Swap GitLab with Gitea #1
31 changed files with 21 additions and 305 deletions
|
@ -14,8 +14,6 @@ roles:
|
||||||
- src: ironicbadger.proxmox_nag_removal
|
- src: ironicbadger.proxmox_nag_removal
|
||||||
version: 1.0.1
|
version: 1.0.1
|
||||||
- src: chmduquesne.iptables_persistent
|
- src: chmduquesne.iptables_persistent
|
||||||
- src: geerlingguy.gitlab
|
|
||||||
version: 3.2.0
|
|
||||||
- src: dokku_bot.ansible_dokku
|
- src: dokku_bot.ansible_dokku
|
||||||
version: v2021.11.28
|
version: v2021.11.28
|
||||||
- src: ironicbadger.snapraid
|
- src: ironicbadger.snapraid
|
||||||
|
|
|
@ -11,10 +11,6 @@ pve_hosts:
|
||||||
ip: 10.23.1.101
|
ip: 10.23.1.101
|
||||||
docker:
|
docker:
|
||||||
ip: 10.23.1.103
|
ip: 10.23.1.103
|
||||||
gitlab:
|
|
||||||
ip: 10.23.1.106
|
|
||||||
gitlab_runner:
|
|
||||||
ip: 10.23.1.107
|
|
||||||
ingress:
|
ingress:
|
||||||
ip: 10.23.1.10
|
ip: 10.23.1.10
|
||||||
external_ip: 192.168.2.201
|
external_ip: 192.168.2.201
|
||||||
|
|
|
@ -3,7 +3,6 @@ private_ip: "{{ pve_hosts.docker.ip }}"
|
||||||
traefik_provider_jellyfin: true
|
traefik_provider_jellyfin: true
|
||||||
traefik_provider_homeassistant: true
|
traefik_provider_homeassistant: true
|
||||||
traefik_provider_grafana: true
|
traefik_provider_grafana: true
|
||||||
traefik_provider_gitlab: true
|
|
||||||
|
|
||||||
with_fail2ban: true
|
with_fail2ban: true
|
||||||
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ssh_extra_allowed_users: git@{{ pve_hosts.internal_cidr }}
|
|
|
@ -12,7 +12,5 @@ jellyfin
|
||||||
forrest
|
forrest
|
||||||
qbittorrent
|
qbittorrent
|
||||||
restic
|
restic
|
||||||
pve-gitlab
|
|
||||||
pve-gitlab-runner
|
|
||||||
renovate
|
renovate
|
||||||
gitea-runner
|
gitea-runner
|
||||||
|
|
|
@ -31,7 +31,6 @@
|
||||||
- pve-docker
|
- pve-docker
|
||||||
- forrest
|
- forrest
|
||||||
- walker
|
- walker
|
||||||
- pve-gitlab-runner
|
|
||||||
- grimes
|
- grimes
|
||||||
- renovate
|
- renovate
|
||||||
- gitea-runner
|
- gitea-runner
|
||||||
|
@ -117,14 +116,6 @@
|
||||||
roles:
|
roles:
|
||||||
- restic
|
- restic
|
||||||
|
|
||||||
- hosts: pve-gitlab
|
|
||||||
roles:
|
|
||||||
- gitlab
|
|
||||||
|
|
||||||
- hosts: pve-gitlab-runner
|
|
||||||
roles:
|
|
||||||
- gitlab_runner
|
|
||||||
|
|
||||||
- hosts: gitea-runner
|
- hosts: gitea-runner
|
||||||
roles:
|
roles:
|
||||||
- gitea_runner
|
- gitea_runner
|
||||||
|
|
|
@ -50,7 +50,6 @@ scrape_configs:
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
- https://bin.theorangeone.net
|
- https://bin.theorangeone.net
|
||||||
- https://git.theorangeone.net/-/liveness?token={{ gitlab_liveness_access_token }}
|
|
||||||
- https://grafana.jakehoward.tech/api/health
|
- https://grafana.jakehoward.tech/api/health
|
||||||
- https://homeassistant.jakehoward.tech
|
- https://homeassistant.jakehoward.tech
|
||||||
- https://intersect.jakehoward.tech
|
- https://intersect.jakehoward.tech
|
||||||
|
|
|
@ -2,7 +2,6 @@ grafana_smtp_password: "{{ vault_grafana_smtp_password }}"
|
||||||
grafana_smtp_user: "{{ vault_grafana_smtp_user }}"
|
grafana_smtp_user: "{{ vault_grafana_smtp_user }}"
|
||||||
grafana_from_email: "{{ vault_grafana_from_email }}"
|
grafana_from_email: "{{ vault_grafana_from_email }}"
