ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cleanup and mass update: moving from Harbor to Gitea registries and from Drone to Gitea CI/CD with Gitea Act Runner

Browse Source
This commit is contained in:
ace
2023-06-10 06:20:10 +03:00
parent 1283a554fe
commit a251e593c6
89 changed files with 146 additions and 595 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
inventory/ghp/sample/group_vars/all/all.yaml
View File

@@ -52,7 +52,7 @@ openldap_simple_users:
- { name: testuser2, sn: 6002, uid: 6002, gid: 6002 }
## Harbor ##
harbor_enabled: true
harbor_enabled: false
harbor_publish: false
#harbor_registry_size: "100Gi"
#harbor_registry_storage: "nfs-hdd"
@@ -92,13 +92,11 @@ gitea_publish_web: false
gitea_publish_ssh: false
gitea_loadbalancer_ip: "192.168.250.5"
## Drone ##
drone_enabled: true
#drone_size: "10Gi"
#drone_storage: "nfs-ssd"
#drone_gitea_client_id:
#drone_gitea_client_secret:
drone_publish: false
## Gitea Act Runner ##
gitea_act_runner_enabled: true
gitea_act_runner_token: ""
gitea_act_runner_size: "25Gi"
#gitea_act_runner_storage: "nfs-ssd"
### WikiJS ###
wikijs_enabled: true

15
inventory/ghp/sample/group_vars/all/versions.yaml
View File

@@ -20,8 +20,8 @@ internal_ingress_nginx_version: 4.2.0
local_ingress_nginx_version: 4.2.0
# PostgreSQL operator
postgres_operator_version: 1.9.0
postgres_operator_ui_version: 1.9.0
postgres_operator_version: 1.10.0
postgres_operator_ui_version: 1.10.0
# OpenLDAP
openldap_version: 1.2.7
@@ -32,17 +32,16 @@ adguard_version: 2.3.13
# Bitwarden (aka Vaultwarden)
bitwarden_version: 2.0.20
# Drone
drone_version: 0.6.4
drone_runner_kube_version: 0.1.10
# Gitea
gitea_ingress_nginx_version: 4.2.0
gitea_dns_version: 6.8.1
gitea_version: 8.3.0
# Gitea Act Runner
gitea_act_runner_version: 0.1.0
# Docker and Helm chart registries
harbor_version: 1.10.4
harbor_version: 1.12.2
# Mastodon
mastodon_version: 4.0.0
@@ -60,7 +59,7 @@ rspamd_version: 0.4.3
pypiserver_version: 2.5.0
# WikiJS
wikijs_version: 2.3.10
wikijs_version: 2.3.11
# PeerTube
peertube_version: 0.2.1

5
inventory/ghp/sample/group_vars/ddclient.yaml
View File

@@ -24,19 +24,14 @@ ddclient_conf: |
ddclient_hosts:
- "{% if nextcloud_publish %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if drone_publish %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if gitea_publish_web %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if bitwarden_publish %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if playmaker_publish %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if pypiserver_publish %}{{ pypiserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if wikijs_publish %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if chartmuseum_publish %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if registry_publish %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if peertube_publish %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if mastodon_publish %}{{ mastodon_short_name | default('mastodon') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if harbor_publish %}{{ harbor_short_name | default('harbor') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{% if roundcube_publish %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
- "{{ harbor_readonly_ingress | default('omitme') }}"
- "{{ registry_readonly_ingress | default('omitme') }}"
- "{{ chartmuseum_readonly_ingress | default('omitme') }}"
- "{{ wikijs_readonly_ingress | default('omitme') }}"

1
inventory/ghp/sample/group_vars/k8s/chartmuseum.yaml
View File

@@ -1 +0,0 @@
chartmuseum_values: {}

2
inventory/ghp/sample/group_vars/k8s/drone.yaml
View File

@@ -1,2 +0,0 @@
drone_values: {}
drone_runner_kube_values: {}

1
inventory/ghp/sample/group_vars/k8s/gitea-act-runner.yaml Normal file
View File

@@ -0,0 +1 @@
gitea_act_runner_values: {}

15
inventory/ghp/sample/group_vars/web_proxy.yaml
View File

@@ -60,18 +60,12 @@ nginx:
{% if wikijs_publish %}
{{ wikijs_short_name | default('wikijs') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if drone_publish %}
{{ drone_short_name | default('drone') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if nextcloud_publish %}
{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if harbor_publish %}
{{ harbor_short_name | default('harbor') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if registry_publish %}
{{ registry_short_name | default('registry') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if peertube_publish %}
{{ peertube_short_name | default('peertube') }}.{{ domain }} https_{{ namespace }};
{% endif %}
@@ -81,15 +75,6 @@ nginx:
{% if roundcube_publish %}
{{ roundcube_short_name | default('webmail') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if chartmuseum_publish %}
{{ chartsmuseum_short_name | default('charts') }}.{{ domain }} https_{{ namespace }};
{% endif %}
{% if registry_readonly_ingress %}
{{ registry_readonly_ingress }} https_{{ namespace }};
{% endif %}
{% if chartmuseum_readonly_ingress %}
{{ chartmuseum_readonly_ingress }} https_{{ namespace }};
{% endif %}
{% if wikijs_readonly_ingress %}
{{ wikijs_readonly_ingress }} https_{{ namespace }};
{% endif %}

5
playbooks/ghp/chartmuseum.yaml
View File

@@ -1,5 +0,0 @@
---
- hosts: k8s
connection: local
roles:
- chartmuseum

2
playbooks/ghp/core-infra.yaml
View File

@@ -55,7 +55,7 @@
tags:
- service-dns
- dns
- name: Deploy Cert-manager
import_role:
name: cert-manager

5
playbooks/ghp/drone.yaml
View File

@@ -1,5 +0,0 @@
---
- hosts: k8s
connection: local
roles:
- drone

5
playbooks/ghp/opendkim.yaml
View File

@@ -1,5 +0,0 @@
---
- hosts: k8s
connection: local
roles:
- opendkim

5
playbooks/ghp/opendmarc.yaml
View File

@@ -1,5 +0,0 @@
---
- hosts: k8s
connection: local
roles:
- opendmarc

5
playbooks/ghp/registry.yaml
View File

@@ -1,5 +0,0 @@
---
- hosts: k8s
connection: local
roles:
- registry

17
playbooks/ghp/shared-infra.yaml
View File

@@ -14,20 +14,3 @@
when: openldap_enabled | default(true)
tags: openldap
- name: Deploy Docker registry
import_role:
name: registry
when: registry_enabled | default(false)
tags: registry
- name: Deploy ChartMuseum
import_role:
name: chartmuseum
when: chartmuseum_enabled | default(false)
tags: chartmuseum
- name: Deploy Harbor
import_role:
name: harbor
when: harbor_enabled | default(true)
tags: harbor

