move files from infra-office repo
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
bfa74aa025
commit
0638064272
|
@ -0,0 +1,48 @@
|
|||
# Description
|
||||
|
||||
This role configures an instance of [Gitea](https://gitea.io/) using Docker Compose.
|
||||
|
||||
# Configuration
|
||||
|
||||
```yaml
|
||||
gitea_app_name: 'Example.org Repos'
|
||||
gitea_app_web_domain: 'gitea.example.org'
|
||||
gitea_app_ssh_domain: 'git.example.org'
|
||||
gitea_app_ssh_port: 22
|
||||
gitea_app_secret_key: 'super-secret-key'
|
||||
gitea_app_log_level: 'debug'
|
||||
|
||||
# DB
|
||||
gitea_db_pass: 'super-secret-db-pass'
|
||||
|
||||
# Admin
|
||||
gitea_app_admin_user: 'root'
|
||||
gitea_app_admin_pass: 'secret-root-pass'
|
||||
gitea_app_admin_email: 'root@example.org'
|
||||
```
|
||||
|
||||
# Administration
|
||||
|
||||
You can manage the services using Docker Compose:
|
||||
```
|
||||
> docker-compose ps
|
||||
Name Command State Ports
|
||||
-----------------------------------------------------------------------------------------------------------
|
||||
gitea-app /usr/bin/entrypoint /bin/s ... Up 22/tcp, 0.0.0.0:2222->2222/tcp, 0.0.0.0:3000->3000/tcp
|
||||
gitea-db docker-entrypoint.sh postgres Up 0.0.0.0:5432->5432/tcp
|
||||
```
|
||||
For example you can easily re-create containers:
|
||||
```
|
||||
> docker-compose up --force-recreate -d
|
||||
Recreating gitea-db ... done
|
||||
Recreating gitea-app ... done
|
||||
```
|
||||
|
||||
# Backups
|
||||
|
||||
A Systemd timer creates `pg_dump` backups of the PostgreSQL database daily:
|
||||
```
|
||||
> sudo systemctl list-timers -a dump-gitea-db
|
||||
NEXT LEFT LAST PASSED UNIT ACTIVATES
|
||||
Sat 2021-03-20 00:00:00 UTC 9h left n/a n/a dump-gitea-db.timer dump-gitea-db.service
|
||||
```
|
|
@ -0,0 +1,56 @@
|
|||
---
|
||||
gitea_service_name: 'gitea'
|
||||
gitea_service_path: '/docker/{{ gitea_service_name }}'
|
||||
gitea_compose_file: '{{ gitea_service_path }}/docker-compose.yml'
|
||||
|
||||
# General
|
||||
gitea_app_name:
|
||||
gitea_app_web_domain:
|
||||
gitea_app_ssh_domain: '{{ gitea_app_web_domain | mandatory }}'
|
||||
gitea_app_ssh_port: 22
|
||||
gitea_app_disable_registration: true
|
||||
gitea_app_install_lock: true
|
||||
gitea_app_log_level: 'info'
|
||||
|
||||
# Secrets
|
||||
#gitea_app_secret_key:
|
||||
#gitea_app_security_token:
|
||||
#gitea_app_jwt_secret:
|
||||
|
||||
# Admin user
|
||||
#gitea_app_admin_user: ~
|
||||
#gitea_app_admin_pass: ~
|
||||
#gitea_app_admin_email: ~
|
||||
|
||||
# App
|
||||
gitea_app_cont_name: '{{ gitea_service_name }}-app'
|
||||
gitea_app_cont_vol: '{{ gitea_service_path }}/app'
|
||||
gitea_app_cont_digest: 'sha256:24fed63774f280f7fa4294b17a90fb80d75e3bbb658277967dce6050a998843a' # 1.17.0
|
||||
gitea_app_cont_image: 'gitea/gitea@{{ gitea_app_cont_digest }}'
|
||||
gitea_app_cont_ssh_port: 2222
|
||||
gitea_app_cont_web_port: 3000
|
||||
gitea_app_cont_web_url: 'http://localhost:{{ gitea_app_cont_web_port }}'
|
||||
gitea_app_cont_uid: 1000
|
||||
gitea_app_host_uid: '{{ 100000 + gitea_app_cont_uid | int }}'
|
||||
# DB
|
||||
gitea_db_cont_name: '{{ gitea_service_name }}-db'
|
||||
gitea_db_cont_vol: '{{ gitea_service_path }}/db'