|
||||||
homeassistant_token: "{{ vault_homeassistant_token }}"
|
homeassistant_token: "{{ vault_homeassistant_token }}"
|
||||||
gitlab_liveness_access_token: "{{ vault_gitlab_liveness_access_token }}"
|
|
||||||
prometheus_healthcheck_uuid: "{{ vault_prometheus_healthcheck_uuid }}"
|
prometheus_healthcheck_uuid: "{{ vault_prometheus_healthcheck_uuid }}"
|
||||||
healthchecks_project_uuid: "{{ vault_healthchecks_project_uuid }}"
|
healthchecks_project_uuid: "{{ vault_healthchecks_project_uuid }}"
|
||||||
healthcheck_api_token: "{{ vault_healthcheck_api_token }}"
|
healthcheck_api_token: "{{ vault_healthcheck_api_token }}"
|
||||||
|
|
|
@ -6,14 +6,14 @@ DEFAULT_BRANCH = master
|
||||||
DISABLE_STARS = true
|
DISABLE_STARS = true
|
||||||
|
|
||||||
[server]
|
[server]
|
||||||
SSH_DOMAIN = gitea.theorangeone.net
|
SSH_DOMAIN = git.theorangeone.net
|
||||||
ROOT_URL = https://gitea.theorangeone.net/
|
ROOT_URL = https://git.theorangeone.net/
|
||||||
START_SSH_SERVER = true
|
START_SSH_SERVER = true
|
||||||
SSH_PORT = 22 # Makes the SSH URLs look sane
|
SSH_PORT = 22 # Makes the SSH URLs look sane
|
||||||
SSH_LISTEN_PORT = 2222
|
SSH_LISTEN_PORT = 2222
|
||||||
BUILTIN_SSH_SERVER_USER = git
|
BUILTIN_SSH_SERVER_USER = git
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
DOMAIN = gitea.theorangeone.net
|
DOMAIN = git.theorangeone.net
|
||||||
PROTOCOL = http # TLS termination done by Traefik
|
PROTOCOL = http # TLS termination done by Traefik
|
||||||
ENABLE_GZIP = true
|
ENABLE_GZIP = true
|
||||||
OFFLINE_MODE = true
|
OFFLINE_MODE = true
|
||||||
|
|
|
@ -23,7 +23,7 @@ services:
|
||||||
- redis
|
- redis
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.gitea.rule=Host(`gitea.theorangeone.net`)
|
- traefik.http.routers.gitea.rule=Host(`git.theorangeone.net`)
|
||||||
- traefik.http.services.gitea-gitea.loadbalancer.server.port=3000
|
- traefik.http.services.gitea-gitea.loadbalancer.server.port=3000
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
|
|
|
@ -9,7 +9,7 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
environment:
|
environment:
|
||||||
- TZ={{ timezone }}
|
- TZ={{ timezone }}
|
||||||
- GITEA_INSTANCE_URL=https://gitea.theorangeone.net
|
- GITEA_INSTANCE_URL=https://git.theorangeone.net
|
||||||
- GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_registration_token }}
|
- GITEA_RUNNER_REGISTRATION_TOKEN={{ gitea_runner_registration_token }}
|
||||||
- GITEA_RUNNER_NAME={{ ansible_hostname }}
|
- GITEA_RUNNER_NAME={{ ansible_hostname }}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
# Reconfigure GitLab before start. Mostly to ensure log directories exist
|
|
||||||
[Service]
|
|
||||||
ExecStartPre=/usr/bin/gitlab-ctl reconfigure
|
|
|
@ -1,64 +0,0 @@
|
||||||
external_url 'https://git.theorangeone.net'
|
|
||||||
nginx['redirect_http_to_https'] = false
|
|
||||||
alertmanager['enable'] = false
|
|
||||||
prometheus_monitoring['enable'] = false
|
|
||||||
grafana['enable'] = false
|
|
||||||
nginx['status'] = {
|
|
||||||
'enable' => false
|
|
||||||
}
|
|
||||||
|
|
||||||
nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
|
||||||
nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
|
|
||||||
letsencrypt['enable'] = false
