diff --git a/Puppetfile b/Puppetfile index 5c887fc..ca66b10 100644 --- a/Puppetfile +++ b/Puppetfile @@ -34,6 +34,7 @@ mod 'puppet-consul', '8.0.0' mod 'puppet-vault', '4.1.0' mod 'puppet-dhcp', '6.1.0' mod 'puppet-keepalived', '3.6.0' +mod 'puppet-extlib', '7.0.0' # other mod 'ghoneycutt-puppet', '3.3.0' @@ -44,6 +45,7 @@ mod 'markt-galera', '3.1.0' mod 'kogitoapp-minio', '1.1.4' mod 'broadinstitute-certs', '3.0.1' mod 'stm-file_capability', '6.0.0' +mod 'h0tw1r3-gitea', '3.2.0' mod 'bind', :git => 'https://git.unkin.net/unkinben/puppet-bind.git', diff --git a/hieradata/roles/infra/git/gitea.eyaml b/hieradata/roles/infra/git/gitea.eyaml new file mode 100644 index 0000000..fa29e19 --- /dev/null +++ b/hieradata/roles/infra/git/gitea.eyaml @@ -0,0 +1,3 @@ +--- +profiles::gitea::init::mysql_pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAjmMVHQcvy0PLruFWI6UmYqM2uEqXntV8HdA54RCTm7GaneXsW+rom+ibFVd0i9L+spQPQzcidh7FlzBRYgny8yH8TqZlh7XMraXSYG2EvrjwzNvgnwhY5mGEQNQcQkqN9Orfsf6HjXmXg2CxajYibKu0/belJZFffzPzzrn15wy3Cj5lDjAziqYoD+8Ko1zkF9lWz4ewVjll82yo8iSpidN+PyvoeWsi/eJ9cW72TgFLt/rvGquLq3MuW54J716hrR1Z37Uf0OO18AiKCVjoCi5Cf/k0VKRsXM8Myu2KInqrGcUHAO+fsOXBXnmU0MOxW0OIOmwxfwY6LJfN23arlDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB6GktEMe8gSTijJ/dIHC5/gCCblMojNKO1ig9fNsuT9I2u5Bt4iJrSMN+GBGnCzO1Bvw==] +profiles::gitea::init::lfs_jwt_secret: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACd6q4E/4l1EYD3SFjc1okibyJ13kcGGWU+ShbCgwLgkW7INkyCxhbNm69yPA7WcyuRhH/Lfz/XjJKd3BSCyRQPr5IUOIRINspx82tLBcaMzY/99GFrfyDnf3+SV/AxrPJ/zD5TGkKQP7uX6WjC9DXpHE+pFJa9wBAipmV439y0JDVt2gXFmhqBWThSjBDBfJ5X4zO5wY8CfBX4APOcD5hIQP/T4n04dQLNpigEKKy6B+GFuooTbdmMmFj3ZpT+cUS8Aw9mFkBwyyN1o+50XU3vW4eieUz8cYkzDPu574XfTunqD2jcvPiFjCla8G1SpKfHkruKnZWwgO0Ntw9td5QDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAIRVL5j4dzbYg6f2XjvkQ6gDAd2qUNzPn2flZgKwsjIZcYdmFMTn48hGPUFfVaMDeyzPoJi84CyRJl8cQvcAe52sw=] diff --git a/hieradata/roles/infra/git/gitea.yaml b/hieradata/roles/infra/git/gitea.yaml new file mode 100644 index 0000000..a915908 --- /dev/null +++ b/hieradata/roles/infra/git/gitea.yaml @@ -0,0 +1,38 @@ +--- +# additional altnames +profiles::pki::vault::alt_names: + - git.main.unkin.net + - git.service.consul + - git.query.consul + - "git.service.%{facts.country}-%{facts.region}.consul" + +consul::services: + git: + service_name: 'git' + tags: + - 'git' + - 'gitea' + address: "%{facts.networking.ip}" + port: 443 + checks: + - id: 'gitea_https_check' + name: 'Gitea HTTPS Check' + http: "https://%{facts.networking.fqdn}:443" + method: 'GET' + tls_skip_verify: true + interval: '10s' + timeout: '1s' +profiles::consul::client::node_rules: + - resource: service + segment: git + disposition: write + +# manage a simple nginx reverse proxy +profiles::nginx::simpleproxy::nginx_vhost: 'git.query.consul' +profiles::nginx::simpleproxy::nginx_aliases: + - git.main.unkin.net + - git.service.consul + - git.query.consul + - "git.service.