Chewing_Bever
/
homelab
1
0
Fork 0
Code Issues 6 Wiki Activity

gitea: add config

main
Jef Roosens 2024-08-09 13:53:13 +02:00
parent fe35e4baf1
commit 56faa4323b
Signed by: Jef Roosens
GPG Key ID: B75D4F293C7052DB
17 changed files with 354 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
group_vars/all/vars.yml
View File

@ -22,3 +22,8 @@ woodpecker_secret: "{{ vault_woodpecker_secret }}"
restic_version: '0.16.2' restic_version: '0.16.2'
ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}" ntfy_user_pi_pass: "{{ vault_ntfy_user_pi_pass }}"
gitea_lfs_jwt_secret: "{{ vault_gitea_lfs_jwt_secret }}"
gitea_secret_key: "{{ vault_gitea_secret_key }}"
gitea_internal_token: "{{ vault_gitea_internal_token }}"
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"

44
group_vars/all/vault.yml
View File

@ -1,14 +1,32 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35353730613932643733343565323332383038383461626535616166616338653066306533366164 62316366343931626135336332623963643864616164386132363565303565303165326238303132
6261353438653937326264623632363336633039383361620a333239333937663561613162376161 3266623662613739333637393937373137313161306136310a613335346362346333323461336130
30393966656236656634633035643336626538373733643863613864373439363564376563613361 61386264346464376539303733393961306664376663613034316337313963343761636634636131
3666616235623631370a373439393839313336323466306461373534626661616231333436326663 3231633934646130630a303038383563346539383561386362613935376634306561643964626334
37616638353830323865356236363937313033643563646466366432623762393539386334623938 35333166623531383236623535636362323039613136346534343232306163393436366135373634
63303331363165313437383061353037313536333132393439653538316264376362336466313231 31303338303939613433326633373838353431653231646430333333323665643130306436663539
66313530313937373232613534343065626534666136326233626137353631386161653133643933 35393266346232366161653332303264623733343262636363613630323366376130646264333739
37356237643362643161383131623035373037653139643331663435623162323566643635353731 34396139303130613631646535363831623463333565396134376234356132336236373366313830
62663165383465656432613339353466313437323365393766313865323565623138363537356561 61386661303966313862653732653338386466643838636263393766366139373237316165643764
31623565353362356464376637386633373133333365336662346331633236383934623638366662 66336465613838316465316166653064343066623339616530303038356238303832373135663665
31326264306434633532373131303839613735343364613232306164316661313933636235633161 35383938333362643038326635316538666536613137663633363434336138306135316665353734
37346630333565313636333435323635663962376636366437383938663763366433366230376636 63633439366664613633353465643466663564663832396435663931643538636238643233373039
3431 35623438333139353632383263343538626561343035613239366266623033636335633536643431
30663139353634663662373062363937393838393266343264386134306333326164656334316364
39343662313464383362646237383337393664623632653235623165666636363635383636363430
35306365383536356265363733396165303765316638366331376230306630393735393334653362
65313332646434323831313764306230616236383963376634623437346635653937623830653064
62396162396165643563373239373264396137666334646238616262663464623363373565626539
64373936346166356134306431616638346633376366336136383939666665373565383633336431
33346431353639643063616630313630653038616430316366323137303034336539643161383734
35346430643433653866663636333639343364363831343531363937313330343865323535353533
32666566343736653135363966643665396234636437316438636530366231653963356237613065
30623338323733666365613631666361306666613364393261623732623963613731613933383138
65656565396435643833613764346139343365663766623535626166346330633938626135326230
63356535633834633763363666333662646633366537623732623835653332316239646135373933
30333339396237386538343434653764613036396463333263333061316136323336356663666664
36363235643334363666336364333336366439646537306235333532343832653531356430353730
34303830343734653631313936383962343131643965303464343031633030613635356231633566
63366531663361386461333532383638636662633261343365633361346535366132303339346664
33626638643233333766356534393039393962343630303137653733393532633264616664363235
343465376233356362383334663334633033