|
||||
gitea_db_cont_tag: '9.6'
|
||||
gitea_db_cont_image: 'postgres:{{ gitea_db_cont_tag }}'
|
||||
gitea_db_cont_port: 5432
|
||||
gitea_db_cont_uid: 70
|
||||
gitea_db_host_uid: '{{ 100000 + gitea_db_cont_uid | int }}'
|
||||
gitea_db_name: 'gitea'
|
||||
gitea_db_user: 'gitea'
|
||||
gitea_db_pass: 'changeMeIfYouCare'
|
||||
|
||||
# Backups
|
||||
gitea_db_backup_service_name: 'dump-{{ gitea_service_name }}-db'
|
||||
gitea_db_backup_frequency: 'daily'
|
||||
gitea_db_backup_timeout: 300
|
||||
gitea_db_backup_user: 'root'
|
||||
|
||||
# General container management
|
||||
compose_recreate: 'smart'
|
||||
compose_state: 'present'
|
||||
compose_restart: false
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
- name: Wait for Web port to be available
|
||||
wait_for:
|
||||
port: '{{ gitea_app_cont_web_port }}'
|
||||
delay: 15
|
||||
when: gitea_container.changed
|
||||
|
||||
- name: Check if admin user already exists
|
||||
uri:
|
||||
url: '{{ gitea_app_cont_web_url }}/api/v1/users/{{ gitea_app_admin_user }}'
|
||||
status_code: [200, 404]
|
||||
return_content: true
|
||||
user: '{{ gitea_app_admin_user | mandatory }}'
|
||||
password: '{{ gitea_app_admin_pass | mandatory }}'
|
||||
force_basic_auth: true
|
||||
register: gitea_admin_user_raw
|
||||
|
||||
- name: Create main Gitea admin user
|
||||
command: |
|
||||
docker exec -i {{ gitea_app_cont_name }} \
|
||||
gitea admin create-user --admin \
|
||||
--username '{{ gitea_app_admin_user | mandatory }}' \
|
||||
--password '{{ gitea_app_admin_pass | mandatory }}' \
|
||||
--email '{{ gitea_app_admin_email | mandatory }}' \
|
||||
--must-change-password=false
|
||||
when: gitea_admin_user_raw.status == 404
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: 'Create timer for Gitea backup: {{ gitea_db_backup_service_name }}'
|
||||
include_role: name=systemd-timer
|
||||
vars:
|
||||
systemd_timer_name: '{{ gitea_db_backup_service_name }}'
|
||||
systemd_timer_description: 'Dump Gitea PostgreSQL database.'
|
||||
systemd_timer_user: '{{ gitea_db_backup_user }}'
|
||||
systemd_timer_frequency: '{{ gitea_db_backup_frequency }}'
|
||||
systemd_timer_timeout_sec: '{{ gitea_db_backup_timeout }}'
|
||||
systemd_timer_after_extra: 'docker.service'
|
||||
systemd_timer_start_on_creation: false
|
||||
systemd_timer_script_content: |
|
||||
#!/usr/bin/env bash
|
||||
BKP_DIR="{{ gitea_db_cont_vol }}/backup/{{ gitea_db_name }}"
|
||||
rm -vfr "${BKP_DIR}"
|
||||
/usr/bin/docker exec -i {{ gitea_db_cont_name }} \
|
||||
pg_dump -F directory -f "/backup/{{ gitea_db_name }}" \
|
||||
-U {{ gitea_db_user }} {{ gitea_db_name }}
|
||||
chmod 750 -R "${BKP_DIR}"
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
- name: Create directories for app data
|
||||
file:
|
||||
path: '{{ gitea_app_cont_vol }}/{{ item }}'
|
||||
state: directory
|
||||
owner: '{{ gitea_app_host_uid }}'
|
||||
group: dockremap
|
||||
mode: 0755
|
||||
with_items:
|
||||
- 'data/gitea/conf'
|
||||
- 'data/gitea/log'
|
||||
- 'data/git'
|
||||
- 'data/git/.ssh'
|
||||
|
||||
- name: Create SSH directory
|
||||
file:
|
||||
path: '{{ gitea_app_cont_vol }}/data/ssh'
|
||||
state: directory
|
||||
owner: '{{ gitea_app_host_uid }}'
