DevOps/ansible-role-eom
2
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DevOps:92a024d74467e16337a795ac48ad6aab19535da1
Branches Tags
DevOps:main
...
compare: DevOps:main
Branches Tags
DevOps:main

2 Commits
92a024d744 ... main

Author SHA1 Message Date
Eric Meehan
259c4aa83f Closes #44 2026-01-25 11:30:35 -05:00
Eric Meehan
69b989a112 Gitea, MinIO, and Prometheus changes 2026-01-06 19:06:46 -05:00
5 changed files with 87 additions and 12 deletions
Expand all files Collapse all files

4
tasks/gitea.yaml
View File

@@ -79,9 +79,9 @@
APP_NAME: "Gitea" APP_NAME: "Gitea"
service: service:
DISABLE_REGISTRATION: false DISABLE_REGISTRATION: false
SHOW_REGISTRATION_BUTTON: false SHOW_REGISTRATION_BUTTON: true
DEFAULT_ALLOW_CREATE_ORGANIZATION: false DEFAULT_ALLOW_CREATE_ORGANIZATION: false
ALLOW_ONLY_EXTERNAL_REGISTRATION: true ALLOW_ONLY_EXTERNAL_REGISTRATION: false
oauth2_client: oauth2_client:
ENABLE_AUTO_REGISTRATION: true ENABLE_AUTO_REGISTRATION: true
UPDATE_AVATAR: true UPDATE_AVATAR: true

43
tasks/mail.yaml
View File

@@ -90,6 +90,38 @@
requests: requests:
storage: 2Ti storage: 2Ti
- name: Create a ConfigMap for encryption
k8s:
state: present
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: certs
namespace: mail
data:
privkey.pem: "{{ mail_encryption_privkey }}"
pubkey.pem: "{{ mail_encryption_pubkey }}"
- name: Create a ConfigMap for Dovecot
k8s:
state: present
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: dovecot
namespace: mail
data:
10-encryption.conf: |
# Enables mail_crypt for all services (pop3, pop3, etc)
mail_plugins = $mail_plugins mail_crypt
plugin {
mail_crypt_global_private_key = </certs/privkey.pem
mail_crypt_global_public_key = </certs/pubkey.pem
mail_crypt_save_version = 2
}
- name: Create a deployment - name: Create a deployment
k8s: k8s:
definition: definition:
@@ -141,8 +173,13 @@
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
volumeMounts: volumeMounts:
- name: certs
mountPath: /certs
- name: config - name: config
mountPath: /tmp/docker-mailserver mountPath: /tmp/docker-mailserver
- name: dovecot
mountPath: /etc/dovecot/conf.d/10-encryption.conf
subPath: 10-encryption.conf
- name: ssl - name: ssl
mountPath: /etc/letsencrypt mountPath: /etc/letsencrypt
- name: mail - name: mail
@@ -207,6 +244,9 @@
- name: SSL_KEY_PATH - name: SSL_KEY_PATH
value: "/etc/letsencrypt/tls.key" value: "/etc/letsencrypt/tls.key"
volumes: volumes:
- name: certs
configMap:
name: certs
- name: ssl - name: ssl
secret: secret:
secretName: mail secretName: mail
@@ -219,6 +259,9 @@
- name: dkim - name: dkim
persistentVolumeClaim: persistentVolumeClaim:
claimName: dkim claimName: dkim
- name: dovecot
configMap:
name: dovecot
- name: Expose deployment as a service - name: Expose deployment as a service
k8s: k8s:

2
tasks/main.yaml
View File

@@ -3,4 +3,4 @@
- name: Deploy - name: Deploy
include_tasks: "{{ item }}" include_tasks: "{{ item }}"
loop: loop:
- localai.yaml - gitea.yaml

13
tasks/minio.yaml
View File

@@ -7,13 +7,17 @@
release_namespace: minio release_namespace: minio
create_namespace: true create_namespace: true
values: values:
image:
repository: bitnamilegacy/minio
metrics: metrics:
enabled: true enabled: true
disableWebUI: true console:
enabled: false
auth: auth:
rootUser: minio_admin rootUser: minio_admin
rootPassword: "{{ minio_admin_password }}" rootPassword: "{{ minio_admin_password }}"
defaultBuckets: default defaultBuckets: default
defaultInitContainers:
volumePermissions: volumePermissions:
enabled: true enabled: true
mode: standalone mode: standalone
@@ -46,13 +50,10 @@
value: OpenLDAP value: OpenLDAP
- name: MINIO_IDENTITY_LDAP_SERVER_INSECURE - name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
value: "on" value: "on"
apiIngress: ingress:
enabled: true enabled: true
hostname: minio.eom.dev hostname: minio.eom.dev
ingressClassName: nginx ingressClassName: nginx
annotations: annotations:
cert-manager.io/cluster-issuer: ca-issuer cert-manager.io/cluster-issuer: ca-issuer
tls: tls: true
- hosts:
- minio.eom.dev
secretName: minio-tls

33
tasks/prometheus.yaml
View File

@@ -27,7 +27,18 @@
instance: grafana instance: grafana
metrics_path: /metrics metrics_path: /metrics
- job_name: nextcloud - job_name: owncast
scrape_interval: 1m
metrics_path: /api/admin/prometheus
scheme: https
basic_auth:
username: admin
password: "{{ owncast_admin_password }}"
static_config:
- targets:
- owncast.eom.dev
- job_name: local
static_configs: static_configs:
- targets: - targets:
- nextcloud-metrics.nextcloud.svc.cluster.local:9205 - nextcloud-metrics.nextcloud.svc.cluster.local:9205
@@ -113,4 +124,24 @@
- 192.168.1.72:9100 - 192.168.1.72:9100
labels: labels:
instance: alpha-worker-12 instance: alpha-worker-12
- targets:
- 192.168.1.95:9100
labels:
instance: alpha-worker-13
- targets:
- 192.168.1.70:9100
labels:
instance: alpha-worker-14
- targets:
- 192.168.1.46:9100
labels:
instance: alpha-worker-15
- targets:
- 192.168.1.74:9100
labels:
instance: alpha-worker-16
- targets:
- 192.168.1.88:9100
labels:
instance: alpha-worker-17
metrics_path: /metrics metrics_path: /metrics