Packer-ized Gitea #1
8
.envrc
8
.envrc
@ -1,9 +1,9 @@
|
||||
PATH_add bin
|
||||
|
||||
export TF_VAR_do_token=$(pass jdormit-infra-do-token)
|
||||
export DIGITALOCEAN_API_TOKEN=$(pass jdormit-infra-do-token)
|
||||
export TF_VAR_spaces_access_id=$(pass jdormit-infra-spaces-access-id)
|
||||
export TF_VAR_spaces_secret_key=$(pass jdormit-infra-spaces-secret-key)
|
||||
# export TF_VAR_do_token=$(pass jdormit-infra-do-token)
|
||||
# export DIGITALOCEAN_API_TOKEN=$(pass jdormit-infra-do-token)
|
||||
# export TF_VAR_spaces_access_id=$(pass jdormit-infra-spaces-access-id)
|
||||
# export TF_VAR_spaces_secret_key=$(pass jdormit-infra-spaces-secret-key)
|
||||
|
||||
if [ -f ".env.local" ]; then
|
||||
echo "sourcing .env.local"
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,4 @@
|
||||
/.env.local
|
||||
.env.local
|
||||
/backend-config.tf
|
||||
*/**/.terraform
|
||||
*.tfstate*
|
||||
|
@ -9,7 +9,7 @@ data "terraform_remote_state" "git_jeremydormitzer_com" {
|
||||
region = "us-east-1"
|
||||
endpoint = "nyc3.digitaloceanspaces.com"
|
||||
bucket = "jdormit-tf-state"
|
||||
key = "prod/git-jeremydormitzer-com.tfstate"
|
||||
key = "prod/gitea.tfstate"
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -46,7 +46,7 @@ resource "digitalocean_record" "git" {
|
||||
domain = digitalocean_domain.jeremydormitzer_com.name
|
||||
type = "A"
|
||||
name = "git"
|
||||
value = data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_ip_address
|
||||
value = data.terraform_remote_state.git_jeremydormitzer_com.outputs.gitea_ip_address
|
||||
ttl = 3600
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
data "terraform_remote_state" "jdormit_website" {
|
||||
data "terraform_remote_state" "gitea" {
|
||||
backend = "s3"
|
||||
|
||||
config = {
|
||||
@ -9,22 +9,7 @@ data "terraform_remote_state" "jdormit_website" {
|
||||
region = "us-east-1"
|
||||
endpoint = "nyc3.digitaloceanspaces.com"
|
||||
bucket = "jdormit-tf-state"
|
||||
key = "prod/jdormit-website.tfstate"
|
||||
}
|
||||
}
|
||||
|
||||
data "terraform_remote_state" "git_jeremydormitzer_com" {
|
||||
backend = "s3"
|
||||
|
||||
config = {
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
access_key = var.spaces_access_id
|
||||
secret_key = var.spaces_secret_key
|
||||
region = "us-east-1"
|
||||
endpoint = "nyc3.digitaloceanspaces.com"
|
||||
bucket = "jdormit-tf-state"
|
||||
key = "prod/git-jeremydormitzer-com.tfstate"
|
||||
key = "prod/gitea.tfstate"
|
||||
}
|
||||
}
|
||||
|
||||
@ -72,3 +57,33 @@ data "terraform_remote_state" "jeremydormitzer_com" {
|
||||
key = "mgmt/do-dns.tfstate"
|
||||
}
|
||||
}
|
||||
|
||||
data "terraform_remote_state" "spaces" {
|
||||
backend = "s3"
|
||||
|
||||
config = {
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
access_key = var.spaces_access_id
|
||||
secret_key = var.spaces_secret_key
|
||||
region = "us-east-1"
|
||||
endpoint = "nyc3.digitaloceanspaces.com"
|
||||
bucket = "jdormit-tf-state"
|
||||
key = "mgmt/do-spaces.tfstate"
|
||||
}
|
||||
}
|
||||
|
||||
data "terraform_remote_state" "wallabag" {
|
||||
backend = "s3"
|
||||
|
||||
config = {
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
access_key = var.spaces_access_id
|
||||
secret_key = var.spaces_secret_key
|
||||
region = "us-east-1"
|
||||
endpoint = "nyc3.digitaloceanspaces.com"
|
||||
bucket = "jdormit-tf-state"
|
||||
key = "prod/wallabag.tfstate"
|
||||
}
|
||||
}
|
||||
|
@ -10,11 +10,13 @@ resource "digitalocean_project" "jeremy_dormitzer" {
|
||||
description = "Personal infrastructure"
|
||||
purpose = "Personal infrastructure"
|
||||
resources = [
|
||||
data.terraform_remote_state.jdormit_website.outputs.jdormit_website_urn,
|
||||
data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_urn,
|
||||
data.terraform_remote_state.syncthing.outputs.syncthing_urn,
|
||||
data.terraform_remote_state.syncthing.outputs.syncthing_volume_urn,
|
||||
data.terraform_remote_state.gitea.outputs.gitea_urn,
|
||||