3
hosts.ini
View File

@ -26,3 +26,6 @@
[atuin-server] [atuin-server]
192.168.0.2 static_ip=192.168.0.2 192.168.0.2 static_ip=192.168.0.2
[gitea]
192.168.0.2 static_ip=192.168.0.2

3
roles/gitea-web/meta/main.yml 100644
View File

@ -0,0 +1,3 @@
---
dependencies:
- role: caddy

9
roles/gitea-web/tasks/main.yml 100644
View File

@ -0,0 +1,9 @@
---
- name: Ensure Caddyfile is present
template:
src: 'gitea.Caddyfile.j2'
dest: '/etc/caddy/gitea.Caddyfile'
owner: root
group: root
mode: '0644'
notify: caddy-reload

3
roles/gitea-web/templates/gitea.Caddyfile.j2 100644
View File

@ -0,0 +1,3 @@
git.rustybever.be {
reverse_proxy {{ hostvars[groups['gitea'][0]].static_ip }}:8010
}

40
roles/gitea/files/compose.yml 100644
View File

@ -0,0 +1,40 @@
version: '3'
services:
app:
# Latest contains a development version
image: 'gitea/gitea:1.20.1'
restart: 'always'
ports:
- '22:22'
- '8010:3000'
volumes:
- '/etc/gitea/app.ini:/data/gitea/conf/app.ini'
- '/mnt/data1/gitea/data:/data'
- '/mnt/data1/gitea/repositories:/data/git/repositories'
- '/mnt/data1/gitea/lfs:/data/git/lfs'
- '/etc/timezone:/etc/timezone:ro'
- '/etc/localtime:/etc/localtime:ro'
depends_on:
db:
condition: service_healthy
db:
image: 'postgres:14.8-alpine'
restart: 'always'
healthcheck:
test: ["CMD", "pg_isready", "-U", "gitea"]
interval: 30s
start_period: 30s
timeout: 5s
retries: 3
environment:
- 'POSTGRES_USER=gitea'
- 'POSTGRES_PASSWORD=gitea'
- 'POSTGRES_DB=gitea'
volumes:
- '/mnt/data1/gitea/postgres:/var/lib/postgresql/data'

12
roles/gitea/files/gitea.data.backup.sh 100644
View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/gitea/data'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

12
roles/gitea/files/gitea.lfs.backup.sh 100644
View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/gitea/lfs'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

7
roles/gitea/files/gitea.postgres.backup.sh 100644
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
cd /etc/gitea
/usr/bin/docker compose exec -T db pg_dump -U gitea gitea |
/usr/bin/gzip --rsyncable |
/usr/local/bin/restic backup --stdin --stdin-filename gitea-postgres.sql.gz

12
roles/gitea/files/gitea.repositories.backup.sh 100644
View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
data_dir='/mnt/data1/gitea/repositories'
snapshot_dir="${data_dir}.snapshot"
# Read-only snapshot for atomic backup
btrfs subvolume snapshot -r "$data_dir" "$snapshot_dir" || exit $?
/usr/local/bin/restic backup "$snapshot_dir"
# Always remove snapshot subvolume, even if restic fails
btrfs subvolume delete "$snapshot_dir"

15
roles/gitea/files/gitea.service 100644
View File

@ -0,0 +1,15 @@
[Unit]
Description=Private, Fast, Reliable DevOps Platform
After=docker.target
Requires=docker.target
[Service]
Type=exec
User=gitea
Group=gitea
WorkingDirectory=/etc/gitea
ExecStart=/usr/bin/docker compose up
ExecStop=/usr/bin/docker compose down
[Install]
WantedBy=multi-user.target

5
roles/gitea/handlers/main.yml 100644
View File

@ -0,0 +1,5 @@
---
- name: 'restart gitea'
ansible.builtin.service:
name: 'gitea'
state: 'restarted'

73
roles/gitea/tasks/main.yml 100644
View File

@ -0,0 +1,73 @@
---
- name: Ensure data directory is present
ansible.builtin.file:
path: '/mnt/data1/gitea'
state: directory
mode: '0755'
owner: 'root'
group: 'root'
- name: Ensure data subvolumes are present
community.general.btrfs_subvolume:
name: '/gitea/{{ item }}'
loop:
- 'data'
- 'lfs'
- 'repositories'
- 'postgres'
- name: Ensure configuration directory is present
ansible.builtin.file:
path: '/etc/gitea'
state: directory
mode: '0755'
- name: Ensure compose file is present
ansible.builtin.copy:
src: 'compose.yml'
dest: '/etc/gitea/compose.yml'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'restart gitea'
- name: Ensure config file is present
ansible.builtin.template:
src: 'app.ini.j2'
dest: '/etc/gitea/app.ini'
mode: '0644'
owner: 'root'
group: 'root'
notify: 'restart gitea'
- name: Ensure backup scripts are present
ansible.builtin.copy:
src: "gitea.{{ item }}.backup.sh"
dest: "/etc/backups/gitea.{{ item }}.backup.sh"
owner: 'root'
group: 'root'
mode: '0644'
loop:
- 'postgres'
- 'data'
- 'lfs'
- 'repositories'
- name: Ensure service file is present
ansible.builtin.copy:
src: 'gitea.service'
dest: '/lib/systemd/system/gitea.service'
owner: 'root'
group: 'root'
mode: '0644'
register: res
- name: systemd-reload
ansible.builtin.systemd_service:
daemon_reload: true
when: 'res.changed'
- name: Ensure gitea service is enabled
ansible.builtin.service:
name: 'gitea'
enabled: true

112
roles/gitea/templates/app.ini.j2 100644
View File

@ -0,0 +1,112 @@
APP_NAME = The Rusty Bever
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea
[repository]
ROOT = /data/git/repositories
; Makes public the default option when creating a repo
DEFAULT_PRIVATE = public
; Disables releases, projects & wiki by default for new repos (but can be enabled when needed)
DEFAULT_REPO_UNITS = repo.code,repo.issues,repo.pulls
; Might as well be compatible with
DEFAULT_BRANCH = main
[repository.pull-request]
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]:,Draft:,[Draft]:
[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
[repository.upload]
TEMP_PATH = /data/gitea/uploads
[ui]
; Always show the full name of a user when possible
DEFAULT_SHOW_FULL_NAME = true
THEMES = auto,gitea,arc-green,gitea-modern
[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.rustybever.be
SSH_DOMAIN = git.rustybever.be
HTTP_PORT = 3000
ROOT_URL = https://git.rustybever.be/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
OFFLINE_MODE = false
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
[lfs]
PATH = /data/git/lfs
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = db:5432
NAME = gitea
USER = gitea
PASSWD = gitea
LOG_SQL = false
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
MODE = console
LEVEL = info
REDIRECT_MACARON_LOG = true
MACARON = console
ROUTER = console
ROOT_PATH = /data/gitea/log
[security]
INSTALL_LOCK = true
MIN_PASSWORD_LENGTH = 12
PASSWORD_COMPLEXITY = lower,upper,digit
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false
[oauth2]
JWT_SECRET = {{ gitea_jwt_secret }}
[other]
SHOW_FOOTER_VERSION = false
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

6
ruby.yml
View File

@ -57,3 +57,9 @@
roles: roles:
- atuin-server - atuin-server
tags: atuin tags: atuin
- hosts: ruby
become: yes
roles:
- gitea
tags: gitea

6
web.yml
View File

@ -46,3 +46,9 @@
roles: roles:
- atuin-server-web - atuin-server-web
tags: atuin tags: atuin
- hosts: web
become: yes
roles:
- gitea-web
tags: atuin