New vars, new tasks, new app!

2020-03-22 11:53:49 +01:00 · 2020-03-22 11:53:49 +01:00 · cdca1c47ea
parent 0742d6ea12
commit cdca1c47ea
13 changed files with 231 additions and 22 deletions
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -1,5 +1,34 @@
 ---
 - hosts: all
  tasks:
-    - name: Echo test
-      shell: echo 'post-deploy!'
+    - name: Load variables
+      include_vars:
+        dir: "{{ dokku_lib_root }}/data/ansible/gitea/vars/"
+        extensions:
+          - yaml
+
+    - name: Set HTTP 80 port proxy
+      dokku_ports:
+        app: gitea
+        mappings:
+          - "http:80:3000"
+        state: present
+
+    - name: Setup LE certificates
+      shell: dokku letsencrypt gitea
+      args:
+        creates: /home/dokku/gitea/letsencrypt/certs
+
+    - name: Set HTTP 443 port
+      dokku_ports:
+        app: gitea
+        mappings:
+          - "https:443:3000"
+        state: present
+
+    - name: Remove automatically configured ports
+      dokku_ports:
+        app: gitea
+        mappings:
+          - "http:3000:3000"
+        state: absent
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -3,7 +3,18 @@
  tasks:
    - name: Load variables
      include_vars:
-        file: "{{ dokku_lib_root }}/data/ansible/gitea/vars.yml"
+        dir: "{{ dokku_lib_root }}/data/ansible/gitea/vars/"
+        extensions:
+          - yaml
+
+    - name: Create mariadb database
+      shell: |
+        dokku mariadb:create
+        --custom-env "USER=gitea"
+        --password {{ db_paswd }}
+        --root-password {{ root_db_passwd }}
+      args:
+        creates: /var/lib/dokku/services/mariadb/gitea

    - name: Setup host Gitea group
      group:
@ -33,6 +44,46 @@
        split: ":"
      become: true

