Adapt Gitea recipes for new VM setup

This commit is contained in:
Basti 2022-03-12 14:43:44 -06:00
parent 23e49134e7
commit a1b07dfb9e
Signed by untrusted user: basti
GPG Key ID: 9F88009D31D99C72
9 changed files with 75 additions and 38 deletions

View File

@ -19,6 +19,7 @@
"kosmos-base::default",
"kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos_gitea::pg_db",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",

View File

@ -3,4 +3,5 @@ name "postgresql_primary"
run_list %w(
kosmos_postgresql::primary
kosmos_postgresql::firewall
kosmos_gitea::pg_db
)

View File

@ -1,9 +1,10 @@
gitea_version = "1.16.1"
gitea_version = "1.16.3"
node.default["kosmos_gitea"]["version"] = gitea_version
node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
node.default["kosmos_gitea"]["binary_checksum"] = "f03f3a3c4dccc2219351cde5c9af372715b2ec3e88a821779702bc6f38084c97"
node.default["kosmos_gitea"]["binary_checksum"] = "626c7da554efcfd3abd88b0355e3adf55d7f0941a01e058b2d4f5923d0d5b7c3"
node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"
node.default["kosmos_gitea"]["port"] = 3000
node.default["kosmos_gitea"]["config"] = {
"webhook": {

View File

@ -19,6 +19,7 @@ chef_version '>= 14.0'
#
# source_url 'https://github.com/<insert_org_here>/kosmos_gitea'
depends "firewall"
depends "kosmos-nginx"
depends "kosmos_postgresql"
depends "backup"

View File

@ -3,9 +3,6 @@
# Recipe:: default
#
include_recipe "kosmos-nginx"
domain = node["kosmos_gitea"]["nginx"]["domain"]
working_directory = node["kosmos_gitea"]["working_directory"]
git_home_directory = "/home/git"
repository_root_directory = "#{git_home_directory}/gitea-repositories"
@ -63,15 +60,6 @@ directory config_directory do
mode "0750"
end
# Copy the self-signed root certificate to the system certificate store. Gitea
# will find it there automatically
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt"
file root_cert_path do
content postgresql_data_bag_item['ssl_root_cert']
mode "0644"
end
template "#{config_directory}/app.ini" do
source "app.ini.erb"
owner "git"
@ -119,20 +107,9 @@ service "gitea" do
action [:enable, :start]
end
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: 3000
notifies :reload, 'service[nginx]', :delayed
firewall_rule 'gitea' do
port [node["kosmos_gitea"]["port"]]
source "10.1.1.0/24"
protocol :tcp
command :allow
end
nginx_site domain do
action :enable
end
nginx_certbot_site domain

View File

@ -0,0 +1,52 @@
#
# Cookbook:: kosmos_gitea
# Recipe:: nginx
#
include_recipe "kosmos-nginx"
domain = node["kosmos_gitea"]["nginx"]["domain"]
# upstream_ip_addresses = []
# search(:node, "role:gitea").each do |n|
# upstream_ip_addresses << n["knife_zero"]["host"]
# end
begin
upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"]
rescue
Chef::Log.warn('No server with "gitea" role. Stopping here.')
return
end
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf_web.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_host: upstream_ip_address,
upstream_port: node["kosmos_gitea"]["port"]
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end
template "#{node['nginx']['dir']}/streams-available/ssh" do
source "nginx_conf_ssh.erb"
owner 'www-data'
mode 0640
variables domain: domain,
upstream_host: upstream_ip_address
notifies :reload, 'service[nginx]', :delayed
end
nginx_stream "ssh" do
action :enable
end

View File

@ -44,10 +44,6 @@ FROM = gitea@kosmos.org
USER = <%= @smtp_user %>
PASSWD = <%= @smtp_password %>
[oauth2]
JWT_SECRET = <%= @jwt_secret %>
JWT_SIGNING_ALGORITHM = HS256
[security]
INTERNAL_TOKEN = <%= @internal_token %>
INSTALL_LOCK = true

View File

@ -0,0 +1,8 @@
upstream _gitea_ssh {
server <%= @upstream_host %>:22;
}
server {
listen 148.251.83.201:22;
proxy_pass _gitea_ssh;
}

View File

@ -1,6 +1,6 @@
# Generated by Chef
upstream _gitea {
server localhost:<%= @upstream_port %>;
upstream _gitea_web {
server <%= @upstream_host %>:<%= @upstream_port %>;
}
server {
@ -26,14 +26,14 @@ server {
location ~ ^/(avatars|repo-avatars)/.*$ {
proxy_buffers 1024 8k;
proxy_pass http://_gitea;
proxy_pass http://_gitea_web;
proxy_http_version 1.1;
expires 30d;
}
location / {
proxy_buffers 1024 8k;
proxy_pass http://_gitea;
proxy_pass http://_gitea_web;
proxy_http_version 1.1;
}
}