gitea: migrate from gogs

This commit is contained in:
Markus 2020-06-18 22:34:30 +02:00
parent 7a58869a2f
commit 488fb29275
13 changed files with 192 additions and 110 deletions

View File

@ -23,10 +23,12 @@ drone_secret: "{{ vault_drone_secret }}"
dss_domain: dss.binary-kitchen.de dss_domain: dss.binary-kitchen.de
dss_secret: "{{ vault_dss_secret }}" dss_secret: "{{ vault_dss_secret }}"
gogs_domain: git.binary-kitchen.de gitea_domain: git.binary-kitchen.de
gogs_dbname: gogs gitea_dbname: gogs
gogs_dbuser: gogs gitea_dbuser: gogs
gogs_dbpass: "{{ vault_gogs_dbpass }}" gitea_dbpass: "{{ vault_gitea_dbpass }}"
gitea_secret: "{{ vault_gitea_secret }}"
gitea_jwt_secret: "{{ vault_gitea_jwt_secret }}"
hackmd_domain: pad.binary-kitchen.de hackmd_domain: pad.binary-kitchen.de
hackmd_dbname: hackmd hackmd_dbname: hackmd

View File

@ -1,44 +1,49 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
30386437633139313730633863633362386233316337653461616364623334323339626533333939 61616165323233313361366635333363646636653837656664383166313435393339373265343064
6466623963336361343337333831646635383437376435620a363836386664623430303836366666 3432313033613134363266376239323638666663303434340a653366623135333234613932306361
64356564333864643030636438636364646666633662306236666131653962653235623961376436 31623634356237333161343566613962346430313763386165303635626163316132333331396431
6534623031633033360a343535653032366130343132646430393734613838303364613632366434 3232663838306133350a613866316563363462633765303966646263316634363938633832643635
36646438316131386536363834356438353034636362316535613362383362326133353937356437 31343030353134616663616161343532356265303764626639366638323331366162383636386361
63643731333738653232613961663831663339333935393562656665343035343039636132346438 37333937623263396361316232396130376130633439303263323132633263333330303836656562
32646633353238346335353436633363363365376564663736316365396330383337663030616165 39363464333036346331613162373638663036383835376561326638366461363464363739323733
64313534346261663238613663356637363161663639386364366531623837633163616438326138 34386339383666646136303563353761386336646636396139626430386438306133643032396264
37306134326165346238343535666336353931646236373364303866623335653330336364353536 62343738336561323765333863643162303433633338623833306339343436656435333531353639
32393138656165393939323937633038633336653162666566623932333864383733656235633561 36353130653966633832343662366537353264613536616531363764323936313137663834613661
32366364363463316665653835363063386138303866393065633637373936623433356565376130 32386365346566363366326637386536313064363166336265383738626130626432313339376564
66323464656534386462663835373661326139356666353031363164393564323563326637626639 31303863363231383933643533393837656262633565323532616335383831663233386331653131
37306336616533383235326433326631303463313665356431636366306533623438383566346463 63303030306433623237386234323431623539646231626636363962633431306330313463613532
61363732316465643432376465356363356165383833666432353235363737303634626166366465 65633063366431373335396433623261643538323135343862323638613931336461346164333930
33373332373166646365343232323962343531303565656165333662613238363731376264663130 64623130643939353732633035396438326664653330373361386537336461636363643662353738
61316662646431633135633531646538616435323835346566623839336638333930333066663734 64303734366339366166333131353434343066326339346231356462383833333963633634363838
62616166643362626565643566313161656265323561666533623664666263613034653038336465 62376231653363383137356136643139643534663837646261333565376234383335626137613930
66326639323135333435326230663432656662386439653635303832386262373263306132383463 33633731383938343161313830376432653432616335303333656262353936353563633461393965
36656535336231316462366636646564633835306331663466363165383564313838396264316637 39336263636361663064636431613565323433663535633136653663326138626534636563363931
64336464636537653962366563303164623964366536633938366130353064303737363533656362 66323530316134353137303131356263306363316661366665313934303032313633646537393334
63326663383438613264373635303864353237623436333631353337383865623162656265633930 39333562386533646239646362666436376334353730643864313535333562653361356431636437
37653466393831303761386434363563313939313234623434633865356134663831376666656262 36313965336334333434613033366161333033626336393238386331653665633238353366336339
33353265376138623834643430643139336566666634333834333839383234663964306636356365 33333465666437636362626330346335363439633132646636633565663432303437393236663965
36643763353831376136636164373133303939373062643335316264396137363234383835383936 39376630386366363739616266653864613636316535323332666135366264316335623630663161
38383630373432616131303231303662396132313562356532613538303234376235313330303734 66666265656664616365336662633532346662653662656361303633386265643433333463616332
36323464373533336637393566626334343764336536323337643930393137643636346639656435 39363636333361323235393839383963656234346530383864326337323333323234643632323439
61626465383436303131646436643437633836366265316437306331663537616236633336353236 34373664303639326331363865353562376630666464353534393432663161666634386430343330
30386230633930356231376264313263646135306537353932656663643432363637316132303666 33356364616437306435396634343433353730316562613135363833663463616139323364663839
66613531393562353735613136396432303430636131373163376562383066326430313639383038 38356232333337336138366538656337303765393934356531333432373532643964363838303235
35643031613934663966343437616566346464336263326566353565346432633762646439373636 66346439333937633261376231336662623033623334646561373963653737646531363837316533
36336232363261313862353465336332623432656239646331393661613730396163626166643233 30626532626664623335626531663762386663663732373537653361346638643833643365646330
38636138663432313965613831333730626532376261636239303366383463633138393431616433 33383830343765346536383564663961656437383231653433613964643531316339653061346432
62636333373765366436343663666637643032373662616166363634653430346361646535323834 62363533663234343237616461386333333632343063616530363363373834396661396365316631
66393437363635393564353131343361373232336638633164396262366135643766653432303566 39363632643563386233316338626238386539393866346666616531663432383866313835646237
34313432343965653138653634373966343337623865303937613363303237383632313334363532 35663339623061643138373864326139666438663464636665656235656435346561656535343562
61393061616237623064333263373634373764313963396636633661623764363332333837613661 38323537376636333035616431643733386166636235646135653433386565663931356363656538
35373730316463383835303837663136616262316161626362353437343661346266313937623931 31323339306261663664633137633235653362623434643633373534663237323864346466333233
30316235626236383861333931353333383237623233373135613465623865313339373533323631 66343432346264643130363764373964326435383134353166363135303564303032353636326238
35386337646539326531396438613233636561326231643030633536333635626132393463663032 35346638323764353062383130393264346435616465626633623938396333386362366465666539
66343235626266333739366637336434306331626163316335633231656232343763323836396331 63646338623035643238633730656237313265633764613338366234323663333637623238646431
65366434346635373865313562663666653166393631373864363934653535653265653534656266 34323638643734623634666662653639333165313166373932326434313238663666363937393862
65303336653439336430373864343962396430623531623262326136616164633532616432663034 62326164636664336630616134316333623035663030636665396537623563323133363632613934
363338326234396132643564306665303937 32393163333737613965646630666433363333303265313561353534313335346563316265663464
66303034356634633764663739353839626333316336313639393463363030393261313834653464
38613363646161643661306137396262616436663838313437626530666336383637356365336366
31336562303539333231626239346666646262386238353066323861363063353437326364653934
32663762623732343565336535366361383232636636666438326462626339613933666633316366
33386262323461653938