data.terraform_remote_state.gitea.outputs.gitea_volume_urn,
|
||||
data.terraform_remote_state.syncthing.outputs.urn,
|
||||
data.terraform_remote_state.syncthing.outputs.volume_urn,
|
||||
data.terraform_remote_state.justin_ghost_site.outputs.justin_ghost_site_urn,
|
||||
data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn
|
||||
data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn,
|
||||
data.terraform_remote_state.spaces.outputs.jdormit_infra_bucket_urn,
|
||||
data.terraform_remote_state.wallabag.outputs.urn
|
||||
]
|
||||
}
|
||||
|
23
mgmt/do-spaces/terraform/.terraform.lock.hcl
Executable file
23
mgmt/do-spaces/terraform/.terraform.lock.hcl
Executable file
@ -0,0 +1,23 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/digitalocean/digitalocean" {
|
||||
version = "2.3.0"
|
||||
constraints = "~> 2.3.0"
|
||||
hashes = [
|
||||
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
|
||||
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
|
||||
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
|
||||
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
|
||||
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
|
||||
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
|
||||
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
|
||||
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
|
||||
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
|
||||
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
|
||||
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
|
||||
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
|
||||
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
|
||||
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
|
||||
]
|
||||
}
|
3
mgmt/do-spaces/terraform/outputs.tf
Normal file
3
mgmt/do-spaces/terraform/outputs.tf
Normal file
@ -0,0 +1,3 @@
|
||||
output "jdormit_infra_bucket_urn" {
|
||||
value = digitalocean_spaces_bucket.jdormit_tf_state.urn
|
||||
}
|
@ -1 +0,0 @@
|
||||
export ANSIBLE_INVENTORY="$(expand_path hosts.ini)"
|
@ -1 +0,0 @@
|
||||
git.jeremydormitzer.com
|
@ -1,14 +0,0 @@
|
||||
provider "digitalocean" {
|
||||
token = var.do_token
|
||||
spaces_access_id = var.spaces_access_id
|
||||
spaces_secret_key = var.spaces_secret_key
|
||||
}
|
||||
|
||||
resource "digitalocean_droplet" "git_jeremydormitzer_com" {
|
||||
name = "git.jeremydormitzer.com"
|
||||
image = "41695378"
|
||||
region = "nyc3"
|
||||
size = "s-1vcpu-1gb"
|
||||
backups = true
|
||||
tags = ["terraform"]
|
||||
}
|
@ -1,7 +0,0 @@
|
||||
output "git_ip_address" {
|
||||
value = digitalocean_droplet.git_jeremydormitzer_com.ipv4_address
|
||||
}
|
||||
|
||||
output "git_urn" {
|
||||
value = digitalocean_droplet.git_jeremydormitzer_com.urn
|
||||
}
|
15
prod/gitea/packer/.envrc
Normal file
15
prod/gitea/packer/.envrc
Normal file
@ -0,0 +1,15 @@
|
||||
source_up
|
||||
|
||||
# export GITEA_MAILGUN_PASSWORD=$(pass noreply@mg.git.jeremydormitzer.com)
|
||||
# export GITEA_LFS_JWT_SECRET=$(pass packer-gitea-lfs-jwt-secret)
|
||||
# export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key)
|
||||
# export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token)
|
||||
# export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret)
|
||||
# export CERTBOT_EMAIL=$(pass certbot-email)
|
||||
|
||||
if [ -f ".env.local" ]; then
|
||||
echo "sourcing .env.local"
|
||||
set -a
|
||||
source ".env.local"
|
||||
set +a
|
||||
fi
|
3
prod/gitea/packer/.gitignore
vendored
Normal file
3
prod/gitea/packer/.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
files/app.ini
|
||||
tmp/
|
||||
certbot/
|
39
prod/gitea/packer/Makefile
Normal file
39
prod/gitea/packer/Makefile
Normal file
@ -0,0 +1,39 @@
|
||||
.PHONY: reissue-certs
|
||||
|
||||
packer-manifest.json: gitea.json \
|
||||
scripts/dependencies.sh \
|
||||
scripts/volume.sh \
|
||||
files/gitea.service \
|
||||
files/app.ini \
|
||||
scripts/gitea.sh \
|
||||
files/gitea-nginx.conf \
|
||||
scripts/nginx.sh \
|
||||
certbot/live/git.jeremydormitzer.com/fullchain.pem \
