feat: added new service: gitea

create-database.yml

@@ -51,7 +51,7 @@
         - "{{ item }}"
       changed_when: False
       with_items: "{{ cluster_services }}"
-      when: item in ['connect', 'management_connect', 'keycloak', 'webdav']
+      when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea']
 
     - name: Add maria servers to hosts if necessary
       add_host:
@@ -83,6 +83,9 @@
     - role: connect-postgres
       when: "'connect' in group_names"
 
+    - role: gitea-postgres
+      when: "'gitea' in group_names"
+
     - role: keycloak-postgres
       when: "'keycloak' in group_names"
 

create-realm.yml

@@ -69,6 +69,9 @@
     - role: connect-realm
       when: '"connect" in cluster_services'
 
+    - role: gitea-realm
+      when: '"gitea" in cluster_services'
+
 #############################################################
 # Sending smardigo management message to process
 #############################################################

group_vars/gitea/plain.yml

@@ -0,0 +1,23 @@
+---
+
+hetzner_server_type: cx21
+hetzner_server_labels: "stage={{ stage }} service=gitea"
+
+gitea_id: "{{ inventory_hostname }}-gitea"
+gitea_postgres_id: "{{ inventory_hostname }}-postgres-gitea"
+
+gitea_base_url: "{{ gitea_id }}.{{ domain }}"
+
+# unique id for a service, will be used for service access management as well (e.g. keycloak realm)
+gitea_client_id: "{{ cluster_name }}"
+gitea_client_secret: "{{ cluster_name }}"
+
+gitea_client_admin_username: "gitea-admin"
+gitea_client_admin_password: "gitea-admin"
+gitea_realm_admin_username: "gitea-realm-admin"
+gitea_realm_admin_password: "gitea-realm-admin"
+
+gitea_postgres_host: "{{ shared_service_postgres_01_hostname }}"
+gitea_postgres_database: "{{ stage }}_gitea"
+gitea_postgres_username: "{{ gitea_postgres_database }}"
+gitea_postgres_password: "gitea-postgres-admin"

group_vars/stage_dev/plain.yml

@@ -64,6 +64,11 @@ shared_service_webdav_ip: "{{ stage_server_infos
   | map(attribute='private_ip')
   | list
   | first }}"
+shared_service_gitea_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-gitea-01' )
+  | map(attribute='private_ip')
+  | list
+  | first }}"
 
 shared_service_maria_hostname: "{{ stage }}-maria-01"
 shared_service_postgres_01_hostname: "{{ stage }}-postgres-01"
@@ -71,6 +76,7 @@ shared_service_elastic_stack_01_hostname: "{{ stage }}-elastic-stack-elastic-01"
 shared_service_elastic_stack_02_hostname: "{{ stage }}-elastic-stack-elastic-02"
 shared_service_elastic_stack_03_hostname: "{{ stage }}-elastic-stack-elastic-03"
 shared_service_elastic_stack_logstash_01_hostname: "{{ stage }}-elastic-stack-logstash-01"
+shared_service_gitea_hostname: "{{ stage }}-gitea-01"
 
 shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
 shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
@@ -130,6 +136,10 @@ shared_service_hosts: [
   {
     ip: "{{ shared_service_webdav_ip }}",
     name: "{{ shared_service_webdav_hostname }}"
+  },
+  {
+    ip: "{{ shared_service_gitea_ip }}",
+    name: "{{ shared_service_gitea_hostname }}"
   }
 ]
 

roles/gitea-postgres/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+
+postgres_acls:
+  - name: "{{ gitea_postgres_database }}"
+    password: "{{ gitea_postgres_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"

roles/gitea-postgres/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+
+### tags:
+###     - remove-data
+
+- name: "Setup postgres for {{ inventory_hostname }}"
+  include_role:
+    name: postgres
+    tasks_from: _postgres-acls

