Add git service
This commit is contained in:
parent
7b44781078
commit
d844925ee0
@ -15,6 +15,8 @@
|
|||||||
cloud:
|
cloud:
|
||||||
- "nextcloud"
|
- "nextcloud"
|
||||||
- "data"
|
- "data"
|
||||||
|
git:
|
||||||
|
- "data"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- include_tasks: tasks/services/b-user/service-user.yml
|
- include_tasks: tasks/services/b-user/service-user.yml
|
||||||
|
@ -8,6 +8,8 @@
|
|||||||
postgres: "15.0"
|
postgres: "15.0"
|
||||||
cloud:
|
cloud:
|
||||||
nextcloud: "25-fpm"
|
nextcloud: "25-fpm"
|
||||||
|
git:
|
||||||
|
gitea: "1"
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_tasks: tasks/services/c-deploy/00-hosts.yml
|
- import_tasks: tasks/services/c-deploy/00-hosts.yml
|
||||||
|
@ -0,0 +1,35 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name git.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
location ^~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name git.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/git.wojciechkozlowski.eu/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/chain.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://pod-git:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,53 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman container-git-gitea.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
BindsTo=pod-git.service
|
||||||
|
After=pod-git.service
|
||||||
|
OnFailure=status-mail@%n.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id
|
||||||
|
ExecStart=/usr/bin/podman run \
|
||||||
|
--conmon-pidfile %t/container-git-gitea.pid \
|
||||||
|
--cidfile %t/container-git-gitea.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--pod-id-file %t/pod-git.pod-id \
|
||||||
|
--replace \
|
||||||
|
--label "io.containers.autoupdate=image" \
|
||||||
|
-dt \
|
||||||
|
--add-host=pod-database:{{ services['database'].address }} \
|
||||||
|
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v /var/lib/yggdrasil/data/pod-git/data/_data:/data \
|
||||||
|
-v /etc/timezone:/etc/timezone:ro \
|
||||||
|
-v /etc/localtime:/etc/localtime:ro \
|
||||||
|
-e USER_UID="1000" \
|
||||||
|
-e USER_GID="1000" \
|
||||||
|
-e GITEA__database__DB_TYPE="postgres" \
|
||||||
|
-e GITEA__database__HOST="pod-database:5432" \
|
||||||
|
-e GITEA__database__NAME="{{ services[service_name].database_name }}" \
|
||||||
|
-e GITEA__database__USER="{{ services[service_name].database_user }}" \
|
||||||
|
-e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \
|
||||||
|
-e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \
|
||||||
|
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
||||||
|
-e GITEA__mailer__ENABLED="true" \
|
||||||
|
-e GITEA__mailer__FROM="Gitea <git@{{ services[service_name].domain }}>" \
|
||||||
|
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
||||||
|
-e GITEA__mailer__HOST="{{ services[service_name].smtp_host }}" \
|
||||||
|
-e GITEA__mailer__USER="{{ services[service_name].smtp_user }}" \
|
||||||
|
-e GITEA__mailer__PASSWD="{{ services[service_name].smtp_passwd }}" \
|
||||||
|
-e GITEA__service__DISABLE_REGISTRATION="true" \
|
||||||
|
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
|
||||||
|
--name=pod-git-gitea \
|
||||||
|
docker.io/gitea/gitea:{{ versions.git.gitea }}
|
||||||
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10
|
||||||
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id
|
||||||
|
PIDFile=%t/container-git-gitea.pid
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
@ -0,0 +1,24 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman pod-git.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
Wants=network.target
|
||||||
|
After=network-online.target
|
||||||
|
Requires=container-git-gitea.service
|
||||||
|
Before=container-git-gitea.service
|
||||||
|
OnFailure=status-mail@%n.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
||||||
|
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
||||||
|
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
||||||
|
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile'
|
||||||
|
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
|
||||||
|
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
|
||||||
|
PIDFile=%t/pod-git.pid
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target default.target
|
@ -19,6 +19,13 @@
|
|||||||
extra_zfs_properties:
|
extra_zfs_properties:
|
||||||
canmount: "off"
|
canmount: "off"
|
||||||
|
|
||||||
|
- name: Create service data backup dataset for user {{ service_user_name }}
|
||||||
|
zfs:
|
||||||
|
name: hpool/backup/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||||
|
state: present
|
||||||
|
extra_zfs_properties:
|
||||||
|
canmount: "off"
|
||||||
|
|
||||||
- include_tasks: "{{ item }}"
|
- include_tasks: "{{ item }}"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- files:
|
- files:
|
||||||
|
@ -10,10 +10,22 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
local_service_home: "./filesystem/{{ ansible_hostname }}/{{ service_home }}"
|
local_service_home: "./filesystem/{{ ansible_hostname }}/{{ service_home }}"
|
||||||
|
|
||||||
|
- name: Get user info
|
||||||
|
getent:
|
||||||
|
database: passwd
|
||||||
|
key: "{{ service_user_name }}"
|
||||||
|
|
||||||
|
- name: Set service variables
|
||||||
|
set_fact:
|
||||||
|
service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}"
|
||||||
|
service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}"
|
||||||
|
|
||||||
- name: Print service variables
|
- name: Print service variables
|
||||||
debug:
|
debug:
|
||||||
msg:
|
msg:
|
||||||
- "service_name: {{ service_name }}"
|
- "service_name: {{ service_name }}"
|
||||||
- "service_user_name: {{ service_user_name }}"
|
- "service_user_name: {{ service_user_name }}"
|
||||||
|
- "service_user_uid: {{ service_user_uid }}"
|
||||||
|
- "service_user_gid: {{ service_user_gid }}"
|
||||||
- "service_home: {{ service_home }}"
|
- "service_home: {{ service_home }}"
|
||||||
- "local_service_home: {{ local_service_home }}"
|
- "local_service_home: {{ local_service_home }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user