Packer-ized Gitea #1

Merged
jdormit merged 7 commits from jdormit/git-jeremydormitzer-com-packer into master 2021-01-27 03:49:54 +00:00
36 changed files with 678 additions and 74 deletions

8
.envrc
View File

@ -1,9 +1,9 @@
PATH_add bin
export TF_VAR_do_token=$(pass jdormit-infra-do-token)
export DIGITALOCEAN_API_TOKEN=$(pass jdormit-infra-do-token)
export TF_VAR_spaces_access_id=$(pass jdormit-infra-spaces-access-id)
export TF_VAR_spaces_secret_key=$(pass jdormit-infra-spaces-secret-key)
# export TF_VAR_do_token=$(pass jdormit-infra-do-token)
# export DIGITALOCEAN_API_TOKEN=$(pass jdormit-infra-do-token)
# export TF_VAR_spaces_access_id=$(pass jdormit-infra-spaces-access-id)
# export TF_VAR_spaces_secret_key=$(pass jdormit-infra-spaces-secret-key)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
/.env.local
.env.local
/backend-config.tf
*/**/.terraform
*.tfstate*

View File

@ -9,7 +9,7 @@ data "terraform_remote_state" "git_jeremydormitzer_com" {
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/git-jeremydormitzer-com.tfstate"
key = "prod/gitea.tfstate"
}
}

View File

@ -46,7 +46,7 @@ resource "digitalocean_record" "git" {
domain = digitalocean_domain.jeremydormitzer_com.name
type = "A"
name = "git"
value = data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_ip_address
value = data.terraform_remote_state.git_jeremydormitzer_com.outputs.gitea_ip_address
ttl = 3600
}

View File

@ -1,4 +1,4 @@
data "terraform_remote_state" "jdormit_website" {
data "terraform_remote_state" "gitea" {
backend = "s3"
config = {
@ -9,22 +9,7 @@ data "terraform_remote_state" "jdormit_website" {
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/jdormit-website.tfstate"
}
}
data "terraform_remote_state" "git_jeremydormitzer_com" {
backend = "s3"
config = {
skip_credentials_validation = true
skip_metadata_api_check = true
access_key = var.spaces_access_id
secret_key = var.spaces_secret_key
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/git-jeremydormitzer-com.tfstate"
key = "prod/gitea.tfstate"
}
}
@ -72,3 +57,33 @@ data "terraform_remote_state" "jeremydormitzer_com" {
key = "mgmt/do-dns.tfstate"
}
}
data "terraform_remote_state" "spaces" {
backend = "s3"
config = {
skip_credentials_validation = true
skip_metadata_api_check = true
access_key = var.spaces_access_id
secret_key = var.spaces_secret_key
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "mgmt/do-spaces.tfstate"
}
}
data "terraform_remote_state" "wallabag" {
backend = "s3"
config = {
skip_credentials_validation = true
skip_metadata_api_check = true
access_key = var.spaces_access_id
secret_key = var.spaces_secret_key
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/wallabag.tfstate"
}
}

View File

@ -10,11 +10,13 @@ resource "digitalocean_project" "jeremy_dormitzer" {
description = "Personal infrastructure"
purpose = "Personal infrastructure"
resources = [
data.terraform_remote_state.jdormit_website.outputs.jdormit_website_urn,
data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_urn,
data.terraform_remote_state.syncthing.outputs.syncthing_urn,
data.terraform_remote_state.syncthing.outputs.syncthing_volume_urn,
data.terraform_remote_state.gitea.outputs.gitea_urn,
data.terraform_remote_state.gitea.outputs.gitea_volume_urn,
data.terraform_remote_state.syncthing.outputs.urn,
data.terraform_remote_state.syncthing.outputs.volume_urn,
data.terraform_remote_state.justin_ghost_site.outputs.justin_ghost_site_urn,
data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn
data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn,
data.terraform_remote_state.spaces.outputs.jdormit_infra_bucket_urn,
data.terraform_remote_state.wallabag.outputs.urn
]
}

View File

@ -0,0 +1,23 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.3.0"
constraints = "~> 2.3.0"
hashes = [
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
]
}

View File

@ -0,0 +1,3 @@
output "jdormit_infra_bucket_urn" {
value = digitalocean_spaces_bucket.jdormit_tf_state.urn
}

View File

@ -1 +0,0 @@
export ANSIBLE_INVENTORY="$(expand_path hosts.ini)"

View File

@ -1 +0,0 @@
git.jeremydormitzer.com

View File

@ -1,14 +0,0 @@
provider "digitalocean" {
token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
resource "digitalocean_droplet" "git_jeremydormitzer_com" {
name = "git.jeremydormitzer.com"
image = "41695378"
region = "nyc3"
size = "s-1vcpu-1gb"
backups = true
tags = ["terraform"]
}

