Add git service
This commit is contained in:
parent
7b44781078
commit
d844925ee0
@ -15,6 +15,8 @@
|
||||
cloud:
|
||||
- "nextcloud"
|
||||
- "data"
|
||||
git:
|
||||
- "data"
|
||||
|
||||
tasks:
|
||||
- include_tasks: tasks/services/b-user/service-user.yml
|
||||
|
@ -8,6 +8,8 @@
|
||||
postgres: "15.0"
|
||||
cloud:
|
||||
nextcloud: "25-fpm"
|
||||
git:
|
||||
gitea: "1"
|
||||
|
||||
tasks:
|
||||
- import_tasks: tasks/services/c-deploy/00-hosts.yml
|
||||
|
@ -0,0 +1,35 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name git.wojciechkozlowski.eu;
|
||||
|
||||
location ^~ /.well-known {
|
||||
allow all;
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name git.wojciechkozlowski.eu;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.wojciechkozlowski.eu/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/chain.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://pod-git:3000;
|
||||
}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,53 @@
|
||||
[Unit]
|
||||
Description=Podman container-git-gitea.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
BindsTo=pod-git.service
|
||||
After=pod-git.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/container-git-gitea.pid %t/container-git-gitea.ctr-id
|
||||
ExecStart=/usr/bin/podman run \
|
||||
--conmon-pidfile %t/container-git-gitea.pid \
|
||||
--cidfile %t/container-git-gitea.ctr-id \
|
||||
--cgroups=no-conmon \
|
||||
--pod-id-file %t/pod-git.pod-id \
|
||||
--replace \
|
||||
--label "io.containers.autoupdate=image" \
|
||||
-dt \
|
||||
--add-host=pod-database:{{ services['database'].address }} \
|
||||
-v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro \
|
||||
-v /var/lib/yggdrasil/data/pod-git/data/_data:/data \
|
||||
-v /etc/timezone:/etc/timezone:ro \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
-e USER_UID="1000" \
|
||||
-e USER_GID="1000" \
|
||||
-e GITEA__database__DB_TYPE="postgres" \
|
||||
-e GITEA__database__HOST="pod-database:5432" \
|
||||
-e GITEA__database__NAME="{{ services[service_name].database_name }}" \
|
||||
-e GITEA__database__USER="{{ services[service_name].database_user }}" \
|
||||
-e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \
|
||||
-e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \
|
||||
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
||||
-e GITEA__mailer__ENABLED="true" \
|
||||
-e GITEA__mailer__FROM="Gitea <git@{{ services[service_name].domain }}>" \
|
||||
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
||||
-e GITEA__mailer__HOST="{{ services[service_name].smtp_host }}" \
|
||||
-e GITEA__mailer__USER="{{ services[service_name].smtp_user }}" \
|
||||
-e GITEA__mailer__PASSWD="{{ services[service_name].smtp_passwd }}" \
|
||||
-e GITEA__service__DISABLE_REGISTRATION="true" \
|
||||
-e GITEA__service__ENABLE_NOTIFY_MAIL="true" \
|
||||
--name=pod-git-gitea \
|
||||
docker.io/gitea/gitea:{{ versions.git.gitea }}
|
||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-git-gitea.ctr-id -t 10
|
||||
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-git-gitea.ctr-id
|
||||
PIDFile=%t/container-git-gitea.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -0,0 +1,24 @@
|
||||
[Unit]
|
||||
Description=Podman pod-git.service
|
||||
Documentation=man:podman-generate-systemd(1)
|
||||
Wants=network.target
|
||||
After=network-online.target
|
||||
Requires=container-git-gitea.service
|
||||
Before=container-git-gitea.service
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||
Restart=on-failure
|
||||
TimeoutStopSec=70
|
||||
ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > /var/lib/{{ ansible_hostname }}/containers/pod-git/pidfile'
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
|
||||
PIDFile=%t/pod-git.pid
|
||||
Type=forking
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target default.target
|
@ -19,6 +19,13 @@
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
||||
- name: Create service data backup dataset for user {{ service_user_name }}
|
||||
zfs:
|
||||
name: hpool/backup/{{ ansible_hostname }}/data/{{ service_user_name }}
|
||||
state: present
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
||||
- include_tasks: "{{ item }}"
|
||||
with_first_found:
|
||||
- files:
|
||||
|
@ -10,10 +10,22 @@
|
||||
set_fact:
|
||||
local_service_home: "./filesystem/{{ ansible_hostname }}/{{ service_home }}"
|
||||
|
||||
- name: Get user info
|
||||
getent:
|
||||
database: passwd
|
||||
key: "{{ service_user_name }}"
|
||||
|
||||
- name: Set service variables
|
||||
set_fact:
|
||||
service_user_uid: "{{ ansible_facts.getent_passwd[service_user_name].1 }}"
|
||||
service_user_gid: "{{ ansible_facts.getent_passwd[service_user_name].2 }}"
|
||||
|
||||
- name: Print service variables
|
||||
debug:
|
||||
msg:
|
||||
- "service_name: {{ service_name }}"
|
||||
- "service_user_name: {{ service_user_name }}"
|
||||
- "service_user_uid: {{ service_user_uid }}"
|
||||
- "service_user_gid: {{ service_user_gid }}"
|
||||
- "service_home: {{ service_home }}"
|
||||
- "local_service_home: {{ local_service_home }}"
|
||||
|
Loading…
Reference in New Issue
Block a user