|
|
||||||
|
|
||||||
gitlab_rails['time_zone'] = '{{ timezone }}'
|
|
||||||
|
|
||||||
# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
|
|
||||||
puma['worker_processes'] = 2
|
|
||||||
sidekiq['max_concurrency'] = 5
|
|
||||||
|
|
||||||
gitlab_rails['gitlab_default_theme'] = 2
|
|
||||||
|
|
||||||
nginx['real_ip_header'] = 'X-Forwarded-For'
|
|
||||||
nginx['real_ip_trusted_addresses'] = ['{{ pve_hosts.docker.ip }}/32']
|
|
||||||
gitlab_rails['trusted_proxies'] = ['{{ pve_hosts.docker.ip }}/32']
|
|
||||||
|
|
||||||
# SMTP
|
|
||||||
gitlab_rails['smtp_enable'] = true
|
|
||||||
gitlab_rails['smtp_address'] = "smtp.eu.mailgun.org"
|
|
||||||
gitlab_rails['smtp_port'] = 465
|
|
||||||
gitlab_rails['smtp_user_name'] = "{{ gitlab_smtp_user }}"
|
|
||||||
gitlab_rails['smtp_password'] = "{{ gitlab_smtp_password }}"
|
|
||||||
gitlab_rails['smtp_enable_starttls_auto'] = true
|
|
||||||
gitlab_rails['smtp_tls'] = true
|
|
||||||
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
|
|
||||||
gitlab_rails['gitlab_email_from'] = "{{ gitlab_from_email }}"
|
|
||||||
|
|
||||||
gitlab_rails['artifacts_path'] = "/mnt/gitlab-bulk/artifacts"
|
|
||||||
gitlab_rails['backup_path'] = "/mnt/gitlab-bulk/backups"
|
|
||||||
gitlab_rails['backup_keep_time'] = 60 * 60 * 24 * 14 # 14 days
|
|
||||||
|
|
||||||
# Registry
|
|
||||||
registry_external_url "https://registry.git.theorangeone.net"
|
|
||||||
registry_nginx['redirect_http_to_https'] = false
|
|
||||||
registry_nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
|
||||||
registry_nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
|
|
||||||
registry['storage'] = {
|
|
||||||
's3' => {
|
|
||||||
'accesskey' => '{{ gitlab_registry_access_key }}',
|
|
||||||
'secretkey' => '{{ gitlab_registry_secret_key }}',
|
|
||||||
'bucket' => '0rng-registry',
|
|
||||||
'region' => 'eu-central-003',
|
|
||||||
'regionendpoint' => 'https://s3.eu-central-003.backblazeb2.com'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/6895
|
|
||||||
nginx['worker_processes'] = "auto"
|
|
||||||
|
|
||||||
# GitLab Pages
|
|
||||||
pages_external_url "https://gitlab-pages.theorangeone.net"
|
|
||||||
gitlab_pages["external_http"] = [":8008"]
|
|
||||||
gitlab_pages["access_control"] = true
|
|
||||||
pages_nginx["enable"] = false
|
|
||||||
gitlab_rails["pages_path"] = "/mnt/gitlab-bulk/pages"
|
|
|
@ -1,30 +0,0 @@
|
||||||
- name: Include vault
|
|
||||||
include_vars: vault.yml
|
|
||||||
|
|
||||||
- name: Install and configure GitLab
|
|
||||||
import_role:
|
|
||||||
name: geerlingguy.gitlab
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create dir for service override
|
|
||||||
file:
|
|
||||||
path: /usr/lib/systemd/system/gitlab-runsvdir.service.d/
|
|
||||||
state: directory
|
|
||||||
mode: "0755"
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Create override.conf
|
|
||||||
copy:
|
|
||||||
src: files/gitlab-override.conf
|
|
||||||
dest: /usr/lib/systemd/system/gitlab-runsvdir.service.d/gitlab-override.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
become: true
|
|
||||||
|
|
||||||
# https://theorangeone.net/posts/gitlab-dater/
|
|
||||||
- name: Install gitlab-dater
|
|
||||||
git:
|
|
||||||
