GITEA_RUNNER_NAME={{ ansible_hostname }}
restart: unless-stopped

View file

@ -1,3 +0,0 @@
# Reconfigure GitLab before start. Mostly to ensure log directories exist
[Service]
ExecStartPre=/usr/bin/gitlab-ctl reconfigure

View file

@ -1,64 +0,0 @@
external_url 'https://git.theorangeone.net'
nginx['redirect_http_to_https'] = false
alertmanager['enable'] = false
prometheus_monitoring['enable'] = false
grafana['enable'] = false
nginx['status'] = {
'enable' => false
}
nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
letsencrypt['enable'] = false
gitlab_rails['time_zone'] = '{{ timezone }}'
# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
puma['worker_processes'] = 2
sidekiq['max_concurrency'] = 5
gitlab_rails['gitlab_default_theme'] = 2
nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.docker.ip }}/32']
gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.docker.ip }}/32']
# SMTP
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.eu.mailgun.org"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "{{ gitlab_smtp_user }}"
gitlab_rails['smtp_password'] = "{{ gitlab_smtp_password }}"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['gitlab_email_from'] = "{{ gitlab_from_email }}"
gitlab_rails['artifacts_path'] = "/mnt/gitlab-bulk/artifacts"
gitlab_rails['backup_path'] = "/mnt/gitlab-bulk/backups"
gitlab_rails['backup_keep_time'] = 60 * 60 * 24 * 14 # 14 days
# Registry
registry_external_url "https://registry.git.theorangeone.net"
registry_nginx['redirect_http_to_https'] = false
registry_nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
registry_nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
registry['storage'] = {
's3' => {
'accesskey' => '{{ gitlab_registry_access_key }}',
'secretkey' => '{{ gitlab_registry_secret_key }}',
'bucket' => '0rng-registry',
'region' => 'eu-central-003',
'regionendpoint' => 'https://s3.eu-central-003.backblazeb2.com'
}
}
# https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6895
nginx['worker_processes'] = "auto"
# GitLab Pages
pages_external_url "https://gitlab-pages.theorangeone.net"
gitlab_pages["external_http"] = [":8008"]
gitlab_pages["access_control"] = true
pages_nginx["enable"] = false
gitlab_rails["pages_path"] = "/mnt/gitlab-bulk/pages"

View file

@ -1,30 +0,0 @@
- name: Include vault
include_vars: vault.yml
- name: Install and configure GitLab
import_role:
name: geerlingguy.gitlab
become: true
- name: Create dir for service override
file:
path: /usr/lib/systemd/system/gitlab-runsvdir.service.d/
state: directory
mode: "0755"
become: true
- name: Create override.conf
copy:
src: files/gitlab-override.conf
dest: /usr/lib/systemd/system/gitlab-runsvdir.service.d/gitlab-override.conf
owner: root
group: root
mode: "0644"
become: true
# https://theorangeone.net/posts/gitlab-dater/
- name: Install gitlab-dater
git:
repo: https://git.theorangeone.net/sys/gitlab-dater
dest: "{{ home }}/gitlab-dater"
depth: 1

View file

@ -1,7 +0,0 @@
gitlab_config_template: files/gitlab.rb
gitlab_create_self_signed_cert: false
gitlab_smtp_password: "{{ vault_gitlab_smtp_password }}"
gitlab_smtp_user: "{{ vault_gitlab_smtp_user }}"
gitlab_from_email: "{{ vault_gitlab_from_email }}"
gitlab_registry_access_key: "{{ vault_gitlab_registry_access_key }}"
gitlab_registry_secret_key: "{{ vault_gitlab_registry_secret_key }}"

