Add gitea container

This commit is contained in:
Francesco Antognazza 2023-02-06 10:12:02 +01:00
parent cf908e7cce
commit 9b576d7c60
5 changed files with 329 additions and 153 deletions

View File

@ -0,0 +1,2 @@
[mariadb]
log_warnings = 3

View File

@ -0,0 +1,2 @@
[mariadb]
skip-name-resolve = ON

152
containers/gitea/tasks.yml Normal file
View File

@ -0,0 +1,152 @@
---
- hosts: all
name: Gitea web server
tasks:
- name: Create podman volumes
containers.podman.podman_volume:
state: present
name: "{{ item }}"
become_user: containers
become: true
loop:
- gitea
- gitea-db
- name: Create podman networks
containers.podman.podman_network:
name: "{{ item }}"
recreate: false
state: "present"
become_user: containers
become: true
loop:
- traefik-gitea
- mariadb-gitea
- gitea-drone
- name: Pull container images
become_user: containers
become: true
containers.podman.podman_image:
name: docker.io/{{ item }}
loop:
- gitea/gitea:latest
- mariadb:latest
- name: Copy mariadb config directory
become: true
ansible.builtin.copy:
src: files/mariadb/
dest: /etc/gitea/mariadb/
owner: containers
group: containers
mode: 0600
- name: Create mariadb instance
become_user: containers
become: true
containers.podman.podman_container:
name: db_gitea
image: docker.io/mariadb:latest
state: present
command:
- "--transaction-isolation=READ-COMMITTED"
- "--binlog-format=ROW"
volume:
- gitea-db:/var/lib/mysql:Z
- /etc/gitea/mariadb/:/etc/mysql/conf.d:Z
network:
- mariadb-gitea
env:
MARIADB_ROOT_PASSWORD: "{{ vault_gitea_mariadb_root_password }}"
MARIADB_DATABASE: "{{ vault_gitea_mariadb_database }}"
MARIADB_USER: "{{ vault_gitea_mariadb_user }}"
MARIADB_PASSWORD: "{{ vault_gitea_mariadb_password }}"
MARIADB_AUTO_UPGRADE: "true"
generate_systemd:
path: /home/containers/.config/systemd/user/
restart_policy: on-failure
names: true
new: true
- name: Add a gitea container
become_user: containers
become: true
containers.podman.podman_container:
name: gitea
image: docker.io/gitea/gitea:latest
state: present
expose:
- 24
network:
- traefik-gitea
- mariadb-gitea
- gitea-drone
volume:
- gitea:/data:Z
- /etc/localtime:/etc/localtime:ro
label:
io.containers.autoupdate: "registry"
traefik.enable: "true"
traefik.http.routers.gitea.entrypoints: "https"
traefik.http.routers.gitea.rule: "PathPrefix(`/git`)"
traefik.http.routers.gitea.tls: "true"
traefik.http.routers.gitea.tls.certresolver: "wildcard"
traefik.http.routers.gitea.service: "gitea"
traefik.http.routers.gitea.middlewares: "authelia@file"
traefik.http.services.gitea.loadbalancer.server.port: "3000"
traefik.docker.network: "traefik-gitea"
env:
APP_NAME: "Git server"
RUN_MODE: "prod"
RUN_USER: "git"
DOMAIN: "{{ inventory_hostname }}"
SSH_DOMAIN: "{{ inventory_hostname }}"
ROOT_URL: "https://{{ inventory_hostname }}/git"
SSH_PORT: 24
DISABLE_REGISTRATION: true
# REQUIRE_SIGNIN_VIEW: true
REGISTER_EMAIL_CONFIRM: true
ENABLE_CAPTCHA: true
DEFAULT_KEEP_EMAIL_PRIVATE: true
DEFAULT_BRANCH: "main"
ALLOWED_HOST_LIST: "{{ inventory_hostname }}/drone"
GITEA__database__DB_TYPE: mysql
GITEA__database__HOST: db_gitea:3306
GITEA__database__NAME: "{{ vault_gitea_mariadb_database }}"
GITEA__database__USER: "{{ vault_gitea_mariadb_user }}"
GITEA__database__PASSWD: "{{ vault_gitea_mariadb_password }}"
GITEA__mailer__ENABLED: true
GITEA__mailer__FROM: "{{ vault_smtp_user }}"
GITEA__mailer__MAILER_TYPE: "smtp"
GITEA__mailer__SMTP_ADDR: "{{ vault_smtp_host }}"
GITEA__mailer__SMTP_PORT: "{{ vault_smtp_port }}"
GITEA__mailer__IS_TLS_ENABLED: true
GITEA__mailer__USER: "{{ vault_smtp_user }}"
GITEA__mailer__PASSWD: "{{ vault_smtp_password }}"
GITEA__log__MODE: "console"
GITEA__log__LEVEL: "info"
GITEA__service__DISABLE_REGISTRATION: true
GITEA__service__SIGNIN_VIEW: false
GITEA__service__REGISTER_EMAIL_CONFIRM: true
GITEA__service__ENABLE_CAPTCHA: true
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: true
GITEA__ui__THEMES: "auto,gitea,arc-green,gitea-modern"
generate_systemd:
path: /home/containers/.config/systemd/user/
restart_policy: on-failure
names: true
new: true
- name: Start containers at boot
become_user: containers
become: true
ansible.builtin.systemd:
scope: user
name: container-{{ item }}.service
enabled: true
state: started
daemon_reload: true
loop:
- gitea
- db_gitea

View File

@ -2,123 +2,125 @@
- hosts: all
name: Traefik reverse proxy
tasks:
- name: Get containers UID
ansible.builtin.command: "id -u containers"
register: uid_containers
changed_when: uid_containers.rc != 0
- name: Get containers UID
ansible.builtin.command: "id -u containers"
register: uid_containers
changed_when: uid_containers.rc != 0
- name: Permit traffic from any IP to http port
become: true
- name: Permit traffic from any IP to http port
become: true
community.general.ufw:
direction: in
from_ip: any
proto: tcp
to_port: 80
rule: allow
direction: in
from_ip: any
proto: tcp
to_port: 80
rule: allow
- name: Permit traffic from any IP to https port
become: true
- name: Permit traffic from any IP to https port
become: true
community.general.ufw:
direction: in
from_ip: any
proto: tcp
to_port: 443
rule: allow
direction: in
from_ip: any
proto: tcp
to_port: 443
rule: allow
- name: Pull traefik image
become_user: containers
become: true
containers.podman.podman_image:
name: docker.io/traefik:latest
- name: Pull traefik image
become_user: containers
become: true
containers.podman.podman_image:
name: docker.io/traefik:latest
- name: Change permission to traefik folder
become: true
ansible.builtin.file:
path: /etc/traefik
owner: containers
group: containers
mode: 0700
state: directory
- name: Change permission to traefik folder
become: true
ansible.builtin.file:
path: /etc/traefik
owner: containers
group: containers
mode: 0700
state: directory
- name: Copy config directory
become: true
ansible.builtin.copy:
src: files/
dest: /etc/traefik/
owner: containers
group: containers
mode: 0600
- name: Copy config directory
become: true
ansible.builtin.copy:
src: files/
dest: /etc/traefik/
owner: containers
group: containers
mode: 0600
- name: Copy config files from templates
become: true
ansible.builtin.template:
src: "templates/{{ item }}.j2"
dest: "/etc/traefik/{{ item }}"
owner: containers
group: containers
mode: 0600
loop:
- traefik.yml
- conf/cockpit.yml
- name: Copy config files from templates
become: true
ansible.builtin.template:
src: "templates/{{ item }}.j2"
dest: "/etc/traefik/{{ item }}"
owner: containers
group: containers
mode: 0600
loop:
- traefik.yml
- conf/cockpit.yml
- name: Create podman networks
containers.podman.podman_network:
name: "{{ item }}"
recreate: false
state: "present"
become_user: containers
become: true
loop:
- traefik
- traefik-portainer
- traefik-nextcloud
- name: Create traefik instance
become_user: containers
become: true
containers.podman.podman_container:
name: traefik
image: docker.io/traefik:latest
state: present
ports:
- 80:80
- 443:443
security_opt:
- label=type:container_runtime_t
volume:
- /run/user/{{ uid_containers.stdout }}/podman/podman.sock:/var/run/docker.sock:z
- /etc/traefik/:/etc/traefik:Z
network:
- name: Create podman networks
containers.podman.podman_network:
name: "{{ item }}"
recreate: false
state: "present"
become_user: containers
become: true
loop:
- traefik
- traefik-portainer
- traefik-nextcloud
cap_add:
- NET_ADMIN
label:
io.containers.autoupdate: "registry"
traefik.enable: "true"
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
traefik.http.routers.traefik.entrypoints: "https"
traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`)"
traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
traefik.http.routers.traefik.tls: "true"
traefik.http.routers.traefik.tls.certresolver: "wildcard"
traefik.http.routers.traefik.tls.domains[0].main: "{{ inventory_hostname }}"
traefik.http.routers.traefik.service: "api@internal"
generate_systemd:
path: /home/containers/.config/systemd/user/
restart_policy: on-failure
names: true
new: true
- traefik-gitea
- name: Start containers at boot
become_user: containers
become: true
ansible.builtin.systemd:
scope: user
name: container-{{ item }}.service
enabled: true
state: started
daemon_reload: true
loop:
- traefik
- name: Create traefik instance
become_user: containers
become: true
containers.podman.podman_container:
name: traefik
image: docker.io/traefik:latest
state: present
ports:
- 80:80
- 443:443
security_opt:
- label=type:container_runtime_t
volume:
- /run/user/{{ uid_containers.stdout }}/podman/podman.sock:/var/run/docker.sock:z
- /etc/traefik/:/etc/traefik:Z
network:
- traefik
- traefik-portainer
- traefik-nextcloud
- traefik-gitea
cap_add:
- NET_ADMIN
label:
io.containers.autoupdate: "registry"
traefik.enable: "true"
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
traefik.http.routers.traefik.entrypoints: "https"
traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`)"
traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
traefik.http.routers.traefik.tls: "true"
traefik.http.routers.traefik.tls.certresolver: "wildcard"
traefik.http.routers.traefik.tls.domains[0].main: "{{ inventory_hostname }}"
traefik.http.routers.traefik.service: "api@internal"
generate_systemd:
path: /home/containers/.config/systemd/user/
restart_policy: on-failure
names: true
new: true
- name: Start containers at boot
become_user: containers
become: true
ansible.builtin.systemd:
scope: user
name: container-{{ item }}.service
enabled: true
state: started
daemon_reload: true
loop:
- traefik

