diff --git a/tasks/git.yaml b/tasks/git.yaml index 049f57b..d1ab6fa 100644 --- a/tasks/git.yaml +++ b/tasks/git.yaml @@ -1,197 +1,96 @@ --- # tasks file for gitea -- name: Create git namespace - k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: git +- name: Add gitea repo + kubernetes.core.helm_repository: + name: gitea + repo_url: https://dl.gitea.com/charts/ -- name: Create PVC for MySQL - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: mysql - namespace: git - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 64Gi +- name: Update Helm repos + command: helm repo update -- name: Create Deployment for MySQL - k8s: - state: present - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: mysql - namespace: git - labels: - app: mysql - spec: - replicas: 1 - selector: - matchLabels: - app: mysql - template: - metadata: - labels: - app: mysql - spec: - containers: - - name: mysql - image: mysql - volumeMounts: - - name: data - mountPath: /var/lib/mysql - ports: - - containerPort: 3306 - env: - - name: MYSQL_ROOT_PASSWORD - value: "{{ mysql_root_password }}" - - name: MYSQL_DATABASE - value: gitea - - name: MYSQL_USER - value: gitea - - name: MYSQL_PASSWORD - value: "{{ gitea_mysql_password }}" - volumes: - - name: data - persistentVolumeClaim: - claimName: mysql - -- name: Create Service for MySQL - k8s: - state: present - definition: - apiVersion: v1 - kind: Service - metadata: - name: mysql - namespace: git - spec: - selector: - app: mysql - ports: - - port: 3306 - name: mysql - type: ClusterIP - -- name: Create PVC for Gitea - k8s: - state: present - definition: - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: gitea - namespace: git - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 128Gi - -- name: Create Deployment for Gitea - k8s: - state: present - definition: - apiVersion: v1 - kind: Deployment - metadata: - name: gitea - namespace: git - labels: - app: gitea - spec: - replicas: 1 - selector: - matchLabels: - app: gitea - template: - metadata: - labels: - app: gitea - spec: - containers: - - name: gitea - image: gitea/gitea - volumeMounts: - - name: data - mountPath: /data - ports: - - containerPort: 3000 - - containerPort: 22 - env: - - name: GITEA__database__DB_TYPE - value: mysql - - name: GITEA__database__HOST - value: mysql - - name: GITEA__database__NAME - value: gitea - - name: GITEA__database__USER - value: gitea - - name: GITEA__database__PASSWD - value: "{{ gitea_mysql_password }}" - volumes: - - name: data - persistentVolumeClaim: - claimName: gitea - -- name: Create Service for GitLab - k8s: - state: present - definition: - apiVersion: v1 - kind: Service - metadata: - name: gitea - namespace: git - spec: - selector: - app: gitea - ports: - - port: 22 - name: ssh - - port: 80 - targetPort: 3000 - name: http - type: LoadBalancer - -- name: Create Ingress - k8s: - state: present - definition: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: +- name: Deploy Gitea + kubernetes.core.helm: + name: gitea + chart_ref: gitea/gitea + release_namespace: git + create_namespace: true + values: + service: + ssh: + type: LoadBalancer + ingress: + enabled: true + className: nginx annotations: cert-manager.io/cluster-issuer: ca-issuer - name: gitea - namespace: git - spec: - ingressClassName: nginx - rules: + hosts: - host: git.eom.dev - http: - paths: - - pathType: Prefix - path: / - backend: - service: - name: gitea - port: - number: 80 + paths: + - path: / + pathType: Prefix tls: - hosts: - git.eom.dev - secretName: gitea + secretName: gitea-tls + persistence: + size: 128Gi + actions: + enabled: true + provisioning: + enabled: true + gitea: + admin: + username: gitea + password: "{{ gitea_admin_password }}" + email: "gitea@mail.eom.dev" + metrics: + enabled: false + serviceMonitor: + enabled: false + # additionalLabels: + # prometheus-release: prom1 + interval: "" + relabelings: [] + scheme: "" + scrapeTimeout: "" + tlsConfig: {} + ldap: + - name: OpenLDAP + securityProtocol: unencrypted + host: openldap.auth.svc.cluster.local + port: 389 + userSearchBase: ou=People,dc=eom,dc=dev + userFilter: (&(objectClass=inetOrgPerson)(uid=%s)) + adminFilter: (&(cn=Gitea Admin,ou=Gitea,ou=Services,dc=eom,dc=dev)(memberUid=%s)) + emailAttribute: mail + bindDn: cn=readonly,dc=eom,dc=dev + bindPassword: "{{ ldap_readonly_password }}" + usernameAttribute: uid + publicSSHKeyAttribute: publicSSHKey + config: + APP_NAME: "Gitea" + additionalConfigFromEnvs: + - name: GITEA_DISABLE_REGISTRATION + value: "true" + - name: GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION + value: "false" + redis-cluster: + enabled: false + redis: + enabled: true + global: + redis: + password: "{{ gitea_redis_password }}" + postgresql-ha: + enabled: false + postgresql: + enabled: true + global: + postgresql: + auth: + password: "{{ gitea_postgres_password }}" + database: gitea + username: gitea + primary: + persistence: + size: 128Gi diff --git a/tasks/gitea.yaml b/tasks/gitea.yaml deleted file mode 100644 index 949431d..0000000 --- a/tasks/gitea.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -# tasks file for gitea -- name: Deploy Gitea - kubernetes.core.helm: - name: gitea - chart_ref: gitea/gitea - release_namespace: git - create_namespace: true - values: - service: - ssh: - type: LoadBalancer - ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: ca-issuer - hosts: - - host: git.eom.dev - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - git.eom.dev - secretName: gitea-tls - persistence: - size: 128Gi - actions: - enabled: true - gitea: - admin: - username: gitea - password: "{{ gitea_admin_password }}" - email: "gitea@mail.eom.dev" - metrics: - enabled: false - serviceMonitor: - enabled: false - # additionalLabels: - # prometheus-release: prom1 - interval: "" - relabelings: [] - scheme: "" - scrapeTimeout: "" - tlsConfig: {} - ldap: - - name: "OpenLDAP" - securityProtocol: - host: openldap.auth.svc.cluster.local - port: 389 - userSearchBase: dc=eom,dc=dev - userFilter: (&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%[1]s)) - emailAttribute: mail - bindDn: cn=readonly,dc=eom,dc=dev - bindPassword: "{{ ldap_readonly_password }}" - usernameAttribute: uid - config: - APP_NAME: "Gitea" - server: - SSH_LISTEN_PORT: 22 - redis-cluster: - enabled: false - redis: - enabled: true - global: - redis: - password: "{{ gitea_redis_password }}" - postgresql-ha: - enabled: false - postgresql: - enabled: true - global: - postgresql: - auth: - password: "{{ gitea_postgres_password }}" - database: gitea - username: gitea - primary: - persistence: - size: 128Gi diff --git a/tasks/main.yaml b/tasks/main.yaml index b85eafa..d821304 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,4 +1,4 @@ --- # tasks file for eom - name: Deploy - include_tasks: mastodon.yaml + include_tasks: git.yaml diff --git a/tasks/mastodon.yaml b/tasks/mastodon.yaml index e3ee187..f26eb17 100644 --- a/tasks/mastodon.yaml +++ b/tasks/mastodon.yaml @@ -23,11 +23,11 @@ LDAP_HOST: openldap.auth.svc.cluster.local LDAP_PORT: "389" LDAP_METHOD: plain - LDAP_BASE: dc=eom,dc=dev + LDAP_BASE: ou=People,dc=eom,dc=dev LDAP_BIND_DN: cn=readonly,dc=eom,dc=dev LDAP_PASSWORD: "{{ ldap_readonly_password }}" LDAP_UID: uid - LDAP_SEARCH_FILTER: "(&(objectClass=posixAccount)(uid=%{uid}))" + LDAP_SEARCH_FILTER: "(&(objectClass=inetOrgPerson)(uid=%{uid}))" LDAP_MAIL: mail enableS3: false localDomain: "mastodon.eom.dev"