roles/gitea-realm/defaults/main.yml

@@ -0,0 +1,38 @@
+---
+
+gitea_client_admin_username: "gitea-admin"
+gitea_client_admin_password: "gitea-admin"
+
+gitea_realm_admin_username: "gitea-realm-admin"
+gitea_realm_admin_password: "gitea-realm-admin"
+
+current_realm_clients: [
+  {
+    name: '{{ gitea_client_id }}',
+    clientId: "{{ gitea_client_id }}",
+    admin_url: '',
+    root_url: '',
+    redirect_uris: '
+      [
+        "{{ http_s }}://{{ gitea_base_url }}/*",
+      ]',
+    secret: '{{ gitea_client_secret }}',
+    web_origins: '
+      [
+        "{{ http_s }}://{{ gitea_base_url }}",
+      ]',
+  }
+]
+
+current_realm_users: [
+  {
+    "username": "{{ gitea_client_admin_username }}",
+    "password": "{{ gitea_client_admin_password }}",
+  }
+]
+current_realm_admin_users: [
+  {
+    "username": "{{ gitea_realm_admin_username }}",
+    "password": "{{ gitea_realm_admin_password }}",
+  }
+]

roles/gitea-realm/handlers/main.yml

@@ -0,0 +1 @@
+---

roles/gitea-realm/meta/main.yml

@@ -0,0 +1 @@
+---

roles/gitea-realm/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+### tags:
+
+- name: "Setup realm for {{ inventory_hostname }}"
+  include_role:
+    name: keycloak
+    tasks_from: _authenticate
+
+- name: "Setup realm for {{ inventory_hostname }}"
+  include_role:
+    name: keycloak
+    tasks_from: _configure_realm
+
+- name: "Create realm users"
+  include_role:
+    name: keycloak
+    tasks_from: _create_realm_users
+
+- name: "Create realm admin"
+  include_role:
+    name: keycloak
+    tasks_from: _create_realm_admin

roles/gitea-realm/vars/main.yml

@@ -0,0 +1 @@
+---

roles/gitea/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+
+gitea_image_name: "gitea/gitea"
+gitea_image_version: "1.15"

roles/gitea/handlers/main.yml

@@ -0,0 +1 @@
+---

roles/gitea/meta/main.yml

@@ -0,0 +1 @@
+---

roles/gitea/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+
+### tags:
+
+- name: "Setup DNS configuration for <{{ gitea_id }}> to <{{ stage_server_ip }}>"
+  include_role:
+    name: _digitalocean
+    tasks_from: domain
+  vars:
+    record_data: "{{ stage_server_ip }}"
+    record_name: "{{ gitea_id }}"
+
+- name: "Check if {{ gitea_id }}/docker-compose.yml exists"
+  stat:
+    path: '{{ service_base_path }}/{{ gitea_id }}/docker-compose.yml'
+  register: check_docker_compose_file
+  tags:
+    - update_deployment
+
+- name: "Stop {{ gitea_id }}"
+  shell: docker-compose down
+  args:
+    chdir: '{{ service_base_path }}/{{ gitea_id }}'
+  when: check_docker_compose_file.stat.exists
+  ignore_errors: yes
+  tags:
+    - update_deployment
+
+- name: "Deploy docker templates for {{ gitea_id }}"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "_docker"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ gitea_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+    current_docker: "{{ gitea_docker }}"
+
+- name: "Deploy service templates for {{ gitea_id }}"
+  include_role:
+    name: _deploy
+    tasks_from: templates
+  vars:
+    current_config: "gitea"
+    current_base_path: "{{ service_base_path }}"
+    current_destination: "{{ gitea_id }}"
+    current_owner: "{{ docker_owner }}"
+    current_group: "{{ docker_group }}"
+
+- name: "Update {{ gitea_id }}"
+  shell: docker-compose pull
+  args:
+    chdir: '{{ service_base_path }}/{{ gitea_id }}'
+  tags:
+    - update_deployment
+
+- name: "Start {{ gitea_id }}"
+  shell: docker-compose up -d
+  args:
+    chdir: '{{ service_base_path }}/{{ gitea_id }}'
+  tags:
+    - update_deployment