View File

@ -1,47 +1,65 @@
$ANSIBLE_VAULT;1.1;AES256
39383132633963393461656434316166323762353236333562383666376636623630333661646536
6461626563656230336235666236666337626661636466610a346437623531656239666363373133
65366336343630383866363737313063363936616565373932326566393565336565343431396639
3966333534623331650a303965636265303562303336316131333730663164323433323038626361
35396461653165303062316537346234656239336264353330306134373334306164343266653331
61316162643731383738616538396334316163613962386463393134613539646566303838306335
33323639663133326630643935306361636532313664396433356262376163356462323965646661
63323231393162326333316532663131333665306133613032643138656562336235313533336137
37326233653034313061646464343066303432346464623166633235383437306333363831376334
63333639616639616539623764653831666233333533303437656133326434626564383662333736
37336638653765643036303633613134313461313234346230303933363836376363393637636566
37613033633033363934326438303736386233363033366361303736326230623934346636366637
65346666366366623761326537316666633038633063646237396462643731623438623333633666
62383635633637613062613230323663636638383131396165643862363765626366326335376536
61356437636231333033303565336439616332303933333032653366303232363132646439343536
61323130653736333636613933336431336630323566316465643834313033653061333463343437
65376365626432663137613666376532353631303933326435663961306537633639343036343030
34343536313235333636356164343334616564353761343238303366316534333436346539303663
65643263303036343266383562643438303439343739633133623662306230653335373865343862
39323338326238623465336563336662666362356633363566366361366366316236313531383438
38326438373461643735343862373261646339633433326438303930373866386436346334646663
38633933623132303766643733633065346563643035623936353730313265303730393032326532
39663834303937396532633233333164666230623433353236303534313164663732336535663634
35393032343930303431663931316164623634343066383935306166306637313264326263313839
64356235396266376264613464386162353466346533323063623838396638333636343835333963
32356462383831633764626331353233326436376332373362643461633232383735323536373865
37656639343231616463343133386133353963323237333464393337366366306462343566386637
62303433386530393266393033376536356162323432313661626362633566316230316364656366
39353861386231643537646661386262306232356434386139313539353262646337333237343539
32336334343733633761336139343962346635666437326663316431343639623335386436666465
64633932313334323366313937323131633934666635386330303465613363303665393236393130
65326664323339396233393565313862633530343662326436353661623932323430623539653862
64613565366231333436333566376164366466613032663134323566663861636161326265626332
36356166363038386566616535303831393437366462663732643933356331646161663034303631
65353339613662336133393732373132383766376230383536393132316531356364643039653763
61616636316465633637386439306136363536633136396364363835613434653362653832336662
39616365373035333563336662653736396633623935323031393637316636353835623039353334
36386236636134636132613464376465343064336464326630343736396431636464316231336565
31623761623365643465616562336561663235396238626238366535646638316363643963326564
37303764626561303130313932306664343632343038633063646262363334373963306462353863
31336138383362636236616539306331623461366334326366393062623761396466393930636130
31646333383064613533356433333133373436613036303739626435626136656239616465326438
31613631336162366139396334323466323163333734646532386637373231623162653532313965
36613635643265343539313834653062316532363538653739363664613434373133346332383931
33613331333538383936353666366363663463386630306662353231633037613862636132343131
3836636430313239393233383033316132353738396262303634
33623036343533303266303533636462313831353064656232633462383461613066396363323133
3238656662373464663162633134333665366262653566650a313837303238383431663264626532
33323137653230323530383039343733386339613337333737363737383261656139643766646265
3762616630643337660a306332613962333731633738353732383733633831653061653862633430
33343866613130646566653334366564653636336165363738613234393161336363353664653134
35366337613262363237343933363038636436613436306136643330336237626564386337613265
61653138656338623961393137373935316538646530326333343831363264323430323535383936
33613864356333303639613833383839313261613433326631303131636631326233653163616636
