Abbau Gitea und Jenkins
This commit is contained in:
parent
8907efd61e
commit
7695b44923
63 changed files with 1917 additions and 18 deletions
9
Archiv/gitea/tmaurice.gitea/.ansible-lint
Normal file
9
Archiv/gitea/tmaurice.gitea/.ansible-lint
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
use_default_rules: true
|
||||||
|
|
||||||
|
exclude_paths:
|
||||||
|
- venv/
|
||||||
|
- molecule/default/
|
||||||
|
- tests/
|
||||||
|
|
||||||
|
#skip_list:
|
||||||
|
# - '301'
|
10
Archiv/gitea/tmaurice.gitea/.gitignore
vendored
Normal file
10
Archiv/gitea/tmaurice.gitea/.gitignore
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
*.pyc
|
||||||
|
|
||||||
|
# Environments
|
||||||
|
.env
|
||||||
|
.venv
|
||||||
|
env/
|
||||||
|
venv/
|
||||||
|
ENV/
|
||||||
|
env.bak/
|
||||||
|
venv.bak/
|
26
Archiv/gitea/tmaurice.gitea/.travis.yml
Normal file
26
Archiv/gitea/tmaurice.gitea/.travis.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
language: python
|
||||||
|
python:
|
||||||
|
- "3.7"
|
||||||
|
|
||||||
|
env:
|
||||||
|
matrix:
|
||||||
|
- MOLECULE_DISTRO: centos8
|
||||||
|
- MOLECULE_DISTRO: centos7
|
||||||
|
- MOLECULE_DISTRO: ubuntu1804
|
||||||
|
- MOLECULE_DISTRO: ubuntu1604
|
||||||
|
- MOLECULE_DISTRO: debian10
|
||||||
|
- MOLECULE_DISTRO: debian9
|
||||||
|
- MOLECULE_DISTRO: fedora31
|
||||||
|
|
||||||
|
services:
|
||||||
|
- docker
|
||||||
|
|
||||||
|
install:
|
||||||
|
- python -m pip -q install -r requirements-travis.txt
|
||||||
|
|
||||||
|
script:
|
||||||
|
- molecule test
|
||||||
|
|
||||||
|
notifications:
|
||||||
|
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
12
Archiv/gitea/tmaurice.gitea/.yamllint
Normal file
12
Archiv/gitea/tmaurice.gitea/.yamllint
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
max: 100
|
||||||
|
level: warning
|
||||||
|
|
||||||
|
ignore: |
|
||||||
|
/venv/
|
||||||
|
/env/
|
||||||
|
/molecule/
|
11
Archiv/gitea/tmaurice.gitea/LICENSE
Normal file
11
Archiv/gitea/tmaurice.gitea/LICENSE
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
Copyright 2019-present Thomas Maurice
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
194
Archiv/gitea/tmaurice.gitea/README.md
Normal file
194
Archiv/gitea/tmaurice.gitea/README.md
Normal file
|
@ -0,0 +1,194 @@
|
||||||
|
# Ansible role gitea - Install a gitea server
|
||||||
|
[![Build Status](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master)](https://travis-ci.org/thomas-maurice/ansible-role-gitea)
|
||||||
|
![Ansible Role](https://img.shields.io/ansible/role/38779)
|
||||||
|
![Ansible Role](https://img.shields.io/ansible/role/d/38779)
|
||||||
|
![Ansible Quality Score](https://img.shields.io/ansible/quality/38779)
|
||||||
|
|
||||||
|
This role installs and manages a [gitea](https://gitea.io) server -
|
||||||
|
[Source code & screenshots](https://github.com/go-gitea/gitea).
|
||||||
|
|
||||||
|
Gitea is a Golang Git repository webapp, having the same look and feel as GitHub.
|
||||||
|
|
||||||
|
## Sample example of use in a playbook
|
||||||
|
|
||||||
|
The following code has been tested with Debian 8, it should work on Ubuntu as well.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- name: "Install gitea"
|
||||||
|
hosts: all
|
||||||
|
vars:
|
||||||
|
gitea_user: "gitea"
|
||||||
|
gitea_home: "/var/lib/gitea"
|
||||||
|
# To limit your users to 30 repos
|
||||||
|
gitea_user_repo_limit: 30
|
||||||
|
# Don't use a public CDN for frontend assets
|
||||||
|
gitea_offline_mode: true
|
||||||
|
|
||||||
|
# Some 'rendering' options for your URLs
|
||||||
|
gitea_http_domain: git.yourdomain.fr
|
||||||
|
gitea_root_url: https://git.yourdomain.fr
|
||||||
|
|
||||||
|
# Here we assume we are behind a reverse proxy that will
|
||||||
|
# handle https for us, so we bind on localhost:3000 using HTTP
|
||||||
|
gitea_protocol: http
|
||||||
|
gitea_http_listen: 127.0.0.1
|
||||||
|
gitea_http_port: 3000
|
||||||
|
|
||||||
|
# SSH server configuration
|
||||||
|
gitea_ssh_listen: 0.0.0.0
|
||||||
|
gitea_ssh_port: 2222
|
||||||
|
# For URLs rendering again
|
||||||
|
gitea_ssh_domain: git.yourdomain.fr
|
||||||
|
gitea_start_ssh: true
|
||||||
|
|
||||||
|
gitea_secret_key: 3sp00ky5me
|
||||||
|
gitea_disable_gravatar: true
|
||||||
|
# To make at least your first user register
|
||||||
|
gitea_disable_registration: false
|
||||||
|
gitea_require_signin: true
|
||||||
|
gitea_enable_captcha: true
|
||||||
|
|
||||||
|
gitea_show_user_email: false
|
||||||
|
roles:
|
||||||
|
- gitea
|
||||||
|
```
|
||||||
|
|
||||||
|
## More detailed options
|
||||||
|
### General
|
||||||
|
|
||||||
|
* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download
|
||||||
|
* `gitea_user`: UNIX user used by Gitea
|
||||||
|
* `gitea_home`: Base directory to work
|
||||||
|
* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from
|
||||||
|
* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file
|
||||||
|
* `gitea_extra_config`: Additional configuration
|
||||||
|
|
||||||
|
### Look and feel
|
||||||
|
|
||||||
|
* `gitea_app_name`: Displayed application name
|
||||||
|
* `gitea_show_user_email`: Do you want to display email addresses ? (true/false)
|
||||||
|
* `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false)
|
||||||
|
* `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false)
|
||||||
|
* `gitea_disable_registration`: Do you want to disable user registration ? (true/false)
|
||||||
|
* `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false)
|
||||||
|
* `gitea_show_registration_button`: Do you want to show the registration button? (true/false)
|
||||||
|
* `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false)
|
||||||
|
* `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false)
|
||||||
|
* `gitea_themes`: List of enabled themes
|
||||||
|
* `gitea_theme_default`: Default theme
|
||||||
|
|
||||||
|
### Security
|
||||||
|
* `gitea_secret_key`: Cookie secret key
|
||||||
|
* `gitea_internal_token`: Internal API token
|
||||||
|
* `gitea_disable_git_hooks`: Do you want to disable the interface to add git hooks? If enabled it could be a security bug as it can be used for RCE. Defaults to true (true/false)
|
||||||
|
|
||||||
|
### Limits
|
||||||
|
|
||||||
|
* `gitea_user_repo_limit`: Limit how many repos a user can have (-1 for unlimited)
|
||||||
|
|
||||||
|
### HTTP configuration
|
||||||
|
|
||||||
|
* `gitea_http_domain`: HTTP domain (displayed in your clone URLs, just the domain like git.foo.fr)
|
||||||
|
* `gitea_root_url`: Root URL used to access your web app (full URL)
|
||||||
|
* `gitea_protocol`: Listening protocol (http/https)
|
||||||
|
* `gitea_http_listen`: Bind address
|
||||||
|
* `gitea_http_port`: Bind port
|
||||||
|
* `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false)
|
||||||
|
|
||||||
|
### SSH configuration
|
||||||
|
|
||||||
|
* `gitea_ssh_listen`: Bind address for the SSH server
|
||||||
|
* `gitea_ssh_domain`: SSH domain (displayed in your clone URLs)
|
||||||
|
* `gitea_start_ssh`: Do you want to start a built-in SSH server ? (true/false)
|
||||||
|
* `gitea_ssh_port`: SSH bind port
|
||||||
|
|
||||||
|
### Database configuration
|
||||||
|
|
||||||
|
* `gitea_db_type`: Database type, can be `mysql`, `postgres` or `sqlite3`
|
||||||
|
* `gitea_db_host`: Database host string `host:port` or `/run/postgresql/` when connectiong to postgres via local unix socket (peer authentication)
|
||||||
|
* `gitea_db_name`: Database name
|
||||||
|
* `gitea_db_user`: Database username
|
||||||
|
* `gitea_db_password`: Database password
|
||||||
|
* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `required`, `disable`, `verify-full`
|
||||||
|
* `gitea_db_path`: DB path, if you use `sqlite3`. The default is good enough to work though.
|
||||||
|
|
||||||
|
### Mailer configuration
|
||||||
|
|
||||||
|
* `gitea_mailer_enabled`: Whether to enable the mailer. Default: `false`
|
||||||
|
* `gitea_mailer_skip_verify`: Skip SMTP TLS certificate verification (true/false)
|
||||||
|
* `gitea_mailer_tls_enabled`: Enable TLS for SMTP connections (true/false)
|
||||||
|
* `gitea_mailer_host`: SMTP server hostname and port
|
||||||
|
* `gitea_mailer_user`: SMTP server username
|
||||||
|
* `gitea_mailer_password`: SMTP server password
|
||||||
|
* `gitea_mailer_from`: Sender mail address
|
||||||
|
* `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false`
|
||||||
|
|
||||||
|
### Fail2Ban configuration
|
||||||
|
|
||||||
|
If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/).
|
||||||
|
|
||||||
|
As this will only deploy config files, fail2ban already has to be installed or otherwise the role will fail.
|
||||||
|
|
||||||
|
* `gitea_fail2ban_enabled`: Whether to deploy the fail2ban config or not
|
||||||
|
* `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10`
|
||||||
|
* `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600`
|
||||||
|
* `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900`
|
||||||
|
* `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports`
|
||||||
|
|
||||||
|
### Oauth2 provider configuration
|
||||||
|
|
||||||
|
* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false)
|
||||||
|
* `gitea_oauth2_jwt_secret`: JWT secret, cannot be longer than 32 characters
|
||||||
|
|
||||||
|
|
||||||
|
### Metrics endpoint configuration
|
||||||
|
|
||||||
|
* `gitea_metrics_enabled`: Enable the metrics endpoint
|
||||||
|
* `gitea_metrics_token`: Bearer token for the Prometheus scrape job
|
||||||
|
|
||||||
|
### Repository Indexer configuration
|
||||||
|
|
||||||
|
* `gitea_repo_indexer_enabled`: Whether to enable the repository indexer (code search). Default: `false`
|
||||||
|
* `gitea_repo_indexer_include`: Glob patterns to include in the index (comma-separated list). Default: `""` (all files)
|
||||||
|
* `gitea_repo_indexer_exclude`: Glob patterns to exclude from the index (comma-separated list). Default: `""` (no files)
|
||||||
|
* `gitea_repo_exclude_vendored`: Exclude vendored files from the index. Default: `true`
|
||||||
|
* `gitea_repo_indexer_max_file_size`: Maximum size of files to be indexed (in bytes). Default: `1048576` (1 MB)
|
||||||
|
|
||||||
|
## Contributing
|
||||||
|
Don't hesitate to create a pull request, and when in doubt you can reach me on
|
||||||
|
Twitter [@thomas_maurice](https://twitter.com/thomas_maurice).
|
||||||
|
|
||||||
|
I'm happy to fix any issue that's been opened, or even better, review your pull requests :)
|
||||||
|
|
||||||
|
## Testing
|
||||||
|
Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). To start the
|
||||||
|
tests, install the dependencies first. I would recommend you use [a virtual env](https://virtualenv.pypa.io/en/latest/) for that but who am I to tell you what to do.
|
||||||
|
|
||||||
|
```
|
||||||
|
pip install pew # install pew to manage the venvs
|
||||||
|
pew new ansible # create the venv
|
||||||
|
pip install -r requirements-travis.txt # install the requirements
|
||||||
|
molecule test # Run the actual tests
|
||||||
|
```
|
||||||
|
|
||||||
|
Note: you need Docker installed
|
||||||
|
|
||||||
|
### Known testing limitations
|
||||||
|
Currently it's mainly validating that the playbook runs, the lint is ok, and that kind of things.
|
||||||
|
Since it runs in Docker, we currently have no way to check if the service is actually launched by systemd
|
||||||
|
and so on. This has to be worked on.
|
||||||
|
|
||||||
|
## License
|
||||||
|
```
|
||||||
|
Copyright 2019-present Thomas Maurice
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
```
|
84
Archiv/gitea/tmaurice.gitea/defaults/main.yml
Normal file
84
Archiv/gitea/tmaurice.gitea/defaults/main.yml
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
---
|
||||||
|
gitea_version: "1.13.0"
|
||||||
|
gitea_version_check: true
|
||||||
|
gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
|
||||||
|
|
||||||
|
gitea_app_name: "Gitea"
|
||||||
|
gitea_user: "gitea"
|
||||||
|
gitea_home: "/var/lib/gitea"
|
||||||
|
gitea_shell: "/bin/false"
|
||||||
|
gitea_systemd_cap_net_bind_service: false
|
||||||
|
|
||||||
|
gitea_repository_root: "{{ gitea_home }}"
|
||||||
|
gitea_user_repo_limit: -1
|
||||||
|
|
||||||
|
gitea_http_domain: localhost
|
||||||
|
gitea_root_url: http://localhost:3000
|
||||||
|
gitea_protocol: http
|
||||||
|
gitea_http_listen: 127.0.0.1
|
||||||
|
gitea_http_port: 3000
|
||||||
|
gitea_disable_http_git: false
|
||||||
|
gitea_offline_mode: true
|
||||||
|
|
||||||
|
gitea_lfs_server_enabled: false
|
||||||
|
gitea_lfs_content_path: "data/lfs"
|
||||||
|
|
||||||
|
gitea_db_type: sqlite3
|
||||||
|
gitea_db_host: 127.0.0.0:3306
|
||||||
|
gitea_db_name: root
|
||||||
|
gitea_db_user: gitea
|
||||||
|
gitea_db_password: lel
|
||||||
|
gitea_db_ssl: disable
|
||||||
|
gitea_db_path: "{{ gitea_home }}/data/gitea.db"
|
||||||
|
|
||||||
|
gitea_ssh_listen: 0.0.0.0
|
||||||
|
gitea_ssh_domain: localhost
|
||||||
|
gitea_start_ssh: true
|
||||||
|
gitea_ssh_port: 2222
|
||||||
|
|
||||||
|
gitea_secret_key: T0pS3cr31
|
||||||
|
gitea_internal_token: SomethingVeryLong
|
||||||
|
gitea_disable_git_hooks: true
|
||||||
|
|
||||||
|
gitea_show_user_email: false
|
||||||
|
gitea_disable_gravatar: true
|
||||||
|
gitea_disable_registration: false
|
||||||
|
gitea_show_registration_button: true
|
||||||
|
gitea_require_signin: true
|
||||||
|
gitea_enable_captcha: true
|
||||||
|
gitea_only_allow_external_registration: false
|
||||||
|
gitea_enable_notify_mail: false
|
||||||
|
|
||||||
|
gitea_force_private: false
|
||||||
|
|
||||||
|
gitea_mailer_enabled: false
|
||||||
|
gitea_mailer_skip_verify: false
|
||||||
|
gitea_mailer_tls_enabled: true
|
||||||
|
gitea_mailer_host: localhost:25
|
||||||
|
gitea_mailer_from: noreply@your.domain
|
||||||
|
gitea_mailer_user: ""
|
||||||
|
gitea_mailer_password: ""
|
||||||
|
gitea_mailer_type: smtp
|
||||||
|
|
||||||
|
gitea_fail2ban_enabled: false
|
||||||
|
gitea_fail2ban_jail_maxretry: 10
|
||||||
|
gitea_fail2ban_jail_findtime: 3600
|
||||||
|
gitea_fail2ban_jail_bantime: 900
|
||||||
|
gitea_fail2ban_jail_action: iptables-allports
|
||||||
|
|
||||||
|
gitea_oauth2_enabled: true
|
||||||
|
gitea_oauth2_jwt_secret: ChangeMe
|
||||||
|
|
||||||
|
gitea_metrics_enabled: false
|
||||||
|
gitea_metrics_token: ~
|
||||||
|
|
||||||
|
gitea_themes: gitea,arc-green
|
||||||
|
gitea_theme_default: gitea
|
||||||
|
|
||||||
|
gitea_repo_indexer_enabled: false
|
||||||
|
gitea_repo_indexer_include: ""
|
||||||
|
gitea_repo_indexer_exclude: ""
|
||||||
|
gitea_repo_exclude_vendored: true
|
||||||
|
gitea_repo_indexer_max_file_size: 1048576
|
||||||
|
|
||||||
|
gitea_extra_config: ""
|
17
Archiv/gitea/tmaurice.gitea/handlers/main.yml
Normal file
17
Archiv/gitea/tmaurice.gitea/handlers/main.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
- name: "Restart gitea"
|
||||||
|
service:
|
||||||
|
name: gitea
|
||||||
|
state: restarted
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: "Reload systemd"
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: "Restart fail2ban"
|
||||||
|
service:
|
||||||
|
name: fail2ban
|
||||||
|
state: restarted
|
||||||
|
when: ansible_service_mgr == "systemd"
|
27
Archiv/gitea/tmaurice.gitea/meta/main.yml
Normal file
27
Archiv/gitea/tmaurice.gitea/meta/main.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
galaxy_info:
|
||||||
|
author: Thomas Maurice
|
||||||
|
description: Ansible Role - Gitea
|
||||||
|
min_ansible_version: 2.7.9
|
||||||
|
license: BSD-3-Clause
|
||||||
|
galaxy_tags:
|
||||||
|
- git
|
||||||
|
- gitea
|
||||||
|
- system
|
||||||
|
- development
|
||||||
|
- sourcecontrol
|
||||||
|
- selfhosted
|
||||||
|
- gitserver
|
||||||
|
- gogs
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- xenial
|
||||||
|
- bionic
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- ansible-role-gitea
|
||||||
|
vars:
|
||||||
|
gitea_http_domain: localhost
|
||||||
|
gitea_root_url: http://localhost
|
43
Archiv/gitea/tmaurice.gitea/molecule/default/molecule.yml
Normal file
43
Archiv/gitea/tmaurice.gitea/molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
|
||||||
|
lint: |
|
||||||
|
set -e
|
||||||
|
yamllint .
|
||||||
|
ansible-lint
|
||||||
|
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1804}-ansible:latest
|
||||||
|
pre_build_image: true
|
||||||
|
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
privileged: true
|
||||||
|
|
||||||
|
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
playbooks:
|
||||||
|
prepare: prepare.yml
|
||||||
|
converge: converge.yml
|
||||||
|
|
||||||
|
scenario:
|
||||||
|
test_sequence:
|
||||||
|
- lint
|
||||||
|
- destroy
|
||||||
|
- syntax
|
||||||
|
- create
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
- verify
|
||||||
|
- destroy
|
||||||
|
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
||||||
|
lint:
|
||||||
|
name: flake8
|
22
Archiv/gitea/tmaurice.gitea/molecule/default/prepare.yml
Normal file
22
Archiv/gitea/tmaurice.gitea/molecule/default/prepare.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
- name: Perpare
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: install dependencies for gitea (RedHat based systems)
|
||||||
|
yum:
|
||||||
|
name: "{{ packages }}"
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
when: ansible_os_family == "RedHat"
|
||||||
|
- name: install dependencies for gitea (Debian based systems)
|
||||||
|
apt:
|
||||||
|
name: "{{ packages }}"
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
when: ansible_os_family == "Debian"
|
||||||
|
|
||||||
|
vars:
|
||||||
|
packages:
|
||||||
|
- git
|
||||||
|
- curl
|
|
@ -0,0 +1,25 @@
|
||||||
|
import os
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
||||||
|
|
||||||
|
|
||||||
|
def test_gitea_binary(host):
|
||||||
|
gitea_bin = host.file('/usr/local/bin/gitea')
|
||||||
|
assert gitea_bin.exists
|
||||||
|
assert gitea_bin.user == 'root'
|
||||||
|
assert gitea_bin.group == 'root'
|
||||||
|
|
||||||
|
def test_gitea_config_file(host):
|
||||||
|
gitea_config = host.file('/etc/gitea/gitea.ini')
|
||||||
|
assert gitea_config.exists
|
||||||
|
assert gitea_config.mode == 0o600
|
||||||
|
|
||||||
|
def test_gitea_service_running(host):
|
||||||
|
gitea = host.service('gitea')
|
||||||
|
assert gitea.is_running
|
||||||
|
|
||||||
|
def test_gitea_reachable(host):
|
||||||
|
gitea_http = host.run('curl http://localhost:3000')
|
||||||
|
assert gitea_http.rc == 0
|
69
Archiv/gitea/tmaurice.gitea/requirements-travis.txt
Normal file
69
Archiv/gitea/tmaurice.gitea/requirements-travis.txt
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
ansible==2.9.6
|
||||||
|
ansible-lint==4.2.0
|
||||||
|
anyconfig==0.9.7
|
||||||
|
arrow==0.15.5
|
||||||
|
asn1crypto==0.24.0
|
||||||
|
atomicwrites==1.3.0
|
||||||
|
attrs==19.1.0
|
||||||
|
autopep8==1.5.1
|
||||||
|
bcrypt==3.1.7
|
||||||
|
binaryornot==0.4.4
|
||||||
|
Cerberus==1.3.2
|
||||||
|
certifi==2020.4.5.1
|
||||||
|
cffi==1.14.0
|
||||||
|
chardet==3.0.4
|
||||||
|
click==7.1.1
|
||||||
|
click-completion==0.5.2
|
||||||
|
click-help-colors==0.8
|
||||||
|
colorama==0.4.3
|
||||||
|
cookiecutter==1.7.0
|
||||||
|
cryptography==3.2
|
||||||
|
docker==4.2.0
|
||||||
|
docker-pycreds==0.4.0
|
||||||
|
entrypoints==0.3
|
||||||
|
fasteners==0.15
|
||||||
|
flake8==3.7.7
|
||||||
|
future==0.18.2
|
||||||
|
git-url-parse==1.2.1
|
||||||
|
idna==2.9
|
||||||
|
importlib-metadata==1.6.0
|
||||||
|
Jinja2==2.11.2
|
||||||
|
jinja2-time==0.2.0
|
||||||
|
MarkupSafe==1.1.1
|
||||||
|
mccabe==0.6.1
|
||||||
|
molecule==3.0.3
|
||||||
|
monotonic==1.5
|
||||||
|
more-itertools==6.0.0
|
||||||
|
paramiko==2.7.1
|
||||||
|
pathspec==0.8.0
|
||||||
|
pbr==5.1.1
|
||||||
|
pexpect==4.8.0
|
||||||
|
pi==0.1.2
|
||||||
|
pluggy==0.13.1
|
||||||
|
poyo==0.5.0
|
||||||
|
psutil==5.6.6
|
||||||
|
ptyprocess==0.6.0
|
||||||
|
py==1.8.0
|
||||||
|
pyasn1==0.4.5
|
||||||
|
pycodestyle==2.5.0
|
||||||
|
pycparser==2.20
|
||||||
|
pyflakes==2.1.1
|
||||||
|
PyNaCl==1.3.0
|
||||||
|
pytest==4.3.1
|
||||||
|
python-dateutil==2.8.1
|
||||||
|
python-gilt==1.2.3
|
||||||
|
PyYAML==5.3.1
|
||||||
|
requests==2.23.0
|
||||||
|
ruamel.yaml==0.16.10
|
||||||
|
ruamel.yaml.clib==0.2.0
|
||||||
|
sh==1.12.14
|
||||||
|
shellingham==1.3.2
|
||||||
|
six==1.14.0
|
||||||
|
tabulate==0.8.7
|
||||||
|
testinfra==5.0.0
|
||||||
|
tree-format==0.1.2
|
||||||
|
urllib3==1.25.8
|
||||||
|
websocket-client==0.57.0
|
||||||
|
whichcraft==0.6.1
|
||||||
|
yamllint==1.22.1
|
||||||
|
zipp==3.1.0
|
7
Archiv/gitea/tmaurice.gitea/tasks/check-variables.yml
Normal file
7
Archiv/gitea/tmaurice.gitea/tasks/check-variables.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: run checks to ensure set variables do not crash gitea
|
||||||
|
block:
|
||||||
|
- name: "check token length"
|
||||||
|
fail:
|
||||||
|
msg: 'gitea_oauth2_jwt_secret cannot be longer than 32 characters.'
|
||||||
|
when: gitea_oauth2_jwt_secret | length > 32
|
7
Archiv/gitea/tmaurice.gitea/tasks/create_user.yml
Normal file
7
Archiv/gitea/tmaurice.gitea/tasks/create_user.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: "Create Gitea user"
|
||||||
|
user:
|
||||||
|
name: "{{ gitea_user }}"
|
||||||
|
comment: "Gitea user"
|
||||||
|
home: "{{ gitea_home }}"
|
||||||
|
shell: "{{ gitea_shell }}"
|
18
Archiv/gitea/tmaurice.gitea/tasks/fail2ban.yml
Normal file
18
Archiv/gitea/tmaurice.gitea/tasks/fail2ban.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: Install fail2ban filter
|
||||||
|
template:
|
||||||
|
src: fail2ban/filter.conf.j2
|
||||||
|
dest: /etc/fail2ban/filter.d/gitea.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0444
|
||||||
|
notify: Restart fail2ban
|
||||||
|
|
||||||
|
- name: Install fail2ban jail
|
||||||
|
template:
|
||||||
|
src: fail2ban/jail.conf.j2
|
||||||
|
dest: /etc/fail2ban/jail.d/gitea.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0444
|
||||||
|
notify: Restart fail2ban
|
16
Archiv/gitea/tmaurice.gitea/tasks/install_systemd.yml
Normal file
16
Archiv/gitea/tmaurice.gitea/tasks/install_systemd.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: "Setup systemd service"
|
||||||
|
template:
|
||||||
|
src: gitea.service.j2
|
||||||
|
dest: /lib/systemd/system/gitea.service
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify:
|
||||||
|
- "Reload systemd"
|
||||||
|
- "Restart gitea"
|
||||||
|
|
||||||
|
# systemd to be reloaded the first time because it is the only way Systemd is going to be aware of the new unit file.
|
||||||
|
- name: "Reload systemd"
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
67
Archiv/gitea/tmaurice.gitea/tasks/main.yml
Normal file
67
Archiv/gitea/tmaurice.gitea/tasks/main.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include: check-variables.yml
|
||||||
|
|
||||||
|
- name: "Check gitea version"
|
||||||
|
shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
register: gitea_active_version
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
when: gitea_version_check|bool
|
||||||
|
|
||||||
|
- name: "Download the binary"
|
||||||
|
get_url:
|
||||||
|
url: "{{ gitea_dl_url }}"
|
||||||
|
dest: /usr/local/bin/gitea
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
force: true
|
||||||
|
notify: "Restart gitea"
|
||||||
|
when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version))
|
||||||
|
|
||||||
|
- include: create_user.yml
|
||||||
|
|
||||||
|
- name: "Create config and data directory"
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ gitea_user }}"
|
||||||
|
recurse: True
|
||||||
|
with_items:
|
||||||
|
- "/etc/gitea"
|
||||||
|
- "{{ gitea_home }}"
|
||||||
|
- "{{ gitea_home }}/data"
|
||||||
|
- "{{ gitea_home }}/custom"
|
||||||
|
- "{{ gitea_home }}/custom/https"
|
||||||
|
- "{{ gitea_home }}/custom/mailer"
|
||||||
|
- "{{ gitea_home }}/indexers"
|
||||||
|
- "{{ gitea_home }}/log"
|
||||||
|
|
||||||
|
- include: install_systemd.yml
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- name: 'Install git'
|
||||||
|
package:
|
||||||
|
name: 'git'
|
||||||
|
state: 'present'
|
||||||
|
|
||||||
|
- name: "Configure gitea"
|
||||||
|
template:
|
||||||
|
src: gitea.ini.j2
|
||||||
|
dest: /etc/gitea/gitea.ini
|
||||||
|
owner: "{{ gitea_user }}"
|
||||||
|
mode: 0600
|
||||||
|
notify: "Restart gitea"
|
||||||
|
|
||||||
|
- name: "Service gitea"
|
||||||
|
service:
|
||||||
|
name: gitea
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
- include: fail2ban.yml
|
||||||
|
when: gitea_fail2ban_enabled|bool
|
|
@ -0,0 +1,4 @@
|
||||||
|
# Managed by Ansible
|
||||||
|
[Definition]
|
||||||
|
failregex = .*Failed authentication attempt for .* from <HOST>
|
||||||
|
ignoreregex =
|
|
@ -0,0 +1,9 @@
|
||||||
|
[gitea]
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = gitea
|
||||||
|
logpath = {{ gitea_home }}/log/gitea.log
|
||||||
|
maxretry = {{ gitea_fail2ban_jail_maxretry }}
|
||||||
|
findtime = {{ gitea_fail2ban_jail_findtime }}
|
||||||
|
bantime = {{ gitea_fail2ban_jail_bantime }}
|
||||||
|
action = {{ gitea_fail2ban_jail_action }}
|
197
Archiv/gitea/tmaurice.gitea/templates/gitea.ini.j2
Normal file
197
Archiv/gitea/tmaurice.gitea/templates/gitea.ini.j2
Normal file
|
@ -0,0 +1,197 @@
|
||||||
|
; this file is the configuration of your local gitea instance
|
||||||
|
; {{ ansible_managed }}
|
||||||
|
;
|
||||||
|
; This file overwrites the default values from gitea.
|
||||||
|
; undefined variables will use the default value from gitea.
|
||||||
|
; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/
|
||||||
|
;
|
||||||
|
; App name that shows on every page title
|
||||||
|
APP_NAME = {{ gitea_app_name }}
|
||||||
|
; Change it if you run locally
|
||||||
|
RUN_USER = {{ gitea_user }}
|
||||||
|
; Either "dev", "prod" or "test", default is "dev"
|
||||||
|
RUN_MODE = prod
|
||||||
|
|
||||||
|
[repository]
|
||||||
|
ROOT = {{ gitea_repository_root }}
|
||||||
|
; Force every new repository to be private
|
||||||
|
FORCE_PRIVATE = {{ gitea_force_private }}
|
||||||
|
; Global limit of repositories per user, applied at creation time. -1 means no limit
|
||||||
|
MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }}
|
||||||
|
; Mirror sync queue length, increase if mirror syncing starts hanging
|
||||||
|
MIRROR_QUEUE_LENGTH = 1000
|
||||||
|
; Disable the ability to interact with repositories using the HTTP protocol
|
||||||
|
DISABLE_HTTP_GIT = {{ gitea_disable_http_git }}
|
||||||
|
|
||||||
|
[ui]
|
||||||
|
; Whether the email of the user should be shown in the Explore Users page
|
||||||
|
SHOW_USER_EMAIL = {{ gitea_show_user_email }}
|
||||||
|
THEMES = {{ gitea_themes }}
|
||||||
|
DEFAULT_THEME = {{ gitea_theme_default }}
|
||||||
|
|
||||||
|
[server]
|
||||||
|
; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
|
||||||
|
PROTOCOL = {{ gitea_protocol }}
|
||||||
|
DOMAIN = {{ gitea_http_domain }}
|
||||||
|
ROOT_URL = {{ gitea_root_url }}
|
||||||
|
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
|
||||||
|
HTTP_ADDR = {{ gitea_http_listen }}
|
||||||
|
HTTP_PORT = {{ gitea_http_port }}
|
||||||
|
; Disable SSH feature when not available
|
||||||
|
DISABLE_SSH = false
|
||||||
|
; Whether to use the builtin SSH server or not.
|
||||||
|
START_SSH_SERVER = {{ gitea_start_ssh }}
|
||||||
|
; Domain name to be exposed in clone URL
|
||||||
|
SSH_DOMAIN = {{ gitea_ssh_domain }}
|
||||||
|
; The network interface the builtin SSH server should listen on
|
||||||
|
SSH_LISTEN_HOST = {{ gitea_ssh_listen }}
|
||||||
|
; Port number to be exposed in clone URL
|
||||||
|
SSH_PORT = {{ gitea_ssh_port }}
|
||||||
|
; The port number the builtin SSH server should listen on
|
||||||
|
SSH_LISTEN_PORT = %(SSH_PORT)s
|
||||||
|
; Disable CDN even in "prod" mode
|
||||||
|
OFFLINE_MODE = {{ gitea_offline_mode }}
|
||||||
|
; Default path for App data
|
||||||
|
APP_DATA_PATH = {{ gitea_home }}/data
|
||||||
|
{%- if gitea_lfs_server_enabled | bool %}
|
||||||
|
;Enables git-lfs support.
|
||||||
|
LFS_START_SERVER = true
|
||||||
|
; Where to store LFS files.
|
||||||
|
LFS_CONTENT_PATH = {{ gitea_lfs_content_path }}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
[database]
|
||||||
|
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
||||||
|
DB_TYPE = {{ gitea_db_type }}
|
||||||
|
HOST = {{ gitea_db_host }}
|
||||||
|
NAME = {{ gitea_db_name }}
|
||||||
|
USER = {{ gitea_db_user }}
|
||||||
|
; Use PASSWD = `your password` for quoting if you use special characters in the password.
|
||||||
|
PASSWD = {{ gitea_db_password }}
|
||||||
|
; For Postgres, either "disable" (default), "require", or "verify-full"
|
||||||
|
; For MySQL, either "false" (default), "true", or "skip-verify"
|
||||||
|
SSL_MODE = {{ gitea_db_ssl }}
|
||||||
|
; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
|
||||||
|
PATH = {{ gitea_db_path }}
|
||||||
|
|
||||||
|
[indexer]
|
||||||
|
; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
|
||||||
|
ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve
|
||||||
|
; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
|
||||||
|
ISSUE_INDEXER_QUEUE_TYPE = levelqueue
|
||||||
|
; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
|
||||||
|
; default is indexers/issues.queue
|
||||||
|
ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue
|
||||||
|
|
||||||
|
; repo indexer by default disabled, since it uses a lot of disk space
|
||||||
|
REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }}
|
||||||
|
REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve
|
||||||
|
REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }}
|
||||||
|
REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }}
|
||||||
|
REPO_INDEXER_EXCLUDE_VENDORED = {{ gitea_repo_exclude_vendored }}
|
||||||
|
MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }}
|
||||||
|
|
||||||
|
[security]
|
||||||
|
; Whether the installer is disabled
|
||||||
|
INSTALL_LOCK = true
|
||||||
|
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
|
||||||
|
SECRET_KEY = {{ gitea_secret_key }}
|
||||||
|
INTERNAL_TOKEN = {{ gitea_internal_token }}
|
||||||
|
; How long to remember that an user is logged in before requiring relogin (in days)
|
||||||
|
LOGIN_REMEMBER_DAYS = 7
|
||||||
|
DISABLE_GIT_HOOKS = {{ gitea_disable_git_hooks }}
|
||||||
|
|
||||||
|
[service]
|
||||||
|
; Disallow registration, only allow admins to create accounts.
|
||||||
|
DISABLE_REGISTRATION = {{ gitea_disable_registration }}
|
||||||
|
; User must sign in to view anything.
|
||||||
|
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }}
|
||||||
|
; Enable captcha validation for registration
|
||||||
|
ENABLE_CAPTCHA = {{ gitea_enable_captcha }}
|
||||||
|
; Type of captcha you want to use. Options: image, recaptcha
|
||||||
|
CAPTCHA_TYPE = image
|
||||||
|
; Enable recaptcha to use Google's recaptcha service
|
||||||
|
; Go to https://www.google.com/recaptcha/admin to sign up for a key
|
||||||
|
RECAPTCHA_SECRET =
|
||||||
|
RECAPTCHA_SITEKEY =
|
||||||
|
; Show Registration button
|
||||||
|
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }}
|
||||||
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }}
|
||||||
|
ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }}
|
||||||
|
|
||||||
|
[mailer]
|
||||||
|
ENABLED = {{ gitea_mailer_enabled }}
|
||||||
|
; Mail server
|
||||||
|
; Gmail: smtp.gmail.com:587
|
||||||
|
; QQ: smtp.qq.com:465
|
||||||
|
; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
|
||||||
|
HOST = {{ gitea_mailer_host }}
|
||||||
|
; Disable HELO operation when hostnames are different.
|
||||||
|
DISABLE_HELO =
|
||||||
|
; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
|
||||||
|
HELO_HOSTNAME =
|
||||||
|
; Do not verify the certificate of the server. Only use this for self-signed certificates
|
||||||
|
SKIP_VERIFY = {{ gitea_mailer_skip_verify }}
|
||||||
|
; Use client certificate
|
||||||
|
USE_CERTIFICATE = false
|
||||||
|
CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem
|
||||||
|
KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem
|
||||||
|
; Should SMTP connection use TLS
|
||||||
|
IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }}
|
||||||
|
; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
|
||||||
|
FROM = {{ gitea_mailer_from }}
|
||||||
|
; Mailer user name and password
|
||||||
|
USER = {{ gitea_mailer_user }}
|
||||||
|
; Use PASSWD = `your password` for quoting if you use special characters in the password.
|
||||||
|
PASSWD = `{{ gitea_mailer_password }}`
|
||||||
|
; Send mails as plain text
|
||||||
|
SEND_AS_PLAIN_TEXT = false
|
||||||
|
; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
|
||||||
|
MAILER_TYPE = {{ gitea_mailer_type }}
|
||||||
|
; Specify an alternative sendmail binary
|
||||||
|
SENDMAIL_PATH = sendmail
|
||||||
|
; Specify any extra sendmail arguments
|
||||||
|
SENDMAIL_ARGS =
|
||||||
|
|
||||||
|
|
||||||
|
[session]
|
||||||
|
; Either "memory", "file", or "redis", default is "memory"
|
||||||
|
PROVIDER = file
|
||||||
|
; Provider config options
|
||||||
|
; memory: doesn't have any config yet
|
||||||
|
; file: session file path, e.g. `data/sessions`
|
||||||
|
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
||||||
|
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
|
||||||
|
PROVIDER_CONFIG = {{ gitea_home }}/data/sessions
|
||||||
|
|
||||||
|
[picture]
|
||||||
|
AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars
|
||||||
|
; This value will always be true in offline mode.
|
||||||
|
DISABLE_GRAVATAR = {{ gitea_disable_gravatar }}
|
||||||
|
|
||||||
|
[attachment]
|
||||||
|
; Whether attachments are enabled. Defaults to `true`
|
||||||
|
ENABLED = true
|
||||||
|
; Path for attachments. Defaults to `data/attachments`
|
||||||
|
PATH = {{ gitea_home }}/data/attachments
|
||||||
|
|
||||||
|
[log]
|
||||||
|
ROOT_PATH = {{ gitea_home }}/log
|
||||||
|
; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
||||||
|
; Use comma to separate multiple modes, e.g. "console, file"
|
||||||
|
MODE = file
|
||||||
|
; Buffer length of the channel, keep it as it is if you don't know what it is.
|
||||||
|
BUFFER_LEN = 10000
|
||||||
|
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
||||||
|
LEVEL = Info
|
||||||
|
REDIRECT_MACARON_LOG = false
|
||||||
|
|
||||||
|
[oauth2]
|
||||||
|
ENABLE = {{ gitea_oauth2_enabled }}
|
||||||
|
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
|
||||||
|
|
||||||
|
[metrics]
|
||||||
|
ENABLED = {{ gitea_metrics_enabled }}
|
||||||
|
TOKEN = {{ gitea_metrics_token }}
|
||||||
|
|
||||||
|
{{ gitea_extra_config }}
|
15
Archiv/gitea/tmaurice.gitea/templates/gitea.service.j2
Normal file
15
Archiv/gitea/tmaurice.gitea/templates/gitea.service.j2
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Gitea git server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User={{ gitea_user }}
|
||||||
|
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini
|
||||||
|
Restart=on-failure
|
||||||
|
WorkingDirectory={{ gitea_home }}
|
||||||
|
{% if gitea_systemd_cap_net_bind_service %}
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
2
Archiv/gitea/tmaurice.gitea/vars/main.yml
Normal file
2
Archiv/gitea/tmaurice.gitea/vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
|
2
Archiv/jenkins/geerlingguy.jenkins/.ansible-lint
Normal file
2
Archiv/jenkins/geerlingguy.jenkins/.ansible-lint
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
skip_list:
|
||||||
|
- '106'
|
4
Archiv/jenkins/geerlingguy.jenkins/.github/FUNDING.yml
vendored
Normal file
4
Archiv/jenkins/geerlingguy.jenkins/.github/FUNDING.yml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# These are supported funding model platforms
|
||||||
|
---
|
||||||
|
github: geerlingguy
|
||||||
|
patreon: geerlingguy
|
56
Archiv/jenkins/geerlingguy.jenkins/.github/stale.yml
vendored
Normal file
56
Archiv/jenkins/geerlingguy.jenkins/.github/stale.yml
vendored
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
# Configuration for probot-stale - https://github.com/probot/stale
|
||||||
|
|
||||||
|
# Number of days of inactivity before an Issue or Pull Request becomes stale
|
||||||
|
daysUntilStale: 90
|
||||||
|
|
||||||
|
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
|
||||||
|
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
|
||||||
|
daysUntilClose: 30
|
||||||
|
|
||||||
|
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
|
||||||
|
onlyLabels: []
|
||||||
|
|
||||||
|
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
|
||||||
|
exemptLabels:
|
||||||
|
- pinned
|
||||||
|
- security
|
||||||
|
- planned
|
||||||
|
|
||||||
|
# Set to true to ignore issues in a project (defaults to false)
|
||||||
|
exemptProjects: false
|
||||||
|
|
||||||
|
# Set to true to ignore issues in a milestone (defaults to false)
|
||||||
|
exemptMilestones: false
|
||||||
|
|
||||||
|
# Set to true to ignore issues with an assignee (defaults to false)
|
||||||
|
exemptAssignees: false
|
||||||
|
|
||||||
|
# Label to use when marking as stale
|
||||||
|
staleLabel: stale
|
||||||
|
|
||||||
|
# Limit the number of actions per hour, from 1-30. Default is 30
|
||||||
|
limitPerRun: 30
|
||||||
|
|
||||||
|
pulls:
|
||||||
|
markComment: |-
|
||||||
|
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
|
||||||
|
|
||||||
|
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
|
||||||
|
|
||||||
|
unmarkComment: >-
|
||||||
|
This pull request is no longer marked for closure.
|
||||||
|
|
||||||
|
closeComment: >-
|
||||||
|
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
|
||||||
|
|
||||||
|
issues:
|
||||||
|
markComment: |-
|
||||||
|
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
|
||||||
|
|
||||||
|
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
|
||||||
|
|
||||||
|
unmarkComment: >-
|
||||||
|
This issue is no longer marked for closure.
|
||||||
|
|
||||||
|
closeComment: >-
|
||||||
|
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
|
82
Archiv/jenkins/geerlingguy.jenkins/.github/workflows/ci.yml
vendored
Normal file
82
Archiv/jenkins/geerlingguy.jenkins/.github/workflows/ci.yml
vendored
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
---
|
||||||
|
name: CI
|
||||||
|
'on':
|
||||||
|
pull_request:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
schedule:
|
||||||
|
- cron: "30 7 * * 2"
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: 'geerlingguy.jenkins'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
|
||||||
|
lint:
|
||||||
|
name: Lint
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase.
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
path: 'geerlingguy.jenkins'
|
||||||
|
|
||||||
|
- name: Set up Python 3.
|
||||||
|
uses: actions/setup-python@v2
|
||||||
|
with:
|
||||||
|
python-version: '3.x'
|
||||||
|
|
||||||
|
- name: Install test dependencies.
|
||||||
|
run: pip3 install yamllint ansible-lint
|
||||||
|
|
||||||
|
- name: Lint code.
|
||||||
|
run: |
|
||||||
|
yamllint .
|
||||||
|
ansible-lint
|
||||||
|
|
||||||
|
molecule:
|
||||||
|
name: Molecule
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- distro: centos8
|
||||||
|
playbook: converge.yml
|
||||||
|
- distro: ubuntu1804
|
||||||
|
playbook: converge.yml
|
||||||
|
- distro: debian10
|
||||||
|
playbook: converge.yml
|
||||||
|
|
||||||
|
# Test other role features.
|
||||||
|
- distro: ubuntu1804
|
||||||
|
playbook: http-port.yml
|
||||||
|
- distro: ubuntu1804
|
||||||
|
playbook: prefix.yml
|
||||||
|
- distro: ubuntu1804
|
||||||
|
playbook: plugins-with-home.yml
|
||||||
|
- distro: centos7
|
||||||
|
playbook: jenkins-version.yml
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase.
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
path: 'geerlingguy.jenkins'
|
||||||
|
|
||||||
|
- name: Set up Python 3.
|
||||||
|
uses: actions/setup-python@v2
|
||||||
|
with:
|
||||||
|
python-version: '3.x'
|
||||||
|
|
||||||
|
- name: Install test dependencies.
|
||||||
|
run: pip3 install ansible molecule[docker] docker
|
||||||
|
|
||||||
|
- name: Run Molecule tests.
|
||||||
|
run: molecule test
|
||||||
|
env:
|
||||||
|
PY_COLORS: '1'
|
||||||
|
ANSIBLE_FORCE_COLOR: '1'
|
||||||
|
MOLECULE_DISTRO: ${{ matrix.distro }}
|
||||||
|
MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
|
38
Archiv/jenkins/geerlingguy.jenkins/.github/workflows/release.yml
vendored
Normal file
38
Archiv/jenkins/geerlingguy.jenkins/.github/workflows/release.yml
vendored
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
|
||||||
|
# repository or organization.
|
||||||
|
#
|
||||||
|
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
|
||||||
|
# See: https://github.com/ansible/galaxy/issues/46
|
||||||
|
|
||||||
|
name: Release
|
||||||
|
'on':
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: 'geerlingguy.jenkins'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
|
||||||
|
release:
|
||||||
|
name: Release
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase.
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
with:
|
||||||
|
path: 'geerlingguy.jenkins'
|
||||||
|
|
||||||
|
- name: Set up Python 3.
|
||||||
|
uses: actions/setup-python@v2
|
||||||
|
with:
|
||||||
|
python-version: '3.x'
|
||||||
|
|
||||||
|
- name: Install Ansible.
|
||||||
|
run: pip3 install ansible-base
|
||||||
|
|
||||||
|
- name: Trigger a new import on Galaxy.
|
||||||
|
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)
|
3
Archiv/jenkins/geerlingguy.jenkins/.gitignore
vendored
Normal file
3
Archiv/jenkins/geerlingguy.jenkins/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
*.retry
|
||||||
|
*/__pycache__
|
||||||
|
*.pyc
|
11
Archiv/jenkins/geerlingguy.jenkins/.yamllint
Normal file
11
Archiv/jenkins/geerlingguy.jenkins/.yamllint
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
max: 150
|
||||||
|
level: warning
|
||||||
|
|
||||||
|
ignore: |
|
||||||
|
.github/stale.yml
|
||||||
|
.travis.yml
|
20
Archiv/jenkins/geerlingguy.jenkins/LICENSE
Normal file
20
Archiv/jenkins/geerlingguy.jenkins/LICENSE
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2017 Jeff Geerling
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||||
|
this software and associated documentation files (the "Software"), to deal in
|
||||||
|
the Software without restriction, including without limitation the rights to
|
||||||
|
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software is furnished to do so,
|
||||||
|
subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||||
|
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||||
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||||
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
149
Archiv/jenkins/geerlingguy.jenkins/README.md
Normal file
149
Archiv/jenkins/geerlingguy.jenkins/README.md
Normal file
|
@ -0,0 +1,149 @@
|
||||||
|
# Ansible Role: Jenkins CI
|
||||||
|
|
||||||
|
[![CI](https://github.com/geerlingguy/ansible-role-jenkins/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-jenkins/actions?query=workflow%3ACI)
|
||||||
|
|
||||||
|
Installs Jenkins CI on RHEL/CentOS and Debian/Ubuntu servers.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
Requires `curl` to be installed on the server. Also, newer versions of Jenkins require Java 8+ (see the test playbooks inside the `molecule/default` directory for an example of how to use newer versions of Java for your OS).
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
|
jenkins_package_state: present
|
||||||
|
|
||||||
|
The state of the `jenkins` package install. By default this role installs Jenkins but will not upgrade Jenkins (when using package-based installs). If you want to always update to the latest version, change this to `latest`.
|
||||||
|
|
||||||
|
jenkins_hostname: localhost
|
||||||
|
|
||||||
|
The system hostname; usually `localhost` works fine. This will be used during setup to communicate with the running Jenkins instance via HTTP requests.
|
||||||
|
|
||||||
|
jenkins_home: /var/lib/jenkins
|
||||||
|
|
||||||
|
The Jenkins home directory which, amongst others, is being used for storing artifacts, workspaces and plugins. This variable allows you to override the default `/var/lib/jenkins` location.
|
||||||
|
|
||||||
|
jenkins_http_port: 8080
|
||||||
|
|
||||||
|
The HTTP port for Jenkins' web interface.
|
||||||
|
|
||||||
|
jenkins_admin_username: admin
|
||||||
|
jenkins_admin_password: admin
|
||||||
|
|
||||||
|
Default admin account credentials which will be created the first time Jenkins is installed.
|
||||||
|
|
||||||
|
jenkins_admin_password_file: ""
|
||||||
|
|
||||||
|
Default admin password file which will be created the first time Jenkins is installed as /var/lib/jenkins/secrets/initialAdminPassword
|
||||||
|
|
||||||
|
jenkins_jar_location: /opt/jenkins-cli.jar
|
||||||
|
|
||||||
|
The location at which the `jenkins-cli.jar` jarfile will be kept. This is used for communicating with Jenkins via the CLI.
|
||||||
|
|
||||||
|
jenkins_plugins:
|
||||||
|
- blueocean
|
||||||
|
- name: influxdb
|
||||||
|
version: "1.12.1"
|
||||||
|
|
||||||
|
Jenkins plugins to be installed automatically during provisioning. Defaults to empty list (`[]`). Items can use name or dictionary with `name` and `version` keys to pin specific version of a plugin.
|
||||||
|
|
||||||
|
jenkins_plugins_install_dependencies: true
|
||||||
|
|
||||||
|
Whether Jenkins plugins to be installed should also install any plugin dependencies.
|
||||||
|
|
||||||
|
jenkins_plugins_state: present
|
||||||
|
|
||||||
|
Use `latest` to ensure all plugins are running the most up-to-date version. For any plugin that has a specific version set in `jenkins_plugins` list, state `present` will be used instead of `jenkins_plugins_state` value.
|
||||||
|
|
||||||
|
jenkins_plugin_updates_expiration: 86400
|
||||||
|
|
||||||
|
Number of seconds after which a new copy of the update-center.json file is downloaded. Set it to 0 if no cache file should be used.
|
||||||
|
|
||||||
|
jenkins_updates_url: "https://updates.jenkins.io"
|
||||||
|
|
||||||
|
The URL to use for Jenkins plugin updates and update-center information.
|
||||||
|
|
||||||
|
jenkins_plugin_timeout: 30
|
||||||
|
|
||||||
|
The server connection timeout, in seconds, when installing Jenkins plugins.
|
||||||
|
|
||||||
|
jenkins_version: "2.220"
|
||||||
|
jenkins_pkg_url: "http://www.example.com"
|
||||||
|
|
||||||
|
(Optional) Then Jenkins version can be pinned to any version available on `http://pkg.jenkins-ci.org/debian/` (Debian/Ubuntu) or `http://pkg.jenkins-ci.org/redhat/` (RHEL/CentOS). If the Jenkins version you need is not available in the default package URLs, you can override the URL with your own; set `jenkins_pkg_url` (_Note_: the role depends on the same naming convention that `http://pkg.jenkins-ci.org/` uses).
|
||||||
|
|
||||||
|
jenkins_url_prefix: ""
|
||||||
|
|
||||||
|
Used for setting a URL prefix for your Jenkins installation. The option is added as `--prefix={{ jenkins_url_prefix }}` to the Jenkins initialization `java` invocation, so you can access the installation at a path like `http://www.example.com{{ jenkins_url_prefix }}`. Make sure you start the prefix with a `/` (e.g. `/jenkins`).
|
||||||
|
|
||||||
|
jenkins_connection_delay: 5
|
||||||
|
jenkins_connection_retries: 60
|
||||||
|
|
||||||
|
Amount of time and number of times to wait when connecting to Jenkins after initial startup, to verify that Jenkins is running. Total time to wait = `delay` * `retries`, so by default this role will wait up to 300 seconds before timing out.
|
||||||
|
|
||||||
|
jenkins_prefer_lts: false
|
||||||
|
|
||||||
|
By default, this role will install the latest version of Jenkins using the official repositories according to the platform. You can install the current LTS version instead by setting this to `false`.
|
||||||
|
|
||||||
|
The default repositories (listed below) can be overridden as well.
|
||||||
|
|
||||||
|
# For RedHat/CentOS:
|
||||||
|
jenkins_repo_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.repo
|
||||||
|
jenkins_repo_key_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
|
||||||
|
|
||||||
|
# For Debian/Ubuntu:
|
||||||
|
jenkins_repo_url: deb https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }} binary/
|
||||||
|
jenkins_repo_key_url: https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
|
||||||
|
|
||||||
|
It is also possible to prevent the repo file from being added by setting `jenkins_repo_url: ''`. This is useful if, for example, you sign your own packages or run internal package management (e.g. Spacewalk).
|
||||||
|
|
||||||
|
jenkins_java_options: "-Djenkins.install.runSetupWizard=false"
|
||||||
|
|
||||||
|
Extra Java options for the Jenkins launch command configured in the init file can be set with the var `jenkins_java_options`. For example, if you want to configure the timezone Jenkins uses, add `-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York`. By default, the option to disable the Jenkins 2.0 setup wizard is added.
|
||||||
|
|
||||||
|
jenkins_init_changes:
|
||||||
|
- option: "JENKINS_ARGS"
|
||||||
|
value: "--prefix={{ jenkins_url_prefix }}"
|
||||||
|
- option: "JENKINS_JAVA_OPTIONS"
|
||||||
|
value: "{{ jenkins_java_options }}"
|
||||||
|
|
||||||
|
Changes made to the Jenkins init script; the default set of changes set the configured URL prefix and add in configured Java options for Jenkins' startup. You can add other option/value pairs if you need to set other options for the Jenkins init file.
|
||||||
|
|
||||||
|
jenkins_proxy_host: ""
|
||||||
|
jenkins_proxy_port: ""
|
||||||
|
jenkins_proxy_noproxy:
|
||||||
|
- "127.0.0.1"
|
||||||
|
- "localhost"
|
||||||
|
|
||||||
|
If you are running Jenkins behind a proxy server, configure these options appropriately. Otherwise Jenkins will be configured with a direct Internet connection.