View File

@ -0,0 +1,6 @@
---
gitea_user: gogs
gitea_group: gogs
gitea_version: 1.11.6
gitea_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64

View File

@ -0,0 +1,13 @@
---
- name: Run acertmgr
command: /usr/bin/acertmgr
- name: Restart gitea
service: name=gitea state=restarted
- name: Restart nginx
service: name=nginx state=restarted
- name: Reload systemd
command: systemctl daemon-reload

View File

@ -0,0 +1,60 @@
---
- name: Create group
group: name={{ gitea_group }}
- name: Create user
user: name={{ gitea_user }} home=/home/{{ gitea_user }} group={{ gitea_group }}
- name: Create gitea directories
file: path={{ item }} state=directory owner={{ gitea_user }}
with_items:
- /opt/gitea
- /opt/gitea/custom
- /opt/gitea/custom/conf
# TODO fetch gitea binary
- name: Configure gitea
template: src=app.ini.j2 dest=/opt/gitea/custom/conf/app.ini force=no owner={{ gitea_user }}
- name: Install systemd unit
template: src=gitea.service.j2 dest=/lib/systemd/system/gitea.service
notify:
- Reload systemd
- Restart gitea
- name: Install PostgreSQL
apt: name={{ item }}
with_items:
- postgresql
- python-psycopg2
- name: Configure PostgreSQL database
postgresql_db: name={{ gitea_dbname }}
become: true
become_user: postgres
- name: Configure PostgreSQL user
postgresql_user: db={{ gitea_dbname }} name={{ gitea_dbuser }} password={{ gitea_dbpass }} priv=ALL state=present
become: true
become_user: postgres
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gitea_domain }}.key -out /etc/nginx/ssl/{{ gitea_domain }}.crt -days 730 -subj "/CN={{ gitea_domain }}" creates=/etc/nginx/ssl/{{ gitea_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager for gitea
template: src=certs.j2 dest=/etc/acertmgr/{{ gitea_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/gitea
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/gitea dest=/etc/nginx/sites-enabled/gitea state=link
notify: Restart nginx
- name: Enable gitea
service: name=gitea enabled=yes

