drone: allow Webhook + Feintuning (#393)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#393
This commit is contained in:
Michael Grote 2022-07-23 10:59:46 +02:00
parent d62680a98d
commit 9ea7b881fc
7 changed files with 39 additions and 73 deletions

View file

@ -1,4 +1,3 @@
exclude_paths: exclude_paths:
- roles/riemers.gitlab-runner/ - roles/riemers.gitlab-runner/

18
.drone.yml Normal file
View file

@ -0,0 +1,18 @@
---
kind: pipeline
type: docker
name: default
steps:
- name: run gitleaks
image: plugins/gitleaks
settings:
path: .
- name: lint
image: pipelinecomponents/ansible-lint
environment:
http_proxy: http://acng.grote.lan:9999
DEBIAN_FRONTEND: noninteractive
commands:
- ansible-lint --show-relpath .

View file

@ -1,55 +0,0 @@
name: Ansible Lint # feel free to pick your own name
on: [pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
# Important: This sets up your GITHUB_WORKSPACE environment variable
- uses: actions/checkout@v2
- name: Lint Ansible Playbook
# replace "master" with any valid ref
uses: ansible/ansible-lint-action@master
with:
# [required]
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
# or valid Ansible directories according to the Ansible role
# directory structure.
# If you want to lint multiple ansible files, use the following syntax
# targets: |
# playbook_1.yml
# playbook_2.yml
targets: ""
# [optional]
# Arguments to override a package and its version to be set explicitly.
# Must follow the example syntax.
override-deps: |
ansible==2.10
ansible-lint==4.3.5
# [optional]
# Arguments to be passed to the ansible-lint
# Options:
# -q quieter, although not silent output
# -p parseable output in the format of pep8
# --parseable-severity parseable output including severity of rule
# -r RULESDIR specify one or more rules directories using one or
# more -r arguments. Any -r flags override the default
# rules in ansiblelint/rules, unless -R is also used.
# -R Use default rules in ansiblelint/rules in addition to
# any extra
# rules directories specified with -r. There is no need
# to specify this if no -r flags are used
# -t TAGS only check rules whose id/tags match these values
# -x SKIP_LIST only check rules whose id/tags do not match these
# values
# --nocolor disable colored output
# --exclude=EXCLUDE_PATHS
# path to directories or files to skip. This option is
# repeatable.
# -c C Specify configuration file to use. Defaults to ".ansible-lint"
args: ""

View file

@ -1,15 +0,0 @@
name: bash-lint
on: [pull_request]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run Shellcheck
uses: azohra/shell-linter@latest
with:
path: "/github/workspace/*.sh"
# https://github.com/azohra/shell-linter

View file

@ -1,4 +1,6 @@
# ansible_heimserver # ansible_heimserver
[![Build Status](http://docker9.grote.lan/api/badges/mg/ansible/status.svg)](http://docker9.grote.lan/mg/ansible)
## example-cli ## example-cli
`ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan` `ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan`

View file

@ -39,6 +39,7 @@
comment: 'munin' comment: 'munin'
from_ip: 192.168.2.144/24 from_ip: 192.168.2.144/24
### tmaurice.gitea ### tmaurice.gitea
# config liegt in /etc/gitea/gitea.ini
gitea_version: "1.16.9" gitea_version: "1.16.9"
gitea_app_name: "Gitea" gitea_app_name: "Gitea"
gitea_user: "gitea" gitea_user: "gitea"
@ -59,7 +60,6 @@
gitea_force_private: false gitea_force_private: false
gitea_oauth2_enabled: true gitea_oauth2_enabled: true
gitea_repo_indexer_enabled: true gitea_repo_indexer_enabled: true
gitea_extra_config: ""
gitea_backup_on_upgrade: true gitea_backup_on_upgrade: true
gitea_mailer_enabled: true gitea_mailer_enabled: true
@ -93,6 +93,12 @@
gitea_fail2ban_jail_maxretry: 3 gitea_fail2ban_jail_maxretry: 3
gitea_fail2ban_jail_findtime: 300 gitea_fail2ban_jail_findtime: 300
gitea_fail2ban_jail_bantime: 600 gitea_fail2ban_jail_bantime: 600
# wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
gitea_extra_config: |
[webhook]
ALLOWED_HOST_LIST = *
### mgrote.munin-node ### mgrote.munin-node
munin_node_plugins: munin_node_plugins:
- name: timesync - name: timesync

View file

@ -12,6 +12,17 @@
filesystem: xfs filesystem: xfs
mount: true mount: true
mntp: /drone mntp: /drone
- vgname: vg_docker
disks:
- /dev/sdc
create: true
lvnames:
- lvname: lv_docker
size: +100%FREE
create: true
filesystem: xfs
mount: true
mntp: /var/lib/docker
manage_lvm: true manage_lvm: true
pvresize_to_max: true pvresize_to_max: true
### mgrote.restic ### mgrote.restic
@ -49,7 +60,7 @@
src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response src: https://git.mgrote.net/mg/mirror-munin-contrib/raw/branch/master/plugins/http/http_response
config: | config: |
[http_response] [http_response]
env.sites http://drone.grote.lan env.sites http://docker9.grote.lan
env.max_time 20 env.max_time 20
env.short_label true env.short_label true
env.follow_redirect true env.follow_redirect true