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- hosts: jenkins
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
jenkins_hostname: jenkins.example.com
|
||||||
|
java_packages:
|
||||||
|
- openjdk-8-jdk
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.java
|
||||||
|
- role: geerlingguy.jenkins
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that `java_packages` may need different versions depending on your distro (e.g. `openjdk-11-jdk` for Debian 10, or `java-1.8.0-openjdk` for RHEL 7 or 8).
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT (Expat) / BSD
|
||||||
|
|
||||||
|
## Author Information
|
||||||
|
|
||||||
|
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
|
51
Archiv/jenkins/geerlingguy.jenkins/defaults/main.yml
Normal file
51
Archiv/jenkins/geerlingguy.jenkins/defaults/main.yml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
---
|
||||||
|
# Optional method of pinning a specific version of Jenkins and/or overriding the
|
||||||
|
# default Jenkins packaging URL.
|
||||||
|
# jenkins_version: "1.644"
|
||||||
|
# jenkins_pkg_url: "https://www.example.com"
|
||||||
|
|
||||||
|
# Change this to `latest` to update Jenkins if a newer version is available.
|
||||||
|
jenkins_package_state: present
|
||||||
|
|
||||||
|
jenkins_prefer_lts: false
|
||||||
|
|
||||||
|
jenkins_connection_delay: 5
|
||||||
|
jenkins_connection_retries: 60
|
||||||
|
jenkins_home: /var/lib/jenkins
|
||||||
|
jenkins_hostname: localhost
|
||||||
|
jenkins_http_port: 8080
|
||||||
|
jenkins_jar_location: /opt/jenkins-cli.jar
|
||||||
|
jenkins_url_prefix: ""
|
||||||
|
jenkins_java_options: "-Djenkins.install.runSetupWizard=false"
|
||||||
|
|
||||||
|
# Plugin list can use the plugin name, or a name/version dict.
|
||||||
|
jenkins_plugins: []
|
||||||
|
# - blueocean
|
||||||
|
# - name: influxdb
|
||||||
|
# version: "1.12.1"
|
||||||
|
|
||||||
|
jenkins_plugins_state: present
|
||||||
|
jenkins_plugin_updates_expiration: 86400
|
||||||
|
jenkins_plugin_timeout: 30
|
||||||
|
jenkins_plugins_install_dependencies: true
|
||||||
|
jenkins_updates_url: "https://updates.jenkins.io"
|
||||||
|
|
||||||
|
jenkins_admin_username: admin
|
||||||
|
jenkins_admin_password: admin
|
||||||
|
jenkins_admin_password_file: ""
|
||||||
|
|
||||||
|
jenkins_process_user: jenkins
|
||||||
|
jenkins_process_group: "{{ jenkins_process_user }}"
|
||||||
|
|
||||||
|
jenkins_init_changes:
|
||||||
|
- option: "JENKINS_ARGS"
|
||||||
|
value: "--prefix={{ jenkins_url_prefix }}"
|
||||||
|
- option: "{{ jenkins_java_options_env_var }}"
|
||||||
|
value: "{{ jenkins_java_options }}"
|
||||||
|
|
||||||
|
# If Jenkins is behind a proxy, configure this.
|
||||||
|
jenkins_proxy_host: ""
|
||||||
|
jenkins_proxy_port: ""
|
||||||
|
jenkins_proxy_noproxy:
|
||||||
|
- "127.0.0.1"
|
||||||
|
- "localhost"
|
12
Archiv/jenkins/geerlingguy.jenkins/handlers/main.yml
Normal file
12
Archiv/jenkins/geerlingguy.jenkins/handlers/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: restart jenkins
|
||||||
|
service: name=jenkins state=restarted
|
||||||
|
|
||||||
|
- name: configure default users
|
||||||
|
template:
|
||||||
|
src: basic-security.groovy.j2
|
||||||
|
dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
|
||||||
|
owner: "{{ jenkins_process_user }}"
|
||||||
|
group: "{{ jenkins_process_group }}"
|
||||||
|
mode: 0775
|
||||||
|
register: jenkins_users_config
|
30
Archiv/jenkins/geerlingguy.jenkins/meta/main.yml
Normal file
30
Archiv/jenkins/geerlingguy.jenkins/meta/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
dependencies: []
|
||||||
|
|
||||||
|
galaxy_info:
|
||||||
|
role_name: jenkins
|
||||||
|
author: geerlingguy
|
||||||
|
description: Jenkins CI
|
||||||
|
company: "Midwestern Mac, LLC"
|
||||||
|
license: "license (BSD, MIT)"
|
||||||
|
min_ansible_version: 2.4
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 6
|
||||||
|
- 7
|
||||||
|
- 8
|
||||||
|
- name: Fedora
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
galaxy_tags:
|
||||||
|
- development
|
||||||
|
- packaging
|
||||||
|
- jenkins
|
||||||
|
- ci
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- include_tasks: java-8.yml
|
||||||
|
|
||||||
|
- include_tasks: java-11.yml
|
||||||
|
when:
|
||||||
|
- ansible_distribution == 'Debian'
|
||||||
|
- ansible_distribution_major_version == '10'
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: geerlingguy.java
|
||||||
|
- role: geerlingguy.jenkins
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Check if Jenkins is running.
|
||||||
|
uri:
|
||||||
|
url: "http://127.0.0.1:8080/"
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
jenkins_http_port: 8081
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- include_tasks: java-8.yml
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- geerlingguy.java
|
||||||
|
- geerlingguy.jenkins
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Ensure Jenkins is running on the specified port.
|
||||||
|
uri:
|
||||||
|
url: "http://127.0.0.1:{{ jenkins_http_port }}"
|
||||||
|
status_code: 200
|
||||||
|
register: result
|
||||||
|
until: result.status == 200
|
||||||
|
retries: 60
|
||||||
|
delay: 1
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Set the java_packages variable (Debian).
|
||||||
|
set_fact:
|
||||||
|
java_packages:
|
||||||
|
- openjdk-11-jdk
|
||||||
|
when: ansible_os_family == 'Debian'
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
# Debian.
|
||||||
|
- name: Update apt cache.
|
||||||
|
apt: update_cache=true cache_valid_time=600
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Set the java_packages variable (Debian).
|
||||||
|
set_fact:
|
||||||
|
java_packages:
|
||||||
|
- openjdk-8-jdk
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
# Red Hat.
|
||||||
|
- name: Set the java_packages variable (RedHat).
|
||||||
|
set_fact:
|
||||||
|
java_packages:
|
||||||
|
- java-1.8.0-openjdk
|
||||||
|
when: ansible_os_family == 'RedHat'
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
jenkins_version: "2.220"
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- geerlingguy.java
|
||||||
|
- geerlingguy.jenkins
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Check installed version of Jenkins.
|
||||||
|
command: rpm -q jenkins
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
changed_when: false
|
||||||
|
register: jenkins_rpm_version
|
||||||
|
tags: ['skip_ansible_lint']
|
||||||
|
|
||||||
|
- name: Print installed Jenkins package information.
|
||||||
|
debug: var=jenkins_rpm_version
|
||||||
|
|
||||||
|
- name: Fail if version doesn't match what we wanted.
|
||||||
|
fail:
|
||||||
|
when: "jenkins_version not in jenkins_rpm_version.stdout"
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
|
||||||
|
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
privileged: true
|
||||||
|
pre_build_image: true
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
playbooks:
|
||||||
|
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
jenkins_plugins:
|
||||||
|
- ghprb
|
||||||
|
- greenballs
|
||||||
|
- {name: cloudbees-folder, version: 6.11}
|
||||||
|
jenkins_home: /tmp/jenkins
|
||||||
|
jenkins_plugin_timeout: 120
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- include_tasks: java-8.yml
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- geerlingguy.java
|
||||||
|
- geerlingguy.jenkins
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Verify JENKINS_HOME is correct.
|
||||||
|
stat:
|
||||||
|
path: "{{ jenkins_home }}/config.xml"
|
||||||
|
register: jenkins_home_config
|
||||||
|
|
||||||
|
- name: Fail if Jenkins config file doesn't exist.
|
||||||
|
fail:
|
||||||
|
when: not jenkins_home_config.stat.exists
|
||||||
|
|
||||||
|
- name: List plugins directory contents.
|
||||||
|
command: "ls {{ jenkins_home }}/plugins"
|
||||||
|
register: plugins_contents
|
||||||
|
changed_when: false
|
||||||
|
tags: ['skip_ansible_lint']
|
||||||
|
|
||||||
|
- name: Verify greenballs plugin exists.
|
||||||
|
stat:
|
||||||
|
path: "{{ jenkins_home }}/plugins/greenballs.jpi"
|
||||||
|
register: greenballs_plugin
|
||||||
|
|
||||||
|
- name: Fail if greenballs plugin file doesn't exist.
|
||||||
|
fail:
|
||||||
|
when: not greenballs_plugin.stat.exists
|
||||||
|
|
||||||
|
- name: Verify cloudbees-folder plugin exists.
|
||||||
|
stat:
|
||||||
|
path: "{{ jenkins_home }}/plugins/cloudbees-folder.jpi"
|
||||||
|
register: folder_plugin
|
||||||
|
|
||||||
|
- name: Fail if cloudbees-folder plugin file doesn't exist.
|
||||||
|
fail:
|
||||||
|
when: not folder_plugin.stat.exists
|
||||||
|
|
||||||
|
- name: Ensure Jenkins is running.
|
||||||
|
uri:
|
||||||
|
url: "http://127.0.0.1:8080/"
|
||||||
|
status_code: 200
|
||||||
|
register: result
|
||||||
|
until: result.status == 200
|
||||||
|
retries: 60
|
||||||
|
delay: 1
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
jenkins_url_prefix: /jenkins
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- include_tasks: java-8.yml
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- geerlingguy.java
|
||||||
|
- geerlingguy.jenkins
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Ensure Jenkins is running with the specified prefix.