|
||||
certbot/live/git.jeremydormitzer.com/privkey.pem
|
||||
packer build gitea.json
|
||||
|
||||
files/app.ini: templates/app.ini.template
|
||||
sigil -p -f templates/app.ini.template > files/app.ini
|
||||
|
||||
certbot/live/git.jeremydormitzer.com/fullchain.pem certbot/live/git.jeremydormitzer.com/privkey.pem &: tmp/do.ini
|
||||
certbot certonly -n \
|
||||
--agree-tos \
|
||||
--email ${CERTBOT_EMAIL} \
|
||||
--dns-digitalocean \
|
||||
--dns-digitalocean-credentials tmp/do.ini \
|
||||
--config-dir ./certbot \
|
||||
--work-dir ./certbot \
|
||||
--logs-dir ./certbot \
|
||||
-d git.jeremydormitzer.com
|
||||
|
||||
|
||||
tmp/do.ini: templates/do.ini.template tmp
|
||||
sigil -p -f templates/do.ini.template > tmp/do.ini
|
||||
chmod 600 tmp/do.ini
|
||||
|
||||
tmp:
|
||||
mkdir tmp
|
||||
|
||||
reissue-certs:
|
||||
rm -rf certbot
|
||||
make
|
28
prod/gitea/packer/files/gitea-nginx.conf
Normal file
28
prod/gitea/packer/files/gitea-nginx.conf
Normal file
@ -0,0 +1,28 @@
|
||||
server {
|
||||
listen [::]:443 ssl ipv6only=on;
|
||||
listen 443 ssl;
|
||||
|
||||
ssl_certificate /var/www/gitea/fullchain.pem;
|
||||
ssl_certificate_key /var/www/gitea/privkey.pem;
|
||||
|
||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
||||
ssl_session_timeout 1440m;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
||||
|
||||
error_log /var/log/nginx/gitea_error.log;
|
||||
access_log /var/log/nginx/gitea_access.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
74
prod/gitea/packer/files/gitea.service
Normal file
74
prod/gitea/packer/files/gitea.service
Normal file
@ -0,0 +1,74 @@
|
||||
[Unit]
|
||||
Description=Gitea (Git with a cup of tea)
|
||||
After=syslog.target
|
||||
After=network.target
|
||||
###
|
||||
# Don't forget to add the database service requirements
|
||||
###
|
||||
#
|
||||
#Requires=mysql.service
|
||||
#Requires=mariadb.service
|
||||
#Requires=postgresql.service
|
||||
#Requires=memcached.service
|
||||
#Requires=redis.service
|
||||
#
|
||||
###
|
||||
# If using socket activation for main http/s
|
||||
###
|
||||
#
|
||||
#After=gitea.main.socket
|
||||
#Requires=gitea.main.socket
|
||||
#
|
||||
###
|
||||
# (You can also provide gitea an http fallback and/or ssh socket too)
|
||||
#
|
||||
# An example of /etc/systemd/system/gitea.main.socket
|
||||
###
|
||||
##
|
||||
## [Unit]
|
||||
## Description=Gitea Web Socket
|
||||
## PartOf=gitea.service
|
||||
##
|
||||
## [Socket]
|
||||
## Service=gitea.service
|
||||
## ListenStream=<some_port>
|
||||
## NoDelay=true
|
||||
##
|
||||
## [Install]
|
||||
## WantedBy=sockets.target
|
||||
##
|
||||
###
|
||||
|
||||
[Service]
|
||||
# Modify these two values and uncomment them if you have
|
||||
# repos with lots of files and get an HTTP error 500 because
|
||||
# of that
|
||||
###
|
||||
#LimitMEMLOCK=infinity
|
||||
#LimitNOFILE=65535
|
||||
RestartSec=2s
|
||||
Type=simple
|
||||
User=git
|
||||
Group=git
|
||||
WorkingDirectory=/mnt/gitea/
|
||||
# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
|
||||
# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
|
||||
#RuntimeDirectory=gitea
|
||||
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
|
||||
Restart=always
|
||||
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/mnt/gitea
|
||||
# If you install Git to directory prefix other than default PATH (which happens
|
||||
# for example if you install other versions of Git side-to-side with
|
||||
# distribution version), uncomment below line and add that prefix to PATH
|
||||
# Don't forget to place git-lfs binary on the PATH below if you want to enable
|
||||
# Git LFS support
|
||||
#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
|
||||
# If you want to bind Gitea to a port below 1024, uncomment
|
||||
# the two values below, or use socket activation to pass Gitea its ports as above
|
||||
###
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
###
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