View File

@ -0,0 +1,30 @@
APP_NAME = Binary Kitchen Git Service
RUN_USER = {{ gitea_user }}
RUN_MODE = prod
[repository]
ROOT = /home/{{ gitea_user }}/repositories
[server]
PROTOCOL = http
DOMAIN = localhost
ROOT_URL = https://{{ gitea_domain }}
HTTP_ADDR = 127.0.0.1
[database]
DB_TYPE = postgres
HOST = localhost
NAME = {{ gitea_dbname }}
USER = {{ gitea_dbuser }}
PASSWD = {{ gitea_dbpass }}
LOG_SQL = false
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret }}
[service]
DISABLE_REGISTRATION = true
[oauth2]
JWT_SECRET = {{ gitea_jwt_secret }}

View File

@ -1,13 +1,13 @@
--- ---
{{ gogs_domain }}: {{ gitea_domain }}:
- path: /etc/nginx/ssl/{{ gogs_domain }}.key - path: /etc/nginx/ssl/{{ gitea_domain }}.key
user: root user: root
group: root group: root
perm: '400' perm: '400'
format: key format: key
action: '/usr/sbin/service nginx restart' action: '/usr/sbin/service nginx restart'
- path: /etc/nginx/ssl/{{ gogs_domain }}.crt - path: /etc/nginx/ssl/{{ gitea_domain }}.crt
user: root user: root
group: root group: root
perm: '400' perm: '400'

View File

@ -0,0 +1,18 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
Requires=postgresql.service
[Service]
RestartSec=2s
Type=simple
User={{ gitea_user }}
Group={{ gitea_user }}
WorkingDirectory=/opt/gitea/
ExecStart=/opt/gitea/gitea web
Restart=always
Environment=USER={{ gitea_user }} HOME=/home/{{ gitea_user }} GITEA_WORK_DIR=/opt/gitea/
[Install]
WantedBy=multi-user.target

View File

@ -2,7 +2,7 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name {{ gogs_domain }}; server_name {{ gitea_domain }};
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
default_type "text/plain"; default_type "text/plain";
@ -10,7 +10,7 @@ server {
} }
location / { location / {
return 301 https://{{ gogs_domain }}$request_uri; return 301 https://{{ gitea_domain }}$request_uri;
} }
} }
@ -18,13 +18,13 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ gogs_domain }}; server_name {{ gitea_domain }};
ssl_certificate_key /etc/nginx/ssl/{{ gogs_domain }}.key; ssl_certificate_key /etc/nginx/ssl/{{ gitea_domain }}.key;
ssl_certificate /etc/nginx/ssl/{{ gogs_domain }}.crt; ssl_certificate /etc/nginx/ssl/{{ gitea_domain }}.crt;
location / { location / {
client_max_body_size 128M; client_max_body_size 1024M;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;
} }

View File

@ -1,7 +0,0 @@
---
- name: Run acertmgr
command: /usr/bin/acertmgr
- name: Restart nginx
service: name=nginx state=restarted

View File

@ -1,45 +0,0 @@
---
- name: Enable https for apt
apt: name=apt-transport-https
- name: Enable gogs apt-key
apt_key: url="https://dl.packager.io/srv/pkgr/gogs/key"
- name: Enable gogs repository
apt_repository: repo="deb https://dl.packager.io/srv/deb/gogs/gogs/master/debian 10 main"
- name: Install gogs
apt: name=gogs
- name: Install PostgreSQL
apt: name={{ item }}
with_items:
- postgresql
- python-psycopg2
- name: Configure PostgreSQL database
postgresql_db: name={{ gogs_dbname }}
become: true
become_user: postgres
- name: Configure PostgreSQL user
postgresql_user: db={{ gogs_dbname }} name={{ gogs_dbuser }} password={{ gogs_dbpass }} priv=ALL state=present
become: true
become_user: postgres
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gogs_domain }}.key -out /etc/nginx/ssl/{{ gogs_domain }}.crt -days 730 -subj "/CN={{ gogs_domain }}" creates=/etc/nginx/ssl/{{ gogs_domain }}.crt
notify: Restart nginx
- name: Configure certificate manager for gogs
template: src=certs.j2 dest=/etc/acertmgr/{{ gogs_domain }}.conf
notify: Run acertmgr
- name: Configure vhost
template: src=vhost.j2 dest=/etc/nginx/sites-available/gogs
notify: Restart nginx
- name: Enable vhost
file: src=/etc/nginx/sites-available/gogs dest=/etc/nginx/sites-enabled/gogs state=link
notify: Restart nginx

View File

@ -53,10 +53,10 @@
roles: roles:
- web - web
- name: Setup gogs server - name: Setup gitea server
hosts: boron.binary-kitchen.net hosts: boron.binary-kitchen.net
roles: roles:
- gogs - gitea
- name: Setup jabber server - name: Setup jabber server
hosts: carbon.binary-kitchen.net hosts: carbon.binary-kitchen.net