diff --git a/dev/host_vars/proxy.yml b/dev/host_vars/proxy.yml index 1f0dae2..f4bf756 100644 --- a/dev/host_vars/proxy.yml +++ b/dev/host_vars/proxy.yml @@ -17,7 +17,7 @@ proxy: - domain: "{{ bitwarden_domain }}" proxy_pass: "http://127.0.0.1:8080" - domain: "{{ gitea_domain }}" - proxy_pass: "http://127.0.0.1:3080" + proxy_pass: "http://127.0.0.1:3000" # docker docker_users: @@ -34,8 +34,4 @@ bitwarden_install_key: 1yB3Z2gRI0KnnH90C6p # gitea gitea_domain: "git.{{ base_domain }}" gitea_version: 1 -gitea_dbversion: latest gitea_dbpass: password -gitea_ports: - - "222:22" - - "3080:3000" diff --git a/roles/bitwarden/defaults/main.yml b/roles/bitwarden/defaults/main.yml index da91560..46c67fe 100644 --- a/roles/bitwarden/defaults/main.yml +++ b/roles/bitwarden/defaults/main.yml @@ -1,5 +1,5 @@ bitwarden_name: bitwarden -bitwarden_root: "/opt/{{ bitwarden_name }}" +bitwarden_root: "{{ docker_root }}/{{ bitwarden_name }}" bitwarden_database: "{{ bitwarden_name }}" bitwarden_standalone: false bitwarden_production: false diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 0000000..370f7a9 --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,3 @@ +docker_root: /var/lib/docker-compose +docker_compose: /usr/bin/docker-compose +docker_compose_service: compose diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index f8eb230..7175650 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -4,6 +4,22 @@ state: present update_cache: true +- name: Create docker-compose root + file: + path: "{{ docker_root }}" + state: directory + +- name: Install docker-compose systemd service + template: + src: docker-compose.service.j2 + dest: "/etc/systemd/system/{{ docker_compose_service }}@.service" + register: compose_systemd + +- name: Reload systemd manager configuration + systemd: + daemon_reload: true + when: compose_systemd.changed + - name: Add users to docker group user: name: "{{ item }}" diff --git a/roles/docker/templates/docker-compose.service.j2 b/roles/docker/templates/docker-compose.service.j2 new file mode 100644 index 0000000..34e8188 --- /dev/null +++ b/roles/docker/templates/docker-compose.service.j2 @@ -0,0 +1,14 @@ +[Unit] +Description=%i docker-compose service +PartOf=docker.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=true +WorkingDirectory={{ docker_root }}/%i +ExecStart={{ docker_compose }} up -d --remove-orphans +ExecStop={{ docker_compose }} down + +[Install] +WantedBy=multi-user.target diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 6e62152..083f2e9 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,11 +1,14 @@ # container settings gitea_name: gitea -gitea_dbname: "{{ gitea_name }}-db" -gitea_ports: "222:22" +gitea_sshport: "222" +gitea_webport: "3000" +gitea_volume: "{{ gitea_name }}" # database settings -gitea_dbuser: "{{ gitea_dbname }}" +gitea_dbtype: postgres +gitea_dbhost: host.docker.internal +gitea_dbname: "{{ gitea_name }}" +gitea_dbuser: "{{ gitea_name }}" # host -gitea_root: "/opt/{{ gitea_name }}/data" -gitea_dbroot: "/opt/{{ gitea_name }}/database" +gitea_root: "{{ docker_root }}/{{ gitea_name }}" diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index c6391e6..7dffc56 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,85 +1,20 @@ -- name: Create Gitea Network - docker_network: - name: "{{ gitea_name }}" +- name: Create Gitea directory + file: + path: "{{ gitea_root }}" + state: directory -- name: Start Gitea's database container - docker_container: - name: "{{ gitea_dbname }}" - image: mariadb:{{ gitea_dbversion }} - state: started - restart_policy: always - volumes: "{{ gitea_dbroot }}:/var/lib/mysql" - container_default_behavior: "no_defaults" - networks_cli_compatible: true - networks: - - name: "{{ gitea_name }}" - env: - MYSQL_RANDOM_ROOT_PASSWORD: "true" - MYSQL_DATABASE: "{{ gitea_dbname }}" - MYSQL_USER: "{{ gitea_dbuser }}" - MYSQL_PASSWORD: "{{ gitea_dbpass }}" +- name: Install Gitea's docker-compose file + template: + src: docker-compose.yml.j2 + dest: "{{ gitea_root }}/docker-compose.yml" -- name: Start Gitea container (traefik routing) - docker_container: - name: "{{ gitea_name }}" - image: gitea/gitea:{{ gitea_version }} - state: started - restart_policy: always - container_default_behavior: "no_defaults" - networks_cli_compatible: true - ports: "{{ gitea_ports }}" - networks: - - name: "{{ gitea_name }}" - - name: traefik - volumes: - - "{{ gitea_root }}:/data" - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - env: - USER_UID: "1000" - USER_GID: "1000" - DB_TYPE: mysql - DB_HOST: "{{ gitea_dbname }}" - DB_NAME: "{{ gitea_dbname }}" - DB_USER: "{{ gitea_dbuser }}" - DB_PASSWD: "{{ gitea_dbpass }}" - ROOT_URL: "https://{{ gitea_domain }}/" - SSH_DOMAIN: "{{ gitea_domain }}" - DOMAIN: "{{ gitea_domain }}" - labels: - traefik.http.routers.gitea.rule: "Host(`{{ gitea_domain }}`)" - traefik.http.routers.gitea.entrypoints: websecure - traefik.http.routers.gitea.tls.certresolver: letsencrypt - traefik.http.routers.gitea.middlewares: "securehttps@file" - traefik.http.services.gitea.loadbalancer.server.port: "3000" - traefik.docker.network: traefik - traefik.enable: "true" - when: traefik_version is defined +- name: Install Gitea's docker-compose variables + template: + src: compose-env.j2 + dest: "{{ gitea_root }}/.env" -- name: Start Gitea container - docker_container: - name: "{{ gitea_name }}" - image: gitea/gitea:{{ gitea_version }} +- name: Start and enable Gitea service + service: + name: "{{ docker_compose_service }}@{{ gitea_name }}" state: started - restart_policy: always - container_default_behavior: "no_defaults" - networks_cli_compatible: true - ports: "{{ gitea_ports }}" - networks: - - name: "{{ gitea_name }}" - volumes: - - "{{ gitea_root }}:/data" - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - env: - USER_UID: "1000" - USER_GID: "1000" - DB_TYPE: mysql - DB_HOST: "{{ gitea_dbname }}" - DB_NAME: "{{ gitea_dbname }}" - DB_USER: "{{ gitea_dbuser }}" - DB_PASSWD: "{{ gitea_dbpass }}" - ROOT_URL: "https://{{ gitea_domain }}/" - SSH_DOMAIN: "{{ gitea_domain }}" - DOMAIN: "{{ gitea_domain }}" - when: traefik_version is not defined + enabled: true diff --git a/roles/gitea/templates/compose-env.j2 b/roles/gitea/templates/compose-env.j2 new file mode 100644 index 0000000..f326b14 --- /dev/null +++ b/roles/gitea/templates/compose-env.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +gitea_version={{ gitea_version }} +gitea_name={{ gitea_name }} +gitea_webport={{ gitea_webport }} +gitea_sshport={{ gitea_sshport }} +gitea_dbtype={{ gitea_dbtype }} +gitea_dbhost={{ gitea_dbhost }} +gitea_dbname={{ gitea_dbname }} +gitea_dbuser={{ gitea_dbuser }} +gitea_dbpass={{ gitea_dbpass }} diff --git a/roles/gitea/templates/docker-compose.yml.j2 b/roles/gitea/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..6bd900c --- /dev/null +++ b/roles/gitea/templates/docker-compose.yml.j2 @@ -0,0 +1,25 @@ +version: '3.7' + +services: + gitea: + image: "gitea/gitea:${gitea_version}" + container_name: "${gitea_name}" + ports: + - "${gitea_webport}:3000" + - "${gitea_sshport}:22" + - "127.0.0.1:5432:5432" + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=${gitea_dbtype} + - GITEA__database__HOST=${gitea_dbhost} + - GITEA__database__NAME=${gitea_dbname} + - GITEA__database__USER=${gitea_dbuser} + - GITEA__database__PASSWD=${gitea_dbpass} + volumes: + - {{ gitea_volume }}:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + +volumes: + gitea: diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 44c0aa0..171ed09 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -62,6 +62,7 @@ file: path: /etc/letsencrypt/renewal-hooks/post state: directory + when: proxy.production is defined and proxy.production - name: Install nginx post renewal hook copy: diff --git a/roles/proxy/templates/server-nginx.conf.j2 b/roles/proxy/templates/server-nginx.conf.j2 index 718a96e..37b36fd 100644 --- a/roles/proxy/templates/server-nginx.conf.j2 +++ b/roles/proxy/templates/server-nginx.conf.j2 @@ -1,3 +1,11 @@ +{% if item.https is not defined or item.https %} +server { + listen 80; + + server_name {{ item.domain }}; + return 301 https://{{ item.domain }}$request_uri; +} +{% endif %} server { listen 443 ssl; server_name {{ item.domain }};