60
prod/gitea/packer/gitea.json
Normal file
60
prod/gitea/packer/gitea.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"builders": [
|
||||
{
|
||||
"type": "digitalocean",
|
||||
"image": "ubuntu-20-04-x64",
|
||||
"region": "nyc1",
|
||||
"size": "s-1vcpu-1gb",
|
||||
"snapshot_name": "packer-gitea-{{timestamp}}",
|
||||
"ssh_username": "root"
|
||||
}
|
||||
],
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "shell",
|
||||
"script": "scripts/dependencies.sh"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"script": "scripts/volume.sh"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "files/app.ini",
|
||||
"destination": "/tmp/app.ini"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "files/gitea.service",
|
||||
"destination": "/tmp/gitea.service"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"script": "scripts/gitea.sh"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "files/gitea-nginx.conf",
|
||||
"destination": "/tmp/gitea-nginx.conf"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "certbot/live/git.jeremydormitzer.com/fullchain.pem",
|
||||
"destination": "/tmp/fullchain.pem"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "certbot/live/git.jeremydormitzer.com/privkey.pem",
|
||||
"destination": "/tmp/privkey.pem"
|
||||
},
|
||||
{
|
||||
"type": "shell",
|
||||
"script": "scripts/nginx.sh"
|
||||
}
|
||||
],
|
||||
"post-processors": [
|
||||
{
|
||||
"type": "manifest"
|
||||
}
|
||||
]
|
||||
}
|
131
prod/gitea/packer/packer-manifest.json
Normal file
131
prod/gitea/packer/packer-manifest.json
Normal file
@ -0,0 +1,131 @@
|
||||
{
|
||||
"builds": [
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611352765,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77396506",
|
||||
"packer_run_uuid": "a93bca03-f67e-e630-7606-c12222ae21db",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611355972,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77399380",
|
||||
"packer_run_uuid": "2c306ac5-20fe-3e4e-9329-c62b03621d95",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611356707,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77400402",
|
||||
"packer_run_uuid": "1d401331-1f3f-cfaa-d610-66f06eef5986",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611357084,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77400747",
|
||||
"packer_run_uuid": "c40a3d6a-e3a8-099a-1bd1-86f4026a158f",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611357475,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77401090",
|
||||
"packer_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611589317,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77556065",
|
||||
"packer_run_uuid": "e2582fd0-50a1-ff12-55d4-e2b8c3d8f219",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611590422,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77556468",
|
||||
"packer_run_uuid": "fc433d91-57be-76b1-8556-9db7db2bec1a",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611592717,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77557404",
|
||||
"packer_run_uuid": "263c77ab-063b-0cdc-fa3b-2ade99fc7c13",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611593408,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77557615",
|
||||
"packer_run_uuid": "19edc202-d12a-44ac-45ca-b4bb7ad9b50d",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611597797,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77559148",
|
||||
"packer_run_uuid": "e6bf1c31-9406-7aec-c5b4-e1a7e43bb712",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611598412,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77559258",
|
||||
"packer_run_uuid": "808d4681-7b0f-cda7-9dde-fc47861f18c5",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611599594,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77560033",
|
||||
"packer_run_uuid": "dfbec72e-764d-5f5c-8a58-f82102f1b295",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611608782,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77566816",
|
||||
"packer_run_uuid": "88d9d9f3-e664-2d8b-fafb-8c0a63bdc418",
|
||||
"custom_data": null
|
||||
},
|
||||
{
|
||||
"name": "digitalocean",
|
||||
"builder_type": "digitalocean",
|
||||
"build_time": 1611613275,
|
||||
"files": null,
|
||||
"artifact_id": "nyc1:77570642",
|
||||
"packer_run_uuid": "c224b88a-0de7-6e4e-7057-c45a0521ee64",
|
||||
"custom_data": null
|
||||
}
|
||||
],
|
||||
"last_run_uuid": "c224b88a-0de7-6e4e-7057-c45a0521ee64"
|
||||
}
|
6
prod/gitea/packer/scripts/dependencies.sh
Normal file
6
prod/gitea/packer/scripts/dependencies.sh
Normal file
@ -0,0 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -ex
|
||||
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y git bindfs
|
25
prod/gitea/packer/scripts/gitea.sh
Normal file
25
prod/gitea/packer/scripts/gitea.sh
Normal file
@ -0,0 +1,25 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -ex
|
||||
|
||||
adduser \
|
||||
--system \
|
||||
--shell /bin/bash \
|
||||
--gecos 'Git Version Control' \
|
||||
--group \
|
||||
--disabled-password \
|
||||
--home /home/git \
|
||||
git
|
||||
|
||||
mkdir /etc/gitea
|
||||
mv /tmp/app.ini /etc/gitea/app.ini
|
||||
chown -R root:git /etc/gitea
|
||||
chmod 770 /etc/gitea
|
||||
chmod 660 /etc/gitea/app.ini
|
||||
|
||||
wget -O gitea https://dl.gitea.io/gitea/1.13.1/gitea-1.13.1-linux-amd64
|
||||
chmod +x gitea
|
||||
mv gitea /usr/local/bin/
|
||||
|
||||
mv /tmp/gitea.service /etc/systemd/system/gitea.service
|
||||
systemctl enable gitea
|
16
prod/gitea/packer/scripts/nginx.sh
Normal file
16
prod/gitea/packer/scripts/nginx.sh
Normal file
@ -0,0 +1,16 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -ex
|
||||
|
||||
sudo apt-get install -y nginx
|
||||
sudo mv /tmp/gitea-nginx.conf /etc/nginx/sites-available/gitea.conf
|
||||
sudo ln -s /etc/nginx/sites-available/gitea.conf \
|
||||
/etc/nginx/sites-enabled/
|
||||
sudo unlink /etc/nginx/sites-enabled/default
|
||||
|
||||
sudo mkdir -p /var/www/gitea
|
||||
sudo mv /tmp/fullchain.pem /var/www/gitea/fullchain.pem
|
||||
sudo mv /tmp/privkey.pem /var/www/gitea/privkey.pem
|
||||
chown www-data:www-data /var/www/gitea/{fullchain,privkey}.pem
|
||||
|
||||
sudo systemctl enable nginx
|
7
prod/gitea/packer/scripts/volume.sh
Normal file
7
prod/gitea/packer/scripts/volume.sh
Normal file
@ -0,0 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -ex
|
||||
|
||||
sudo echo "/dev/disk/by-label/gitea-volume /mnt/gitea-volume ext4 defaults,nofail,discard,noatime 0 2" >> /etc/fstab
|
||||
sudo echo "/mnt/gitea-volume /mnt/gitea fuse.bindfs force-user=git,force-group=git 0 0" >> /etc/fstab
|
||||
sudo echo "/mnt/gitea/.ssh /home/git/.ssh fuse.bindfs force-user=git,force-group=git,perms=700" >> /etc/fstab
|
77
prod/gitea/packer/templates/app.ini.template
Normal file
77
prod/gitea/packer/templates/app.ini.template
Normal file
@ -0,0 +1,77 @@
|
||||
APP_NAME = Jeremy Dormitzer's Git Forge
|
||||
RUN_USER = git
|
||||
RUN_MODE = prod
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = ${GITEA_JWT_SECRET:?}
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN:?}
|
||||
SECRET_KEY = ${GITEA_SECRET_KEY:?}
|
||||
|
||||
[database]
|
||||
DB_TYPE = sqlite3
|
||||
HOST = 127.0.0.1:3306
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD =
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
CHARSET = utf8
|
||||
PATH = /mnt/gitea/gitea.db
|
||||
LOG_SQL = false
|
||||
|
||||
[repository]
|
||||
ROOT = /mnt/gitea/gitea-repositories
|
||||
ENABLE_PUSH_CREATE_USER = true
|
||||
|
||||
[server]
|
||||
SSH_DOMAIN = git.jeremydormitzer.com
|
||||
DOMAIN = git.jeremydormitzer.com
|
||||
HTTP_PORT = 3000
|
||||
ROOT_URL = https://git.jeremydormitzer.com/
|
||||
DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
LFS_CONTENT_PATH = /mnt/gitea/lfs
|
||||
LFS_JWT_SECRET = ${GITEA_LFS_JWT_SECRET:?}
|
||||
OFFLINE_MODE = false
|
||||
|
||||
[mailer]
|
||||
ENABLED = true
|
||||
HOST = smtp.mailgun.org:587
|
||||
FROM = Jeremy Dormitzer's Git Forge <noreply@git.jeremydormitzer.com>