View File

@ -1,7 +0,0 @@
output "git_ip_address" {
value = digitalocean_droplet.git_jeremydormitzer_com.ipv4_address
}
output "git_urn" {
value = digitalocean_droplet.git_jeremydormitzer_com.urn
}

15
prod/gitea/packer/.envrc Normal file
View File

@ -0,0 +1,15 @@
source_up
# export GITEA_MAILGUN_PASSWORD=$(pass noreply@mg.git.jeremydormitzer.com)
# export GITEA_LFS_JWT_SECRET=$(pass packer-gitea-lfs-jwt-secret)
# export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key)
# export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token)
# export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret)
# export CERTBOT_EMAIL=$(pass certbot-email)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi

3
prod/gitea/packer/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
files/app.ini
tmp/
certbot/

View File

@ -0,0 +1,39 @@
.PHONY: reissue-certs
packer-manifest.json: gitea.json \
scripts/dependencies.sh \
scripts/volume.sh \
files/gitea.service \
files/app.ini \
scripts/gitea.sh \
files/gitea-nginx.conf \
scripts/nginx.sh \
certbot/live/git.jeremydormitzer.com/fullchain.pem \
certbot/live/git.jeremydormitzer.com/privkey.pem
packer build gitea.json
files/app.ini: templates/app.ini.template
sigil -p -f templates/app.ini.template > files/app.ini
certbot/live/git.jeremydormitzer.com/fullchain.pem certbot/live/git.jeremydormitzer.com/privkey.pem &: tmp/do.ini
certbot certonly -n \
--agree-tos \
--email ${CERTBOT_EMAIL} \
--dns-digitalocean \
--dns-digitalocean-credentials tmp/do.ini \
--config-dir ./certbot \
--work-dir ./certbot \
--logs-dir ./certbot \
-d git.jeremydormitzer.com
tmp/do.ini: templates/do.ini.template tmp
sigil -p -f templates/do.ini.template > tmp/do.ini
chmod 600 tmp/do.ini
tmp:
mkdir tmp
reissue-certs:
rm -rf certbot
make

View File

@ -0,0 +1,28 @@
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /var/www/gitea/fullchain.pem;
ssl_certificate_key /var/www/gitea/privkey.pem;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
error_log /var/log/nginx/gitea_error.log;
access_log /var/log/nginx/gitea_access.log;
location / {
proxy_pass http://localhost:3000;
}
}
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}

View File

@ -0,0 +1,74 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
###
# Don't forget to add the database service requirements
###
#
#Requires=mysql.service
#Requires=mariadb.service
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service
#
###
# If using socket activation for main http/s
###
#
#After=gitea.main.socket
#Requires=gitea.main.socket
#
###
# (You can also provide gitea an http fallback and/or ssh socket too)
#
# An example of /etc/systemd/system/gitea.main.socket
###
##
## [Unit]
## Description=Gitea Web Socket
## PartOf=gitea.service
##
## [Socket]
## Service=gitea.service
## ListenStream=<some_port>
## NoDelay=true
##
## [Install]
## WantedBy=sockets.target
##
###
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/mnt/gitea/
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
#RuntimeDirectory=gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/mnt/gitea
# If you install Git to directory prefix other than default PATH (which happens
# for example if you install other versions of Git side-to-side with
# distribution version), uncomment below line and add that prefix to PATH
# Don't forget to place git-lfs binary on the PATH below if you want to enable
# Git LFS support
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
# If you want to bind Gitea to a port below 1024, uncomment
# the two values below, or use socket activation to pass Gitea its ports as above
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,60 @@
{
"builders": [
{
"type": "digitalocean",
"image": "ubuntu-20-04-x64",
"region": "nyc1",
"size": "s-1vcpu-1gb",
"snapshot_name": "packer-gitea-{{timestamp}}",
"ssh_username": "root"
}
],
"provisioners": [
{
"type": "shell",
"script": "scripts/dependencies.sh"
},
{
"type": "shell",
"script": "scripts/volume.sh"
},
{
"type": "file",
"source": "files/app.ini",
"destination": "/tmp/app.ini"
},
{
"type": "file",
"source": "files/gitea.service",
"destination": "/tmp/gitea.service"
},
{
"type": "shell",
"script": "scripts/gitea.sh"
},
{
"type": "file",
"source": "files/gitea-nginx.conf",
"destination": "/tmp/gitea-nginx.conf"
},
{
"type": "file",
"source": "certbot/live/git.jeremydormitzer.com/fullchain.pem",
"destination": "/tmp/fullchain.pem"
},
{
"type": "file",
"source": "certbot/live/git.jeremydormitzer.com/privkey.pem",
"destination": "/tmp/privkey.pem"
},
{
"type": "shell",
"script": "scripts/nginx.sh"
}
],
"post-processors": [
{
"type": "manifest"
}
]
}

