#SPDX-License-Identifier: MIT-0 --- # tasks file for ansible-role-www - name: namespace k8s: state: present definition: apiVersion: v1 kind: Namespace metadata: name: www - name: pvc k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data namespace: www spec: accessModes: - ReadWriteMany resources: requests: storage: 8Ti - name: configmap for authorized_keys k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: keys namespace: www data: authorized_keys: "{{ lookup('template', 'authorized_keys.j2') }}" - name: configmap for mailsync.py k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: mailsync namespace: www data: mailsync.py: "{{ lookup('file', 'mailsync.py') }}" - name: cronjob k8s: definition: apiVersion: batch/v1 kind: CronJob metadata: name: mailsync namespace: www spec: schedule: "{{ www_cron_schedule }}" jobTemplate: spec: template: spec: containers: - name: python image: python:3 imagePullPolicy: IfNotPresent command: - python - /usr/src/mailsync.py env: - name: USERNAME value: "{{ www_username }}" - name: PASSWORD value: "{{ www_password }}" - name: IMAP_SERVER value: "{{ www_imap_server}}" - name: SAVE_DIR value: "{{ www_save_dir }}" volumeMounts: - name: data mountPath: /data - name: mailsync mountPath: /usr/src/mailsync.py subPath: mailsync.py restartPolicy: OnFailure volumes: - name: data persistentVolumeClaim: claimName: data - name: mailsync configMap: name: mailsync - name: configmap for httpd.conf k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: httpd namespace: www data: httpd.conf: "{{ lookup('file', 'httpd.conf') }}" - name: configmap for httpd-gitweb.conf k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: httpd-gitweb namespace: www data: httpd-gitweb.conf: "{{ lookup('file', 'httpd-gitweb.conf') }}" - name: configmap for gitweb.conf k8s: state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: gitweb namespace: www data: gitweb.conf: "{{ lookup('file', 'gitweb.conf') }}" - name: deployment for gitweb k8s: definition: apiVersion: v1 kind: Deployment metadata: name: gitweb namespace: www spec: replicas: 1 selector: matchLabels: app: gitweb template: metadata: labels: app: gitweb spec: initContainers: - name: init image: debian:trixie command: - /bin/bash - -c - "apt update -y && apt install -y git && git clone {{ www_repo_url }} /tmp/www && cp -r /tmp/www/htdocs/* /data/" volumeMounts: - name: data mountPath: /data containers: - name: gitweb image: ericomeehan/gitweb:latest imagePullPolicy: Always ports: - containerPort: 80 - containerPort: 9117 volumeMounts: - name: data mountPath: /usr/local/apache2/htdocs - name: httpd mountPath: /usr/local/apache2/conf/httpd.conf subPath: httpd.conf - name: httpd-gitweb mountPath: /usr/local/apache2/conf/extra/httpd-gitweb.conf subPath: httpd-gitweb.conf - name: gitweb mountPath: /etc/gitweb.conf subPath: gitweb.conf volumes: - name: data persistentVolumeClaim: claimName: data - name: httpd configMap: name: httpd - name: httpd-gitweb configMap: name: httpd-gitweb - name: gitweb configMap: name: gitweb - name: service for prometheus k8s: definition: apiVersion: v1 kind: Service metadata: name: prometheus namespace: www spec: selector: app: gitweb ports: - port: 9117 name: http type: ClusterIP - name: service for gitweb k8s: definition: apiVersion: v1 kind: Service metadata: name: gitweb namespace: www spec: selector: app: gitweb ports: - port: 80 name: http externalTrafficPolicy: Local type: LoadBalancer - name: onionservice k8s: definition: apiVersion: tor.k8s.torproject.org/v1alpha2 kind: OnionService metadata: name: www namespace: www spec: version: 3 rules: - port: number: 80 backend: service: name: www port: number: 80 - name: ingress k8s: state: present definition: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: ca-issuer nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" name: www namespace: www spec: ingressClassName: nginx rules: - host: eom.dev http: paths: - pathType: Prefix path: / backend: service: name: gitweb port: number: 80 tls: - hosts: - eom.dev secretName: www - name: deployment for gitserver k8s: definition: apiVersion: v1 kind: Deployment metadata: name: gitserver namespace: www spec: replicas: 1 selector: matchLabels: app: gitserver template: metadata: labels: app: gitserver spec: containers: - name: gitserver image: ericomeehan/gitserver:latest imagePullPolicy: Always ports: - containerPort: 22 volumeMounts: - name: data mountPath: /home/git/data - name: keys mountPath: /auth volumes: - name: data persistentVolumeClaim: claimName: data - name: keys configMap: name: keys - name: service for gitserver k8s: definition: apiVersion: v1 kind: Service metadata: name: gitserver namespace: www spec: selector: app: gitserver ports: - port: 22 name: gitserver type: LoadBalancer