View file

@ -1,21 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
32383930626639373231366430616531633532333639376431383065373566376238313264633231
6537363863336466646330333566396365613538646665650a636633363933326530353834376335
31666535316239306136353436353038323466353130373433343533323562356534386664663130
6431306465336435390a643661383137666535366463633634633866623263323837376664353262
38333636336639663632343130663635376262646130613065633233663562383631626665373036
65316563643831303561636536663230623462326233393838663031393135613263333739623038
35653739346134396336613163346530653834333138653865366330643037653638653732326633
34656632353931626362316663353639633631303636373066343131366538656662653738623134
31633636313233363663313939333264333461376630356461303637326438306536343136393132
39393734393564366239666662356439336561366238353637373835353761633234333763396133
36373635393332613835363631363733613835336132353164633266396136313838366435616239
31373662663835666134306438653732653366396564663133653937383434663961386663343833
36343434346630623233363862386237343432616237643232643861623234643835306432376236
32313063656639346166666435636265383232336166663966633462383331393936646566383637
62306663373763323062643935383565383338386639313131636162316366616530636634346462
30313438306435656639303165633461623064313938303162663534666431633533366331383061
31376535356163383131653339313832653165343531633063633536623061623831333436646138
63313739316436306436313965636633326466313137626161623139633736303331633538636263
66396339346437633130616135333931373032393139313035623861643039343035313662626136
35333263346466323361

View file

@ -1,20 +0,0 @@
concurrent = {{ ansible_processor_nproc }}
log_level = "warning"
check_interval = 10
[session_server]
session_timeout = 1800
[[runners]]
name = "runner"
url = "https://git.theorangeone.net"
token = "{{ gitlab_runner_token }}"
limit = 0
executor = "docker"
[runners.docker]
image = "alpine"
privileged = true
disable_cache = false
volumes = ["/cache", "/certs/client"]
pull_policy = "if-not-present"

View file

@ -1,5 +0,0 @@
- name: restart gitlab-runner
service:
name: gitlab-runner
state: restarted
become: true

View file

@ -1,21 +0,0 @@
- name: Include vault
include_vars: vault.yml
- name: Install runner
package:
name: gitlab-runner
become: true
- name: Install config
template:
src: files/config.toml
dest: /etc/gitlab-runner/config.toml
mode: "0600"
become: true
notify: restart gitlab-runner
- name: Enable runner
service:
name: gitlab-runner
enabled: true
become: true

View file

@ -1 +0,0 @@
gitlab_runner_token: "{{ vault_gitlab_runner_token }}"

View file

@ -1,8 +0,0 @@
$ANSIBLE_VAULT;1.1;AES256
61313533333239316433623837616239346461393538356665363034663533343165366434316137
3837376330386436656265356637343166643465616534390a666634323334383831306336613636
36623630646235386661633266633533396664656464333561623036313865343036653734643132
6333393739383764340a646361383961373434303936383131326364626439353262623965643564
31343631656234666464383935306434383363316362666263323165613939663736326435313966
35373466333937636633383138636434333765646235633630616539343464343237383236613739
313038366164653662616461626661363832

View file

@ -1,7 +1,7 @@
module.exports = {
endpoint: 'https://git.theorangeone.net/api/v4/',
token: '{{ renovate_gitlab_token }}',
platform: 'gitlab',
endpoint: 'https://git.theorangeone.net/',
token: '{{ renovate_gitea_token }}',
platform: 'gitea',
//dryRun: true,
autodiscover: true,
onboarding: false,

View file

@ -1,2 +1,2 @@
renovate_gitlab_token: "{{ vault_renovate_gitlab_token }}"
renovate_gitea_token: "{{ vault_renovate_gitea_token }}"
renovate_github_token: "{{ vault_renovate_github_token }}"

View file

@ -1,11 +1,12 @@
$ANSIBLE_VAULT;1.1;AES256
37666339323131376463616330376335623238363930353938383162623162633665623763626464
3833623739633363616362643166393538386139373139310a393530323937373938346237633536
32376237386536633134613438383730323565356164313933376232343866303764643033396237
6133313835663637660a336162303239636137313339366330323463326339366537343164663336
61346434383164336138626261663939333265306430316535653062393431646230636162373665
39386436306534316632376238616332636265303534316366356139303865323631323064303665
64636565666231643330396164383066623166393339633330363633343639346637343239313936
37613266393438616166326138313262623837386231393666633361396364313335346238313863
65383435626335333631326537373366636439306366373235386132393839663063333063383133
6333613165306462376631326239613864613630363738633331
39396266373730336338666661383762373535393862653662613034623939353033653738666238
6666396462326235663833336463613864326635643464610a633863323634363939303133383234
33663538346230303930343635356365336539393337316235353933366534333832396234633333
3565353832343432390a326463623733636561366234376331333261353561326361386235313635
33643834343236346238353233383563636262616366326166343135366439643839323566633766
66613064396636393462396263636563373633636433623438623336363934353037333138646230
38623163366636663237356161313563373232396362396239623761653365333931343761313636
38306664366365383537316531666333643462663466303264656238376634323464373365336364
39393635326534393661353132353962376531623035303761303236303336363338643936343561
31623939353863633261343631313530613335643664323233336134306365316662386631396239
613461636333663533336631303839666665

View file

@ -1,6 +1,5 @@
traefik_provider_jellyfin: false
traefik_provider_homeassistant: false
traefik_provider_grafana: false
traefik_provider_gitlab: false
with_fail2ban: false

View file

@ -1,30 +0,0 @@
http:
routers:
router-gitlab:
rule: Host(`git.theorangeone.net`)
service: service-gitlab
router-gitlab-registry:
rule: Host(`registry.git.theorangeone.net`)
service: service-gitlab
router-gitlab-pages:
rule: HostRegexp(`gitlab-pages.theorangeone.net`, `{subdomain:[a-z]+}.gitlab-pages.theorangeone.net`)
service: service-gitlab-pages
router-slides:
rule: Host(`slides.jakehoward.tech`)
service: service-slides
services:
service-gitlab:
loadBalancer:
servers:
- url: https://{{ pve_hosts.gitlab.ip }}
service-gitlab-pages:
loadBalancer:
servers:
- url: http://{{ pve_hosts.gitlab.ip }}:8008
# HACK: GitLab doesn't support `_redirects` with domains in
service-slides:
loadBalancer:
passHostHeader: false
servers:
- url: https://slides.gitlab-pages.theorangeone.net

View file

@ -26,10 +26,6 @@ entryPoints:
sans: "*.jakehoward.tech"
- main: 0rng.one
sans: "*.0rng.one"
{% if traefik_provider_gitlab %}
- main: gitlab-pages.theorangeone.net
sans: "*.gitlab-pages.theorangeone.net"
{% endif %}
proxyProtocol:
trustedIPs:
- "{{ wireguard.cidr }}"

View file

@ -86,16 +86,6 @@
when: traefik_provider_grafana
become: true
- name: Install gitlab provider
template:
src: files/file-provider-gitlab.yml
dest: /opt/traefik/traefik/conf/gitlab.yml
mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}"
notify: restart traefik
when: traefik_provider_gitlab
become: true
- name: logrotate config
template:
src: files/logrotate.conf

View file

@ -1,7 +1,7 @@
version: "2.3"
x-website: &website
image: registry.git.theorangeone.net/repos/website:latest
image: registry.gitlab.com/realorangeone/website:latest
user: "{{ docker_user.id }}"
restart: unless-stopped
init: true

View file

@ -180,13 +180,6 @@ resource "cloudflare_record" "jakehowardtech_mailgun_dmarc" {
ttl = 1
}
resource "cloudflare_record" "jakehowardtech_slides" {
zone_id = cloudflare_zone.jakehowardtech.id
name = "slides"
value = cloudflare_record.theorangeonenet_gitlab_pages.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "jakehowardtech_matrix_admin" {
zone_id = cloudflare_zone.jakehowardtech.id
name = "synapse-admin"

View file

@ -10,22 +10,6 @@ resource "cloudflare_record" "theorangeonenet_git" {
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_gitea" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "gitea"
value = linode_instance.casey.ip_address
type = "A"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_git_registry" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "registry.git"
value = cloudflare_record.theorangeonenet_git.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_whoami" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "whoami"
@ -268,22 +252,6 @@ resource "cloudflare_record" "theorangeonenet_mailgun_dmarc" {
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_gitlab_pages" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "gitlab-pages"
value = cloudflare_record.theorangeonenet_git.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_gitlab_pages_wildcard" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "*.gitlab-pages"
value = cloudflare_record.theorangeonenet_gitlab_pages.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mastodon" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "mastodon"