diff --git a/create-database.yml b/create-database.yml index 2620eef..f46e5b5 100644 --- a/create-database.yml +++ b/create-database.yml @@ -51,7 +51,7 @@ - "{{ item }}" changed_when: False with_items: "{{ cluster_services }}" - when: item in ['connect', 'management_connect', 'keycloak', 'webdav'] + when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea'] - name: Add maria servers to hosts if necessary add_host: @@ -83,6 +83,9 @@ - role: connect-postgres when: "'connect' in group_names" + - role: gitea-postgres + when: "'gitea' in group_names" + - role: keycloak-postgres when: "'keycloak' in group_names" diff --git a/create-realm.yml b/create-realm.yml index 9db81e5..24e2512 100644 --- a/create-realm.yml +++ b/create-realm.yml @@ -69,6 +69,9 @@ - role: connect-realm when: '"connect" in cluster_services' + - role: gitea-realm + when: '"gitea" in cluster_services' + ############################################################# # Sending smardigo management message to process ############################################################# diff --git a/group_vars/gitea/plain.yml b/group_vars/gitea/plain.yml new file mode 100644 index 0000000..4f53922 --- /dev/null +++ b/group_vars/gitea/plain.yml @@ -0,0 +1,23 @@ +--- + +hetzner_server_type: cx21 +hetzner_server_labels: "stage={{ stage }} service=gitea" + +gitea_id: "{{ inventory_hostname }}-gitea" +gitea_postgres_id: "{{ inventory_hostname }}-postgres-gitea" + +gitea_base_url: "{{ gitea_id }}.{{ domain }}" + +# unique id for a service, will be used for service access management as well (e.g. keycloak realm) +gitea_client_id: "{{ cluster_name }}" +gitea_client_secret: "{{ cluster_name }}" + +gitea_client_admin_username: "gitea-admin" +gitea_client_admin_password: "gitea-admin" +gitea_realm_admin_username: "gitea-realm-admin" +gitea_realm_admin_password: "gitea-realm-admin" + +gitea_postgres_host: "{{ shared_service_postgres_01_hostname }}" +gitea_postgres_database: "{{ stage }}_gitea" +gitea_postgres_username: "{{ gitea_postgres_database }}" +gitea_postgres_password: "gitea-postgres-admin" diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index 1797d2e..2e41ca3 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -64,6 +64,11 @@ shared_service_webdav_ip: "{{ stage_server_infos | map(attribute='private_ip') | list | first }}" +shared_service_gitea_ip: "{{ stage_server_infos + | selectattr('name', 'match', stage + '-gitea-01' ) + | map(attribute='private_ip') + | list + | first }}" shared_service_maria_hostname: "{{ stage }}-maria-01" shared_service_postgres_01_hostname: "{{ stage }}-postgres-01" @@ -71,6 +76,7 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01" shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02" shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03" shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01" +shared_service_gitea_hostname: "{{ stage }}-gitea-01" shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}" shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}" @@ -130,6 +136,10 @@ shared_service_hosts: [ { ip: "{{ shared_service_webdav_ip }}", name: "{{ shared_service_webdav_hostname }}" + }, + { + ip: "{{ shared_service_gitea_ip }}", + name: "{{ shared_service_gitea_hostname }}" } ] diff --git a/roles/gitea-postgres/defaults/main.yml b/roles/gitea-postgres/defaults/main.yml new file mode 100644 index 0000000..20b08ba --- /dev/null +++ b/roles/gitea-postgres/defaults/main.yml @@ -0,0 +1,6 @@ +--- + +postgres_acls: + - name: "{{ gitea_postgres_database }}" + password: "{{ gitea_postgres_password }}" + trusted_cidr_entry: "{{ shared_service_network }}" diff --git a/roles/gitea-postgres/tasks/main.yml b/roles/gitea-postgres/tasks/main.yml new file mode 100644 index 0000000..4c21e56 --- /dev/null +++ b/roles/gitea-postgres/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +### tags: +### - remove-data + +- name: "Setup postgres for {{ inventory_hostname }}" + include_role: + name: postgres + tasks_from: _postgres-acls diff --git a/roles/gitea-realm/defaults/main.yml b/roles/gitea-realm/defaults/main.yml new file mode 100644 index 0000000..0b59d4a --- /dev/null +++ b/roles/gitea-realm/defaults/main.yml @@ -0,0 +1,38 @@ +--- + +gitea_client_admin_username: "gitea-admin" +gitea_client_admin_password: "gitea-admin" + +gitea_realm_admin_username: "gitea-realm-admin" +gitea_realm_admin_password: "gitea-realm-admin" + +current_realm_clients: [ + { + name: '{{ gitea_client_id }}', + clientId: "{{ gitea_client_id }}", + admin_url: '', + root_url: '', + redirect_uris: ' + [ + "{{ http_s }}://{{ gitea_base_url }}/*", + ]', + secret: '{{ gitea_client_secret }}', + web_origins: ' + [ + "{{ http_s }}://{{ gitea_base_url }}", + ]', + } +] + +current_realm_users: [ + { + "username": "{{ gitea_client_admin_username }}", + "password": "{{ gitea_client_admin_password }}", + } +] +current_realm_admin_users: [ + { + "username": "{{ gitea_realm_admin_username }}", + "password": "{{ gitea_realm_admin_password }}", + } +] diff --git a/roles/gitea-realm/handlers/main.yml b/roles/gitea-realm/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/gitea-realm/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/gitea-realm/meta/main.yml b/roles/gitea-realm/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/gitea-realm/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/gitea-realm/tasks/main.yml b/roles/gitea-realm/tasks/main.yml new file mode 100644 index 0000000..795609f --- /dev/null +++ b/roles/gitea-realm/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +### tags: + +- name: "Setup realm for {{ inventory_hostname }}" + include_role: + name: keycloak + tasks_from: _authenticate + +- name: "Setup realm for {{ inventory_hostname }}" + include_role: + name: keycloak + tasks_from: _configure_realm + +- name: "Create realm users" + include_role: + name: keycloak + tasks_from: _create_realm_users + +- name: "Create realm admin" + include_role: + name: keycloak + tasks_from: _create_realm_admin diff --git a/roles/gitea-realm/vars/main.yml b/roles/gitea-realm/vars/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/gitea-realm/vars/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml new file mode 100644 index 0000000..7c90c53 --- /dev/null +++ b/roles/gitea/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +gitea_image_name: "gitea/gitea" +gitea_image_version: "1.15" diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/gitea/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/gitea/meta/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..37dabbe --- /dev/null +++ b/roles/gitea/tasks/main.yml @@ -0,0 +1,64 @@ +--- + +### tags: + +- name: "Setup DNS configuration for <{{ gitea_id }}> to <{{ stage_server_ip }}>" + include_role: + name: _digitalocean + tasks_from: domain + vars: + record_data: "{{ stage_server_ip }}" + record_name: "{{ gitea_id }}" + +- name: "Check if {{ gitea_id }}/docker-compose.yml exists" + stat: + path: '{{ service_base_path }}/{{ gitea_id }}/docker-compose.yml' + register: check_docker_compose_file + tags: + - update_deployment + +- name: "Stop {{ gitea_id }}" + shell: docker-compose down + args: + chdir: '{{ service_base_path }}/{{ gitea_id }}' + when: check_docker_compose_file.stat.exists + ignore_errors: yes + tags: + - update_deployment + +- name: "Deploy docker templates for {{ gitea_id }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "_docker" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ gitea_id }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + current_docker: "{{ gitea_docker }}" + +- name: "Deploy service templates for {{ gitea_id }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "gitea" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ gitea_id }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Update {{ gitea_id }}" + shell: docker-compose pull + args: + chdir: '{{ service_base_path }}/{{ gitea_id }}' + tags: + - update_deployment + +- name: "Start {{ gitea_id }}" + shell: docker-compose up -d + args: + chdir: '{{ service_base_path }}/{{ gitea_id }}' + tags: + - update_deployment diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml new file mode 100644 index 0000000..16b9a69 --- /dev/null +++ b/roles/gitea/vars/main.yml @@ -0,0 +1,70 @@ +--- + +gitea_labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ gitea_id }}.service={{ gitea_id }}"', + '"traefik.http.routers.{{ gitea_id }}.rule=Host(`{{ gitea_base_url }}`)"', + '"traefik.http.routers.{{ gitea_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ gitea_id }}.tls=true"', + '"traefik.http.routers.{{ gitea_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ gitea_id }}.loadbalancer.server.port={{ service_port }}"', +] + +gitea_environment: [ + "USER: \"git\"", + "USER_UID: \"1000\"", + "USER_GID: \"1000\"", + "GITEA__database__DB_TYPE: \"postgres\"", + "GITEA__database__HOST: \"{{ gitea_postgres_host }}\"", + "GITEA__database__NAME: \"{{ gitea_postgres_database }}\"", + "GITEA__database__USER: \"{{ gitea_postgres_username }}\"", + "GITEA__database__PASSWD: \"{{ gitea_postgres_password }}\"", +] + +gitea_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + volumes: [ + { + name: "{{ gitea_id }}-data" + }, + ], + services: [ + { + name: "{{ gitea_id }}", + image_name: "{{ gitea_image_name }}", + image_version: "{{ gitea_image_version }}", + labels: "{{ gitea_labels + ( gitea_labels_additional | default([])) }}", + restart: "{{ gitea_service_restart | default('always') }}", + environment: "{{ gitea_environment + ( gitea_environment_additional | default([])) }}", + volumes: [ + '"{{ gitea_id }}-data:/data"', + '"/etc/timezone:/etc/timezone:ro"', + '"/etc/localtime:/etc/localtime:ro"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + ports: [ + { + "external": "3000", + "internal": "3000", + }, + { + "external": "2222", + "internal": "22", + }, + ], + extra_hosts: "{{ gitea_extra_hosts | default([]) }}", + } + ], +} diff --git a/smardigo.yml b/smardigo.yml index 84b8429..559a275 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -45,6 +45,9 @@ - role: maria when: "'maria' in group_names" + - role: gitea + when: "'gitea' in group_names" + - role: awx when: "'awx' in group_names" diff --git a/stage-dev b/stage-dev index 603166f..5b22c23 100644 --- a/stage-dev +++ b/stage-dev @@ -9,6 +9,9 @@ dev-elastic-stack-elastic-01 dev-elastic-stack-elastic-02 dev-elastic-stack-elastic-03 +[gitea] +dev-gitea-01 + [harbor] dev-docker-registry-01 @@ -51,6 +54,7 @@ awx connect elastic harbor +gitea iam keycloak kibana diff --git a/templates/_docker/docker-compose.yml.j2 b/templates/_docker/docker-compose.yml.j2 index b576b04..01f2d55 100644 --- a/templates/_docker/docker-compose.yml.j2 +++ b/templates/_docker/docker-compose.yml.j2 @@ -133,7 +133,7 @@ services: %} ports: {% for item in service.ports %} - - {{ item.external }}:{{ item.internal }} + - "{{ item.external }}:{{ item.internal }}" {% endfor %} {% endif %} {# ########################################### ports #}