repo: https://git.theorangeone.net/sys/gitlab-dater
|
|
||||||
dest: "{{ home }}/gitlab-dater"
|
|
||||||
depth: 1
|
|
|
@ -1,7 +0,0 @@
|
||||||
gitlab_config_template: files/gitlab.rb
|
|
||||||
gitlab_create_self_signed_cert: false
|
|
||||||
gitlab_smtp_password: "{{ vault_gitlab_smtp_password }}"
|
|
||||||
gitlab_smtp_user: "{{ vault_gitlab_smtp_user }}"
|
|
||||||
gitlab_from_email: "{{ vault_gitlab_from_email }}"
|
|
||||||
gitlab_registry_access_key: "{{ vault_gitlab_registry_access_key }}"
|
|
||||||
gitlab_registry_secret_key: "{{ vault_gitlab_registry_secret_key }}"
|
|
21
ansible/roles/gitlab/vars/vault.yml
generated
21
ansible/roles/gitlab/vars/vault.yml
generated
|
@ -1,21 +0,0 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
32383930626639373231366430616531633532333639376431383065373566376238313264633231
|
|
||||||
6537363863336466646330333566396365613538646665650a636633363933326530353834376335
|
|
||||||
31666535316239306136353436353038323466353130373433343533323562356534386664663130
|
|
||||||
6431306465336435390a643661383137666535366463633634633866623263323837376664353262
|
|
||||||
38333636336639663632343130663635376262646130613065633233663562383631626665373036
|
|
||||||
65316563643831303561636536663230623462326233393838663031393135613263333739623038
|
|
||||||
35653739346134396336613163346530653834333138653865366330643037653638653732326633
|
|
||||||
34656632353931626362316663353639633631303636373066343131366538656662653738623134
|
|
||||||
31633636313233363663313939333264333461376630356461303637326438306536343136393132
|
|
||||||
39393734393564366239666662356439336561366238353637373835353761633234333763396133
|
|
||||||
36373635393332613835363631363733613835336132353164633266396136313838366435616239
|
|
||||||
31373662663835666134306438653732653366396564663133653937383434663961386663343833
|
|
||||||
36343434346630623233363862386237343432616237643232643861623234643835306432376236
|
|
||||||
32313063656639346166666435636265383232336166663966633462383331393936646566383637
|
|
||||||
62306663373763323062643935383565383338386639313131636162316366616530636634346462
|
|
||||||
30313438306435656639303165633461623064313938303162663534666431633533366331383061
|
|
||||||
31376535356163383131653339313832653165343531633063633536623061623831333436646138
|
|
||||||
63313739316436306436313965636633326466313137626161623139633736303331633538636263
|
|
||||||
66396339346437633130616135333931373032393139313035623861643039343035313662626136
|
|
||||||
35333263346466323361
|
|
|
@ -1,20 +0,0 @@
|
||||||
concurrent = {{ ansible_processor_nproc }}
|
|
||||||
log_level = "warning"
|
|
||||||
check_interval = 10
|
|
||||||
|
|
||||||
[session_server]
|
|
||||||
session_timeout = 1800
|
|
||||||
|
|
||||||
[[runners]]
|
|
||||||
name = "runner"
|
|
||||||
url = "https://git.theorangeone.net"
|
|
||||||
token = "{{ gitlab_runner_token }}"
|
|
||||||
limit = 0
|
|
||||||
executor = "docker"
|
|
||||||
|
|
||||||
[runners.docker]
|
|
||||||
image = "alpine"
|
|
||||||
privileged = true
|
|
||||||
disable_cache = false
|
|
||||||
volumes = ["/cache", "/certs/client"]
|
|
||||||
pull_policy = "if-not-present"
|
|
|
@ -1,5 +0,0 @@
|
||||||
- name: restart gitlab-runner
|
|
||||||
service:
|