8
playbooks/ghp/user-apps.yaml
View File

@@ -26,11 +26,11 @@
when: gitea_enabled | default(true)
tags: gitea
- name: Deploy Drone
- name: Deploy Gitea Act Runner
import_role:
name: drone
when: drone_enabled | default(true)
tags: drone
name: gitea-act-runner
when: gitea_act_runner_enabled | default(true)
tags: gitea-act-runner
- name: Deploy WikiJS
import_role:

1
roles/adguard-home/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
adguard_enabled: false
adguard_publish: false
adguard_chart_ref: "ghp/adguard-home"
adguard_short_name: "adguard"
adguard_default_values:
# upgrade strategy type (e.g. Recreate or RollingUpdate)

2
roles/adguard-home/tasks/main.yaml
View File

@@ -26,7 +26,7 @@
create_namespace: true
release_namespace: "{{ adguard_namespace | default(namespace) }}"
release_name: "{{ adguard_name | default('adguard') }}"
chart_ref: "{{ adguard_chart | default('ghp/adguard-home') }}"
chart_ref: "{{ adguard_chart_ref }}"
chart_version: "{{ adguard_version | default(omit) }}"
release_values: "{{ adguard_combined_values | from_yaml }}"

1
roles/bitwarden/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
bitwarden_enabled: true
bitwarden_publish: false
bitwarden_chart_ref: "ghp/bitwarden"
bitwarden_use_external_db: true
bitwarden_short_name: "bitwarden"
bitwarden_default_values:

2
roles/bitwarden/tasks/main.yaml
View File

@@ -12,7 +12,7 @@
create_namespace: true
release_namespace: "{{ bitwarden_namespace | default(namespace) }}"
release_name: "{{ bitwarden_name | default('bitwarden') }}"
chart_ref: "{{ bitwarden_chart | default('ghp/bitwarden') }}"
chart_ref: "{{ bitwarden_chart_ref }}"
chart_version: "{{ bitwarden_version | default(omit) }}"
release_values: "{{ bitwarden_combined_values | from_yaml }}"
wait: true

3
roles/cert-manager/defaults/main.yaml
View File

@@ -1,4 +1,5 @@
cert_manager_namespace: cert-manager
cert_manager_chart_ref: "jetstack/cert-manager"
cert_manager_namespace: "cert-manager"
lets_encrypt_mailbox: "admin@{{ domain }}"
cert_manager_base64_tsig_key: "{{ k8s_tsig | b64encode }}"
cert_manager_default_values:

2
roles/cert-manager/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ cert_manager_namespace | default('cert-manager') }}"
release_name: "{{ cert_manager_name | default('cert-manager') }}"
chart_ref: "{{ cert_manager_chart | default('jetstack/cert-manager') }}"
chart_ref: "{{ cert_manager_chart_ref }}"
chart_version: "{{ cert_manager_version }}"
release_values: "{{ cert_manager_combined_values | from_yaml | default(omit) }}"
wait: true

83
roles/chartmuseum/defaults/main.yaml
View File

@@ -1,83 +0,0 @@
chartmuseum_enabled: true
chartmuseum_publish: false
chartmuseum_short_name: "charts"
chartmuseum_default_values:
env:
open:
# storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
STORAGE: local
# levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
DEPTH: 0
# sets the base context path
CONTEXT_PATH: /
# show debug messages
DEBUG: false
# output structured logs as json
LOG_JSON: true
# disable use of index-cache.yaml
DISABLE_STATEFILES: false
# disable Prometheus metrics
DISABLE_METRICS: true
# disable all routes prefixed with /api
DISABLE_API: false
# allow chart versions to be re-uploaded
ALLOW_OVERWRITE: true
# allow anonymous GET operations when auth is used
AUTH_ANONYMOUS_GET: true
secret:
# username for basic http authentication
BASIC_AUTH_USER: "{{ chartmuseum_admin_login | default('admin') }}"
# password for basic http authentication
BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass | default(chartmuseum_admin_password) }}"
persistence:
enabled: true
accessMode: "{{ chartmuseum_storage_mode | default('ReadWriteMany') }}"
size: "{{ chartmuseum_size | default('10Gi') }}"
labels: {}
path: /storage
storageClass: "{{ chartmuseum_storage | default('nfs-hdd') }}"
## Ingress for load balancer
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
hosts:
- name: "{{ chartmuseum_short_name }}.{{ domain }}"
path: /
tls: true
tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls"
chartmuseum_readonly_ingress_definition: |
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/configuration-snippet: |-
limit_except GET {
deny all;
}
name: chartmuseum-public
namespace: "{{ chartmuseum_namespace | default(namespace) }}"
spec:
rules:
- host: "{{ chartmuseum_readonly_ingress }}"
http:
paths:
- backend:
serviceName: chartmuseum-chartmuseum
servicePort: 8080
path: /
tls:
- hosts:
- "{{ chartmuseum_readonly_ingress }}"
secretName: "{{ chartmuseum_readonly_ingress }}-tls"

20
roles/chartmuseum/tasks/main.yaml
View File

@@ -1,20 +0,0 @@
- set_fact:
chartmuseum_combined_values: "{{ chartmuseum_default_values | combine(chartmuseum_values, recursive=true) }}"
- name: Deploy ChartMuseum
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ chartmuseum_namespace | default(namespace) }}"
release_name: "{{ chartmuseum_name | default('chartmuseum') }}"
chart_ref: "{{ chartmuseum_chart | default('ghp/chartmuseum') }}"
chart_version: "{{ chartmuseum_version | default(omit) }}"
release_values: "{{ chartmuseum_combined_values | from_yaml }}"
wait: true
- name: Deploy readonly public ingress for ChartMuseum
when: chartmuseum_readonly_ingress is defined
k8s:
state: present
definition:
"{{ chartmuseum_readonly_ingress_definition }}"

7
roles/ddclient/defaults/main.yml
View File

@@ -5,22 +5,17 @@ ddclient_namespace: "{{ namespace | default('ddclient') }}"
ddclient_container_name: "{{ ddclient_namespace }}-ddclient"
ddclient_container_registry: "{{ container_registry | default(docker_registry) | default('registry.geekhome.org/ghp') }}"
ddclient_image_name: "ddclient"
ddclient_image_tag: "v3.9.1-ls45"
ddclient_image_tag: "3.9.1-1"
ddclient_systemd_unit_name: "{{ ddclient_container_name }}-container.service"
harbor_readonly_ingress: false
registry_readonly_ingress: false
wikijs_readonly_ingress: false
chartmuseum_readonly_ingress: false
registry_publish: false
chartmuseum_publish: false
harbor_publish: false
roundcube_publish: false
nextcloud_publish: false
bitwarden_publish: false
gitea_publish_web: false
gitea_publish_ssh: false
drone_publish: false
wikijs_publish: false
playmaker_publish: false
pypiserver_publish: false