|
||||||
|
uri:
|
||||||
|
url: "http://127.0.0.1:8080{{ jenkins_url_prefix }}"
|
||||||
|
status_code: 200
|
||||||
|
register: result
|
||||||
|
until: result.status == 200
|
||||||
|
retries: 60
|
||||||
|
delay: 1
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
- src: geerlingguy.java
|
67
Archiv/jenkins/geerlingguy.jenkins/tasks/main.yml
Normal file
67
Archiv/jenkins/geerlingguy.jenkins/tasks/main.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
# Variable setup.
|
||||||
|
- name: Include OS-Specific variables
|
||||||
|
include_vars: "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
|
- name: Define jenkins_repo_url
|
||||||
|
set_fact:
|
||||||
|
jenkins_repo_url: "{{ __jenkins_repo_url }}"
|
||||||
|
when: jenkins_repo_url is not defined
|
||||||
|
|
||||||
|
- name: Define jenkins_repo_key_url
|
||||||
|
set_fact:
|
||||||
|
jenkins_repo_key_url: "{{ __jenkins_repo_key_url }}"
|
||||||
|
when: jenkins_repo_key_url is not defined
|
||||||
|
|
||||||
|
- name: Define jenkins_pkg_url
|
||||||
|
set_fact:
|
||||||
|
jenkins_pkg_url: "{{ __jenkins_pkg_url }}"
|
||||||
|
when: jenkins_pkg_url is not defined
|
||||||
|
|
||||||
|
# Setup/install tasks.
|
||||||
|
- include_tasks: setup-RedHat.yml
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
|
- include_tasks: setup-Debian.yml
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
# Configure Jenkins init settings.
|
||||||
|
- include_tasks: settings.yml
|
||||||
|
|
||||||
|
# Make sure Jenkins starts, then configure Jenkins.
|
||||||
|
- name: Ensure Jenkins is started and runs on startup.
|
||||||
|
service: name=jenkins state=started enabled=yes
|
||||||
|
|
||||||
|
- name: Wait for Jenkins to start up before proceeding.
|
||||||
|
uri:
|
||||||
|
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/cli/"
|
||||||
|
method: GET
|
||||||
|
return_content: "yes"
|
||||||
|
timeout: 5
|
||||||
|
body_format: raw
|
||||||
|
follow_redirects: "no"
|
||||||
|
status_code: 200,403
|
||||||
|
register: result
|
||||||
|
until: (result.status == 403 or result.status == 200) and (result.content.find("Please wait while") == -1)
|
||||||
|
retries: "{{ jenkins_connection_retries }}"
|
||||||
|
delay: "{{ jenkins_connection_delay }}"
|
||||||
|
changed_when: false
|
||||||
|
check_mode: false
|
||||||
|
|
||||||
|
- name: Get the jenkins-cli jarfile from the Jenkins server.
|
||||||
|
get_url:
|
||||||
|
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/jnlpJars/jenkins-cli.jar"
|
||||||
|
dest: "{{ jenkins_jar_location }}"
|
||||||
|
register: jarfile_get
|
||||||
|
until: "'OK' in jarfile_get.msg or '304' in jarfile_get.msg or 'file already exists' in jarfile_get.msg"
|
||||||
|
retries: 5
|
||||||
|
delay: 10
|
||||||
|
check_mode: false
|
||||||
|
|
||||||
|
- name: Remove Jenkins security init scripts after first startup.
|
||||||
|
file:
|
||||||
|
path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
# Update Jenkins and install configured plugins.
|
||||||
|
- include_tasks: plugins.yml
|
63
Archiv/jenkins/geerlingguy.jenkins/tasks/plugins.yml
Normal file
63
Archiv/jenkins/geerlingguy.jenkins/tasks/plugins.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
# jenkins_plugin module doesn't support password files.
|
||||||
|
- name: Get Jenkins admin password from file.
|
||||||
|
slurp:
|
||||||
|
src: "{{ jenkins_admin_password_file }}"
|
||||||
|
register: adminpasswordfile
|
||||||
|
no_log: true
|
||||||
|
when: jenkins_admin_password_file | default(false)
|
||||||
|
tags: ['skip_ansible_lint']
|
||||||
|
|
||||||
|
- name: Set Jenkins admin password fact.
|
||||||
|
set_fact:
|
||||||
|
jenkins_admin_password: "{{ adminpasswordfile['stdout'] | default(jenkins_admin_password) }}"
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
# Update Jenkins so that plugin updates don't fail.
|
||||||
|
- name: Create Jenkins updates directory.
|
||||||
|
file:
|
||||||
|
path: "{{ jenkins_home }}/updates"
|
||||||
|
state: directory
|
||||||
|
owner: jenkins
|
||||||
|
group: jenkins
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Download current plugin updates from Jenkins update site.
|
||||||
|
get_url:
|
||||||
|
url: "{{ jenkins_updates_url }}/update-center.json"
|
||||||
|
dest: "{{ jenkins_home }}/updates/default.json"
|
||||||
|
owner: jenkins
|
||||||
|
group: jenkins
|
||||||
|
mode: 0440
|
||||||
|
changed_when: false
|
||||||
|
register: get_result
|
||||||
|
until: get_result is success
|
||||||
|
retries: 3
|
||||||
|
delay: 2
|
||||||
|
|
||||||
|
- name: Remove first and last line from json file.
|
||||||
|
replace: # noqa 208
|
||||||
|
path: "{{ jenkins_home }}/updates/default.json"
|
||||||
|
regexp: "1d;$d"
|
||||||
|
|
||||||
|
- name: Install Jenkins plugins using password.
|
||||||
|
jenkins_plugin:
|
||||||
|
name: "{{ item.name | default(item) }}"
|
||||||
|
version: "{{ item.version | default(omit) }}"
|
||||||
|
jenkins_home: "{{ jenkins_home }}"
|
||||||
|
url_username: "{{ jenkins_admin_username }}"
|
||||||
|
url_password: "{{ jenkins_admin_password }}"
|
||||||
|
state: "{{ 'present' if item.version is defined else jenkins_plugins_state }}"
|
||||||
|
timeout: "{{ jenkins_plugin_timeout }}"
|
||||||
|
updates_expiration: "{{ jenkins_plugin_updates_expiration }}"
|
||||||
|
updates_url: "{{ jenkins_updates_url }}"
|
||||||
|
url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}"
|
||||||
|
with_dependencies: "{{ jenkins_plugins_install_dependencies }}"
|
||||||
|
with_items: "{{ jenkins_plugins }}"
|
||||||
|
when: jenkins_admin_password | default(false)
|
||||||
|
notify: restart jenkins
|
||||||
|
tags: ['skip_ansible_lint']
|
||||||
|
register: plugin_result
|
||||||
|
until: plugin_result is success
|
||||||
|
retries: 3
|
||||||
|
delay: 2
|
86
Archiv/jenkins/geerlingguy.jenkins/tasks/settings.yml
Normal file
86
Archiv/jenkins/geerlingguy.jenkins/tasks/settings.yml
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
---
|
||||||
|
- name: Check if jenkins_init_file exists.
|
||||||
|
stat:
|
||||||
|
path: "{{ jenkins_init_file }}"
|
||||||
|
register: jenkins_init_file_stat
|
||||||
|
|
||||||
|
- name: Ensure jenkins_init_file exists.
|
||||||
|
file:
|
||||||
|
path: "{{ jenkins_init_file }}"
|
||||||
|
state: touch
|
||||||
|
mode: 0644
|
||||||
|
when: not jenkins_init_file_stat.stat.exists
|
||||||
|
|
||||||
|
- name: Modify variables in init file.
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ jenkins_init_file }}"
|
||||||
|
insertafter: '^{{ item.option }}='
|
||||||
|
regexp: '^{{ item.option }}=\"\${{ item.option }} '
|
||||||
|
line: '{{ item.option }}="${{ item.option }} {{ item.value }}"'
|
||||||
|
state: present
|
||||||
|
mode: 0644
|
||||||
|
with_items: "{{ jenkins_init_changes }}"
|
||||||
|
register: jenkins_init_prefix
|
||||||
|
|
||||||
|
- name: Ensure jenkins_home {{ jenkins_home }} exists.
|
||||||
|
file:
|
||||||
|
path: "{{ jenkins_home }}"
|
||||||
|
state: directory
|
||||||
|
owner: jenkins
|
||||||
|
group: jenkins
|
||||||
|
mode: u+rwx
|
||||||
|
follow: true
|
||||||
|
|
||||||
|
- name: Set the Jenkins home directory.
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ jenkins_init_file }}"
|
||||||
|
regexp: '^JENKINS_HOME=.*'
|
||||||
|
line: 'JENKINS_HOME={{ jenkins_home }}'
|
||||||
|
mode: 0644
|
||||||
|
register: jenkins_home_config
|
||||||
|
|
||||||
|
- name: Immediately restart Jenkins on init config changes.
|
||||||
|
service: name=jenkins state=restarted
|
||||||
|
when: jenkins_init_prefix.changed
|
||||||
|
tags: ['skip_ansible_lint']
|
||||||
|
|
||||||
|
- name: Set HTTP port in Jenkins config.
|
||||||
|
lineinfile:
|
||||||
|
backrefs: true
|
||||||
|
dest: "{{ jenkins_init_file }}"
|
||||||
|
regexp: '^{{ jenkins_http_port_param }}='
|
||||||
|
line: '{{ jenkins_http_port_param }}={{ jenkins_http_port }}'
|
||||||
|
mode: 0644
|
||||||
|
register: jenkins_http_config
|
||||||
|
|
||||||
|
- name: Create custom init scripts directory.
|
||||||
|
file:
|
||||||
|
path: "{{ jenkins_home }}/init.groovy.d"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ jenkins_process_user }}"
|
||||||
|
group: "{{ jenkins_process_group }}"
|
||||||
|
mode: 0775
|
||||||
|
|
||||||
|
- name: Configure proxy config for Jenkins
|
||||||
|
template:
|
||||||
|
src: proxy.xml
|
||||||
|
dest: "{{ jenkins_home }}/proxy.xml"
|
||||||
|
owner: "{{ jenkins_process_user }}"
|
||||||
|
group: "{{ jenkins_process_group }}"
|
||||||
|
mode: 0664
|
||||||
|
register: jenkins_proxy_config
|
||||||
|
when:
|
||||||
|
- jenkins_proxy_host | length > 0
|
||||||
|
- jenkins_proxy_port | length > 0
|
||||||
|
|
||||||
|
- name: Trigger handlers immediately in case Jenkins was installed
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Immediately restart Jenkins on http or user changes.
|
||||||
|
service: name=jenkins state=restarted
|
||||||
|
when: >
|
||||||
|
(jenkins_users_config is defined and jenkins_users_config.changed)
|
||||||
|
or (jenkins_http_config is defined and jenkins_http_config.changed)
|
||||||
|
or (jenkins_home_config is defined and jenkins_home_config.changed)
|
||||||
|
or (jenkins_proxy_config is defined and jenkins_proxy_config.changed)
|
||||||
|
tags: ['skip_ansible_lint']
|
46
Archiv/jenkins/geerlingguy.jenkins/tasks/setup-Debian.yml
Normal file
46
Archiv/jenkins/geerlingguy.jenkins/tasks/setup-Debian.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
- name: Ensure dependencies are installed.
