diff --git a/.gitmodules b/.gitmodules index 44ce4ad3..4b74b94f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -37,3 +37,6 @@ [submodule "roles/tmaurice.gitea"] path = roles/tmaurice.gitea url = https://github.com/thomas-maurice/ansible-role-gitea +[submodule "roles/geerlingguy.gitlab"] + path = roles/geerlingguy.gitlab + url = https://github.com/geerlingguy/ansible-role-gitlab diff --git a/group_vars/all.yml b/group_vars/all.yml index b6afeaa9..610862ff 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,6 +1,6 @@ --- empfaenger_mail: michael.grote@posteo.de - ### mgrote.postfix + ### mgrote.postfix / werden auch bei gitlab verwendet postfix_absender_mailadresse: info@mgrote.net postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" postfix_erlaubte_netzwerke: "127.0.0.0/8 192.168.2.0/24" diff --git a/group_vars/gitlab.yml b/group_vars/gitlab.yml new file mode 100644 index 00000000..91ad2417 --- /dev/null +++ b/group_vars/gitlab.yml @@ -0,0 +1,43 @@ +--- + ### geerlingguy.gitlab + # nicht alle gitlab Einstellungen lassen sich als Variable festlegen! + gitlab_domain: gitlab.grote.lan + gitlab_external_url: "http://git.mgrote.net" + gitlab_edition: "gitlab-ce" + gitlab_nginx_listen_https: "false" + gitlab_redirect_http_to_https: "false" + gitlab_create_self_signed_cert: "false" + gitlab_smtp_enable: "true" + gitlab_smtp_address: "smtp.strato.de" + gitlab_smtp_port: "465" + gitlab_smtp_user_name: "info@mgrote.net" + gitlab_smtp_password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" + gitlab_smtp_domain: "mgrote.net" + gitlab_smtp_authentication: "login" + gitlab_smtp_enable_starttls_auto: "false" + gitlab_smtp_tls: "true" + gitlab_email_enabled: "true" + gitlab_email_from: "noreply@mgrote.net" + gitlab_email_display_name: "Gitlab" + gitlab_email_reply_to: "noreply@mgrote.net" +# gitlab_extra_settings: +# - gitlab_rails: +# - key: "trusted_proxies" +# value: "['foo']" + + ### oefenweb.ufw + ufw_rules: + - rule: allow + to_port: 22 + protocol: tcp + comment: 'ssh' + from_ip: 192.168.2.0/24 + - rule: allow + to_port: 80 + protocol: tcp + comment: 'gitlab' + from_ip: 192.168.2.0/24 + + ### mgrote.restic + restic_folders_to_backup: "/usr/local /etc /root /var/lib /home /var/opt/gitlab" + restic_cron_hours: "*/2" diff --git a/inventory b/inventory index 1b7f62f2..a0802baa 100644 --- a/inventory +++ b/inventory @@ -54,6 +54,12 @@ all: gitea-staging.grote.lan: gitea-test.grote.lan: gitea.grote.lan: + gitlab: # immer auch unten in den 2 Gruppen eintragen, sonst schlägt in Bootstrap das verteilen der ssh-keys fehl + hosts: + gitlab-staging.grote.lan: + gitlab-test.grote.lan: + gitlab.grote.lan: + # wsl: # hosts: # irantu.grote.lan: @@ -78,6 +84,7 @@ all: pve2.grote.lan: jenkins.grote.lan: gitea.grote.lan: + gitlab.grote.lan: staging: hosts: wireguard-staging.grote.lan: @@ -90,6 +97,7 @@ all: pve-staging.grote.lan: jenkins-staging.grote.lan: gitea-staging.grote.lan: + gitlab-staging.grote.lan: test: hosts: wireguard-test.grote.lan: @@ -104,3 +112,4 @@ all: pve-test.grote.lan: jenkins-test.grote.lan: gitea-test.grote.lan: + gitlab-test.grote.lan: diff --git a/playbooks/service/gitlab.yml b/playbooks/service/gitlab.yml new file mode 100644 index 00000000..f7cfeeb3 --- /dev/null +++ b/playbooks/service/gitlab.yml @@ -0,0 +1,4 @@ +--- +- hosts: gitlab + roles: + - { role: geerlingguy.gitlab, tags: "gitlab", become: true } diff --git a/roles/geerlingguy.gitlab b/roles/geerlingguy.gitlab new file mode 160000 index 00000000..191ac780 --- /dev/null +++ b/roles/geerlingguy.gitlab @@ -0,0 +1 @@ +Subproject commit 191ac78010c4640587c74eb8b659985644bca00e