1
roles/dovecot/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
dovecot_chart_ref: "ghp/dovecot"
dovecot_short_name: "dovecot"
dovecot_default_values:
replicaCount: 1

2
roles/dovecot/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ dovecot_namespace | default(mail_namespace) | default(namespace) }}"
release_name: "{{ dovecot_name | default('dovecot') }}"
chart_ref: "{{ dovecot_chart | default('ghp/dovecot') }}"
chart_ref: "{{ dovecot_chart_ref }}"
chart_version: "{{ dovecot_version | default(omit) }}"
release_values: "{{ dovecot_combined_values | from_yaml }}"
wait: true

50
roles/drone/defaults/main.yaml
View File

@@ -1,50 +0,0 @@
drone_enabled: true
drone_publish: false
drone_use_external_db: true
drone_short_name: "drone"
drone_default_values:
service:
type: ClusterIP
port: 80
ingress:
enabled: true
className: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: "{{ drone_short_name }}.{{ domain }}"
paths:
- path: /
pathType: Prefix
tls:
- secretName: "{{ drone_short_name }}.{{ domain }}-tls"
hosts:
- "{{ drone_short_name }}.{{ domain }}"
persistentVolume:
enabled: true
accessModes:
- "{{ drone_storage_mode | default('ReadWriteMany') }}"
mountPath: /data
size: "{{ drone_size | default('8Gi') }}"
storageClass: "{{ drone_storage | default('nfs-ssd') }}"
env:
DRONE_SERVER_HOST: "{{ drone_short_name }}.{{ domain }}"
DRONE_SERVER_PROTO: https
DRONE_RPC_SECRET: "{{ drone_rpc_secret | default(omit) }}"
DRONE_DATABASE_DRIVER: "postgres"
DRONE_DATABASE_DATASOURCE: "postgres://{{ drone_db_username }}:{{ drone_db_password }}@{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432/drone?sslmode=disable"
DRONE_DATABASE_SECRET: "{{ drone_database_secret | default(omit) }}"
DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id | default(omit) }}"
DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret | default(omit) }}"
DRONE_GITEA_SERVER: "https://{{ gitea_short_name | default('gitea') }}.{{ domain }}"
drone_runner_kube_default_values:
rbac:
buildNamespaces:
- "{{ drone_namespace | default(namespace) }}"
env:
DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
DRONE_RPC_HOST: "{{ drone_short_name }}.{{ domain }}"
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: "{{ drone_namespace | default(namespace) }}"

31
roles/drone/tasks/main.yaml
View File

@@ -1,31 +0,0 @@
- name: Import secret.yaml to obtain secrets
include_tasks: secrets.yaml
when:
- drone_use_external_db
- postgres_enabled is defined and postgres_enabled
- set_fact:
drone_combined_values: "{{ drone_default_values | combine(drone_values, recursive=true) }}"
- set_fact:
drone_runner_kube_combined_values: "{{ drone_runner_kube_default_values | combine(drone_runner_kube_values, recursive=true) }}"
- name: Deploy Drone Server
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ drone_namespace | default(namespace) }}"
release_name: "{{ drone_name | default('drone') }}"
chart_ref: "{{ drone_chart | default('drone/drone') }}"
chart_version: "{{ drone_version | default(omit) }}"
release_values: "{{ drone_combined_values | from_yaml }}"
wait: true
- name: Deploy Drone Runner Kube
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ drone_runner_kube_namespace | default(namespace) }}"
release_name: "{{ drone_runner_kube_name | default('drone-runner-kube') }}"
chart_ref: "{{ drone_runner_kube_chart | default('drone/drone-runner-kube') }}"
chart_version: "{{ drone_runner_kube_version | default(omit) }}"
release_values: "{{ drone_runner_kube_combined_values | from_yaml }}"
wait: true

25
roles/drone/tasks/secrets.yaml
View File

@@ -1,25 +0,0 @@
- block:
- name: Set DB namespace for secret lookup
set_fact:
db_namespace: "{{ drone_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
- name: Set DB secret name for lookup
set_fact:
db_secret_name: "drone.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
- name: Lookup Drone DB secret
set_fact:
drone_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
- debug:
msg: "{{ drone_db_secret }}"
verbosity: 2
- name: Set Drone DB username
set_fact:
drone_db_username: "{{ drone_db_secret.data.username | b64decode }}"
- name: Set Drone DB password
set_fact:
drone_db_password: "{{ drone_db_secret.data.password | b64decode }}"

5
roles/external-dns/defaults/main.yaml
View File

@@ -1,8 +1,5 @@
external_dns_chart_ref: "ghp/external-dns"
external_dns_default_values:
image:
registry: registry.0xace.cc
repository: ghp/external-dns
tag: v0.7.6-663-gf76382a5
fullnameOverride: "{{ external_dns_name | default(namespace + '-external-dns') }}"
ingressClass: "{{ external_ingress_class }}"
domainFilters: ["{{ external_domain | default(domain) }}"]

2
roles/external-dns/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ external_dns_namespace | default(dns_namespace) | default(namespace) }}"
release_name: "{{ external_dns_name | default(namespace + '-external-dns') }}"
chart_ref: "{{ external_dns_chart | default('ghp/external-dns') }}"
chart_ref: "{{ external_dns_chart_ref }}"
chart_version: "{{ external_dns_version | default(omit) }}"
release_values: "{{ external_dns_combined_values | from_yaml }}"
wait: true

1
roles/external-ingress-nginx/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
external_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
external_ingress_nginx_default_values:
controller:
kind: DaemonSet

2
roles/external-ingress-nginx/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ external_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}"
release_name: "{{ external_ingress_nginx_name | default(namespace + '-external-ingress-nginx') }}"
chart_ref: "{{ external_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
chart_ref: "{{ external_ingress_nginx_chart_ref }}"
chart_version: "{{ external_ingress_nginx_version | default(omit) }}"
release_values: "{{ external_ingress_nginx_combined_values | from_yaml }}"
wait: true

