Add git service

This commit is contained in:
Wojciech Kozlowski 2022-11-15 00:34:50 +01:00
parent 7b44781078
commit d844925ee0
7 changed files with 135 additions and 0 deletions

View File

@ -15,6 +15,8 @@
cloud:
- "nextcloud"
- "data"
git:
- "data"
tasks:
- include_tasks: tasks/services/b-user/service-user.yml

View File

@ -8,6 +8,8 @@
postgres: "15.0"
cloud:
nextcloud: "25-fpm"
git:
gitea: "1"
tasks:
- import_tasks: tasks/services/c-deploy/00-hosts.yml

View File

@ -0,0 +1,35 @@
server {
listen 80;
server_name git.wojciechkozlowski.eu;
location ^~ /.well-known {
allow all;
root /var/www/html;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
server_name git.wojciechkozlowski.eu;
ssl_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.wojciechkozlowski.eu/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/chain.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://pod-git:3000;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

View File

@ -0,0 +1,53 @@
[Unit]
Description=Podman container-git-gitea.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-git.service
After=pod-git.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id
ExecStart=/usr/bin/podman run \
--conmon-pidfile %t/container-git-gitea.pid \
--cidfile %t/container-git-gitea.ctr-id \
--cgroups=no-conmon \
--pod-id-file %t/pod-git.pod-id \
--replace \
--label "io.containers.autoupdate=image" \
-dt \
--add-host=pod-database:{{ services['database'].address }} \
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
-v /var/lib/yggdrasil/data/pod-git/data/_data:/data \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-e USER_UID="1000" \
-e USER_GID="1000" \
-e GITEA__database__DB_TYPE="postgres" \
-e GITEA__database__HOST="pod-database:5432" \
-e GITEA__database__NAME="{{ services[service_name].database_name }}" \
-e GITEA__database__USER="{{ services[service_name].database_user }}" \
-e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \
-e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
-e GITEA__mailer__ENABLED="true" \
-e GITEA__mailer__FROM="Gitea <git@{{ services[service_name].domain }}>" \
-e GITEA__mailer__MAILER_TYPE="smtp" \
-e GITEA__mailer__HOST="{{ services[service_name].smtp_host }}" \
-e GITEA__mailer__USER="{{ services[service_name].smtp_user }}" \
-e GITEA__mailer__PASSWD="{{ services[service_name].smtp_passwd }}" \
-e GITEA__service__DISABLE_REGISTRATION="true" \
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
--name=pod-git-gitea \
docker.io/gitea/gitea:{{ versions.git.gitea }}
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id
PIDFile=%t/container-git-gitea.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

View File

@ -0,0 +1,24 @@
[Unit]
Description=Podman pod-git.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
Requires=container-git-gitea.service
Before=container-git-gitea.service
OnFailure=status-mail@%n.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile'
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
PIDFile=%t/pod-git.pid
Type=forking
[Install]
WantedBy=multi-user.target default.target

View File

@ -19,6 +19,13 @@
extra_zfs_properties:
canmount: "off"
- name: Create service data backup dataset for user {{ service_user_name }}
zfs:
name: hpool/backup/{{ ansible_hostname }}/data/{{ service_user_name }}
state: present
extra_zfs_properties:
canmount: "off"
- include_tasks: "{{ item }}"
with_first_found:
- files:

View File

@ -10,10 +10,22 @@
set_fact:
local_service_home: "./filesystem/{{ ansible_hostname }}/{{ service_home }}"
- name: Get user info
getent:
database: passwd
key: "{{ service_user_name }}"
- name: Set service variables
set_fact:
service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}"
service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}"
- name: Print service variables
debug:
msg:
- "service_name: {{ service_name }}"
- "service_user_name: {{ service_user_name }}"
- "service_user_uid: {{ service_user_uid }}"
- "service_user_gid: {{ service_user_gid }}"
- "service_home: {{ service_home }}"
- "local_service_home: {{ local_service_home }}"