%{facts.country}-%{facts.region}.consul" +profiles::nginx::simpleproxy::proxy_port: 3000 +profiles::nginx::simpleproxy::proxy_path: '/' diff --git a/hieradata/roles/infra/storage/consul.yaml b/hieradata/roles/infra/storage/consul.yaml index ae60829..a3ea581 100644 --- a/hieradata/roles/infra/storage/consul.yaml +++ b/hieradata/roles/infra/storage/consul.yaml @@ -71,3 +71,9 @@ profiles::consul::prepared_query::rules: service_failover_n: 3 service_only_passing: true ttl: 10 + git: + ensure: 'present' + service_name: 'git' + service_failover_n: 3 + service_only_passing: true + ttl: 10 diff --git a/site/profiles/manifests/gitea/init.pp b/site/profiles/manifests/gitea/init.pp new file mode 100644 index 0000000..90e9e47 --- /dev/null +++ b/site/profiles/manifests/gitea/init.pp @@ -0,0 +1,55 @@ +# profiles::gitea::init +class profiles::gitea::init ( + String $mysql_pass = '', + String $lfs_jwt_secret = '', +) { + + include profiles::nginx::simpleproxy + + class { 'gitea': + ensure => '1.22.0', + checksum => 'a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d', + custom_configuration => { + '' => { + 'APP_NAME' => 'Gitea', + 'RUN_USER' => 'git', + 'RUN_MODE' => 'prod', + }, + 'repository' => { + 'ROOT' => '/data/gitea/repos', + 'FORCE_PRIVATE' => false, + 'MAX_CREATION_LIMIT' => -1, + 'DISABLE_HTTP_GIT' => false, + 'DEFAULT_BRANCH' => 'main', + 'DEFAULT_PRIVATE' => 'last', + }, + 'ui' => { + 'SHOW_USER_EMAIL' => false, + }, + 'server' => { + 'PROTOCOL' => 'http', + 'DOMAIN' => 'git.query.consul', + 'ROOT_URL' => 'https://git.query.consul', + 'HTTP_ADDR' => '0.0.0.0', + 'HTTP_PORT' => 3000, + 'START_SSH_SERVER' => false, + 'SSH_DOMAIN' => 'git.query.consul', + 'SSH_PORT' => 2222, + 'SSH_LISTEN_HOST' => '0.0.0.0', + 'OFFLINE_MODE' => true, + 'APP_DATA_PATH' => '/var/lib/gitea/data', + 'SSH_LISTEN_PORT' => 22, + }, + 'database' => { + 'DB_TYPE' => 'mysql', + 'HOST' => 'mariadb-prod.service.au-syd1.consul:3306', + 'NAME' => 'gitea', + 'USER' => 'gitea', + 'PASSWD' => Sensitive($mysql_pass), + 'SSL_MODE' => 'disable', + 'PATH' => '/var/lib/gitea/data/gitea.db', + 'LOG_SQL' => false, + }, + } + } +} diff --git a/site/roles/manifests/infra/git/gitea.pp b/site/roles/manifests/infra/git/gitea.pp new file mode 100644 index 0000000..a11e842 --- /dev/null +++ b/site/roles/manifests/infra/git/gitea.pp @@ -0,0 +1,14 @@ +# a role to deploy the puppetboard +class roles::infra::git::gitea { + if $facts['firstrun'] { + include profiles::defaults + include profiles::firstrun::init + }else{ + include profiles::defaults + include profiles::base + include profiles::base::datavol + if $facts['enc_role'] == 'roles::infra::git::gitea' { + include profiles::gitea::init + } + } +}