11
roles/gitea-act-runner/defaults/main.yaml Normal file
View File

@@ -0,0 +1,11 @@
gitea_act_runner_enabled: true
gitea_act_runner_chart_ref: "ghp/gitea-act-runner"
gitea_act_runner_gitea_instance_short_name: "gitea"
gitea_act_runner_default_values:
giteaInstance: "{{ gitea_act_runner_gitea_instance_short_name }}.{{ domain }}"
token: ""
persistence:
enabled: true
accessMode: "{{ gitea_act_runner_storage_mode | default('ReadWriteMany') }}"
size: "{{ gitea_act_runner_size | default('25Gi') }}"
storageClass: "{{ gitea_act_runner_storage | default('nfs-ssd') }}"

11
roles/gitea-act-runner/tasks/main.yaml Normal file
View File

@@ -0,0 +1,11 @@
- set_fact:
gitea_act_runner_combined_values: "{{ gitea_act_runner_default_values | combine(gitea_act_runner_values, recursive=true) }}"
- name: Deploy Gitea Act Runner
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ gitea_act_runner_namespace | default(namespace) }}"
release_name: "{{ gitea_act_runner_name | default('gitea-act-runner') }}"
chart_ref: "{{ gitea_act_runner_chart_ref }}"
chart_version: "{{ gitea_act_runner_version | default(omit) }}"
release_values: "{{ gitea_act_runner_combined_values | from_yaml }}"

25
roles/gitea-act-runner/tasks/secrets.yaml Normal file
View File

@@ -0,0 +1,25 @@
- block:
- name: Set DB namespace for secret lookup
set_fact:
db_namespace: "{{ peertube_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
- name: Set DB secret name for lookup
set_fact:
db_secret_name: "peertube-owner-user.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
- name: Lookup PeerTube DB secret
set_fact:
peertube_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
- debug:
msg: "{{ peertube_db_secret }}"
verbosity: 2
- name: Set PeerTube DB username
set_fact:
peertube_db_username: "{{ peertube_db_secret.data.username | b64decode }}"
- name: Set PeerTube DB password
set_fact:
peertube_db_password: "{{ peertube_db_secret.data.password | b64decode }}"

11
roles/gitea/defaults/main.yaml
View File

@@ -1,6 +1,7 @@
gitea_enabled: true
gitea_publish_web: false
gitea_publish_ssh: false
gitea_chart_ref: "gitea-charts/gitea"
gitea_use_external_db: true
gitea_short_name: "gitea"
gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
@@ -78,6 +79,10 @@ gitea_default_values:
USER: "{{ gitea_ldap_user | default('gitea') }}"
PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
MAILER_TYPE: "smtp"
actions:
ENABLED: "true"
packages:
ENABLED: "true"
gitea_external_db_values:
gitea:
@@ -101,6 +106,7 @@ gitea_publish_ingress_nginx_values:
service:
externalTrafficPolicy: Local
gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
gitea_ingress_nginx_default_values:
controller:
containerPort:
@@ -133,11 +139,8 @@ gitea_ingress_nginx_default_values:
22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"
gitea_dns_chart_ref: "ghp/external-dns"
gitea_dns_default_values:
image:
registry: registry.0xace.cc
repository: ghp/external-dns
tag: v0.7.6-663-gf76382a5
fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"
ingressClass: "{{ gitea_ingress_class }}"
domainFilters: ["{{ domain }}"]

6
roles/gitea/tasks/main.yaml
View File

@@ -26,7 +26,7 @@
create_namespace: true
release_namespace: "{{ gitea_ingress_nginx_namespace | default(namespace) }}"
release_name: "{{ gitea_ingress_nginx_release_name | default(namespace + '-gitea-ingress-nginx') }}"
chart_ref: "{{ gitea_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
chart_ref: "{{ gitea_ingress_nginx_chart_ref }}"
chart_version: "{{ gitea_ingress_nginx_version | default(omit) }}"
release_values: "{{ gitea_ingress_nginx_combined_values | from_yaml }}"
wait: true
@@ -36,7 +36,7 @@
create_namespace: true
release_namespace: "{{ gitea_dns_namespace | default(namespace) }}"
release_name: "{{ gitea_dns_relase_name | default(namespace + '-gitea-internal-dns') }}"
chart_ref: "{{ gitea_dns_chart | default('ghp/external-dns') }}"
chart_ref: "{{ gitea_dns_chart_ref }}"
chart_version: "{{ gitea_dns_version | default(omit) }}"
release_values: "{{ gitea_dns_combined_values | from_yaml }}"
wait: true
@@ -47,7 +47,7 @@
create_namespace: true
release_namespace: "{{ gitea_namespace | default(namespace) }}"
release_name: "{{ gitea_release_name | default(namespace + '-gitea') }}"
chart_ref: "{{ gitea_chart | default('gitea-charts/gitea') }}"
chart_ref: "{{ gitea_chart_ref }}"
chart_version: "{{ gitea_version | default(omit) }}"
release_values: "{{ gitea_combined_values | from_yaml }}"
#wait: true

12
roles/harbor/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
harbor_enabled: true
harbor_enabled: false
harbor_publish: false
harbor_chart_ref: "harbor/harbor"
harbor_short_name: "harbor"
harbor_use_external_db: true
harbor_default_values:
@@ -48,12 +49,6 @@ harbor_default_values:
subPath: ""
accessMode: "{{ harbor_registry_storage_mode | default(harbor_storage_mode) | default('ReadWriteMany') }}"
size: "{{ harbor_registry_size | default('100Gi') }}"
chartmuseum:
existingClaim: ""
storageClass: "{{ harbor_charts_storage | default(harbor_storage) | default('nfs-ssd') }}"
subPath: ""
accessMode: "{{ harbor_charts_storage_mode | default(harbor_storage_mode) | default('ReadWriteMany') }}"
size: "{{ harbor_charts_size | default('50Gi') }}"
jobservice:
jobLog:
existingClaim: ""
@@ -86,9 +81,6 @@ harbor_default_values:
imagePullPolicy: IfNotPresent
# The update strategy for deployments with persistent volumes(jobservice, registry
# and chartmuseum): "RollingUpdate" or "Recreate"
# Set it as "Recreate" when "RWM" for volumes isn't supported
updateStrategy:
type: RollingUpdate

2
roles/harbor/tasks/main.yaml
View File

@@ -12,7 +12,7 @@
create_namespace: true
release_namespace: "{{ harbor_namespace | default(namespace) }}"
release_name: "{{ harbor_name | default('harbor') }}"
chart_ref: "{{ harbor_chart | default('harbor/harbor') }}"
chart_ref: "{{ harbor_chart_ref }}"
chart_version: "{{ harbor_version | default(omit) }}"
release_values: "{{ harbor_combined_values | from_yaml }}"
wait: true

