Bradley/Random_Ansible_Stuff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding all the stuff that was needed to get gitea working again...

Browse Source
This commit is contained in:
Bradley Bickford 2024-12-03 13:12:59 -05:00
parent 5d517edc4e
commit 4a4c5d9aad
6 changed files with 372 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
inventories/core_infrastructure
View File

@ -1,12 +1,10 @@
[ansible_nodes]
blacktide ansible_host=192.168.3.2 connection=local
[podman_nodes]
arcade ansible_host=10.20.24.3
beachpolice ansible_host=10.42.0.3
bulletinboard ansible_host=10.26.48.3
lifeguard ansible_host=172.16.132.4
beachsidelibrary ansible_host=10.12.34.3
[docker_nodes]
web ansible_host=10.26.48.3
database ansible_host=10.12.34.3
publicworks ansible_host=10.77.7.3
[pfsense_nodes]
openocean ansible_host=172.16.132.2

BIN
playbooks/.IaC_database.yml.swp Normal file
View File

Binary file not shown.

159
playbooks/IaC_gitea.yml Normal file
View File

@ -0,0 +1,159 @@
---
- hosts: bulletinboard
become: true
become_method: sudo
become_user: root
vars:
gitea_device: "/dev/vdc"
gitea_vg_name: "vg_gitea"
gitea_lv_name: "lv_gitea"
gitea_data_directory: "/gitea"
vars_prompt:
- name: gitea_password
prompt: "Enter gitea Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
- name: gitea_db_password
prompt: "Enter Gitea DB Password: "
private: true
tasks:
- name: Create gitea user
ansible.builtin.user:
name: gitea
password: "{{ gitea_password }}"
comment: "Podman user for Gitea application"
uid: 2001
- name: Make .bashrc.d directory for gitea user
ansible.builtin.file:
path: /home/gitea/.bashrc.d
owner: gitea
group: gitea
mode: "0750"
state: directory
- name: Set XDG_RUNTIME_DIR var for gitea user
ansible.builtin.lineinfile:
path: /home/gitea/.bashrc.d/systemd
owner: gitea
group: gitea
mode: "0750"
line: "export XDG_RUNTIME_DIR=/run/user/2001"
create: true
- name: Allow gitea user to linger
ansible.builtin.shell:
cmd: "loginctl enable-linger 2001"
- name: Place container environment file for gitea user
ansible.builtin.lineinfile:
path: /home/gitea/.containerenv
owner: gitea
group: gitea
mode: "0750"
line: "{{ item }}"
insertafter: EOF
create: true
no_log: true
loop:
- "GITEA__database_DB_TYPE=mysql"
- "GITEA__database__HOST=10.12.34.3:3306"
- "GITEA__database__NAME=gitea"
- "GITEA__database__USER=gitea"
- "GITEA__database__PASSWD={{ gitea_db_password }}"
- name: Run systemctl daemon-reload
ansible.builtin.systemd_service:
daemon_reload: true
- name: Write subuid user entry for gitea
ansible.builtin.lineinfile:
path: /etc/subuid
line: "gitea:102000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid user entry for gitea
ansible.builtin.lineinfile:
path: /etc/subgid
line: "gitea:102000:2000"
insertafter: EOF
create: true
state: present
- name: Configure firewalld for gitea
ansible.posix.firewalld:
port: "8081/tcp"
state: enabled
permanent: true
immediate: true
- name: Configure quadlet volumes
containers.podman.podman_volume:
state: quadlet
name: "gitea-{{ item }}"
quadlet_filename: "gitea-quadlet-volumes-{{ item }}"
quadlet_file_mode: "0640"
quadlet_options:
- |
[Install]
WantedBy=default.target
- |
[Unit]
Description=Gitea {{ item }} Volume
loop:
- "data"
- "config"
become_user: gitea
# TODO Unit spec should get *.mount After directive from variables
- name: Build gitea quadlet
containers.podman.podman_container:
name: gitea
image: "docker.io/gitea/gitea:latest-rootless"
state: quadlet
quadlet_filename: "gitea-quadlet"
quadlet_file_mode: "0640"
rm: false
ports:
- "8081:3000"
volumes:
- "gitea-data:/var/lib/gitea:Z"
- "gitea-config:/etc/gitea:Z"
- "/etc/localtime:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Install]
WantedBy=default.target
- |
[Unit]
Description=Gitea Quadlet
- |
[Service]
ExecStartPre=/home/gitea/service_up.sh 3306
env_file: "/home/gitea/.containerenv"
become_user: "gitea"
- name: Run systemctl --user daemon-reload
ansible.builtin.systemd_service:
daemon_reload: true
scope: user
become_user: "gitea"
- name: Run systemctl --user start for all services
ansible.builtin.systemd_service:
state: started
scope: user
name: "{{ item }}"
loop:
- "gitea-quadlet-volumes-data-volume.service"
- "gitea-quadlet-volumes-config-volume.service"
- "gitea-quadlet.service"
become_user: "gitea"