roles/gitea/vars/main.yml

@@ -0,0 +1,70 @@
+---
+
+gitea_labels: [
+  '"traefik.enable=true"',
+  '"traefik.http.routers.{{ gitea_id }}.service={{ gitea_id }}"',
+  '"traefik.http.routers.{{ gitea_id }}.rule=Host(`{{ gitea_base_url }}`)"',
+  '"traefik.http.routers.{{ gitea_id }}.entrypoints=websecure"',
+  '"traefik.http.routers.{{ gitea_id }}.tls=true"',
+  '"traefik.http.routers.{{ gitea_id }}.tls.certresolver=letsencrypt"',
+  '"traefik.http.services.{{ gitea_id }}.loadbalancer.server.port={{ service_port }}"',
+]
+
+gitea_environment: [
+  "USER: \"git\"",
+  "USER_UID: \"1000\"",
+  "USER_GID: \"1000\"",
+  "GITEA__database__DB_TYPE: \"postgres\"",
+  "GITEA__database__HOST: \"{{ gitea_postgres_host }}\"",
+  "GITEA__database__NAME: \"{{ gitea_postgres_database }}\"",
+  "GITEA__database__USER: \"{{ gitea_postgres_username }}\"",
+  "GITEA__database__PASSWD: \"{{ gitea_postgres_password }}\"",
+]
+
+gitea_docker: {
+  networks: [
+    {
+      name: back-tier,
+      external: true,
+    },
+    {
+      name: front-tier,
+      external: true,
+    },
+  ],
+  volumes: [
+    {
+      name: "{{ gitea_id }}-data"
+    },
+  ],
+  services: [
+    {
+      name: "{{ gitea_id }}",
+      image_name: "{{ gitea_image_name }}",
+      image_version: "{{ gitea_image_version }}",
+      labels: "{{ gitea_labels + ( gitea_labels_additional | default([])) }}",
+      restart: "{{ gitea_service_restart | default('always') }}",
+      environment: "{{ gitea_environment + ( gitea_environment_additional | default([])) }}",
+      volumes: [
+        '"{{ gitea_id }}-data:/data"',
+        '"/etc/timezone:/etc/timezone:ro"',
+        '"/etc/localtime:/etc/localtime:ro"',
+      ],
+      networks: [
+        '"back-tier"',
+        '"front-tier"',
+      ],
+      ports: [
+        {
+          "external": "3000",
+          "internal": "3000",
+        },
+        {
+          "external": "2222",
+          "internal": "22",
+        },
+      ],
+      extra_hosts: "{{ gitea_extra_hosts | default([]) }}",
+    }
+  ],
+}

smardigo.yml

@@ -45,6 +45,9 @@
     - role: maria
       when: "'maria' in group_names"
 
+    - role: gitea
+      when: "'gitea' in group_names"
+
     - role: awx
       when: "'awx' in group_names"
 

stage-dev

@@ -9,6 +9,9 @@ dev-elastic-stack-elastic-01
 dev-elastic-stack-elastic-02
 dev-elastic-stack-elastic-03
 
+[gitea]
+dev-gitea-01
+
 [harbor]
 dev-docker-registry-01
 
@@ -51,6 +54,7 @@ awx
 connect
 elastic
 harbor
+gitea
 iam
 keycloak
 kibana

templates/_docker/docker-compose.yml.j2

@@ -133,7 +133,7 @@ services:
 %}
     ports:
 {% for item in service.ports %}
-      - {{ item.external }}:{{ item.internal }}
+      - "{{ item.external }}:{{ item.internal }}"
 {% endfor %}
 {% endif %}
 {# ########################################### ports #}