+    - name: Create volume mount configuration directory
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: dokku
+        group: dokku
+      with_items:
+        - /var/lib/gitea/gitea/
+        - /var/lib/gitea/gitea/conf
+      become: true
+
+    - name: Copy over app.ini gitea configuration
+      vars:
+        DISABLE_REGISTRATION: true
+        ENABLE_OPENID_SIGNIN: true
+        ENABLE_OPENID_SIGNUP: false
+        INTERNAL_TOKEN: "{{ internal_token }}"
+        JWT_SECRET: "{{ jwt_secret }}"
+        REQUIRE_SIGNIN_VIEW: false
+        ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+        RUN_MODE: prod
+        SECRET_KEY: "{{ secret_key }}"
+      template:
+        src: app.ini.j2
+        dest: /var/lib/gitea/gitea/conf/app.ini
+        owner: dokku
+        group: dokku
+      become: true
+
+    - name: Specify docker volume mounts
+      dokku_storage:
+        app: gitea
+        mounts:
+          - /var/lib/gitea:/data
+          - /etc/timezone:/etc/timezone:ro
+          - /etc/localtime:/etc/localtime:ro
+          - /var/lib/dokku/services/mariadb/gitea:/var/lib/mysql
+      become: true
+      become_user: dokku
+
    - name: Store gitea git user uid/guid
      set_fact:
        gitea_user_uid: "{{ getent_passwd['gitea'][1] }}"
@ -45,3 +96,25 @@
        config:
          USER_GID: "{{ gitea_user_guid }}"
          USER_UID: "{{ gitea_user_uid }}"
+
+    - name: Configure the docker env vars
+      dokku_config:
+        app: gitea
+        restart: false
+        config:
+          ADMIN_MAIL: "{{ autonomic_admin_mail }}"
+          ADMIN_PASS: "{{ autonomic_admin_pass }}"
+          ADMIN_USER: "{{ autonomic_add_user }}"
+          DB_TYPE: mysql
+          DB_HOST: "dokku-mariadb-gitea:3306"
+          DB_NAME: gitea
+          DB_USER: gitea
+          DB_PASSWD: "{{ db_passwd }}"
+          DISABLE_REGISTRATION: true
+          DOMAIN: git.autonomic.zone
+          INSTALL_LOCK: true
+          RUN_MODE: prod
+          USER_GID: "{{ gitea_user_guid }}"
+          USER_UID: "{{ gitea_user_uid }}"
+      become: true
+      become_user: dokku
--- a/ansible/templates/app.ini.j2
+++ b/ansible/templates/app.ini.j2
@ -0,0 +1,60 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = {{ RUN_MODE }}
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH    = /data/gitea
+SSH_DOMAIN       = localhost
+HTTP_PORT        = 3000
+ROOT_URL         =
+DISABLE_SSH      = false
+SSH_PORT         = 22
+SSH_LISTEN_PORT  = 22
+LFS_START_SERVER = false
+LFS_CONTENT_PATH = /data/git/lfs
+
+[database]
+PATH    = /data/gitea/gitea.db
+DB_TYPE = sqlite3
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK   = true
+SECRET_KEY     = {{ SECRET_KEY }}
+INTERNAL_TOKEN = {{ INTERNAL_TOKEN }}
+
+[service]
+ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ ALLOW_ONLY_EXTERNAL_REGISTRATION }}
+DISABLE_REGISTRATION = {{ DISABLE_REGISTRATION }}
+REQUIRE_SIGNIN_VIEW  = {{ REQUIRE_SIGNIN_VIEW }}
+
+[oauth2]
+JWT_SECRET = {{ JWT_SECRET }}
+
+[openid]
+ENABLE_OPENID_SIGNIN = {{ ENABLE_OPENID_SIGNIN }}
+ENABLE_OPENID_SIGNUP = {{ ENABLE_OPENID_SIGNUP }}
+WHITELISTED_URIS = {{ WHITELISTED_URIS }}
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@ -1,15 +0,0 @@
---
-ansible_become_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  63313938306136313835386235363961633861386361656632313666316430353337323539333935
-  6366343537386432376136373161333530333735316662350a343438396334616637376437333138
-  66643064333562363538633466313261383266613463633138393338393765393330316264363363
-  3237663464633262320a373337303461663938616332653664306364396263326566383665303263
-  38313261323833636662333934343463353433333866353835343264626631633266393032633030
-  34313230363838353138643266643830356633306235643032383665323436366534303931373866
-  31633038363033336262376134653561303666353066393431623035313839363937623839646236
-  66626162643231346265653263343733333434623036376536633264626464363664663436396239
-  39646336386238343931653661333665653637363232623432313962653936366637343261373065
-  66366532636234656437373164326130393434396332636162363838653264376233313036633865
-  32623131393030643861616333653734323762626638613134626366646662363365616137333131
-  30346463353066303961
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -0,0 +1,3 @@
+---
+autonomic_admin_mail: helo@autonomic.zone
+autonomic_admin_user: autonomic
--- a/ansible/vars/ansible_become_pass.yml
+++ b/ansible/vars/ansible_become_pass.yml
@ -0,0 +1,8 @@
+---
+ansible_become_pass: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34396236353735666531323238656533643465303131663464613162396333313836363630666266
+  6539323631656635333864316166633064633366323936610a656137616334313534333635313232
+  35323561303763366563316631313638363333393763323935343563303963616334336639386462
+  3837383830616637360a373539613630356564363662393836366462666430353439353637303035
+  63396633303166343433313439303539313637306637663137313533316531616434
--- a/ansible/vars/autonomic_admin_pass.yml
+++ b/ansible/vars/autonomic_admin_pass.yml
@ -0,0 +1,9 @@
+---
+autonomic_admin_pass: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  63346230633033616135653638346366333063316161643339646134653435633631616133383838
+  3334323934346239333237323164383437366633663338620a636662396131343838356637376266
+  63306462613233393863363066343532623139313965323830313535376136373138396364363536
+  3163393262656339640a613630346234313063393130636663353038303266663964653765373134
+  36653431303662616465303334386563643564663832353331623432363138323365666362313731
+  6539306238396362333832343530383731313131383334653133
--- a/ansible/vars/db_passwd.yml
+++ b/ansible/vars/db_passwd.yml
@ -0,0 +1,9 @@
+---
+db_passwd: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  36646464626462336534333030666665636436353163656230366337393435326337653663616539
+  3361353565363637393166643763613762353465386336640a303335633330373266386639633562
+  62393961653038306362656639373031666364353866653862623132633739373630396662386132
+  3436366139613463310a353262613862663836653333376265363032303839383532666632653963
+  66623031646566303130383935366332616662386365326133636163623338646232316433346266
+  3166623035666362646565633265383737323238336531363766
--- a/ansible/vars/internal_token.yml
+++ b/ansible/vars/internal_token.yml
@ -0,0 +1,9 @@
+---
+internal_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  31616533343831326637383239663630626563303865393461613234366630326335383631656330
+  6438653036313733616430653765396161636233336365630a373230653538613562373932393336
+  32333430616136643734393038353430656335343331376330313832323963373264316638306566
+  3735393932666461620a306465643439636433346363666462626335363638303564643236643033
+  62323037643633346635353462613164303530646566313438646231646139373932653139326566
+  3365393963393133633963643465363735333138646536393533
--- a/ansible/vars/jwt_secret.yml
+++ b/ansible/vars/jwt_secret.yml
@ -0,0 +1,9 @@
+---
+jwt_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  37326331613162666263663465303937333038646436623830623464636235373433653334303063
+  6165666262376130613533353130626432323637386364630a353836353536383337643463393138
+  38613935373135366462366336626339326631646131396336303063616234616464363037336630
+  3039363333363032310a336561353262356236666163323735396262383635373133356234653964
+  63323830616431356438393938353161666533383635333131336137623638393937373934666232
+  6636373735373761383430363161646337363335303637633861
--- a/ansible/vars/root_db_passwd.yml
+++ b/ansible/vars/root_db_passwd.yml
@ -0,0 +1,9 @@
+---
+root_db_passwd: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  37646665656335653735623538323830656432386530356633633761303636366433353131303633
+  3939343564363931613466376538386237373166323133370a383962646538643664383166356338
+  34643665336463376661303730376562376362396664313333626262653061633965333930383162
+  6437626637616130360a393862633538333664396334646437353361626539353830326433373666
+  64616238623563393531373236346634356334386461636536663337383666396130366465653335
+  3432353230393164393030643836393164393235386638653537
--- a/ansible/vars/secret_key.yml
+++ b/ansible/vars/secret_key.yml
@ -0,0 +1,9 @@
+---
+secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  63336135353338386564333337313933323635393533663561373463346664323865303361333765
+  3238656235613334323331616330326566626235393237300a666635313239356265623937356431
+  38656336616665393035653133323130396236663466313330346666363130326361623738663330
+  3631393536626266610a343765616361313137613264626433633765303033613437303865313865
+  34343235346466383337386638623364386266626432613036396639653162663233323136613436
+  3537306565356538626161373635613739363638383036366265
--- a/app.json
+++ b/app.json
@ -1,8 +1,5 @@
 {
  "name": "gitea",
  "description": "Gitea is a painless self-hosted Git service.",
-  "repository": "https://gitlab.com/autonomic-cooperative/coop-cloud/gitea",
-  "dokku": {
-    "plugins": ["mariadb"]
-  }
+  "repository": "https://gitlab.com/autonomic-cooperative/coop-cloud/gitea"
 }