From d844925ee0af6914ac09cf894b34e1d5ecf4e52d Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Tue, 15 Nov 2022 00:34:50 +0100 Subject: [PATCH] Add git service --- playbooks/02b-services-user.yml | 2 + playbooks/02c-services-deploy.yml | 2 + .../git.wojciechkozlowski.eu.conf | 35 ++++++++++++ .../user/container-git-gitea.service.j2 | 53 +++++++++++++++++++ .../.config/systemd/user/pod-git.service.j2 | 24 +++++++++ .../b-user/service-user/01-zfs-datasets.yml | 7 +++ playbooks/tasks/services/vars.yml | 12 +++++ 7 files changed, 135 insertions(+) create mode 100644 playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/container-git-gitea.service.j2 create mode 100644 playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/pod-git.service.j2 diff --git a/playbooks/02b-services-user.yml b/playbooks/02b-services-user.yml index 33c8973..ecd8345 100644 --- a/playbooks/02b-services-user.yml +++ b/playbooks/02b-services-user.yml @@ -15,6 +15,8 @@ cloud: - "nextcloud" - "data" + git: + - "data" tasks: - include_tasks: tasks/services/b-user/service-user.yml diff --git a/playbooks/02c-services-deploy.yml b/playbooks/02c-services-deploy.yml index f3cd64d..e7567ed 100644 --- a/playbooks/02c-services-deploy.yml +++ b/playbooks/02c-services-deploy.yml @@ -8,6 +8,8 @@ postgres: "15.0" cloud: nextcloud: "25-fpm" + git: + gitea: "1" tasks: - import_tasks: tasks/services/c-deploy/00-hosts.yml diff --git a/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf b/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf new file mode 100644 index 0000000..463b6ed --- /dev/null +++ b/playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx-conf.d/git.wojciechkozlowski.eu.conf @@ -0,0 +1,35 @@ +server { + listen 80; + server_name git.wojciechkozlowski.eu; + + location ^~ /.well-known { + allow all; + root /var/www/html; + } + + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl; + server_name git.wojciechkozlowski.eu; + + ssl_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/chain.pem; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://pod-git:3000; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/container-git-gitea.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/container-git-gitea.service.j2 new file mode 100644 index 0000000..7c242f3 --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/container-git-gitea.service.j2 @@ -0,0 +1,53 @@ +[Unit] +Description=Podman container-git-gitea.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +BindsTo=pod-git.service +After=pod-git.service +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id +ExecStart=/usr/bin/podman run \ + --conmon-pidfile %t/container-git-gitea.pid \ + --cidfile %t/container-git-gitea.ctr-id \ + --cgroups=no-conmon \ + --pod-id-file %t/pod-git.pod-id \ + --replace \ + --label "io.containers.autoupdate=image" \ + -dt \ + --add-host=pod-database:{{ services['database'].address }} \ + -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \ + -v /var/lib/yggdrasil/data/pod-git/data/_data:/data \ + -v /etc/timezone:/etc/timezone:ro \ + -v /etc/localtime:/etc/localtime:ro \ + -e USER_UID="1000" \ + -e USER_GID="1000" \ + -e GITEA__database__DB_TYPE="postgres" \ + -e GITEA__database__HOST="pod-database:5432" \ + -e GITEA__database__NAME="{{ services[service_name].database_name }}" \ + -e GITEA__database__USER="{{ services[service_name].database_user }}" \ + -e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \ + -e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \ + -e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \ + -e GITEA__mailer__ENABLED="true" \ + -e GITEA__mailer__FROM="Gitea " \ + -e GITEA__mailer__MAILER_TYPE="smtp" \ + -e GITEA__mailer__HOST="{{ services[service_name].smtp_host }}" \ + -e GITEA__mailer__USER="{{ services[service_name].smtp_user }}" \ + -e GITEA__mailer__PASSWD="{{ services[service_name].smtp_passwd }}" \ + -e GITEA__service__DISABLE_REGISTRATION="true" \ + -e GITEA__service__ENABLE_NOTIFY_MAIL="true" \ + --name=pod-git-gitea \ + docker.io/gitea/gitea:{{ versions.git.gitea }} +ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10 +ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id +PIDFile=%t/container-git-gitea.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target diff --git a/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/pod-git.service.j2 b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/pod-git.service.j2 new file mode 100644 index 0000000..c52d4cd --- /dev/null +++ b/playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-git/.config/systemd/user/pod-git.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Podman pod-git.service +Documentation=man:podman-generate-systemd(1) +Wants=network.target +After=network-online.target +Requires=container-git-gitea.service +Before=container-git-gitea.service +OnFailure=status-mail@%n.service + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace +ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id +ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile' +ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10 +ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id +PIDFile=%t/pod-git.pid +Type=forking + +[Install] +WantedBy=multi-user.target default.target diff --git a/playbooks/tasks/services/b-user/service-user/01-zfs-datasets.yml b/playbooks/tasks/services/b-user/service-user/01-zfs-datasets.yml index eb18f5e..39182c0 100644 --- a/playbooks/tasks/services/b-user/service-user/01-zfs-datasets.yml +++ b/playbooks/tasks/services/b-user/service-user/01-zfs-datasets.yml @@ -19,6 +19,13 @@ extra_zfs_properties: canmount: "off" +- name: Create service data backup dataset for user {{ service_user_name }} + zfs: + name: hpool/backup/{{ ansible_hostname }}/data/{{ service_user_name }} + state: present + extra_zfs_properties: + canmount: "off" + - include_tasks: "{{ item }}" with_first_found: - files: diff --git a/playbooks/tasks/services/vars.yml b/playbooks/tasks/services/vars.yml index 487cc5f..25506e9 100644 --- a/playbooks/tasks/services/vars.yml +++ b/playbooks/tasks/services/vars.yml @@ -10,10 +10,22 @@ set_fact: local_service_home: "./filesystem/{{ ansible_hostname }}/{{ service_home }}" +- name: Get user info + getent: + database: passwd + key: "{{ service_user_name }}" + +- name: Set service variables + set_fact: + service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}" + service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}" + - name: Print service variables debug: msg: - "service_name: {{ service_name }}" - "service_user_name: {{ service_user_name }}" + - "service_user_uid: {{ service_user_uid }}" + - "service_user_gid: {{ service_user_gid }}" - "service_home: {{ service_home }}" - "local_service_home: {{ local_service_home }}"