Store Gitea data (avatars, attachments, etc.) in Garage/S3
Also adds a new garage gateway role, which only allows RPC (inter-node) traffic to Garage.
This commit is contained in:
Râu Cao
@@ -5,7 +5,7 @@
|
||||
|
||||
include_recipe "kosmos-dirsrv::hostsfile"
|
||||
|
||||
working_directory = node["kosmos_gitea"]["working_directory"]
|
||||
working_directory = node["gitea"]["working_directory"]
|
||||
git_home_directory = "/home/git"
|
||||
repository_root_directory = "#{git_home_directory}/gitea-repositories"
|
||||
config_directory = "/etc/gitea"
|
||||
@@ -62,15 +62,37 @@ directory config_directory do
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
nginx_proxy_ip_addresses = []
|
||||
search(:node, "role:nginx_proxy").each do |node|
|
||||
nginx_proxy_ip_addresses << node["knife_zero"]["host"]
|
||||
if node.chef_environment == "production"
|
||||
allowed_webhook_hosts = []
|
||||
search(:node, "role:nginx_proxy OR role:hubot").each do |node|
|
||||
allowed_webhook_hosts << node["knife_zero"]["host"]
|
||||
end
|
||||
|
||||
node.normal["gitea"]["config"] = {
|
||||
"webhook": {
|
||||
"allowed_host_list" => "external,#{allowed_webhook_hosts.join(",")}"
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
node.default["kosmos_gitea"]["config"] = {
|
||||
"webhook": {
|
||||
"allowed_host_list" => "external,#{nginx_proxy_ip_addresses.join(",")}"
|
||||
}
|
||||
config_variables = {
|
||||
working_directory: working_directory,
|
||||
git_home_directory: git_home_directory,
|
||||
repository_root_directory: repository_root_directory,
|
||||
config_directory: config_directory,
|
||||
gitea_binary_path: gitea_binary_path,
|
||||
jwt_secret: jwt_secret,
|
||||
internal_token: internal_token,
|
||||
secret_key: secret_key,
|
||||
postgresql_host: node["gitea"]["postgresql_host"],
|
||||
postgresql_password: gitea_data_bag_item["postgresql_password"],
|
||||
smtp_host: smtp_credentials["relayhost"],
|
||||
smtp_user: smtp_credentials["user_name"],
|
||||
smtp_password: smtp_credentials["password"],
|
||||
config: node["gitea"]["config"],
|
||||
s3_key_id: gitea_data_bag_item["s3_key_id"],
|
||||
s3_secret_key: gitea_data_bag_item["s3_secret_key"],
|
||||
s3_bucket: gitea_data_bag_item["s3_bucket"]
|
||||
}
|
||||
|
||||
template "#{config_directory}/app.ini" do
|
||||
@@ -79,26 +101,13 @@ template "#{config_directory}/app.ini" do
|
||||
group "git"
|
||||
mode "0600"
|
||||
sensitive true
|
||||
variables working_directory: working_directory,
|
||||
git_home_directory: git_home_directory,
|
||||
repository_root_directory: repository_root_directory,
|
||||
config_directory: config_directory,
|
||||
gitea_binary_path: gitea_binary_path,
|
||||
jwt_secret: jwt_secret,
|
||||
internal_token: internal_token,
|
||||
secret_key: secret_key,
|
||||
postgresql_host: "pg.kosmos.local:5432",
|
||||
postgresql_password: gitea_data_bag_item["postgresql_password"],
|
||||
smtp_host: smtp_credentials["relayhost"],
|
||||
smtp_user: smtp_credentials["user_name"],
|
||||
smtp_password: smtp_credentials["password"],
|
||||
config: node["kosmos_gitea"]["config"]
|
||||
variables config_variables
|
||||
notifies :restart, "service[gitea]", :delayed
|
||||
end
|
||||
|
||||
remote_file gitea_binary_path do
|
||||
source node['kosmos_gitea']['binary_url']
|
||||
checksum node['kosmos_gitea']['binary_checksum']
|
||||
source node['gitea']['binary_url']
|
||||
checksum node['gitea']['binary_checksum']
|
||||
mode "0755"
|
||||
notifies :restart, "service[gitea]", :delayed
|
||||
end
|
||||
@@ -121,7 +130,7 @@ service "gitea" do
|
||||
end
|
||||
|
||||
firewall_rule 'gitea' do
|
||||
port [node["kosmos_gitea"]["port"]]
|
||||
port [node["gitea"]["port"]]
|
||||
source "10.1.1.0/24" # TODO only allow nginx proxy IPs
|
||||
protocol :tcp
|
||||
command :allow
|
||||
|
||||
Reference in New Issue
Block a user