|
||||
group: dockremap
|
||||
mode: 0700
|
||||
|
||||
- name: Create directory for DB data
|
||||
file:
|
||||
path: '{{ gitea_db_cont_vol }}/data'
|
||||
state: directory
|
||||
owner: '{{ gitea_db_host_uid }}'
|
||||
group: dockremap
|
||||
mode: 0777
|
||||
recurse: true
|
||||
|
||||
- name: Create Gitea configuration
|
||||
template:
|
||||
src: 'gitea.ini.j2'
|
||||
dest: '{{ gitea_app_cont_vol }}/data/gitea/conf/app.ini'
|
||||
owner: '{{ gitea_app_host_uid }}'
|
||||
group: dockremap
|
||||
mode: 0640
|
||||
register: gitea_config
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Create Consul service definition
|
||||
include_role: name=consul-service
|
||||
vars:
|
||||
consul_config_name: '{{ gitea_service_name }}'
|
||||
consul_services:
|
||||
- name: '{{ gitea_service_name }}'
|
||||
tags: ['gitea', 'git', 'repos']
|
||||
port: '{{ gitea_app_cont_web_port }}'
|
||||
checks:
|
||||
- id: '{{ gitea_service_name }}-status'
|
||||
name: Gitea Healthcheck
|
||||
type: http
|
||||
http: 'http://localhost:{{ gitea_app_cont_web_port }}/api/v1/version'
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: Create compose file
|
||||
template:
|
||||
src: 'docker-compose.yml.j2'
|
||||
dest: '{{ gitea_compose_file }}'
|
||||
owner: 'dockremap'
|
||||
group: 'docker'
|
||||
mode: 0640
|
||||
|
||||
- name: Create containers
|
||||
docker_compose:
|
||||
project_src: '{{ gitea_service_path }}'
|
||||
pull: true
|
||||
state: '{{ compose_state }}'
|
||||
restarted: '{{ compose_restart }}'
|
||||
recreate: '{{ gitea_config.changed | ternary("always", compose_recreate) }}'
|
||||
register: gitea_container
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
- import_tasks: config.yml
|
||||
- import_tasks: container.yml
|
||||
- import_tasks: admin.yml
|
||||
- import_tasks: token.yml
|
||||
- import_tasks: backup.yml
|
||||
- import_tasks: consul.yml
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
- name: Check if API token file exists
|
||||
stat:
|
||||
path: '{{ gitea_service_path }}/api-token'
|
||||
register: gitea_token_file
|
||||
|
||||
- name: Create API token
|
||||
when: not gitea_token_file.stat.exists
|
||||
block:
|
||||
- name: Generate API token for admin
|
||||
uri:
|
||||
url: '{{ gitea_app_cont_web_url }}/api/v1/users/{{ gitea_app_admin_user }}/tokens'
|
||||
method: 'POST'
|
||||
status_code: 201
|
||||
body_format: 'json'
|
||||
body: { name: 'ansible' }
|
||||
return_content: true
|
||||
user: '{{ gitea_app_admin_user | mandatory }}'
|
||||
password: '{{ gitea_app_admin_pass | mandatory }}'
|
||||
force_basic_auth: true
|
||||
register: gitea_app_admin_token_raw
|
||||
|
||||
- name: Create an API token file
|
||||
copy:
|
||||
dest: '{{ gitea_service_path }}/api-token'
|
||||
content: '{{ gitea_app_admin_token_raw.json.sha1 }}'
|
||||
mode: 0400
|
||||
when: not gitea_app_admin_token_raw.skipped
|
||||
|
||||
- name: Read API token from file
|
||||
slurp:
|
||||
path: '{{ gitea_service_path }}/api-token'
|
||||
register: gitea_app_admin_token_raw
|
||||
when: gitea_token_file.stat.exists
|
||||
|
||||
- name: Decode token from file cointents
|
||||
set_fact:
|
||||
gitea_app_admin_token: '{{ gitea_app_admin_token_raw.content | b64decode | trim }}'
|
||||
when: gitea_token_file.stat.exists
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
version: '3.7'
|
||||
services:
|
||||
app:
|
||||
container_name: '{{ gitea_app_cont_name }}'
|
||||
image: '{{ gitea_app_cont_image }}'
|
||||
restart: 'always'
|
||||
volumes:
|
||||
- '{{ gitea_app_cont_vol }}/data:/data'
|
||||
- '/etc/timezone:/etc/timezone:ro'
|
||||
- '/etc/localtime:/etc/localtime:ro'
|
||||
ports:
|
||||
- '{{ gitea_app_cont_web_port }}:{{ gitea_app_cont_web_port }}/tcp'
|
||||
- '{{ gitea_app_cont_ssh_port }}:22/tcp'
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
db:
|
||||
container_name: '{{ gitea_db_cont_name }}'
|
||||
image: '{{ gitea_db_cont_image }}'
|
||||
restart: always
|
||||
ports:
|
||||
- '{{ gitea_db_cont_port }}:{{ gitea_db_cont_port }}'
|
||||
environment:
|
||||
POSTGRES_DB: '{{ gitea_db_name }}'
|
||||
POSTGRES_USER: '{{ gitea_db_user }}'
|
||||
POSTGRES_PASSWORD: '{{ gitea_db_pass }}'
|
||||
# This fixes chmod errors on DB startup due to volume + userns-remap
|
||||
PGDATA: '/var/lib/postgresql/data/pgdata'
|
||||
tmpfs:
|
||||
- '/run/postgresql:size=512K'
|
||||
- '/tmp:size=256K'
|
||||
volumes:
|
||||
- '{{ gitea_db_cont_vol }}/data:/var/lib/postgresql/data'
|
||||
- '{{ gitea_db_cont_vol }}/backup:/backup'
|
|
@ -0,0 +1,75 @@
|
|||
APP_NAME = {{ gitea_app_name | mandatory }}
|
||||
RUN_MODE = prod
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
DEFAULT_BRANCH = master
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = /data/gitea/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data/gitea
|
||||
DOMAIN = {{ gitea_app_web_domain | mandatory }}
|
||||
SSH_DOMAIN = {{ gitea_app_ssh_domain | mandatory }}
|
||||
HTTP_PORT = {{ gitea_app_cont_web_port }}
|
||||
ROOT_URL = https://{{ gitea_app_web_domain | mandatory }}
|
||||
DISABLE_SSH = false
|
||||
SSH_PORT = {{ gitea_app_ssh_port }}
|
||||
LFS_START_SERVER = false
|
||||
LFS_CONTENT_PATH = /data/git/lfs
|
||||
LANDING_PAGE = explore
|
||||
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = db:{{ gitea_db_cont_port }}
|
||||
NAME = {{ gitea_db_name }}
|
||||
USER = {{ gitea_db_user }}
|
||||
PASSWD = {{ gitea_db_pass }}
|
||||
LOG_SQL = false
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER = db
|
||||
COOKIE_SECURE = true
|
||||
SAME_SITE = strict
|
||||
|
||||
[ui]
|
||||
DEFAULT_THEME = arc-green
|
||||
|
||||
[api]
|
||||
ENABLE_SWAGGER = true
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||
|
||||
[attachment]
|
||||
PATH = /data/gitea/attachments
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
ROUTER = console
|
||||
LEVEL = {{ gitea_app_log_level }}
|
||||
|
||||
[log.console]
|
||||
COLORIZE = false
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = {{ gitea_app_install_lock }}
|
||||
SECRET_KEY = {{ gitea_app_secret_key | mandatory }}
|
||||
INTERNAL_TOKEN = {{ gitea_app_security_token | mandatory }}
|
||||
# Accept X-Forwarded-For headers
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = {{ gitea_app_disable_registration }}
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = {{ gitea_app_jwt_secret | mandatory }}
|
Loading…
Reference in New Issue