4
roles/helm-repos/defaults/main.yaml
View File

@@ -1,8 +1,7 @@
helm_repos:
- { name: 'ghp', url: 'https://registry.geekhome.org/chartrepo/ghp' }
- { name: 'ghp', url: 'https://git.geekhome.org' }
- { name: 'jetstack', url: 'https://charts.jetstack.io' }
- { name: 'bitnami', url: 'https://charts.bitnami.com/bitnami' }
- { name: 'drone', url: 'https://charts.drone.io' }
- { name: 'ingress-nginx', url: 'https://kubernetes.github.io/ingress-nginx' }
- { name: 'stable', url: 'https://charts.helm.sh/stable' }
- { name: 'nextcloud', url: 'https://nextcloud.github.io/helm' }
@@ -11,4 +10,5 @@ helm_repos:
- { name: 'harbor', url: 'https://helm.goharbor.io' }
- { name: 'metallb', url: 'https://metallb.github.io/metallb' }
- { name: 'nfs-subdir-external-provisioner', url: 'https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner' }
- { name: 'metrics-server', url: 'https://kubernetes-sigs.github.io/metrics-server/' }

5
roles/internal-dns/defaults/main.yaml
View File

@@ -1,8 +1,5 @@
internal_dns_chart_ref: "ghp/external-dns"
internal_dns_default_values:
image:
registry: registry.0xace.cc
repository: ghp/external-dns
tag: v0.7.6-663-gf76382a5
fullnameOverride: "{{ internal_dns_name | default(namespace + '-internal-dns') }}"
ingressClass: "{{ internal_ingress_class }}"
domainFilters: ["{{ internal_domain | default(domain) }}"]

2
roles/internal-dns/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ internal_dns_namespace | default(dns_namespace) | default(namespace) }}"
release_name: "{{ internal_dns_name | default(namespace + '-internal-dns') }}"
chart_ref: "{{ internal_dns_chart | default('ghp/external-dns') }}"
chart_ref: "{{ internal_dns_chart_ref }}"
chart_version: "{{ internal_dns_version | default(omit) }}"
release_values: "{{ internal_dns_combined_values | from_yaml }}"
wait: true

1
roles/internal-ingress-nginx/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
internal_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
internal_ingress_nginx_default_values:
controller:
publishService:

2
roles/internal-ingress-nginx/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ internal_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}"
release_name: "{{ internal_ingress_nginx_name | default(namespace + '-internal-ingress-nginx') }}"
chart_ref: "{{ internal_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
chart_ref: "{{ internal_ingress_nginx_chart_ref }}"
chart_version: "{{ internal_ingress_nginx_version | default(omit) }}"
release_values: "{{ internal_ingress_nginx_combined_values | from_yaml }}"
wait: true

5
roles/local-dns/defaults/main.yaml
View File

@@ -1,8 +1,5 @@
local_dns_chart_ref: "ghp/external-dns"
local_dns_default_values:
image:
registry: registry.0xace.cc
repository: ghp/external-dns
tag: v0.7.6-663-gf76382a5
fullnameOverride: "{{ local_dns_name | default(namespace + '-local-dns') }}"
ingressClass: "{{ local_ingress_class }}"
domainFilters: ["{{ local_domain }}"]

2
roles/local-dns/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ local_dns_namespace | default(dns_namespace) | default(namespace) }}"
release_name: "{{ local_dns_name | default(namespace + '-local-dns') }}"
chart_ref: "{{ local_dns_chart | default('ghp/external-dns') }}"
chart_ref: "{{ local_dns_chart_ref }}"
chart_version: "{{ local_dns_version | default(omit) }}"
release_values: "{{ local_dns_combined_values | from_yaml }}"
wait: true

1
roles/local-ingress-nginx/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
local_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
local_ingress_nginx_default_values:
controller:
publishService:

2
roles/local-ingress-nginx/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ local_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}"
release_name: "{{ local_ingress_nginx_name | default(namespace + '-local-ingress-nginx') }}"
chart_ref: "{{ local_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
chart_ref: "{{ local_ingress_nginx_chart_ref }}"
chart_version: "{{ local_ingress_nginx_version | default(omit) }}"
release_values: "{{ local_ingress_nginx_combined_values | from_yaml }}"
wait: true

12
roles/mail/tasks/main.yaml
View File

@@ -46,18 +46,6 @@
name: dovecot
tags: dovecot
- name: Deploy OpenDKIM
import_role:
name: opendkim
when: opendkim_enabled | default(false)
tags: opendkim
- name: Deploy OpenDMARC
import_role:
name: opendmarc
when: opendmarc_enabled | default(false)
tags: opendmarc
- name: Deploy Rspamd
import_role:
name: rspamd

1
roles/mastodon/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
mastodon_enabled: false
mastodon_publish: true
mastodon_chart_ref: "ghp/mastodon"
mastodon_use_external_db: true
mastodon_short_name: "mastodon"
mastodon_enable_elasticsearch: true

2
roles/mastodon/tasks/main.yaml
View File

@@ -12,7 +12,7 @@
create_namespace: true
release_namespace: "{{ mastodon_namespace | default(namespace) }}"
release_name: "{{ mastodon_name | default('mastodon') }}"
chart_ref: "{{ mastodon_chart | default('ghp/mastodon') }}"
chart_ref: "{{ mastodon_chart_ref }}"
chart_version: "{{ mastodon_version | default(omit) }}"
release_values: "{{ mastodon_combined_values | from_yaml }}"

3
roles/metallb/defaults/main.yaml
View File

@@ -1,4 +1,5 @@
strict_arp_for_metallb: true
metallb_chart_ref: "metallb/metallb"
metallb_strict_arp: true
metallb_default_values: {}
metallb_pool_name: "default"

6
roles/metallb/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ metallb_namespace | default('metallb-system') }}"
release_name: "{{ metallb_name | default('metallb') }}"
chart_ref: "{{ metallb_chart | default('metallb/metallb') }}"
chart_ref: "{{ metallb_chart_ref }}"
chart_version: "{{ metallb_version | default(omit) }}"
release_values: "{{ metallb_combined_values | from_yaml }}"
wait: true
@@ -18,7 +18,7 @@
sed -e "s/strictARP: false/strictARP: true/" | \
kubectl diff -f - -n kube-system
register: check_strict_arp
when: strict_arp_for_metallb
when: metallb_strict_arp
changed_when: check_strict_arp.rc != 0
- name: Apply strict arp
@@ -29,7 +29,7 @@
&& kubectl -n kube-system delete pods --selector=k8s-app=kube-proxy
when:
- strict_arp_for_metallb
- check_strict_arp.changed
- metallb_strict_arp.changed
- name: Apply MetalLB L2 definitions
k8s:

