Use host MariaDB in Gitea container

Install Fail2ban IP allow list
2022-07-06 23:01:39 -04:00 · 2022-06-28 23:43:58 -04:00
9 changed files with 49 additions and 9 deletions
--- a/dev/proxy.yml
+++ b/dev/proxy.yml
@ -5,7 +5,7 @@
    - host_vars/proxy.yml
  roles:
    - base
-    - postgresql
+    - mariadb
    - proxy
    - docker
    - gitea
--- a/roles/.gitignore
+++ b/roles/.gitignore
@ -7,6 +7,7 @@
 !gitea*/
 !jenkins*/
 !libvirt*/
+!mariadb*/
 !minecraft*/
 !nextcloud*/
 !nginx*/
--- a/roles/base/tasks/ansible.yml
+++ b/roles/base/tasks/ansible.yml
@ -13,6 +13,7 @@
  loop:
    - aptitude
    - python3-docker
+    - python3-pymysql
    - python3-psycopg2

 - name: Create Ansible's temporary remote directory
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@ -34,6 +34,13 @@
    dest: /etc/fail2ban/jail.d/sshd.conf
  notify: restart_fail2ban

+- name: Install Fail2ban IP allow list
+  template:
+    src: fail2ban-allowlist.conf.j2
+    dest: /etc/fail2ban/jail.d/allowlist.conf
+  when: fail2ban_ignoreip is defined
+  notify: restart_fail2ban
+
 - name: Enable firewall
  ufw:
    state: enabled
--- a/roles/base/templates/fail2ban-allowlist.conf.j2
+++ b/roles/base/templates/fail2ban-allowlist.conf.j2
@ -0,0 +1,2 @@
+[DEFAULT]
+ignoreip = {% for host in fail2ban_ignoreip %}{{ host }}{% if not loop.last %} {% endif %}{% endfor %}
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -9,7 +9,7 @@ gitea_rooturl: "http://{{ gitea_domain }}"
 gitea_signup: true

 # database settings
-gitea_dbtype: postgres
+gitea_dbtype: mysql
 gitea_dbhost: host.docker.internal
 gitea_dbname: "{{ gitea_name }}"
 gitea_dbuser: "{{ gitea_name }}"
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -4,18 +4,19 @@
    state: directory

 - name: Create Gitea database
-  postgresql_db:
+  mysql_db:
    name: "{{ gitea_dbname }}"
-  become: true
-  become_user: postgres
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock

 - name: Create Gitea database user
-  postgresql_user:
-    db: "{{ gitea_dbname }}"
+  mysql_user:
    name: "{{ gitea_dbuser }}"
    password: "{{ gitea_dbpass }}"
-  become: true
-  become_user: postgres
+    host: '%'
+    state: present
+    priv: "{{ gitea_dbname }}.*:ALL"
+    login_unix_socket: /var/run/mysqld/mysqld.sock

 - name: Create git user
  user:
--- a/roles/mariadb/defaults/main.yml
+++ b/roles/mariadb/defaults/main.yml
@ -0,0 +1,3 @@
+mariadb_trust:
+  - "172.16.0.0/12"
+  - "192.168.0.0/16"
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -0,0 +1,25 @@
+- name: Install MariaDB
+  apt:
+    name: mariadb-server
+    state: present
+
+- name: Change the bind-address to allow Docker
+  lineinfile:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    regex: "^bind-address"
+    line: "bind-address            = 0.0.0.0"
+  register: mariadb_conf
+
+- name: Restart MariaDB
+  service:
+    name: mariadb
+    state: restarted
+  when: mariadb_conf.changed
+
+- name: Allow database connections
+  ufw:
+    rule: allow
+    port: "3306"
+    proto: tcp
+    src: "{{ item }}"
+  loop: "{{ mariadb_trust }}"
Author	SHA1	Message	Date
Kris Lamoureux	f7459e894c	Use host MariaDB in Gitea container	2022-07-06 23:01:39 -04:00
Kris Lamoureux	9eefad0e87	Install Fail2ban IP allow list	2022-06-28 23:43:58 -04:00