|
||||||
name: gitlab-runner
|
|
||||||
state: restarted
|
|
||||||
become: true
|
|
|
@ -1,21 +0,0 @@
|
||||||
- name: Include vault
|
|
||||||
include_vars: vault.yml
|
|
||||||
|
|
||||||
- name: Install runner
|
|
||||||
package:
|
|
||||||
name: gitlab-runner
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Install config
|
|
||||||
template:
|
|
||||||
src: files/config.toml
|
|
||||||
dest: /etc/gitlab-runner/config.toml
|
|
||||||
mode: "0600"
|
|
||||||
become: true
|
|
||||||
notify: restart gitlab-runner
|
|
||||||
|
|
||||||
- name: Enable runner
|
|
||||||
service:
|
|
||||||
name: gitlab-runner
|
|
||||||
enabled: true
|
|
||||||
become: true
|
|
|
@ -1 +0,0 @@
|
||||||
gitlab_runner_token: "{{ vault_gitlab_runner_token }}"
|
|
8
ansible/roles/gitlab_runner/vars/vault.yml
generated
8
ansible/roles/gitlab_runner/vars/vault.yml
generated
|
@ -1,8 +0,0 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
61313533333239316433623837616239346461393538356665363034663533343165366434316137
|
|
||||||
3837376330386436656265356637343166643465616534390a666634323334383831306336613636
|
|
||||||
36623630646235386661633266633533396664656464333561623036313865343036653734643132
|
|
||||||
6333393739383764340a646361383961373434303936383131326364626439353262623965643564
|
|
||||||
31343631656234666464383935306434383363316362666263323165613939663736326435313966
|
|
||||||
35373466333937636633383138636434333765646235633630616539343464343237383236613739
|
|
||||||
313038366164653662616461626661363832
|
|
|
@ -1,7 +1,7 @@
|
||||||
module.exports = {
|
module.exports = {
|
||||||
endpoint: 'https://git.theorangeone.net/api/v4/',
|
endpoint: 'https://git.theorangeone.net/',
|
||||||
token: '{{ renovate_gitlab_token }}',
|
token: '{{ renovate_gitea_token }}',
|
||||||
platform: 'gitlab',
|
platform: 'gitea',
|
||||||
//dryRun: true,
|
//dryRun: true,
|
||||||
autodiscover: true,
|
autodiscover: true,
|
||||||
onboarding: false,
|
onboarding: false,
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
renovate_gitlab_token: "{{ vault_renovate_gitlab_token }}"
|
renovate_gitea_token: "{{ vault_renovate_gitea_token }}"
|
||||||
renovate_github_token: "{{ vault_renovate_github_token }}"
|
renovate_github_token: "{{ vault_renovate_github_token }}"
|
||||||
|
|
21
ansible/roles/renovate/vars/vault.yml
generated
21
ansible/roles/renovate/vars/vault.yml
generated
|
@ -1,11 +1,12 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
37666339323131376463616330376335623238363930353938383162623162633665623763626464
|
39396266373730336338666661383762373535393862653662613034623939353033653738666238
|
||||||
3833623739633363616362643166393538386139373139310a393530323937373938346237633536
|
6666396462326235663833336463613864326635643464610a633863323634363939303133383234
|
||||||
32376237386536633134613438383730323565356164313933376232343866303764643033396237
|
33663538346230303930343635356365336539393337316235353933366534333832396234633333
|
||||||
6133313835663637660a336162303239636137313339366330323463326339366537343164663336
|
3565353832343432390a326463623733636561366234376331333261353561326361386235313635
|
||||||
61346434383164336138626261663939333265306430316535653062393431646230636162373665
|