8
roles/metrics-server/defaults/main.yaml
View File

@@ -1,6 +1,10 @@
metrics_server_enabled: true
metrics_server_chart_ref: "metrics-server/metrics-server"
metrics_server_default_values:
apiService:
create: true
extraArgs:
kubelet-insecure-tls: true
args:
- --kubelet-insecure-tls=true
metrics:
enabled: true

2
roles/metrics-server/tasks/main.yaml
View File

@@ -6,6 +6,6 @@
create_namespace: true
release_namespace: "{{ metrics_server_namespace | default('metrics-server') }}"
release_name: "{{ metrics_server_name | default('metrics-server') }}"
chart_ref: "{{ metrics_server_chart | default('bitnami/metrics-server') }}"
chart_ref: "{{ metrics_server_chart_ref }}"
chart_version: "{{ metrics_server_version | default(omit) }}"
release_values: "{{ metrics_server_combined_values | from_yaml }}"

1
roles/nextcloud/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
nextcloud_enabled: true
nextcloud_publish: false
nextcloud_chart_ref: "nextcloud/nextcloud"
nextcloud_use_external_db: true
nextcloud_short_name: "nextcloud"
nextcloud_default_values:

2
roles/nextcloud/tasks/main.yaml
View File

@@ -12,7 +12,7 @@
create_namespace: true
release_namespace: "{{ nextcloud_namespace | default(namespace) }}"
release_name: "{{ nextcloud_name | default('nextcloud') }}"
chart_ref: "{{ nextcloud_chart | default('nextcloud/nextcloud') }}"
chart_ref: "{{ nextcloud_chart_ref }}"
chart_version: "{{ nextcloud_version | default(omit) }}"
release_values: "{{ nextcloud_combined_values | from_yaml }}"
wait: false

4
roles/nfs-client-provisioner/defaults/main.yaml
View File

@@ -1,4 +1,5 @@
nfs_client_provisioner_namespace: nfs-client-provisioner
nfs_client_provisioner_namespace: "nfs-client-provisioner"
nfs_client_provisioner_hdd_chart_ref: "nfs-subdir-external-provisioner/nfs-subdir-external-provisioner"
nfs_client_provisioner_hdd_default_values:
replicaCount: 1
strategyType: Recreate
@@ -34,6 +35,7 @@ nfs_client_provisioner_hdd_default_values:
accessModes: ReadWriteMany
nfs_client_provisioner_ssd_chart_ref: "nfs-subdir-external-provisioner/nfs-subdir-external-provisioner"
nfs_client_provisioner_ssd_default_values:
replicaCount: 1
strategyType: Recreate

4
roles/nfs-client-provisioner/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ nfs_client_provisioner_hdd_namespace | default(nfs_client_provisioner_namespace) | default(namespace) }}"
release_name: "{{ nfs_client_provisioner_hdd_name | default('nfs-client-provisioner-hdd') }}"
chart_ref: "{{ nfs_client_provisioner_hdd_chart | default('nfs-subdir-external-provisioner/nfs-subdir-external-provisioner') }}"
chart_ref: "{{ nfs_client_provisioner_hdd_chart_ref }}"
chart_version: "{{ nfs_client_provisioner_hdd_version | default(omit) }}"
release_values: "{{ nfs_client_provisioner_hdd_combined_values | from_yaml }}"
wait: true
@@ -19,7 +19,7 @@
create_namespace: true
release_namespace: "{{ nfs_client_provisioner_ssd_namespace | default(nfs_client_provisioner_namespace) | default(namespace) }}"
release_name: "{{ nfs_client_provisioner_ssd_name | default('nfs-client-provisioner-ssd') }}"
chart_ref: "{{ nfs_client_provisioner_ssd_chart | default('nfs-subdir-external-provisioner/nfs-subdir-external-provisioner') }}"
chart_ref: "{{ nfs_client_provisioner_ssd_chart_ref }}"
chart_version: "{{ nfs_client_provisioner_ssd_version | default(omit) }}"
release_values: "{{ nfs_client_provisioner_ssd_combined_values | from_yaml }}"
wait: true

5
roles/nginx/defaults/main.yml
View File

@@ -1,16 +1,11 @@
harbor_readonly_ingress: false
registry_readonly_ingress: false
wikijs_readonly_ingress: false
chartmuseum_readonly_ingress: false
registry_publish: false
chartmuseum_publish: false
harbor_publish: false
roundcube_publish: false
nextcloud_publish: true
bitwarden_publish: false
gitea_publish_web: false
gitea_publish_ssh: false
drone_publish: false
wikijs_publish: false
playmaker_publish: false
pypiserver_publish: false

45
roles/opendkim/defaults/main.yaml
View File

@@ -1,45 +0,0 @@
opendkim_short_name: "opendkim"
opendkim_default_values:
replicaCount: 1
persistence:
enabled: false
existingClaim: mailboxes
opendkim:
image:
repository: "instrumentisto/opendkim"
tag: alpine
configmaps:
opendkim: |
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891
Umask 002
SendReports yes
SoftwareHeader yes
Canonicalization relaxed/relaxed
Domain {{ domain }}
Selector default
MinimumKeyBits 1024
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
OversignHeaders From
keytable: |
default._domainkey.{{ domain }} {{ domain }}:default:/etc/opendkim/keys/default.private
signingtable: |
*@{{ domain }} default._domainkey.{{ domain }}
trustedhosts: |
127.0.0.1
::1
*.{{ domain }}
default-private: |
{{ dkim_private_key_base64 | b64decode }}
default-public: |
{{ dkim_public_key_base64 | b64decode }}
service:
type: ClusterIP

13
roles/opendkim/tasks/main.yaml
View File

@@ -1,13 +0,0 @@
- set_fact:
opendkim_combined_values: "{{ opendkim_default_values | combine(opendkim_values, recursive=true) }}"
- name: Deploy OpenDKIM
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ opendkim_namespace | default(mail_namespace) | default(namespace) }}"
release_name: "{{ opendkim_name | default('opendkim') }}"
chart_ref: "{{ opendkim_chart | default('ghp/opendkim') }}"
chart_version: "{{ opendkim_version | default(omit) }}"
release_values: "{{ opendkim_combined_values | from_yaml }}"
wait: true

25
roles/opendmarc/defaults/main.yaml
View File

@@ -1,25 +0,0 @@
opendmarc_short_name: "opendmarc"
opendmarc_default_values:
replicaCount: 1
persistence:
enabled: false
existingClaim: mailboxes
opendmarc:
image:
repository: "instrumentisto/opendmarc"
tag: alpine
configmaps:
opendmarc: |
AuthservID {{ mail_short_name | default('mail') }}.{{ domain }}
Socket inet:8893
SoftwareHeader true
IgnoreAuthenticatedClients true
SPFIgnoreResults false
SPFSelfValidate false
RequiredHeaders true
Syslog true
UserID opendmarc:mail
service:
type: ClusterIP