|
||||
USER = noreply@mg.git.jeremydormitzer.com
|
||||
PASSWD = ${GITEA_MAILGUN_PASSWORD:?}
|
||||
|
||||
[service]
|
||||
REGISTER_EMAIL_CONFIRM = true
|
||||
ENABLE_NOTIFY_MAIL = true
|
||||
DISABLE_REGISTRATION = true
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
NO_REPLY_ADDRESS = noreply.localhost
|
||||
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = false
|
||||
ENABLE_FEDERATED_AVATAR = true
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = true
|
||||
ENABLE_OPENID_SIGNUP = false
|
||||
|
||||
[session]
|
||||
PROVIDER = file
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
LEVEL = info
|
||||
ROOT_PATH = /mnt/gitea/log
|
||||
REDIRECT_MACARON_LOG = true
|
||||
MACARON = console
|
||||
ROUTER = console
|
1
prod/gitea/packer/templates/do.ini.template
Normal file
1
prod/gitea/packer/templates/do.ini.template
Normal file
@ -0,0 +1 @@
|
||||
dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?}
|
40
prod/gitea/terraform/.terraform.lock.hcl
Executable file
40
prod/gitea/terraform/.terraform.lock.hcl
Executable file
@ -0,0 +1,40 @@
|
||||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/digitalocean/digitalocean" {
|
||||
version = "2.3.0"
|
||||
constraints = "~> 2.3.0"
|
||||
hashes = [
|
||||
"h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
|
||||
"zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
|
||||
"zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
|
||||
"zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
|
||||
"zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
|
||||
"zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
|
||||
"zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
|
||||
"zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
|
||||
"zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
|
||||
"zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
|
||||
"zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
|
||||
"zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
|
||||
"zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
|
||||
"zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/local" {
|
||||
version = "2.0.0"
|
||||
hashes = [
|
||||
"h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=",
|
||||
"zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1",
|
||||
"zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092",
|
||||
"zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e",
|
||||
"zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6",
|
||||
"zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e",
|
||||
"zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f",
|
||||
"zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4",
|
||||
"zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e",
|
||||
"zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84",
|
||||
"zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70",
|
||||
]
|
||||
}
|
32
prod/gitea/terraform/main.tf
Normal file
32
prod/gitea/terraform/main.tf
Normal file
@ -0,0 +1,32 @@
|
||||
provider "digitalocean" {
|
||||
token = var.do_token
|
||||
spaces_access_id = var.spaces_access_id
|
||||
spaces_secret_key = var.spaces_secret_key
|
||||
}
|
||||
|
||||
module "packer_droplet" {
|
||||
source = "../../../terraform-modules/packer_droplet"
|
||||
name = "gitea"
|
||||
do_token = var.do_token
|
||||
spaces_access_id = var.spaces_access_id
|
||||
spaces_secret_key = var.spaces_secret_key
|
||||
}
|
||||
|
||||
resource "digitalocean_volume" "gitea_volume" {
|
||||
name = "gitea-volume"
|
||||
description = "The volume to hold Gitea repositories and data"
|
||||
region = "nyc1"
|
||||
size = 20
|
||||
initial_filesystem_label = "gitea-volume"
|
||||
initial_filesystem_type = "ext4"
|
||||
tags = ["terraform"]
|
||||
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "digitalocean_volume_attachment" "gitea" {
|
||||
droplet_id = module.packer_droplet.droplet_id
|
||||
volume_id = digitalocean_volume.gitea_volume.id
|