33643834343236346238353233383563636262616366326166343135366439643839323566633766
|
||||||
39386436306534316632376238616332636265303534316366356139303865323631323064303665
|
66613064396636393462396263636563373633636433623438623336363934353037333138646230
|
||||||
64636565666231643330396164383066623166393339633330363633343639346637343239313936
|
38623163366636663237356161313563373232396362396239623761653365333931343761313636
|
||||||
37613266393438616166326138313262623837386231393666633361396364313335346238313863
|
38306664366365383537316531666333643462663466303264656238376634323464373365336364
|
||||||
65383435626335333631326537373366636439306366373235386132393839663063333063383133
|
39393635326534393661353132353962376531623035303761303236303336363338643936343561
|
||||||
6333613165306462376631326239613864613630363738633331
|
31623939353863633261343631313530613335643664323233336134306365316662386631396239
|
||||||
|
613461636333663533336631303839666665
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
traefik_provider_jellyfin: false
|
traefik_provider_jellyfin: false
|
||||||
traefik_provider_homeassistant: false
|
traefik_provider_homeassistant: false
|
||||||
traefik_provider_grafana: false
|
traefik_provider_grafana: false
|
||||||
traefik_provider_gitlab: false
|
|
||||||
|
|
||||||
with_fail2ban: false
|
with_fail2ban: false
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
http:
|
|
||||||
routers:
|
|
||||||
router-gitlab:
|
|
||||||
rule: Host(`git.theorangeone.net`)
|
|
||||||
service: service-gitlab
|
|
||||||
router-gitlab-registry:
|
|
||||||
rule: Host(`registry.git.theorangeone.net`)
|
|
||||||
service: service-gitlab
|
|
||||||
router-gitlab-pages:
|
|
||||||
rule: HostRegexp(`gitlab-pages.theorangeone.net`, `{subdomain:[a-z]+}.gitlab-pages.theorangeone.net`)
|
|
||||||
service: service-gitlab-pages
|
|
||||||
router-slides:
|
|
||||||
rule: Host(`slides.jakehoward.tech`)
|
|
||||||
service: service-slides
|
|
||||||
services:
|
|
||||||
service-gitlab:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: https://{{ pve_hosts.gitlab.ip }}
|
|
||||||
service-gitlab-pages:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: http://{{ pve_hosts.gitlab.ip }}:8008
|
|
||||||
|
|
||||||
# HACK: GitLab doesn't support `_redirects` with domains in
|
|
||||||
service-slides:
|
|
||||||
loadBalancer:
|
|
||||||
passHostHeader: false
|
|
||||||
servers:
|
|
||||||
- url: https://slides.gitlab-pages.theorangeone.net
|
|
|
@ -26,10 +26,6 @@ entryPoints:
|
||||||
sans: "*.jakehoward.tech"
|
sans: "*.jakehoward.tech"
|
||||||
- main: 0rng.one
|
- main: 0rng.one
|
||||||
sans: "*.0rng.one"
|
sans: "*.0rng.one"
|
||||||
{% if traefik_provider_gitlab %}
|
|
||||||
- main: gitlab-pages.theorangeone.net
|
|
||||||
sans: "*.gitlab-pages.theorangeone.net"
|
|
||||||
{% endif %}
|
|
||||||
proxyProtocol:
|
proxyProtocol:
|
||||||
trustedIPs:
|
trustedIPs:
|
||||||
- "{{ wireguard.cidr }}"
|
- "{{ wireguard.cidr }}"
|
||||||
|
|
|
@ -86,16 +86,6 @@
|
||||||
when: traefik_provider_grafana
|
when: traefik_provider_grafana
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Install gitlab provider
|
|
||||||
template:
|
|
||||||
src: files/file-provider-gitlab.yml
|
|
||||||
dest: /opt/traefik/traefik/conf/gitlab.yml
|
|
||||||
mode: "{{ docker_compose_file_mask }}"
|
|
||||||
owner: "{{ docker_user.name }}"
|
|
||||||
notify: restart traefik
|
|
||||||
when: traefik_provider_gitlab
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: logrotate config
|
- name: logrotate config
|
||||||
template:
|
template:
|
||||||
src: files/logrotate.conf
|
src: files/logrotate.conf
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
version: "2.3"
|
version: "2.3"
|
||||||
|
|
||||||
x-website: &website
|
x-website: &website
|
||||||
image: registry.git.theorangeone.net/repos/website:latest
|
image: registry.gitlab.com/realorangeone/website:latest
|
||||||
user: "{{ docker_user.id }}"
|
user: "{{ docker_user.id }}"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
init: true
|
init: true
|
||||||
|
|
|
@ -180,13 +180,6 @@ resource "cloudflare_record" "jakehowardtech_mailgun_dmarc" {
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "jakehowardtech_slides" {
|
|
||||||
zone_id = cloudflare_zone.jakehowardtech.id
|
|
||||||
name = "slides"
|
|
||||||
value = cloudflare_record.theorangeonenet_gitlab_pages.hostname
|
|
||||||
type = "CNAME"
|
|
||||||
ttl = 1
|
|
||||||
}
|
|
||||||
resource "cloudflare_record" "jakehowardtech_matrix_admin" {
|
resource "cloudflare_record" "jakehowardtech_matrix_admin" {
|
||||||
zone_id = cloudflare_zone.jakehowardtech.id
|
zone_id = cloudflare_zone.jakehowardtech.id
|
||||||
name = "synapse-admin"
|
name = "synapse-admin"
|
||||||
|
|
|
@ -10,22 +10,6 @@ resource "cloudflare_record" "theorangeonenet_git" {
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_gitea" {
|
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
|
||||||
name = "gitea"
|
|
||||||
value = linode_instance.casey.ip_address
|
|
||||||
type = "A"
|
|
||||||
ttl = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_git_registry" {
|
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
|
||||||
name = "registry.git"
|
|
||||||
value = cloudflare_record.theorangeonenet_git.hostname
|
|
||||||
type = "CNAME"
|
|
||||||
ttl = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_whoami" {
|
resource "cloudflare_record" "theorangeonenet_whoami" {
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
name = "whoami"
|
name = "whoami"
|
||||||
|
@ -268,22 +252,6 @@ resource "cloudflare_record" "theorangeonenet_mailgun_dmarc" {
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_gitlab_pages" {
|
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
|
||||||
name = "gitlab-pages"
|
|
||||||
value = cloudflare_record.theorangeonenet_git.hostname
|
|
||||||
type = "CNAME"
|
|
||||||
ttl = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_gitlab_pages_wildcard" {
|
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
|
||||||
name = "*.gitlab-pages"
|
|
||||||
value = cloudflare_record.theorangeonenet_gitlab_pages.hostname
|
|
||||||
type = "CNAME"
|
|
||||||
ttl = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "cloudflare_record" "theorangeonenet_mastodon" {
|
resource "cloudflare_record" "theorangeonenet_mastodon" {
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
name = "mastodon"
|
name = "mastodon"
|
||||||
|
|
Loading…
Reference in a new issue