From 3631ac2cc174d49c157204e979df1182d9cb6921 Mon Sep 17 00:00:00 2001 From: mg Date: Wed, 20 Jul 2022 11:50:03 +0200 Subject: [PATCH] Aufbau drone.io (#392) Co-authored-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/392 --- group_vars/gitea.yml | 2 +- host_vars/docker9.grote.lan.yml | 110 ++++++++++++++++++++++++++++++++ inventory | 2 + 3 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 host_vars/docker9.grote.lan.yml diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml index 680ed37e..d17a3f57 100644 --- a/group_vars/gitea.yml +++ b/group_vars/gitea.yml @@ -57,7 +57,7 @@ gitea_only_allow_external_registration: false gitea_enable_notify_mail: false gitea_force_private: false - gitea_oauth2_enabled: false + gitea_oauth2_enabled: true gitea_repo_indexer_enabled: true gitea_extra_config: "" gitea_backup_on_upgrade: true diff --git a/host_vars/docker9.grote.lan.yml b/host_vars/docker9.grote.lan.yml new file mode 100644 index 00000000..47c61005 --- /dev/null +++ b/host_vars/docker9.grote.lan.yml @@ -0,0 +1,110 @@ +--- + ### mrlesmithjr.ansible-manage-lvm + lvm_groups: + - vgname: vg_drone + disks: + - /dev/sdb + create: true + lvnames: + - lvname: lv_drone + size: +100%FREE + create: true + filesystem: xfs + mount: true + mntp: /drone + manage_lvm: true + pvresize_to_max: true + ### mgrote.restic + restic_folders_to_backup: "/ /drone /var/lib/docker" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben; https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files + restic_schedule: "0/6:00" + restic_exclude: | + ._* + .Trash-* + # https://github.com/restic/restic/issues/1005 + # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 + ### mgrote.munin-node + munin_node_plugins: + - name: timesync + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status + - name: systemd_status + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status + - name: systemd_mem + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_mem + config: | + [systemd_mem] + env.all_services true + - name: lvm_ + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ + config: | + [lvm_*] + user root + - name: fail2ban + src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban + config: | + [fail2ban] + env.client /usr/bin/fail2ban-client + env.config_dir /etc/fail2ban + user root + - name: http_response + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response + config: | + [http_response] + env.sites http://drone.grote.lan + env.max_time 20 + env.short_label true + env.follow_redirect true + - name: timesync + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/timesync_status + - name: systemd_status + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/systemd/systemd_status + - name: lvm_ + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/disk/lvm_ + config: | + [lvm_*] + user root + - name: fail2ban + src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban + config: | + [fail2ban] + env.client /usr/bin/fail2ban-client + env.config_dir /etc/fail2ban + user root + - name: docker_containers + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + config: | + [docker_*] + user root + env.DOCKER_HOST unix://run/docker.sock + - name: docker_cpu + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_memory + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_network + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + - name: docker_volumes + src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/docker/docker_ + ### mgrote.docker-compose-deploy + docker_compose_projects: + - name: watchtower + dir_name: docker-watchtower + repository_url: git.mgrote.net/mg/docker-watchtower + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + - name: drone-server + dir_name: docker-drone-server + repository_url: git.mgrote.net/mg/docker-drone-server + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + network_name: nw_drone + - name: drone-runnner + dir_name: docker-drone-runnner + repository_url: git.mgrote.net/mg/docker-drone-runner + state: present + os_username: docker-user + repository_user: mg + repository_user_password: "{{ lookup('keepass', 'gitea_mg_https_password', 'password') }}" + network_name: nw_drone diff --git a/inventory b/inventory index f5c75b38..a7349d82 100644 --- a/inventory +++ b/inventory @@ -25,6 +25,7 @@ all: docker7.grote.lan: docker7-test.grote.lan: docker8.grote.lan: + docker9.grote.lan: vmtest: hosts: vm-test2.grote.lan: @@ -59,6 +60,7 @@ all: dnsmasq.grote.lan: docker7.grote.lan: docker8.grote.lan: + docker9.grote.lan: test: hosts: dokuwiki-test.grote.lan: