dev/proxy.yml

@@ -5,7 +5,7 @@
     - host_vars/proxy.yml
   roles:
     - base
-    - mariadb
+    - postgresql
     - proxy
     - docker
     - gitea

roles/.gitignore

@@ -7,7 +7,6 @@
 !gitea*/
 !jenkins*/
 !libvirt*/
-!mariadb*/
 !minecraft*/
 !nextcloud*/
 !nginx*/

roles/base/tasks/ansible.yml

@@ -13,7 +13,6 @@
   loop:
     - aptitude
     - python3-docker
-    - python3-pymysql
     - python3-psycopg2
 
 - name: Create Ansible's temporary remote directory

roles/base/tasks/firewall.yml

@@ -34,13 +34,6 @@
     dest: /etc/fail2ban/jail.d/sshd.conf
   notify: restart_fail2ban
 
-- name: Install Fail2ban IP allow list
-  template:
-    src: fail2ban-allowlist.conf.j2
-    dest: /etc/fail2ban/jail.d/allowlist.conf
-  when: fail2ban_ignoreip is defined
-  notify: restart_fail2ban
-
 - name: Enable firewall
   ufw:
     state: enabled

roles/base/templates/fail2ban-allowlist.conf.j2

@@ -1,2 +0,0 @@
-[DEFAULT]
-ignoreip = {% for host in fail2ban_ignoreip %}{{ host }}{% if not loop.last %} {% endif %}{% endfor %}

roles/gitea/defaults/main.yml

@@ -9,7 +9,7 @@ gitea_rooturl: "http://{{ gitea_domain }}"
 gitea_signup: true
 
 # database settings
-gitea_dbtype: mysql
+gitea_dbtype: postgres
 gitea_dbhost: host.docker.internal
 gitea_dbname: "{{ gitea_name }}"
 gitea_dbuser: "{{ gitea_name }}"

roles/gitea/tasks/main.yml

@@ -4,19 +4,18 @@
     state: directory
 
 - name: Create Gitea database
-  mysql_db:
+  postgresql_db:
     name: "{{ gitea_dbname }}"
-    state: present
+  become: true
-    login_unix_socket: /var/run/mysqld/mysqld.sock
+  become_user: postgres
 
 - name: Create Gitea database user
-  mysql_user:
+  postgresql_user:
+    db: "{{ gitea_dbname }}"
     name: "{{ gitea_dbuser }}"
     password: "{{ gitea_dbpass }}"
-    host: '%'
+  become: true
-    state: present
+  become_user: postgres
-    priv: "{{ gitea_dbname }}.*:ALL"
-    login_unix_socket: /var/run/mysqld/mysqld.sock
 
 - name: Create git user
   user:

roles/mariadb/defaults/main.yml

@@ -1,3 +0,0 @@
-mariadb_trust:
-  - "172.16.0.0/12"
-  - "192.168.0.0/16"

roles/mariadb/tasks/main.yml

@@ -1,25 +0,0 @@
-- name: Install MariaDB
-  apt:
-    name: mariadb-server
-    state: present
-
-- name: Change the bind-address to allow Docker
-  lineinfile:
-    path: /etc/mysql/mariadb.conf.d/50-server.cnf
-    regex: "^bind-address"
-    line: "bind-address            = 0.0.0.0"
-  register: mariadb_conf
-
-- name: Restart MariaDB
-  service:
-    name: mariadb
-    state: restarted
-  when: mariadb_conf.changed
-
-- name: Allow database connections
-  ufw:
-    rule: allow
-    port: "3306"
-    proto: tcp
-    src: "{{ item }}"
-  loop: "{{ mariadb_trust }}"