From da232c6b03243666a58f9167e1b1aa7574644977 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Fri, 22 Jan 2021 18:22:13 -0500 Subject: [PATCH] [WIP] Set up gitea packer image TODOs: - figure out how to keep the mail password in app.ini during install - mount volumes to persist data between droplet redeploys - set up HTTPS --- prod/git-jeremydormitzer-com/ansible/.envrc | 1 - .../git-jeremydormitzer-com/ansible/hosts.ini | 1 - prod/git-jeremydormitzer-com/packer/.envrc | 7 ++ .../git-jeremydormitzer-com/packer/.gitignore | 1 + prod/git-jeremydormitzer-com/packer/Makefile | 9 +++ .../packer/files/gitea.service | 74 ++++++++++++++++++ .../git-jeremydormitzer-com/packer/gitea.json | 37 +++++++++ .../packer/packer-manifest.json | 50 +++++++++++++ .../packer/scripts/dependencies.sh | 6 ++ .../packer/scripts/gitea.sh | 28 +++++++ .../packer/templates/app.ini.template | 75 +++++++++++++++++++ .../terraform/.terraform.lock.hcl | 17 +++++ .../git-jeremydormitzer-com/terraform/main.tf | 8 ++ .../terraform/outputs.tf | 8 ++ 14 files changed, 320 insertions(+), 2 deletions(-) delete mode 100644 prod/git-jeremydormitzer-com/ansible/.envrc delete mode 100644 prod/git-jeremydormitzer-com/ansible/hosts.ini create mode 100644 prod/git-jeremydormitzer-com/packer/.envrc create mode 100644 prod/git-jeremydormitzer-com/packer/.gitignore create mode 100644 prod/git-jeremydormitzer-com/packer/Makefile create mode 100644 prod/git-jeremydormitzer-com/packer/files/gitea.service create mode 100644 prod/git-jeremydormitzer-com/packer/gitea.json create mode 100644 prod/git-jeremydormitzer-com/packer/packer-manifest.json create mode 100644 prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh create mode 100644 prod/git-jeremydormitzer-com/packer/scripts/gitea.sh create mode 100644 prod/git-jeremydormitzer-com/packer/templates/app.ini.template diff --git a/prod/git-jeremydormitzer-com/ansible/.envrc b/prod/git-jeremydormitzer-com/ansible/.envrc deleted file mode 100644 index 0512d72..0000000 --- a/prod/git-jeremydormitzer-com/ansible/.envrc +++ /dev/null @@ -1 +0,0 @@ -export ANSIBLE_INVENTORY="$(expand_path hosts.ini)" diff --git a/prod/git-jeremydormitzer-com/ansible/hosts.ini b/prod/git-jeremydormitzer-com/ansible/hosts.ini deleted file mode 100644 index da66b1c..0000000 --- a/prod/git-jeremydormitzer-com/ansible/hosts.ini +++ /dev/null @@ -1 +0,0 @@ -git.jeremydormitzer.com \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/.envrc b/prod/git-jeremydormitzer-com/packer/.envrc new file mode 100644 index 0000000..31ec5d9 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/.envrc @@ -0,0 +1,7 @@ +source_up + +export GITEA_MAILGUN_PASSWORD=$(pass noreply@mg.git.jeremydormitzer.com) +export GITEA_LFS_JWT_SECRET=$(pass packer-gitea-lfs-jwt-secret) +export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key) +export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token) +export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret) diff --git a/prod/git-jeremydormitzer-com/packer/.gitignore b/prod/git-jeremydormitzer-com/packer/.gitignore new file mode 100644 index 0000000..0b3b071 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/.gitignore @@ -0,0 +1 @@ +files/app.ini \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/Makefile b/prod/git-jeremydormitzer-com/packer/Makefile new file mode 100644 index 0000000..64eb606 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/Makefile @@ -0,0 +1,9 @@ +packer-manifest.json: gitea.json \ + scripts/dependencies.sh \ + files/gitea.service \ + files/app.ini \ + scripts/gitea.sh + packer build gitea.json + +files/app.ini: templates/app.ini.template + sigil -p -f templates/app.ini.template > files/app.ini diff --git a/prod/git-jeremydormitzer-com/packer/files/gitea.service b/prod/git-jeremydormitzer-com/packer/files/gitea.service new file mode 100644 index 0000000..d6bcd7d --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/files/gitea.service @@ -0,0 +1,74 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +### +# Don't forget to add the database service requirements +### +# +#Requires=mysql.service +#Requires=mariadb.service +#Requires=postgresql.service +#Requires=memcached.service +#Requires=redis.service +# +### +# If using socket activation for main http/s +### +# +#After=gitea.main.socket +#Requires=gitea.main.socket +# +### +# (You can also provide gitea an http fallback and/or ssh socket too) +# +# An example of /etc/systemd/system/gitea.main.socket +### +## +## [Unit] +## Description=Gitea Web Socket +## PartOf=gitea.service +## +## [Socket] +## Service=gitea.service +## ListenStream= +## NoDelay=true +## +## [Install] +## WantedBy=sockets.target +## +### + +[Service] +# Modify these two values and uncomment them if you have +# repos with lots of files and get an HTTP error 500 because +# of that +### +#LimitMEMLOCK=infinity +#LimitNOFILE=65535 +RestartSec=2s +Type=simple +User=git +Group=git +WorkingDirectory=/var/lib/gitea/ +# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file +# (manually creating /run/gitea doesn't work, because it would not persist across reboots) +#RuntimeDirectory=gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea +# If you install Git to directory prefix other than default PATH (which happens +# for example if you install other versions of Git side-to-side with +# distribution version), uncomment below line and add that prefix to PATH +# Don't forget to place git-lfs binary on the PATH below if you want to enable +# Git LFS support +#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin +# If you want to bind Gitea to a port below 1024, uncomment +# the two values below, or use socket activation to pass Gitea its ports as above +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE +### + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/gitea.json b/prod/git-jeremydormitzer-com/packer/gitea.json new file mode 100644 index 0000000..b69f468 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/gitea.json @@ -0,0 +1,37 @@ +{ + "builders": [ + { + "type": "digitalocean", + "image": "ubuntu-20-04-x64", + "region": "nyc1", + "size": "s-1vcpu-1gb", + "snapshot_name": "packer-gitea-{{timestamp}}", + "ssh_username": "root" + } + ], + "provisioners": [ + { + "type": "shell", + "script": "scripts/dependencies.sh" + }, + { + "type": "file", + "source": "files/app.ini", + "destination": "/tmp/app.ini" + }, + { + "type": "file", + "source": "files/gitea.service", + "destination": "/tmp/gitea.service" + }, + { + "type": "shell", + "script": "scripts/gitea.sh" + } + ], + "post-processors": [ + { + "type": "manifest" + } + ] +} diff --git a/prod/git-jeremydormitzer-com/packer/packer-manifest.json b/prod/git-jeremydormitzer-com/packer/packer-manifest.json new file mode 100644 index 0000000..2a33bf3 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/packer-manifest.json @@ -0,0 +1,50 @@ +{ + "builds": [ + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611352765, + "files": null, + "artifact_id": "nyc1:77396506", + "packer_run_uuid": "a93bca03-f67e-e630-7606-c12222ae21db", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611355972, + "files": null, + "artifact_id": "nyc1:77399380", + "packer_run_uuid": "2c306ac5-20fe-3e4e-9329-c62b03621d95", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611356707, + "files": null, + "artifact_id": "nyc1:77400402", + "packer_run_uuid": "1d401331-1f3f-cfaa-d610-66f06eef5986", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611357084, + "files": null, + "artifact_id": "nyc1:77400747", + "packer_run_uuid": "c40a3d6a-e3a8-099a-1bd1-86f4026a158f", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611357475, + "files": null, + "artifact_id": "nyc1:77401090", + "packer_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929", + "custom_data": null + } + ], + "last_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929" +} \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh b/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh new file mode 100644 index 0000000..e9a257b --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -ex + +sudo apt-get update +sudo apt-get install -y git diff --git a/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh b/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh new file mode 100644 index 0000000..91db7e3 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -ex + +adduser \ + --system \ + --shell /bin/bash \ + --gecos 'Git Version Control' \ + --group \ + --disabled-password \ + --home /home/git \ + git + +mkdir -p /var/lib/gitea/{custom,data,log} +chown -R git:git /var/lib/gitea/ +chmod -R 750 /var/lib/gitea/ +mkdir /etc/gitea +mv /tmp/app.ini /etc/gitea/app.ini +chown -R root:git /etc/gitea +chmod 770 /etc/gitea +chmod 660 /etc/gitea/app.ini + +wget -O gitea https://dl.gitea.io/gitea/1.13.1/gitea-1.13.1-linux-amd64 +chmod +x gitea +mv gitea /usr/local/bin/ + +mv /tmp/gitea.service /etc/systemd/system/gitea.service +systemctl enable gitea diff --git a/prod/git-jeremydormitzer-com/packer/templates/app.ini.template b/prod/git-jeremydormitzer-com/packer/templates/app.ini.template new file mode 100644 index 0000000..9aaf5e7 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/templates/app.ini.template @@ -0,0 +1,75 @@ +APP_NAME = Jeremy Dormitzer's Git Forge +RUN_USER = git +RUN_MODE = prod + +[oauth2] +JWT_SECRET = ${GITEA_JWT_SECRET:?} + +[security] +INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN:?} +SECRET_KEY = ${GITEA_SECRET_KEY:?} + +[database] +DB_TYPE = sqlite3 +HOST = 127.0.0.1:3306 +NAME = gitea +USER = gitea +PASSWD = +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 +PATH = /var/lib/gitea/data/gitea.db +LOG_SQL = false + +[repository] +ROOT = /home/git/gitea-repositories + +[server] +SSH_DOMAIN = git.jeremydormitzer.com +DOMAIN = git.jeremydormitzer.com +HTTP_PORT = 3000 +ROOT_URL = https://git.jeremydormitzer.com/ +DISABLE_SSH = false +SSH_PORT = 22 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /var/lib/gitea/data/lfs +LFS_JWT_SECRET = ${GITEA_LFS_JWT_SECRET:?} +OFFLINE_MODE = false + +[mailer] +ENABLED = true +HOST = smtp.mailgun.org:587 +FROM = Jeremy Dormitzer's Git Forge +USER = noreply@mg.git.jeremydormitzer.com +PASSWD = ${GITEA_MAILGUN_PASSWORD:?} + +[service] +REGISTER_EMAIL_CONFIRM = true +ENABLE_NOTIFY_MAIL = true +DISABLE_REGISTRATION = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[picture] +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = false + +[session] +PROVIDER = file + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /var/lib/gitea/log +REDIRECT_MACARON_LOG = true +MACARON = console +ROUTER = console \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl b/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl index f7f7ed8..3cc9bda 100755 --- a/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl +++ b/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl @@ -21,3 +21,20 @@ provider "registry.terraform.io/digitalocean/digitalocean" { "zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d", ] } + +provider "registry.terraform.io/hashicorp/local" { + version = "2.0.0" + hashes = [ + "h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=", + "zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1", + "zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092", + "zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e", + "zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6", + "zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e", + "zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f", + "zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4", + "zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e", + "zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84", + "zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70", + ] +} diff --git a/prod/git-jeremydormitzer-com/terraform/main.tf b/prod/git-jeremydormitzer-com/terraform/main.tf index 1c05446..9ff1ad8 100644 --- a/prod/git-jeremydormitzer-com/terraform/main.tf +++ b/prod/git-jeremydormitzer-com/terraform/main.tf @@ -12,3 +12,11 @@ resource "digitalocean_droplet" "git_jeremydormitzer_com" { backups = true tags = ["terraform"] } + +module "packer_droplet" { + source = "../../../terraform-modules/packer_droplet" + name = "gitea" + do_token = var.do_token + spaces_access_id = var.spaces_access_id + spaces_secret_key = var.spaces_secret_key +} diff --git a/prod/git-jeremydormitzer-com/terraform/outputs.tf b/prod/git-jeremydormitzer-com/terraform/outputs.tf index 2954a17..122d3a9 100644 --- a/prod/git-jeremydormitzer-com/terraform/outputs.tf +++ b/prod/git-jeremydormitzer-com/terraform/outputs.tf @@ -5,3 +5,11 @@ output "git_ip_address" { output "git_urn" { value = digitalocean_droplet.git_jeremydormitzer_com.urn } + +output "gitea_ip_address" { + value = module.packer_droplet.droplet_ip_address +} + +output "gitea_urn" { + value = module.packer_droplet.droplet_urn +}