diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml index 7e0fdf0..a2d8d0d 100644 --- a/ansible/inventory/group_vars/all.yml +++ b/ansible/inventory/group_vars/all.yml @@ -1,2 +1 @@ data_directory_base: /mnt/data -git_ssh_port: 56287 diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml index 42ea65c..dd6b196 100644 --- a/ansible/inventory/host_vars/manager.yml +++ b/ansible/inventory/host_vars/manager.yml @@ -2,10 +2,8 @@ docker_node_labels: - hostname: maestro labels: traefik: "true" - forgejo: "true" - hostname: worker1 labels: syncthing: "true" -data_directories: - - 'forgejo' +data_directories: [] diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml index b05ec39..c888a34 100644 --- a/ansible/playbooks/stacks.yml +++ b/ansible/playbooks/stacks.yml @@ -4,4 +4,3 @@ roles: - {role: traefik, tags: traefik} - {role: syncthing, tags: syncthing} - - {role: forgejo, tags: forgejo} diff --git a/ansible/roles/forgejo/app.ini.j2 b/ansible/roles/forgejo/app.ini.j2 deleted file mode 100644 index 9641715..0000000 --- a/ansible/roles/forgejo/app.ini.j2 +++ /dev/null @@ -1,104 +0,0 @@ -APP_NAME = Forgejo: Beyond coding. We forge. -RUN_MODE = prod -RUN_USER = git - -[repository] -ROOT = /data/git/repositories -DEFAULT_BRANCH = master - -[repository.local] -LOCAL_COPY_PATH = /data/gitea/tmp/local-repo - -[repository.upload] -TEMP_PATH = /data/gitea/uploads - -[server] -APP_DATA_PATH = /data/gitea -DOMAIN = {{ git_domain }} -SSH_DOMAIN = {{ git_domain }} -HTTP_PORT = 3000 -ROOT_URL = {{ root_url }} -DISABLE_SSH = false -SSH_PORT = {{ git_ssh_port }} -SSH_LISTEN_PORT = 22 -LFS_START_SERVER = true -LFS_JWT_SECRET = {{ lfs_jwt_secret }} -OFFLINE_MODE = false - -[database] -PATH = /data/gitea/gitea.db -DB_TYPE = sqlite3 -HOST = localhost:3306 -NAME = gitea -USER = root -PASSWD = -LOG_SQL = false -SCHEMA = -SSL_MODE = disable -CHARSET = utf8 - -[indexer] -ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve -ISSUE_INDEXER_TYPE = db - -[session] -PROVIDER_CONFIG = /data/gitea/sessions -PROVIDER = file - -[picture] -AVATAR_UPLOAD_PATH = /data/gitea/avatars -REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars -ENABLE_FEDERATED_AVATAR = false - -[attachment] -PATH = /data/gitea/attachments - -[log] -MODE = console -LEVEL = info -ROUTER = console -ROOT_PATH = /data/gitea/log - -[security] -INSTALL_LOCK = true -SECRET_KEY = -REVERSE_PROXY_LIMIT = 1 -REVERSE_PROXY_TRUSTED_PROXIES = * -INTERNAL_TOKEN = {{ internal_token }} -PASSWORD_HASH_ALGO = pbkdf2 - -[service] -DISABLE_REGISTRATION = true -REQUIRE_SIGNIN_VIEW = false -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = false -ALLOW_ONLY_EXTERNAL_REGISTRATION = false -ENABLE_CAPTCHA = false -DEFAULT_KEEP_EMAIL_PRIVATE = true -DEFAULT_ALLOW_CREATE_ORGANIZATION = true -DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = noreply.localhost - -[lfs] -PATH = /data/git/lfs - -[mailer] -ENABLED = true -SMTP_ADDR = {{ mailer_host }} -SMTP_PORT = 587 -FROM = {{ mailer_from }} -USER = -PASSWD = - -[openid] -ENABLE_OPENID_SIGNIN = true -ENABLE_OPENID_SIGNUP = false - -[repository.pull-request] -DEFAULT_MERGE_STYLE = merge - -[repository.signing] -DEFAULT_TRUST_MODEL = committer - -[ui] -DEFAULT_THEME = forgejo-light diff --git a/ansible/roles/forgejo/docker-stack.yml.j2 b/ansible/roles/forgejo/docker-stack.yml.j2 deleted file mode 100644 index 1bd5b19..0000000 --- a/ansible/roles/forgejo/docker-stack.yml.