View File

@ -0,0 +1,131 @@
{
"builds": [
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611352765,
"files": null,
"artifact_id": "nyc1:77396506",
"packer_run_uuid": "a93bca03-f67e-e630-7606-c12222ae21db",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611355972,
"files": null,
"artifact_id": "nyc1:77399380",
"packer_run_uuid": "2c306ac5-20fe-3e4e-9329-c62b03621d95",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611356707,
"files": null,
"artifact_id": "nyc1:77400402",
"packer_run_uuid": "1d401331-1f3f-cfaa-d610-66f06eef5986",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611357084,
"files": null,
"artifact_id": "nyc1:77400747",
"packer_run_uuid": "c40a3d6a-e3a8-099a-1bd1-86f4026a158f",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611357475,
"files": null,
"artifact_id": "nyc1:77401090",
"packer_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611589317,
"files": null,
"artifact_id": "nyc1:77556065",
"packer_run_uuid": "e2582fd0-50a1-ff12-55d4-e2b8c3d8f219",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611590422,
"files": null,
"artifact_id": "nyc1:77556468",
"packer_run_uuid": "fc433d91-57be-76b1-8556-9db7db2bec1a",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611592717,
"files": null,
"artifact_id": "nyc1:77557404",
"packer_run_uuid": "263c77ab-063b-0cdc-fa3b-2ade99fc7c13",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611593408,
"files": null,
"artifact_id": "nyc1:77557615",
"packer_run_uuid": "19edc202-d12a-44ac-45ca-b4bb7ad9b50d",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611597797,
"files": null,
"artifact_id": "nyc1:77559148",
"packer_run_uuid": "e6bf1c31-9406-7aec-c5b4-e1a7e43bb712",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611598412,
"files": null,
"artifact_id": "nyc1:77559258",
"packer_run_uuid": "808d4681-7b0f-cda7-9dde-fc47861f18c5",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611599594,
"files": null,
"artifact_id": "nyc1:77560033",
"packer_run_uuid": "dfbec72e-764d-5f5c-8a58-f82102f1b295",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611608782,
"files": null,
"artifact_id": "nyc1:77566816",
"packer_run_uuid": "88d9d9f3-e664-2d8b-fafb-8c0a63bdc418",
"custom_data": null
},
{
"name": "digitalocean",
"builder_type": "digitalocean",
"build_time": 1611613275,
"files": null,
"artifact_id": "nyc1:77570642",
"packer_run_uuid": "c224b88a-0de7-6e4e-7057-c45a0521ee64",
"custom_data": null
}
],
"last_run_uuid": "c224b88a-0de7-6e4e-7057-c45a0521ee64"
}

View File

@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -ex
sudo apt-get update
sudo apt-get install -y git bindfs

View File

@ -0,0 +1,25 @@
#!/usr/bin/env bash
set -ex
adduser \
--system \
--shell /bin/bash \
--gecos 'Git Version Control' \
--group \
--disabled-password \
--home /home/git \
git
mkdir /etc/gitea
mv /tmp/app.ini /etc/gitea/app.ini
chown -R root:git /etc/gitea
chmod 770 /etc/gitea
chmod 660 /etc/gitea/app.ini
wget -O gitea https://dl.gitea.io/gitea/1.13.1/gitea-1.13.1-linux-amd64
chmod +x gitea
mv gitea /usr/local/bin/
mv /tmp/gitea.service /etc/systemd/system/gitea.service
systemctl enable gitea

View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -ex
sudo apt-get install -y nginx
sudo mv /tmp/gitea-nginx.conf /etc/nginx/sites-available/gitea.conf
sudo ln -s /etc/nginx/sites-available/gitea.conf \
/etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo mkdir -p /var/www/gitea
sudo mv /tmp/fullchain.pem /var/www/gitea/fullchain.pem
sudo mv /tmp/privkey.pem /var/www/gitea/privkey.pem
chown www-data:www-data /var/www/gitea/{fullchain,privkey}.pem
sudo systemctl enable nginx

View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -ex
sudo echo "/dev/disk/by-label/gitea-volume /mnt/gitea-volume ext4 defaults,nofail,discard,noatime 0 2" >> /etc/fstab
sudo echo "/mnt/gitea-volume /mnt/gitea fuse.bindfs force-user=git,force-group=git 0 0" >> /etc/fstab
sudo echo "/mnt/gitea/.ssh /home/git/.ssh fuse.bindfs force-user=git,force-group=git,perms=700" >> /etc/fstab

View File

@ -0,0 +1,77 @@
APP_NAME = Jeremy Dormitzer's Git Forge
RUN_USER = git
RUN_MODE = prod
[oauth2]
JWT_SECRET = ${GITEA_JWT_SECRET:?}
[security]
INSTALL_LOCK = true
INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN:?}
SECRET_KEY = ${GITEA_SECRET_KEY:?}
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = gitea
USER = gitea
PASSWD =
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
PATH = /mnt/gitea/gitea.db
LOG_SQL = false
[repository]
ROOT = /mnt/gitea/gitea-repositories
ENABLE_PUSH_CREATE_USER = true
[server]
SSH_DOMAIN = git.jeremydormitzer.com
DOMAIN = git.jeremydormitzer.com
HTTP_PORT = 3000
ROOT_URL = https://git.jeremydormitzer.com/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /mnt/gitea/lfs
LFS_JWT_SECRET = ${GITEA_LFS_JWT_SECRET:?}
OFFLINE_MODE = false
[mailer]
ENABLED = true
HOST = smtp.mailgun.org:587
FROM = Jeremy Dormitzer's Git Forge <noreply@git.jeremydormitzer.com>
USER = noreply@mg.git.jeremydormitzer.com
PASSWD = ${GITEA_MAILGUN_PASSWORD:?}
[service]
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = false
[session]
PROVIDER = file
[log]
MODE = console
LEVEL = info
ROOT_PATH = /mnt/gitea/log
REDIRECT_MACARON_LOG = true
MACARON = console
ROUTER = console

View File

@ -0,0 +1 @@
dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?}

View File

@ -0,0 +1,40 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.3.0"
constraints = "~> 2.3.0"
hashes = [
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.0.0"
hashes = [
"h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=",
"zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1",
"zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092",
"zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e",
"zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6",
"zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e",
"zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f",
"zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4",
"zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e",
"zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84",
"zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70",
]
}

View File

@ -0,0 +1,32 @@
provider "digitalocean" {
token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
module "packer_droplet" {
source = "../../../terraform-modules/packer_droplet"
name = "gitea"
do_token = var.do_token
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
resource "digitalocean_volume" "gitea_volume" {
name = "gitea-volume"
description = "The volume to hold Gitea repositories and data"
region = "nyc1"
size = 20
initial_filesystem_label = "gitea-volume"
initial_filesystem_type = "ext4"
tags = ["terraform"]
lifecycle {
prevent_destroy = true
}
}
resource "digitalocean_volume_attachment" "gitea" {
droplet_id = module.packer_droplet.droplet_id
volume_id = digitalocean_volume.gitea_volume.id
}

View File

@ -0,0 +1,11 @@
output "gitea_ip_address" {
value = module.packer_droplet.droplet_ip_address
}
output "gitea_urn" {
value = module.packer_droplet.droplet_urn
}
output "gitea_volume_urn" {
value = digitalocean_volume.gitea_volume.urn
}

View File

@ -13,6 +13,6 @@ terraform {
region = "us-east-1"
endpoint = "nyc3.digitaloceanspaces.com"
bucket = "jdormit-tf-state"
key = "prod/git-jeremydormitzer-com.tfstate"
key = "prod/gitea.tfstate"
}
}

View File

@ -1,3 +1,10 @@
source_up
export TF_VAR_netlify_token=$(pass netlify-terraform-access-token)
# export TF_VAR_netlify_token=$(pass netlify-terraform-access-token)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi

View File

@ -1 +0,0 @@
export ANSIBLE_INVENTORY="$(expand_path hosts.ini)"

View File

@ -1 +0,0 @@
justindormitzer.com ansible_host=167.71.186.105 ansible_user=root

View File

@ -1,8 +1,15 @@
source_up
export SYNCTHING_USER=$(pass packer-syncthing-user)
export SYNCTHING_PW=$(pass packer-syncthing-pw)
export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
export CERTBOT_EMAIL=$(pass certbot-email)
# export SYNCTHING_USER=$(pass packer-syncthing-user)
# export SYNCTHING_PW=$(pass packer-syncthing-pw)
# export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
# export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
# export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
# export CERTBOT_EMAIL=$(pass certbot-email)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi

View File

@ -1,14 +1,21 @@
source_up
export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password)
export WALLABAG_SECRET=$(pass packer-wallabag-secret)
export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com)
export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id)
export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret)
export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id)
export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret)
export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id)
export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret)
export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id)
export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret)
export CERTBOT_EMAIL=$(pass certbot-email)
# export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password)
# export WALLABAG_SECRET=$(pass packer-wallabag-secret)
# export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com)
# export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id)
# export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret)
# export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id)
# export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret)
# export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id)
# export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret)
# export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id)
# export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret)
# export CERTBOT_EMAIL=$(pass certbot-email)
if [ -f ".env.local" ]; then
echo "sourcing .env.local"
set -a
source ".env.local"
set +a
fi