||||
}
|
11
prod/gitea/terraform/outputs.tf
Normal file
11
prod/gitea/terraform/outputs.tf
Normal file
@ -0,0 +1,11 @@
|
||||
output "gitea_ip_address" {
|
||||
value = module.packer_droplet.droplet_ip_address
|
||||
}
|
||||
|
||||
output "gitea_urn" {
|
||||
value = module.packer_droplet.droplet_urn
|
||||
}
|
||||
|
||||
output "gitea_volume_urn" {
|
||||
value = digitalocean_volume.gitea_volume.urn
|
||||
}
|
@ -13,6 +13,6 @@ terraform {
|
||||
region = "us-east-1"
|
||||
endpoint = "nyc3.digitaloceanspaces.com"
|
||||
bucket = "jdormit-tf-state"
|
||||
key = "prod/git-jeremydormitzer-com.tfstate"
|
||||
key = "prod/gitea.tfstate"
|
||||
}
|
||||
}
|
@ -1,3 +1,10 @@
|
||||
source_up
|
||||
|
||||
export TF_VAR_netlify_token=$(pass netlify-terraform-access-token)
|
||||
# export TF_VAR_netlify_token=$(pass netlify-terraform-access-token)
|
||||
|
||||
if [ -f ".env.local" ]; then
|
||||
echo "sourcing .env.local"
|
||||
set -a
|
||||
source ".env.local"
|
||||
set +a
|
||||
fi
|
||||
|
@ -1 +0,0 @@
|
||||
export ANSIBLE_INVENTORY="$(expand_path hosts.ini)"
|
@ -1 +0,0 @@
|
||||
justindormitzer.com ansible_host=167.71.186.105 ansible_user=root
|
@ -1,8 +1,15 @@
|
||||
source_up
|
||||
|
||||
export SYNCTHING_USER=$(pass packer-syncthing-user)
|
||||
export SYNCTHING_PW=$(pass packer-syncthing-pw)
|
||||
export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
|
||||
export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
|
||||
export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
|
||||
export CERTBOT_EMAIL=$(pass certbot-email)
|
||||
# export SYNCTHING_USER=$(pass packer-syncthing-user)
|
||||
# export SYNCTHING_PW=$(pass packer-syncthing-pw)
|
||||
# export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key)
|
||||
# export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem)
|
||||
# export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem)
|
||||
# export CERTBOT_EMAIL=$(pass certbot-email)
|
||||
|
||||
if [ -f ".env.local" ]; then
|
||||
echo "sourcing .env.local"
|
||||
set -a
|
||||
source ".env.local"
|
||||
set +a
|
||||
fi
|
||||
|
@ -1,14 +1,21 @@
|
||||
source_up
|
||||
|
||||
export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password)
|
||||
export WALLABAG_SECRET=$(pass packer-wallabag-secret)
|
||||
export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com)
|
||||
export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id)
|
||||
export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret)
|
||||
export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id)
|
||||
export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret)
|
||||
export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id)
|
||||
export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret)
|
||||
export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id)
|
||||
export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret)
|
||||
export CERTBOT_EMAIL=$(pass certbot-email)
|
||||
# export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password)
|
||||
# export WALLABAG_SECRET=$(pass packer-wallabag-secret)
|
||||
# export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com)
|
||||
# export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id)
|
||||
# export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret)
|
||||
# export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id)
|
||||
# export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret)
|
||||
# export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id)
|
||||
# export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret)
|
||||
# export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id)
|
||||
# export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret)
|
||||
# export CERTBOT_EMAIL=$(pass certbot-email)
|
||||
|
||||
if [ -f ".env.local" ]; then
|
||||
echo "sourcing .env.local"
|
||||
set -a
|
||||
source ".env.local"
|
||||
set +a
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user