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- curl
|
||||||
|
- apt-transport-https
|
||||||
|
- gnupg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add Jenkins apt repository key.
|
||||||
|
apt_key:
|
||||||
|
url: "{{ jenkins_repo_key_url }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add Jenkins apt repository.
|
||||||
|
apt_repository:
|
||||||
|
repo: "{{ jenkins_repo_url }}"
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
when: jenkins_repo_url | default(false)
|
||||||
|
tags: ['skip_ansible_lint']
|
||||||
|
|
||||||
|
- name: Download specific Jenkins version.
|
||||||
|
get_url:
|
||||||
|
url: "{{ jenkins_pkg_url }}/jenkins_{{ jenkins_version }}_all.deb"
|
||||||
|
dest: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
|
||||||
|
when: jenkins_version is defined
|
||||||
|
|
||||||
|
- name: Check if we downloaded a specific version of Jenkins.
|
||||||
|
stat:
|
||||||
|
path: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
|
||||||
|
register: specific_version
|
||||||
|
when: jenkins_version is defined
|
||||||
|
|
||||||
|
- name: Install our specific version of Jenkins.
|
||||||
|
apt:
|
||||||
|
deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb"
|
||||||
|
state: present
|
||||||
|
when: jenkins_version is defined and specific_version.stat.exists
|
||||||
|
notify: configure default users
|
||||||
|
|
||||||
|
- name: Ensure Jenkins is installed.
|
||||||
|
apt:
|
||||||
|
name: jenkins
|
||||||
|
state: "{{ jenkins_package_state }}"
|
||||||
|
notify: configure default users
|
45
Archiv/jenkins/geerlingguy.jenkins/tasks/setup-RedHat.yml
Normal file
45
Archiv/jenkins/geerlingguy.jenkins/tasks/setup-RedHat.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
- name: Ensure dependencies are installed.
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- curl
|
||||||
|
- initscripts
|
||||||
|
- "{{ 'libselinux-python' if ansible_python['version']['major'] < 3 else 'python3-libselinux' }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure Jenkins repo is installed.
|
||||||
|
get_url:
|
||||||
|
url: "{{ jenkins_repo_url }}"
|
||||||
|
dest: /etc/yum.repos.d/jenkins.repo
|
||||||
|
when: jenkins_repo_url | default(false)
|
||||||
|
|
||||||
|
- name: Add Jenkins repo GPG key.
|
||||||
|
rpm_key:
|
||||||
|
state: present
|
||||||
|
key: "{{ jenkins_repo_key_url }}"
|
||||||
|
when: jenkins_repo_url | default(false)
|
||||||
|
|
||||||
|
- name: Download specific Jenkins version.
|
||||||
|
get_url:
|
||||||
|
url: "{{ jenkins_pkg_url }}/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
|
||||||
|
dest: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
|
||||||
|
when: jenkins_version is defined
|
||||||
|
|
||||||
|
- name: Check if we downloaded a specific version of Jenkins.
|
||||||
|
stat:
|
||||||
|
path: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
|
||||||
|
register: specific_version
|
||||||
|
when: jenkins_version is defined
|
||||||
|
|
||||||
|
- name: Install our specific version of Jenkins.
|
||||||
|
package:
|
||||||
|
name: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm"
|
||||||
|
state: present
|
||||||
|
when: jenkins_version is defined and specific_version.stat.exists
|
||||||
|
notify: configure default users
|
||||||
|
|
||||||
|
- name: Ensure Jenkins is installed.
|
||||||
|
package:
|
||||||
|
name: jenkins
|
||||||
|
state: "{{ jenkins_package_state }}"
|
||||||
|
notify: configure default users
|
|
@ -0,0 +1,28 @@
|
||||||
|
#!groovy
|
||||||
|
import hudson.security.*
|
||||||
|
import jenkins.model.*
|
||||||
|
|
||||||
|
def instance = Jenkins.getInstance()
|
||||||
|
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
|
||||||
|
def users = hudsonRealm.getAllUsers()
|
||||||
|
users_s = users.collect { it.toString() }
|
||||||
|
|
||||||
|
// Create the admin user account if it doesn't already exist.
|
||||||
|
if ("{{ jenkins_admin_username }}" in users_s) {
|
||||||
|
println "Admin user already exists - updating password"
|
||||||
|
|
||||||
|
def user = hudson.model.User.get('{{ jenkins_admin_username }}');
|
||||||
|
def password = hudson.security.HudsonPrivateSecurityRealm.Details.fromPlainPassword('{{ jenkins_admin_password }}')
|
||||||
|
user.addProperty(password)
|
||||||
|
user.save()
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
println "--> creating local admin user"
|
||||||
|
|
||||||
|
hudsonRealm.createAccount('{{ jenkins_admin_username }}', '{{ jenkins_admin_password }}')
|
||||||
|
instance.setSecurityRealm(hudsonRealm)
|
||||||
|
|
||||||
|
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
|
||||||
|
instance.setAuthorizationStrategy(strategy)
|
||||||
|
instance.save()
|
||||||
|
}
|
7
Archiv/jenkins/geerlingguy.jenkins/templates/proxy.xml
Normal file
7
Archiv/jenkins/geerlingguy.jenkins/templates/proxy.xml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
<proxy>
|
||||||
|
<name>{{ jenkins_proxy_host }}</name>
|
||||||
|
<port>{{ jenkins_proxy_port}}</port>
|
||||||
|
<noProxyHost>{{ jenkins_proxy_noproxy | join(',') }}</noProxyHost>
|
||||||
|
<secretPassword></secretPassword>
|
||||||
|
</proxy>
|
7
Archiv/jenkins/geerlingguy.jenkins/vars/Debian.yml
Normal file
7
Archiv/jenkins/geerlingguy.jenkins/vars/Debian.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
__jenkins_repo_url: deb https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }} binary/
|
||||||
|
__jenkins_repo_key_url: https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
|
||||||
|
__jenkins_pkg_url: https://pkg.jenkins.io/debian/binary
|
||||||
|
jenkins_init_file: /etc/default/jenkins
|
||||||
|
jenkins_http_port_param: HTTP_PORT
|
||||||
|
jenkins_java_options_env_var: JAVA_ARGS
|
7
Archiv/jenkins/geerlingguy.jenkins/vars/RedHat.yml
Normal file
7
Archiv/jenkins/geerlingguy.jenkins/vars/RedHat.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
__jenkins_repo_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.repo
|
||||||
|
__jenkins_repo_key_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key
|
||||||
|
__jenkins_pkg_url: https://pkg.jenkins.io/redhat
|
||||||
|
jenkins_init_file: /etc/sysconfig/jenkins
|
||||||
|
jenkins_http_port_param: JENKINS_PORT
|
||||||
|
jenkins_java_options_env_var: JENKINS_JAVA_OPTIONS
|
|
@ -4,6 +4,7 @@
|
||||||
- mg
|
- mg
|
||||||
- root
|
- root
|
||||||
- ansible-user
|
- ansible-user
|
||||||
|
- git
|
||||||
### geerlingguy.pip
|
### geerlingguy.pip
|
||||||
pip_package: python3-pip
|
pip_package: python3-pip
|
||||||
pip_install_packages:
|
pip_install_packages:
|
||||||
|
|
16
inventory
16
inventory
|
@ -15,11 +15,6 @@ all:
|
||||||
fileserver2.grote.lan:
|
fileserver2.grote.lan:
|
||||||
fileserver-staging.grote.lan:
|
fileserver-staging.grote.lan:
|
||||||
fileserver-test.grote.lan:
|
fileserver-test.grote.lan:
|
||||||
jenkins:
|
|
||||||
hosts:
|
|
||||||
jenkins.grote.lan:
|
|
||||||
jenkins-staging.grote.lan:
|
|
||||||
jenkins-test.grote.lan:
|
|
||||||
dns:
|
dns:
|
||||||
hosts:
|
hosts:
|
||||||
pi.hole:
|
pi.hole:
|
||||||
|
@ -49,11 +44,6 @@ all:
|
||||||
pve-staging.grote.lan:
|
pve-staging.grote.lan:
|
||||||
pve-test.grote.lan:
|
pve-test.grote.lan:
|
||||||
pve2.grote.lan:
|
pve2.grote.lan:
|
||||||
gitea:
|
|
||||||
hosts:
|
|
||||||
gitea-staging.grote.lan:
|
|
||||||
gitea-test.grote.lan:
|
|
||||||
gitea.grote.lan:
|
|
||||||
gitlab:
|
gitlab:
|
||||||
hosts:
|
hosts:
|
||||||
gitlab-staging.grote.lan:
|
gitlab-staging.grote.lan:
|
||||||
|
@ -86,8 +76,6 @@ all:
|
||||||
ansible.grote.lan:
|
ansible.grote.lan:
|
||||||
docker.grote.lan:
|
docker.grote.lan:
|
||||||
pve2.grote.lan:
|
pve2.grote.lan:
|
||||||
jenkins.grote.lan:
|
|
||||||
gitea.grote.lan:
|
|
||||||
gitlab.grote.lan:
|
gitlab.grote.lan:
|
||||||
gitlab-runner.grote.lan:
|
gitlab-runner.grote.lan:
|
||||||
staging:
|
staging:
|
||||||
|
@ -100,8 +88,6 @@ all:
|
||||||
ansible-staging.grote.lan:
|
ansible-staging.grote.lan:
|
||||||
docker-staging.grote.lan:
|
docker-staging.grote.lan:
|
||||||
pve-staging.grote.lan:
|
pve-staging.grote.lan:
|
||||||
jenkins-staging.grote.lan:
|
|
||||||
gitea-staging.grote.lan:
|
|
||||||
gitlab-staging.grote.lan:
|
gitlab-staging.grote.lan:
|
||||||
gitlab-runner-staging.grote.lan:
|
gitlab-runner-staging.grote.lan:
|
||||||
test:
|
test:
|
||||||
|
@ -116,7 +102,5 @@ all:
|
||||||
vm-test.grote.lan:
|
vm-test.grote.lan:
|
||||||
lxc-test2.grote.lan:
|
lxc-test2.grote.lan:
|
||||||
pve-test.grote.lan:
|
pve-test.grote.lan:
|
||||||
jenkins-test.grote.lan:
|
|
||||||
gitea-test.grote.lan:
|
|
||||||
gitlab-test.grote.lan:
|
gitlab-test.grote.lan:
|
||||||
gitlab-runner-test.grote.lan:
|
gitlab-runner-test.grote.lan:
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Subproject commit 43ce4e4608030dd35fbeda0865d779a43e6d9cdb
|
|
|
@ -1 +0,0 @@
|
||||||
Subproject commit aa754936773ead0a0f2729ad140814f9e262cffb
|
|
Loading…
Reference in a new issue