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# vi: ft=yaml -version: "3" - -networks: - traefik: - external: true - -configs: - config: - file: /srv/forgejo/app.ini - -services: - server: - image: codeberg.org/forgejo/forgejo:1.18 - environment: - - USER_UID=1000 - - USER_GID=1000 - networks: - - traefik - ports: - - "{{ git_ssh_port }}:22" - volumes: - - type: bind - source: /mnt/data/forgejo - target: /data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - deploy: - placement: - constraints: - - "node.labels.forgejo == true" - labels: - - traefik.port=443 - - traefik.enable=true - - traefik.http.routers.forgejo.entrypoints=websecure - - traefik.http.routers.forgejo.rule=Host(`{{ git_domain }}`) - - traefik.http.routers.forgejo.tls=true - - traefik.http.routers.forgejo.tls.certresolver=letsencrypt - - traefik.http.routers.forgejo.service=forgejo - - traefik.http.services.forgejo.loadbalancer.server.port=3000 - - traefik.docker.network=traefik - configs: - - source: config - target: /data/gitea/conf/app.ini diff --git a/ansible/roles/forgejo/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml deleted file mode 100644 index 0c8db5c..0000000 --- a/ansible/roles/forgejo/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: Create working directory - file: - path: /srv/forgejo - state: directory - -- name: Copy config file - template: - src: "{{ role_path }}/app.ini.j2" - dest: /srv/forgejo/app.ini - -- name: Copy Docker stack file - template: - src: "{{ role_path }}/docker-stack.yml.j2" - dest: /srv/forgejo/docker-stack.yml - -- name: Deploy Docker stack - docker_stack: - name: forgejo - compose: - - /srv/forgejo/docker-stack.yml diff --git a/ansible/roles/forgejo/vars/main.yml b/ansible/roles/forgejo/vars/main.yml deleted file mode 100644 index 2bcaa33..0000000 --- a/ansible/roles/forgejo/vars/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -git_domain: "git.pim.kunis.nl" -root_url: "https://{{ git_domain }}" -mailer_host: "smtp.tweak.nl" -mailer_from: "git@kunis.nl" -lfs_jwt_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66613032363837346461326131303839646332646233633736623865346135623739343233396165 - 6530326162323466623939393133623336366466343837620a613532616365646137326138383235 - 32313264653262656564336531646662323039623865393366616536633531306430336137313862 - 3361373539373561390a653236306433393737616561306236343362396438366134313032656233 - 35626364373961613361366138383566353463626136393861383934326263383336393766623063 - 3434656437663165376635326139383065383861386133623765 -internal_token: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62633334656235613035343830326237633637626639363465313861323734393766636464303862 - 3936306561343863316630616164616537323537333262650a336337303232623832636666353038 - 64313134383330646537356432383332386238373835656663313431373939373630373566396339 - 6561643037383666340a643464326531623731303564646464376239613263643761643766623930 - 37623362326561346262306331376663313661633635323435333339396138383134303364306532 - 37353264363737643965643932356336633734316534303262336461313038626538396536333964 - 36353635323731353061393430656166363263366437313434336139616666326335633037663336 - 37353665613938613731316330396461343632643039643864343164303937613263343262623964 - 33366364636339623633653035313736653563363064646233383437373431373232 diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2 index 22aeb59..6bdc7cd 100644 --- a/ansible/roles/traefik/docker-stack.yml.j2 +++ b/ansible/roles/traefik/docker-stack.yml.j2 @@ -11,7 +11,6 @@ services: networks: - traefik ports: - - 443:443 - 80:80 - 8080:8080 deploy: @@ -26,9 +25,6 @@ services: - type: bind source: /var/run/docker.sock target: /var/run/docker.sock - - type: bind - source: /mnt/data/traefik/acme.json - target: /acme.json command: - --providers.docker - --providers.docker.swarmmode @@ -37,13 +33,4 @@ services: - --api.insecure=true - --api.dashboard=true - --entrypoints.web.address=:80 - - --entrypoints.web.http.redirections.entrypoint=true - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - - --entrypoints.web.http.redirections.entrypoint.permanent=true - - --entrypoints.websecure.address=:443 - --providers.docker.exposedbydefault=false - - --certificatesresolvers.letsencrypt.acme=true - - --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl - - --certificatesresolvers.letsencrypt.acme.httpchallenge=true - - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web