160
playbooks/IaC_gitea.yml.bak Normal file
View File

@ -0,0 +1,160 @@
---
- hosts: bulletinboard
become: true
become_method: sudo
become_user: root
vars:
gitea_device: "/dev/vdc"
gitea_vg_name: "vg_gitea"
gitea_lv_name: "lv_gitea"
gitea_data_directory: "/gitea"
vars_prompt:
- name: gitea_password
prompt: "Enter gitea Password: "
private: true
encrypt: sha512_crypt
confirm: true
salt_size: 7
- name: gitea_db_password
prompt: "Enter Gitea DB Password: "
private: true
tasks:
- name: Create gitea user
ansible.builtin.user:
name: gitea
password: "{{ gitea_password }}"
comment: "Podman user for Gitea application"
uid: 2001
- name: Make .bashrc.d directory for gitea user
ansible.builtin.file:
path: /home/gitea/.bashrc.d
owner: gitea
group: gitea
mode: "0750"
state: directory
- name: Set XDG_RUNTIME_DIR var for gitea user
ansible.builtin.lineinfile:
path: /home/gitea/.bashrc.d/systemd
owner: gitea
group: gitea
mode: "0750"
line: "export XDG_RUNTIME_DIR=/run/user/2001"
create: true
- name: Allow gitea user to linger
ansible.builtin.shell:
cmd: "loginctl enable-linger 2001"
- name: Build /gitea mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ gitea_device }}"
vg_name: "{{ gitea_vg_name }}"
lvs:
- lv_name: "{{ gitea_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ gitea_data_directory }}"
owner: gitea
group: gitea
mode: "0755"
lv: "{{ gitea_lv_name }}"
- name: Make /gitea subdirectories
ansible.builtin.file:
path: "{{ gitea_data_directory }}/{{ item }}"
owner: gitea
group: gitea
mode: "0750"
state: directory
loop:
- "data"
- "config"
- name: Place container environment file for gitea user
ansible.builtin.lineinfile:
path: /home/gitea/.containerenv
owner: gitea
group: gitea
mode: "0750"
line: "{{ item }}"
insertafter: EOF
create: true
no_log: true
loop:
- "USER_UID=2001"
- "USER_GID=2001"
- "GITEA__database_DB_TYPE=mysql"
- "GITEA__database__HOST=10.12.34.3:3306"
- "GITEA__database__NAME=gitea"
- "GITEA__database__USER=gitea"
- "GITEA__database__PASSWD={{ gitea_db_password }}"
- name: Run systemctl daemon-reload
ansible.builtin.systemd_service:
daemon_reload: true
- name: Write subuid user entry for gitea
ansible.builtin.lineinfile:
path: /etc/subuid
line: "gitea:102000:2000"
insertafter: EOF
create: true
state: present
- name: Write subgid user entry for gitea
ansible.builtin.lineinfile:
path: /etc/subgid
line: "gitea:102000:2000"
insertafter: EOF
create: true
state: present
- name: Configure firewalld for gitea
ansible.posix.firewalld:
port: "8081/tcp"
state: enabled
permanent: true
immediate: true
# TODO Unit spec should get *.mount After directive from variables
- name: Build gitea quadlet
containers.podman.podman_container:
name: gitea
image: "docker.io/gitea/gitea:latest-rootless"
state: quadlet
quadlet_filename: "gitea-quadlet"
quadlet_file_mode: "0640"
rm: false
ports:
- "8081:3000"
volumes:
- "{{ gitea_data_directory }}/data:/var/lib/gitea:Z"
- "{{ gitea_data_directory }}/config:/etc/gitea:Z"
- "/etc/localtime:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
- |
[Install]
WantedBy=default.target
- |
[Unit]
Description=Gitea Quadlet
After=gitea.mount
- |
[Service]
ExecStartPre=/home/gitea/service_up.sh 3306
env_file: "/home/gitea/.containerenv"
become_user: "gitea"
- name: Run systemctl --user daemon-reload
ansible.builtin.systemd_service:
daemon_reload: true
scope: user
become_user: "gitea"

8
playbooks/IaC_httptest.yml
View File

@ -46,7 +46,7 @@
path: "{{ httptest_user_www }}"
owner: httptest
group: httptest
mode: "0750"
mode: "0755"
state: directory
- name: Make index.html file
@ -54,7 +54,7 @@
path: "{{ httptest_user_www }}/index.html"
owner: httptest
group: httptest
mode: "0750"
mode: "0644"
line: "<!DOCTYPE html><html><body><h1>TEST</h1></body></html>"
create: true
@ -91,7 +91,7 @@
rm: false
ports: 8080:80
volumes:
- "{{ httptest_user_www }}:/usr/local/apache2/htdocs"
- "{{ httptest_user_www }}:/usr/local/apache2/htdocs:Z"
quadlet_options:
- "AutoUpdate=registry"
- "Pull=newer"
@ -115,4 +115,4 @@
name: "httptest-quadlet.service"
scope: user
state: started
become_user: "httptest"
become_user: "httptest"

45
playbooks/install_docker.yml Normal file
View File

@ -0,0 +1,45 @@
---
- hosts: docker_nodes
become: true
become_method: sudo
become_user: root
vars:
docker_device: "/dev/vdb"
docker_vg_name: "vg_docker"
docker_lv_name: "lv_docker"
docker_data_directory: "/var/lib/docker"
tasks:
- name: Build /var/lib/docker mount
ansible.builtin.import_role:
name: make_lvm_mount
vars:
device_name: "{{ docker_device }}"
vg_name: "{{ docker_vg_name }}"
lvs:
- lv_name: "{{ docker_lv_name }}"
lv_size: "100%FREE"
directories:
- name: "{{ docker_data_directory }}"
owner: root
group: root
mode: "0750"
lv: "{{ docker_lv_name }}"
- name: Add repo with config-manager
ansible.builtin.shell:
cmd: "dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo"
- name: Install docker
ansible.builtin.yum:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
- name: Start docker service
ansible.builtin.systemd_service:
name: docker
enabled: true
state: started