13
roles/opendmarc/tasks/main.yaml
View File

@@ -1,13 +0,0 @@
- set_fact:
opendmarc_combined_values: "{{ opendmarc_default_values | combine(opendmarc_values, recursive=true) }}"
- name: Deploy OpenDMARC
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ opendmarc_namespace | default(mail_namespace) | default(namespace) }}"
release_name: "{{ opendmarc_name | default('opendmarc') }}"
chart_ref: "{{ opendmarc_chart | default('ghp/opendmarc') }}"
chart_version: "{{ opendmarc_version | default(omit) }}"
release_values: "{{ opendmarc_combined_values | from_yaml }}"
wait: true

1
roles/openldap/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
openldap_chart_ref: "ghp/openldap"
openldap_short_name: "openldap"
openldap_default_values:
replicaCount: 1

2
roles/openldap/tasks/main.yaml
View File

@@ -38,7 +38,7 @@
create_namespace: true
release_namespace: "{{ openldap_namespace | default(namespace) }}"
release_name: "{{ openldap_name | default('openldap') }}"
chart_ref: "{{ openldap_chart | default('ghp/openldap') }}"
chart_ref: "{{ openldap_chart_ref }}"
chart_version: "{{ openldap_version | default(omit) }}"
release_values: "{{ openldap_combined_values | from_yaml }}"

1
roles/peertube/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
peertube_enabled: false
peertube_publish: false
peertube_chart_ref: "ghp/peertube"
peertube_use_external_db: true
peertube_short_name: "peertube"
peertube_default_values:

2
roles/peertube/tasks/main.yaml
View File

@@ -12,6 +12,6 @@
create_namespace: true
release_namespace: "{{ peertube_namespace | default(namespace) }}"
release_name: "{{ peertube_name | default('peertube') }}"
chart_ref: "{{ peertube_chart | default('ghp/peertube') }}"
chart_ref: "{{ peertube_chart_ref }}"
chart_version: "{{ peertube_version | default(omit) }}"
release_values: "{{ peertube_combined_values | from_yaml }}"

1
roles/playmaker/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
playmaker_enabled: true
playmaker_publish: false
playmaker_chart_ref: "ghp/playmaker"
playmaker_short_name: "playmaker"
playmaker_default_values:
replicaCount: 1

2
roles/playmaker/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ playmaker_namespace | default(namespace) }}"
release_name: "{{ playmaker_name | default('playmaker') }}"
chart_ref: "{{ playmaker_chart | default('ghp/playmaker') }}"
chart_ref: "{{ playmaker_chart_ref }}"
chart_version: "{{ playmaker_version | default(omit) }}"
release_values: "{{ playmaker_combined_values | from_yaml }}"
wait: true

1
roles/postfix/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
postfix_chart_ref: "ghp/postfix"
postfix_short_name: "postfix"
postfix_default_values:
replicaCount: 1

2
roles/postfix/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ postfix_namespace | default(mail_namespace) | default(namespace) }}"
release_name: "{{ postfix_name | default('postfix') }}"
chart_ref: "{{ postfix_chart | default('ghp/postfix') }}"
chart_ref: "{{ postfix_chart_ref }}"
chart_version: "{{ postfix_version | default(omit) }}"
release_values: "{{ postfix_combined_values | from_yaml }}"
wait: true

2
roles/postgres/defaults/main.yaml
View File

@@ -49,7 +49,6 @@ postgres_db_definitions:
size: "{{ postgres_size | default('10Gi') }}"
users:
gitea: []
drone: []
bitwarden: []
wikijs: []
nextcloud: []
@@ -58,7 +57,6 @@ postgres_db_definitions:
mastodon: []
databases:
gitea: gitea
drone: drone
bitwarden: bitwarden
wikijs: wikijs
nextcloud: nextcloud

8
roles/postgres/tasks/main.yaml
View File

@@ -45,12 +45,12 @@
- set_fact:
postgres_operator_combined_values: "{{ postgres_operator_default_values | combine(postgres_operator_values, recursive=true) }}"
- name: Deploy Postgres-operator
- name: Deploy Postgres Operator
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ postgres_operator_namespace | default(namespace) }}"
release_name: "{{ postgres_operator_name | default('postgres-operator') }}"
chart_ref: "{{ postgres_operator_chart | default('ghp/postgres-operator') }}"
chart_ref: "{{ postgres_operator_chart_ref }}"
chart_version: "{{ postgres_operator_version | default(omit) }}"
release_values: "{{ postgres_operator_combined_values | from_yaml }}"
wait: true
@@ -58,12 +58,12 @@
- set_fact:
postgres_operator_ui_combined_values: "{{ postgres_operator_ui_default_values | combine(postgres_operator_ui_values, recursive=true) }}"
- name: Deploy Postgres-operator UI
- name: Deploy Postgres Operator UI
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ postgres_operator_ui_namespace | default(postgres_operator_namespace) | default(namespace) }}"
release_name: "{{ postgres_operator_ui_name | default('postgres-operator-ui') }}"
chart_ref: "{{ postgres_operator_ui_chart | default('ghp/postgres-operator-ui') }}"
chart_ref: "{{ postgres_operator_ui_chart_ref }}"
chart_version: "{{ postgres_operator_ui_version | default(omit) }}"
release_values: "{{ postgres_operator_ui_combined_values | from_yaml }}"
wait: true

2
roles/pwgen/defaults/main.yaml
View File

@@ -8,8 +8,6 @@ default_accounts:
- { name: gitea_admin }
- { name: gitea_ldap }
- { name: wikijs_ldap }
- { name: drone_admin }
- { name: chartmuseum_admin }
- { name: peertube_ldap }
- { name: peertube_admin }
- { name: mastodon_admin }

30
roles/pwgen/tasks/main.yaml
View File

@@ -25,36 +25,6 @@
loop: "{{ openldap_simple_users }}"
when: openldap_simple_users is defined
- name: Test if Drone rpc secret exists in file for {{ item }}
shell: grep -c "drone_rpc_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
register: rpc_secret_test_grep
- name: Test if Drone database secret exists in file for {{ item }}
shell: grep -c "drone_database_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
register: database_secret_test_grep
- name: Create Drone rpc secret for {{ item }}
shell: "< /dev/urandom tr -dc a-f0-9 | head -c${1:-128};echo;"
register: rpc_secret
when: rpc_secret_test_grep.stdout == '0'
- name: Create Drone database secret for {{ item }}
shell: "< /dev/urandom tr -dc a-f0-9 | head -c${1:-32};echo;"
register: db_secret
when: database_secret_test_grep.stdout == '0'
- name: Write Drone rpc secret for {{ item }}
lineinfile:
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
line: "drone_rpc_secret: \"{{ rpc_secret.stdout }}\""
when: rpc_secret_test_grep.stdout == '0'
- name: Write Drone database secret for {{ item }}
lineinfile:
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
line: "drone_database_secret: \"{{ db_secret.stdout }}\""
when: database_secret_test_grep.stdout == '0'
- include_tasks: tsig.yaml
- include_tasks: dkim.yaml

1
roles/pypiserver/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
pypiserver_enabled: true
pypiserver_publish: false
pypiserver_chart_ref: "ghp/pypiserver"
pypiserver_short_name: "pip"
pypiserver_default_values:
## If you want more than 1 replica you will have to use a ReadWriteMany volume

2
roles/pypiserver/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ pypiserver_namespace | default(namespace) }}"
release_name: "{{ pypiserver_name | default('pypiserver') }}"
chart_ref: "{{ pypiserver_chart | default('ghp/pypiserver') }}"
chart_ref: "{{ pypiserver_chart_ref }}"
chart_version: "{{ pypiserver_version | default(omit) }}"
release_values: "{{ pypiserver_combined_values | from_yaml }}"
wait: true

56
roles/registry/defaults/main.yaml
View File

@@ -1,56 +0,0 @@
registry_enabled: true
registry_publish: false
registry_short_name: "registry"
registry_default_values:
service:
type: ClusterIP
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if registry_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts:
- "{{ registry_short_name }}.{{ domain }}"
tls:
- secretName: "{{ registry_short_name }}.{{ domain }}-tls"
hosts:
- "{{ registry_short_name }}.{{ domain }}"
persistence:
enabled: true
storageClass: "{{ registry_storage | default('nfs-hdd') }}"
size: "{{ registry_size | default('15Gi') }}"
accessMode: "{{ registry_storage_mode | default('ReadWriteMany') }}"
registry_readonly_ingress_definition: |
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/configuration-snippet: |-
limit_except GET {
deny all;
}
name: docker-registry-public
namespace: "{{ registry_namespace | default(namespace) }}"
spec:
rules:
- host: "{{ registry_readonly_ingress }}"
http:
paths:
- backend:
serviceName: docker-registry
servicePort: 5000
path: /
tls:
- hosts:
- "{{ registry_readonly_ingress }}"
secretName: "{{ registry_readonly_ingress }}-tls"

19
roles/registry/tasks/main.yaml
View File

@@ -1,19 +0,0 @@
- set_fact:
registry_combined_values: "{{ registry_default_values | combine(registry_values, recursive=true) }}"
- name: Deploy Docker registry
kubernetes.core.helm:
create_namespace: true
release_namespace: "{{ registry_namespace | default(namespace) }}"
release_name: "{{ registry_name | default('docker-registry') }}"
chart_ref: "{{ registry_chart | default('ghp/docker-registry') }}"
chart_version: "{{ registry_version | default(omit) }}"
release_values: "{{ registry_combined_values | from_yaml }}"
wait: true
- name: Deploy readonly public ingress for Docker registry
when: registry_readonly_ingress is defined
k8s:
state: present
definition:
"{{ registry_readonly_ingress_definition }}"

1
roles/roundcube/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
roundcube_enabled: true
roundcube_publish: false
roundcube_chart_ref: "ghp/roundcube"
roundcube_use_external_db: true
roundcube_short_name: "webmail"
roundcube_default_values:

2
roles/roundcube/tasks/main.yaml
View File

@@ -12,7 +12,7 @@
create_namespace: true
release_namespace: "{{ roundcube_namespace | default(mail_namespace) | default(namespace) }}"
release_name: "{{ roundcube_name | default('roundcube') }}"
chart_ref: "{{ roundcube_chart | default('ghp/roundcube') }}"
chart_ref: "{{ roundcube_chart_ref }}"
chart_version: "{{ roundcube_version | default(omit) }}"
release_values: "{{ roundcube_combined_values | from_yaml }}"
wait: true

1
roles/rspamd/defaults/main.yaml
View File

@@ -1,4 +1,5 @@
rspamd_enabled: true
rspamd_chart_ref: "ghp/rspamd"
rspamd_short_name: "rspamd"
rspamd_default_values:
replicaCount: 1

2
roles/rspamd/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ rspamd_namespace | default(mail_namespace) | default(namespace) }}"
release_name: "{{ rspamd_name | default('rspamd') }}"
chart_ref: "{{ rspamd_chart | default('ghp/rspamd') }}"
chart_ref: "{{ rspamd_chart_ref }}"
chart_version: "{{ rspamd_version | default(omit) }}"
release_values: "{{ rspamd_combined_values | from_yaml }}"
wait: true

5
roles/service-dns/defaults/main.yaml
View File

@@ -1,8 +1,5 @@
service_dns_chart_ref: "ghp/external-dns"
service_dns_default_values:
image:
registry: registry.0xace.cc
repository: ghp/external-dns
tag: v0.7.6-663-gf76382a5
fullnameOverride: "{{ service_dns_name | default(namespace + '-service-dns') }}"
domainFilters: ["{{ service_domain | default(domain) }}"]
sources: ['service']

2
roles/service-dns/tasks/main.yaml
View File

@@ -6,7 +6,7 @@
create_namespace: true
release_namespace: "{{ service_dns_namespace | default(dns_namespace) | default(namespace) }}"
release_name: "{{ service_dns_name | default(namespace + '-service-dns') }}"
chart_ref: "{{ service_dns_chart | default('ghp/external-dns') }}"
chart_ref: "{{ service_dns_chart_ref }}"
chart_version: "{{ service_dns_version | default(omit) }}"
release_values: "{{ service_dns_combined_values | from_yaml }}"
wait: true

1
roles/wikijs/defaults/main.yaml
View File

@@ -1,5 +1,6 @@
wikijs_enabled: true
wikijs_publish: false
wikijs_chart_ref: "ghp/wikijs"
wikijs_use_external_db: true
wikijs_short_name: "wikijs"
wikijs_default_values:

2
roles/wikijs/tasks/main.yaml
View File

@@ -12,7 +12,7 @@
create_namespace: true
release_namespace: "{{ wikijs_namespace | default(namespace) }}"
release_name: "{{ wikijs_name | default('wikijs') }}"
chart_ref: "{{ wikijs_chart | default('ghp/wikijs') }}"
chart_ref: "{{ wikijs_chart_ref }}"
chart_version: "{{ wikijs_version | default(omit) }}"
release_values: "{{ wikijs_combined_values | from_yaml }}"
wait: true