Adapt Gitea recipes for new VM setup
This commit is contained in:
parent
23e49134e7
commit
a1b07dfb9e
|
@ -19,6 +19,7 @@
|
|||
"kosmos-base::default",
|
||||
"kosmos_postgresql::primary",
|
||||
"kosmos_postgresql::firewall",
|
||||
"kosmos_gitea::pg_db",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
|
|
@ -3,4 +3,5 @@ name "postgresql_primary"
|
|||
run_list %w(
|
||||
kosmos_postgresql::primary
|
||||
kosmos_postgresql::firewall
|
||||
kosmos_gitea::pg_db
|
||||
)
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
gitea_version = "1.16.1"
|
||||
gitea_version = "1.16.3"
|
||||
node.default["kosmos_gitea"]["version"] = gitea_version
|
||||
node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
|
||||
node.default["kosmos_gitea"]["binary_checksum"] = "f03f3a3c4dccc2219351cde5c9af372715b2ec3e88a821779702bc6f38084c97"
|
||||
node.default["kosmos_gitea"]["binary_checksum"] = "626c7da554efcfd3abd88b0355e3adf55d7f0941a01e058b2d4f5923d0d5b7c3"
|
||||
node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
|
||||
node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"
|
||||
node.default["kosmos_gitea"]["port"] = 3000
|
||||
|
||||
node.default["kosmos_gitea"]["config"] = {
|
||||
"webhook": {
|
||||
|
|
|
@ -19,6 +19,7 @@ chef_version '>= 14.0'
|
|||
#
|
||||
# source_url 'https://github.com/<insert_org_here>/kosmos_gitea'
|
||||
|
||||
depends "firewall"
|
||||
depends "kosmos-nginx"
|
||||
depends "kosmos_postgresql"
|
||||
depends "backup"
|
||||
|
|
|
@ -3,9 +3,6 @@
|
|||
# Recipe:: default
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node["kosmos_gitea"]["nginx"]["domain"]
|
||||
working_directory = node["kosmos_gitea"]["working_directory"]
|
||||
git_home_directory = "/home/git"
|
||||
repository_root_directory = "#{git_home_directory}/gitea-repositories"
|
||||
|
@ -63,15 +60,6 @@ directory config_directory do
|
|||
mode "0750"
|
||||
end
|
||||
|
||||
# Copy the self-signed root certificate to the system certificate store. Gitea
|
||||
# will find it there automatically
|
||||
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
|
||||
root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt"
|
||||
file root_cert_path do
|
||||
content postgresql_data_bag_item['ssl_root_cert']
|
||||
mode "0644"
|
||||
end
|
||||
|
||||
template "#{config_directory}/app.ini" do
|
||||
source "app.ini.erb"
|
||||
owner "git"
|
||||
|
@ -119,20 +107,9 @@ service "gitea" do
|
|||
action [:enable, :start]
|
||||
end
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_port: 3000
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
firewall_rule 'gitea' do
|
||||
port [node["kosmos_gitea"]["port"]]
|
||||
source "10.1.1.0/24"
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
#
|
||||
# Cookbook:: kosmos_gitea
|
||||
# Recipe:: nginx
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node["kosmos_gitea"]["nginx"]["domain"]
|
||||
|
||||
# upstream_ip_addresses = []
|
||||
# search(:node, "role:gitea").each do |n|
|
||||
# upstream_ip_addresses << n["knife_zero"]["host"]
|
||||
# end
|
||||
begin
|
||||
upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"]
|
||||
rescue
|
||||
Chef::Log.warn('No server with "gitea" role. Stopping here.')
|
||||
return
|
||||
end
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf_web.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_host: upstream_ip_address,
|
||||
upstream_port: node["kosmos_gitea"]["port"]
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
|
||||
template "#{node['nginx']['dir']}/streams-available/ssh" do
|
||||
source "nginx_conf_ssh.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables domain: domain,
|
||||
upstream_host: upstream_ip_address
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_stream "ssh" do
|
||||
action :enable
|
||||
end
|
|
@ -44,10 +44,6 @@ FROM = gitea@kosmos.org
|
|||
USER = <%= @smtp_user %>
|
||||
PASSWD = <%= @smtp_password %>
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = <%= @jwt_secret %>
|
||||
JWT_SIGNING_ALGORITHM = HS256
|
||||
|
||||
[security]
|
||||
INTERNAL_TOKEN = <%= @internal_token %>
|
||||
INSTALL_LOCK = true
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
upstream _gitea_ssh {
|
||||
server <%= @upstream_host %>:22;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 148.251.83.201:22;
|
||||
proxy_pass _gitea_ssh;
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
# Generated by Chef
|
||||
upstream _gitea {
|
||||
server localhost:<%= @upstream_port %>;
|
||||
upstream _gitea_web {
|
||||
server <%= @upstream_host %>:<%= @upstream_port %>;
|
||||
}
|
||||
|
||||
server {
|
||||
|
@ -26,14 +26,14 @@ server {
|
|||
|
||||
location ~ ^/(avatars|repo-avatars)/.*$ {
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_http_version 1.1;
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue