From 6373bd7ac115f2b2bac1898e9aaefcbf34c2644e Mon Sep 17 00:00:00 2001 From: pizzaniels Date: Tue, 3 Jan 2023 19:12:40 +0100 Subject: [PATCH] add kms server, tweede poging --- playbooks/kms.yml | 4 ++ roles/gitea/templates/app.ini | 100 +++++++++++++++++++++++++++++ roles/kms/files/docker-compose.yml | 8 +++ roles/kms/meta/main.yml | 4 ++ roles/kms/tasks/main.yml | 14 ++++ 5 files changed, 130 insertions(+) create mode 100644 playbooks/kms.yml create mode 100644 roles/gitea/templates/app.ini create mode 100644 roles/kms/files/docker-compose.yml create mode 100644 roles/kms/meta/main.yml create mode 100644 roles/kms/tasks/main.yml diff --git a/playbooks/kms.yml b/playbooks/kms.yml new file mode 100644 index 0000000..b7cf5ed --- /dev/null +++ b/playbooks/kms.yml @@ -0,0 +1,4 @@ +- name: Install kms stateless server + hosts: nucs + roles: + - kms diff --git a/roles/gitea/templates/app.ini b/roles/gitea/templates/app.ini new file mode 100644 index 0000000..1d6d748 --- /dev/null +++ b/roles/gitea/templates/app.ini @@ -0,0 +1,100 @@ +APP_NAME = Gitea: Git with a cup of tea +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = localhost +SSH_DOMAIN = localhost +HTTP_PORT = 3000 +ROOT_URL = {{ gitea.root_url }} +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = {{ gitea.lfs_jwt_secret }} +OFFLINE_MODE = false + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = sqlite3 +HOST = localhost:3306 +NAME = gitea +USER = root +PASSWD = +LOG_SQL = false +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[attachment] +PATH = /data/gitea/attachments + +[log] +MODE = console +LEVEL = info +ROUTER = console +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = true +SECRET_KEY = +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * +INTERNAL_TOKEN = {{ gitea.internal_token }} +PASSWORD_HASH_ALGO = pbkdf2 + +[service] +DISABLE_REGISTRATION = true +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = true +HOST = {{ gitea.mailer_host }} +FROM = {{ gitea.mailer_from }} +USER = +PASSWD = + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + diff --git a/roles/kms/files/docker-compose.yml b/roles/kms/files/docker-compose.yml new file mode 100644 index 0000000..43e9880 --- /dev/null +++ b/roles/kms/files/docker-compose.yml @@ -0,0 +1,8 @@ +version: "3.7" + +services: + kms-server: + image: teddysun/kms + ports: + - 1688:1688 + restart: always diff --git a/roles/kms/meta/main.yml b/roles/kms/meta/main.yml new file mode 100644 index 0000000..7f5b1d3 --- /dev/null +++ b/roles/kms/meta/main.yml @@ -0,0 +1,4 @@ +dependencies: + - role: common + - role: docker + \ No newline at end of file diff --git a/roles/kms/tasks/main.yml b/roles/kms/tasks/main.yml new file mode 100644 index 0000000..57a0ce4 --- /dev/null +++ b/roles/kms/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Create app directory + file: + path: /apps/kms + state: directory +- name: Copy Docker Compose script + copy: + src: "{{ role_path }}/files/docker-compose.yml" + dest: /apps/kms/docker-compose.yml +- name: Start the Docker Compose + community.docker.docker_compose: + project_src: /apps/kms + pull: true + remove_orphans: true +