puppet-prod/hieradata/roles/infra/git/server.yaml

---
hiera_include:
  - profiles::sql::postgresdb
  - profiles::nginx::simpleproxy
  - profiles::gitea::user
  - profiles::gitea::haproxy
  - gitea

# additional altnames
profiles::pki::vault::alt_names:
  - git.unkin.net
  - git.main.unkin.net
  - git.service.consul
  - git.query.consul
  - "git.service.%{facts.country}-%{facts.region}.consul"

profiles::ssh::sign::principals:
  - git.unkin.net
  - git.main.unkin.net
  - git.service.consul
  - git.query.consul

consul::services:
  git:
    service_name: 'git'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'gitea_https_check'
        name: 'Gitea HTTPS Check'
        http: "https://%{facts.networking.fqdn}:443"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
  gitea-metrics:
    service_name: 'gitea-metrics'
    address: "%{facts.networking.ip}"
    port: 3000
    tags:
      - 'metrics'
      - 'metrics_scheme=http'
      - 'metrics_job=gitea'
    checks:
      - id: 'gitea_metrics_http_check'
        name: 'Gitea Metrics HTTP Check'
        http: "http://%{facts.networking.fqdn}:3000/metrics"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: git
    disposition: write
  - resource: service
    segment: gitea-metrics
    disposition: write

# manage the gitea user
profiles::gitea::user::manage: true

# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'git.query.consul'
profiles::nginx::simpleproxy::nginx_aliases:
  - git.unkin.net
  - git.main.unkin.net
  - git.service.consul
  - git.query.consul
  - "git.service.%{facts.country}-%{facts.region}.consul"

profiles::nginx::simpleproxy::proxy_port: 3000
profiles::nginx::simpleproxy::proxy_path: '/'
nginx::client_max_body_size: 5144M

# enable external access via haproxy
profiles::gitea::haproxy::enable: true

# manage a pgsql database + user
profiles::sql::postgresdb::cluster_name: "patroni-shared-%{facts.environment}"
profiles::sql::postgresdb::dbname: gitea
profiles::sql::postgresdb::dbuser: gitea

# deploy gitea
gitea::ensure: '1.22.4'
gitea::checksum: 'd549104f55067e6fb156e7ba060c9af488f36e12d5e747db7563fcc99eaf8532'
gitea::manage_user: false
gitea::manage_group: false
gitea::manage_home: false
gitea::custom_configuration:
  '':
    APP_NAME: 'Gitea'
    RUN_USER: 'git'
    RUN_MODE: 'prod'
  repository:
    ROOT: '/shared/apps/gitea/repos'
    FORCE_PRIVATE: false
    MAX_CREATION_LIMIT: -1
    DISABLE_HTTP_GIT: false
    DEFAULT_BRANCH: 'main'
    DEFAULT_PRIVATE: 'last'
  ui:
    SHOW_USER_EMAIL: false
  server:
    PROTOCOL: 'http'
    DOMAIN: 'git.unkin.net'
    ROOT_URL: 'https://git.unkin.net'
    HTTP_ADDR: '0.0.0.0'
    HTTP_PORT: 3000
    START_SSH_SERVER: false
    SSH_DOMAIN: 'git.unkin.net'
    SSH_PORT: 2222
    SSH_LISTEN_HOST: '0.0.0.0'
    OFFLINE_MODE: true
    APP_DATA_PATH: '/shared/apps/gitea'
    SSH_LISTEN_PORT: 22
    LFS_START_SERVER: true
  database:
    DB_TYPE: 'postgres'
    HOST: "master.%{hiera('profiles::sql::postgresdb::cluster_name')}.service.%{facts.country}-%{facts.region}.consul:5432"
    NAME: "%{hiera('profiles::sql::postgresdb::dbname')}"
    USER: "%{hiera('profiles::sql::postgresdb::dbuser')}"
    PASSWD: "%{hiera('profiles::sql::postgresdb::dbpass')}"
    SSL_MODE: 'disable'
    LOG_SQL: false
  lfs:
    PATH: '/shared/apps/gitea/lfs'
  session:
    PROVIDER: db
  metrics:
    ENABLED: true
    ENABLED_ISSUE_BY_REPOSITORY: true
    ENABLED_ISSUE_BY_LABEL: true
  queue:
    TYPE: redis
    CONN_STR: "redis+sentinel://gitea-redis-replica-prod.service.consul:26379/0?master_name=au-syd1&password=%{hiera('gitea_redis_pass')}&sentinel_password=%{hiera('gitea_redis_pass')}"
  cache:
    ADAPTER: redis
    HOST: "redis+sentinel://gitea-redis-replica-prod.service.consul:26379/1?master_name=au-syd1&password=%{hiera('gitea_redis_pass')}&sentinel_password=%{hiera('gitea_redis_pass')}"
  indexer:
    ISSUE_INDEXER_TYPE: db