drone: allow Webhook + Feintuning (#393)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#393

.ansible-lint

@@ -1,4 +1,3 @@
-
 exclude_paths:
   - roles/riemers.gitlab-runner/
 

.drone.yml

@@ -0,0 +1,18 @@
+---
+kind: pipeline
+type: docker
+name: default
+
+steps:
+  - name: run gitleaks
+    image: plugins/gitleaks
+    settings:
+      path: .
+
+  - name: lint
+    image: pipelinecomponents/ansible-lint
+    environment:
+      http_proxy: http://acng.grote.lan:9999
+      DEBIAN_FRONTEND: noninteractive
+    commands:
+      - ansible-lint --show-relpath  .

.github/workflows/ansible-lint.yml

@@ -1,55 +0,0 @@
-name: Ansible Lint  # feel free to pick your own name
-
-on: [pull_request]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    # Important: This sets up your GITHUB_WORKSPACE environment variable
-    - uses: actions/checkout@v2
-
-    - name: Lint Ansible Playbook
-      # replace "master" with any valid ref
-      uses: ansible/ansible-lint-action@master
-      with:
-        # [required]
-        # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
-        # or valid Ansible directories according to the Ansible role
-        # directory structure.
-        # If you want to lint multiple ansible files, use the following syntax
-        # targets: |
-        #   playbook_1.yml
-        #   playbook_2.yml
-        targets: ""
-        # [optional]
-        # Arguments to override a package and its version to be set explicitly.
-        # Must follow the example syntax.
-        override-deps: |
-          ansible==2.10
-          ansible-lint==4.3.5
-        # [optional]
-        # Arguments to be passed to the ansible-lint
-
-        # Options:
-        #   -q                    quieter, although not silent output
-        #   -p                    parseable output in the format of pep8
-        #   --parseable-severity  parseable output including severity of rule
-        #   -r RULESDIR           specify one or more rules directories using one or
-        #                         more -r arguments. Any -r flags override the default
-        #                         rules in ansiblelint/rules, unless -R is also used.
-        #   -R                    Use default rules in ansiblelint/rules in addition to
-        #                         any extra
-        #                         rules directories specified with -r. There is no need
-        #                         to specify this if no -r flags are used
-        #   -t TAGS               only check rules whose id/tags match these values
-        #   -x SKIP_LIST          only check rules whose id/tags do not match these
-        #                         values
-        #   --nocolor             disable colored output
-        #   --exclude=EXCLUDE_PATHS
-        #                         path to directories or files to skip. This option is
-        #                         repeatable.
-        #   -c C                  Specify configuration file to use. Defaults to ".ansible-lint"
-        args: ""

.github/workflows/bash_lint.yml

@@ -1,15 +0,0 @@
-name: bash-lint
-on: [pull_request]
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Run Shellcheck
-        uses: azohra/shell-linter@latest
-        with:
-          path: "/github/workspace/*.sh"
-
-# https://github.com/azohra/shell-linter

README.md

@@ -1,4 +1,6 @@
 # ansible_heimserver
 
+[![Build Status](http://docker9.grote.lan/api/badges/mg/ansible/status.svg)](http://docker9.grote.lan/mg/ansible)
+
 ## example-cli
 `ansible-playbook playbooks/base/0_master.yml  -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan`

group_vars/gitea.yml

@@ -39,6 +39,7 @@
       comment: 'munin'
       from_ip: 192.168.2.144/24
   ### tmaurice.gitea
+  # config liegt in /etc/gitea/gitea.ini
   gitea_version: "1.16.9"
   gitea_app_name: "Gitea"
   gitea_user: "gitea"
@@ -59,7 +60,6 @@
   gitea_force_private: false
   gitea_oauth2_enabled: true
   gitea_repo_indexer_enabled: true
-  gitea_extra_config: ""
   gitea_backup_on_upgrade: true
 
   gitea_mailer_enabled: true
@@ -93,6 +93,12 @@
   gitea_fail2ban_jail_maxretry: 3
   gitea_fail2ban_jail_findtime: 300
   gitea_fail2ban_jail_bantime: 600
+
+  # wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
+  gitea_extra_config: |
+                    [webhook]
+                    ALLOWED_HOST_LIST = *
+
   ### mgrote.munin-node
   munin_node_plugins:
     - name: timesync

host_vars/docker9.grote.lan.yml

@@ -12,6 +12,17 @@
          filesystem: xfs
          mount: true
          mntp: /drone
+   - vgname: vg_docker
+     disks:
+       - /dev/sdc
+     create: true
+     lvnames:
+       - lvname: lv_docker
+         size: +100%FREE
+         create: true
+         filesystem: xfs
+         mount: true
+         mntp: /var/lib/docker
   manage_lvm: true
   pvresize_to_max: true
   ### mgrote.restic
@@ -49,7 +60,7 @@
       src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
       config: |
         [http_response]
-        env.sites http://drone.grote.lan
+        env.sites http://docker9.grote.lan
         env.max_time 20
         env.short_label true
         env.follow_redirect true