Use host MariaDB in Gitea container

dev/proxy.yml

@@ -5,7 +5,7 @@
     - host_vars/proxy.yml
   roles:
     - base
-    - postgresql
+    - mariadb
     - proxy
     - docker
     - gitea

roles/.gitignore

@@ -7,6 +7,7 @@
 !gitea*/
 !jenkins*/
 !libvirt*/
+!mariadb*/
 !minecraft*/
 !nextcloud*/
 !nginx*/

roles/base/tasks/ansible.yml

@@ -13,6 +13,7 @@
   loop:
     - aptitude
     - python3-docker
+    - python3-pymysql
     - python3-psycopg2
 
 - name: Create Ansible's temporary remote directory

roles/base/tasks/firewall.yml

@@ -34,6 +34,13 @@
     dest: /etc/fail2ban/jail.d/sshd.conf
   notify: restart_fail2ban
 
+- name: Install Fail2ban IP allow list
+  template:
+    src: fail2ban-allowlist.conf.j2
+    dest: /etc/fail2ban/jail.d/allowlist.conf
+  when: fail2ban_ignoreip is defined
+  notify: restart_fail2ban
+
 - name: Enable firewall
   ufw:
     state: enabled

roles/base/templates/fail2ban-allowlist.conf.j2

@@ -0,0 +1,2 @@
+[DEFAULT]
+ignoreip = {% for host in fail2ban_ignoreip %}{{ host }}{% if not loop.last %} {% endif %}{% endfor %}

roles/gitea/defaults/main.yml

@@ -9,7 +9,7 @@ gitea_rooturl: "http://{{ gitea_domain }}"
 gitea_signup: true
 
 # database settings
-gitea_dbtype: postgres
+gitea_dbtype: mysql
 gitea_dbhost: host.docker.internal
 gitea_dbname: "{{ gitea_name }}"
 gitea_dbuser: "{{ gitea_name }}"

roles/gitea/tasks/main.yml

@@ -4,18 +4,19 @@
     state: directory
 
 - name: Create Gitea database
-  postgresql_db:
+  mysql_db:
     name: "{{ gitea_dbname }}"
-  become: true
+    state: present
-  become_user: postgres
+    login_unix_socket: /var/run/mysqld/mysqld.sock
 
 - name: Create Gitea database user
-  postgresql_user:
+  mysql_user:
-    db: "{{ gitea_dbname }}"
     name: "{{ gitea_dbuser }}"
     password: "{{ gitea_dbpass }}"
-  become: true
+    host: '%'
-  become_user: postgres
+    state: present
+    priv: "{{ gitea_dbname }}.*:ALL"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
 
 - name: Create git user
   user:

roles/mariadb/defaults/main.yml

@@ -0,0 +1,3 @@
+mariadb_trust:
+  - "172.16.0.0/12"
+  - "192.168.0.0/16"

roles/mariadb/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Install MariaDB
+  apt:
+    name: mariadb-server
+    state: present
+
+- name: Change the bind-address to allow Docker
+  lineinfile:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    regex: "^bind-address"
+    line: "bind-address            = 0.0.0.0"
+  register: mariadb_conf
+
+- name: Restart MariaDB
+  service:
+    name: mariadb
+    state: restarted
+  when: mariadb_conf.changed
+
+- name: Allow database connections
+  ufw:
+    rule: allow
+    port: "3306"
+    proto: tcp
+    src: "{{ item }}"
+  loop: "{{ mariadb_trust }}"