39653834356435343464333132316234363037663637386263326435346633343736616365643630
38333733316339633931643833623333306561626630363264343361363134323833396530386636
66616263303935346264643733323763616366366464656131363831346337363563356437626364
66666163636333363135306236313532306534343539303831643336323062633664356539626630
38323930363330306530323765396665663964623938343332363532633261333934383333373837
61316132363733343538316436373833663962306361363663326264623565653438363566333032
61303434376230646234616131616365346534666631393562326662643037636461646266306232
34313435646230353637616262383661373037653766643966643436343466333434383233666439
35333262633663356137646231323762656538616235353434663830303866663862316532623638
66333165646437626338303836643862613431363031333136333831646332316264396637353230
30633066373361303265663164636362333437373036633237613763376663373939353730323866
39396432386233396465366465353432633031633863656337343064353465363765643331636232
66313964643734346235633838353165636636306333373135633231336366643231636231623364
63353135353836373161373662356138326136346336343463616366346366626535616131323638
38353564643665656335333364666165393138383633623339633738636634643566343964663939
63306538613135366539343463383034346363663036363563323930633232633463393431393465
35623930343135336430623931626434663932393466333139616331313438333066316562376532
61653138656239373839373163633366313561613134623864376662366437316363346437383061
62366430636365623137323662343562333132346534653637373432623363313562333666626266
62613430663931383463353062643961366633323430653332353031323265343538376638373533
32616436636263373862316133396230303365323465393065356134643765353565383365333234
32373439336461393435326566353137653162613033616432633430333462613961616164353030
64636163323632646533373535656665616661653039643462636537643437323837366364336532
31626438373538363461336438333865343464353265353763653833386461356334373161626537
36663865613737666532613033373039346434376430616531323534613361333134363263663238
30616638303362336339626538303336613133316663646232313332366562663636313439386238
31383538316432636535353734343235376136633463356531373862383335626666643434653263
31396537653936346462356631376364303834393233636363313330353233663531303436623230
39393433343464303038653539383962613232613538303838633066393537376131333861396234
32363038343539646564316539366233313936306431653530363238333063633933656135343665
32313237316238396464626561353864643461323830396133623632383264323964626236366164
66333664623864326530316634663961343266623435613638356562643639646665383463396338
61613931313737323862353833336535336264363135393362366233613730323463343064386664
62313139633966643538396130633830336664393961316131363731393236666264613439616161
64633033316361653539643161393331616231353930323238643963653637656661363635626263
31623465333038656332313066643438646538613631356163663965363766653031323862333337
32663235373661396330356531623139326231383632636664613431373331373266393438666138
32626665396162653938386138316331633533316366393863303162633438333665303139643565
31616564363330373862313236303263636663333438643035633837346463393630646437633866
34366633313534386130326361643934633532343738373861626630666234666161346431383565
39616335353837663235343237333434366439336231666233386561383266666138363963656330
37646333666134393531363537653762366439343661393335373065353264363064303763316362
30396363346262623137353139626636643731363663616333366436333033386463313738646635
37646239666432643537633266313266383732373265303639356663653531363131343730653130
38303830383235613862343733333236613933386565323561656532313932633365323662653438
65336338616332353761613338303364656134656564303865343861386538663436396165316661
35333061386432316665353532306164333564303130393530323665316661323535343237633533
64396532643738376431346635333561306564356432326562636665613338393230303133303362
64616330303362323130643061306563383761323331316438323331653033323431373236616235
66323566303836646439373832646534333063646331323161643166656166633531363165383963
37356463346333343463643361633931646664646539373861306235626536323164343930323736
62383564363330373866336662623434616331333664326361633031346239386530353030366335
31633231653061326565353730616161653061666364386638633536636362356166303832383139
38613538323036303230646466343664656331333135363938306634643936373466326135356538
33623734643338623039656563313566353466363565333536373161313161303464386635316439
31613032363763636663