cleanup and mass update: moving from Harbor to Gitea registries and from Drone to Gitea CI/CD with Gitea Act Runner
This commit is contained in:
parent
1283a554fe
commit
a251e593c6
@ -52,7 +52,7 @@ openldap_simple_users:
|
||||
- { name: testuser2, sn: 6002, uid: 6002, gid: 6002 }
|
||||
|
||||
## Harbor ##
|
||||
harbor_enabled: true
|
||||
harbor_enabled: false
|
||||
harbor_publish: false
|
||||
#harbor_registry_size: "100Gi"
|
||||
#harbor_registry_storage: "nfs-hdd"
|
||||
@ -92,13 +92,11 @@ gitea_publish_web: false
|
||||
gitea_publish_ssh: false
|
||||
gitea_loadbalancer_ip: "192.168.250.5"
|
||||
|
||||
## Drone ##
|
||||
drone_enabled: true
|
||||
#drone_size: "10Gi"
|
||||
#drone_storage: "nfs-ssd"
|
||||
#drone_gitea_client_id:
|
||||
#drone_gitea_client_secret:
|
||||
drone_publish: false
|
||||
## Gitea Act Runner ##
|
||||
gitea_act_runner_enabled: true
|
||||
gitea_act_runner_token: ""
|
||||
gitea_act_runner_size: "25Gi"
|
||||
#gitea_act_runner_storage: "nfs-ssd"
|
||||
|
||||
### WikiJS ###
|
||||
wikijs_enabled: true
|
||||
|
@ -20,8 +20,8 @@ internal_ingress_nginx_version: 4.2.0
|
||||
local_ingress_nginx_version: 4.2.0
|
||||
|
||||
# PostgreSQL operator
|
||||
postgres_operator_version: 1.9.0
|
||||
postgres_operator_ui_version: 1.9.0
|
||||
postgres_operator_version: 1.10.0
|
||||
postgres_operator_ui_version: 1.10.0
|
||||
|
||||
# OpenLDAP
|
||||
openldap_version: 1.2.7
|
||||
@ -32,17 +32,16 @@ adguard_version: 2.3.13
|
||||
# Bitwarden (aka Vaultwarden)
|
||||
bitwarden_version: 2.0.20
|
||||
|
||||
# Drone
|
||||
drone_version: 0.6.4
|
||||
drone_runner_kube_version: 0.1.10
|
||||
|
||||
# Gitea
|
||||
gitea_ingress_nginx_version: 4.2.0
|
||||
gitea_dns_version: 6.8.1
|
||||
gitea_version: 8.3.0
|
||||
|
||||
# Gitea Act Runner
|
||||
gitea_act_runner_version: 0.1.0
|
||||
|
||||
# Docker and Helm chart registries
|
||||
harbor_version: 1.10.4
|
||||
harbor_version: 1.12.2
|
||||
|
||||
# Mastodon
|
||||
mastodon_version: 4.0.0
|
||||
@ -60,7 +59,7 @@ rspamd_version: 0.4.3
|
||||
pypiserver_version: 2.5.0
|
||||
|
||||
# WikiJS
|
||||
wikijs_version: 2.3.10
|
||||
wikijs_version: 2.3.11
|
||||
|
||||
# PeerTube
|
||||
peertube_version: 0.2.1
|
||||
|
@ -24,19 +24,14 @@ ddclient_conf: |
|
||||
|
||||
ddclient_hosts:
|
||||
- "{% if nextcloud_publish %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if drone_publish %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if gitea_publish_web %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if bitwarden_publish %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if playmaker_publish %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if pypiserver_publish %}{{ pypiserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if wikijs_publish %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if chartmuseum_publish %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if registry_publish %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if peertube_publish %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if mastodon_publish %}{{ mastodon_short_name | default('mastodon') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if harbor_publish %}{{ harbor_short_name | default('harbor') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{% if roundcube_publish %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
|
||||
- "{{ harbor_readonly_ingress | default('omitme') }}"
|
||||
- "{{ registry_readonly_ingress | default('omitme') }}"
|
||||
- "{{ chartmuseum_readonly_ingress | default('omitme') }}"
|
||||
- "{{ wikijs_readonly_ingress | default('omitme') }}"
|
||||
|
@ -1 +0,0 @@
|
||||
chartmuseum_values: {}
|
@ -1,2 +0,0 @@
|
||||
drone_values: {}
|
||||
drone_runner_kube_values: {}
|
@ -0,0 +1 @@
|
||||
gitea_act_runner_values: {}
|
@ -60,18 +60,12 @@ nginx:
|
||||
{% if wikijs_publish %}
|
||||
{{ wikijs_short_name | default('wikijs') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if drone_publish %}
|
||||
{{ drone_short_name | default('drone') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if nextcloud_publish %}
|
||||
{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if harbor_publish %}
|
||||
{{ harbor_short_name | default('harbor') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if registry_publish %}
|
||||
{{ registry_short_name | default('registry') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if peertube_publish %}
|
||||
{{ peertube_short_name | default('peertube') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
@ -81,15 +75,6 @@ nginx:
|
||||
{% if roundcube_publish %}
|
||||
{{ roundcube_short_name | default('webmail') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if chartmuseum_publish %}
|
||||
{{ chartsmuseum_short_name | default('charts') }}.{{ domain }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if registry_readonly_ingress %}
|
||||
{{ registry_readonly_ingress }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if chartmuseum_readonly_ingress %}
|
||||
{{ chartmuseum_readonly_ingress }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
{% if wikijs_readonly_ingress %}
|
||||
{{ wikijs_readonly_ingress }} https_{{ namespace }};
|
||||
{% endif %}
|
||||
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: k8s
|
||||
connection: local
|
||||
roles:
|
||||
- chartmuseum
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: k8s
|
||||
connection: local
|
||||
roles:
|
||||
- drone
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: k8s
|
||||
connection: local
|
||||
roles:
|
||||
- opendkim
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: k8s
|
||||
connection: local
|
||||
roles:
|
||||
- opendmarc
|
@ -1,5 +0,0 @@
|
||||
---
|
||||
- hosts: k8s
|
||||
connection: local
|
||||
roles:
|
||||
- registry
|
@ -14,20 +14,3 @@
|
||||
when: openldap_enabled | default(true)
|
||||
tags: openldap
|
||||
|
||||
- name: Deploy Docker registry
|
||||
import_role:
|
||||
name: registry
|
||||
when: registry_enabled | default(false)
|
||||
tags: registry
|
||||
|
||||
- name: Deploy ChartMuseum
|
||||
import_role:
|
||||
name: chartmuseum
|
||||
when: chartmuseum_enabled | default(false)
|
||||
tags: chartmuseum
|
||||
|
||||
- name: Deploy Harbor
|
||||
import_role:
|
||||
name: harbor
|
||||
when: harbor_enabled | default(true)
|
||||
tags: harbor
|
||||
|
@ -26,11 +26,11 @@
|
||||
when: gitea_enabled | default(true)
|
||||
tags: gitea
|
||||
|
||||
- name: Deploy Drone
|
||||
- name: Deploy Gitea Act Runner
|
||||
import_role:
|
||||
name: drone
|
||||
when: drone_enabled | default(true)
|
||||
tags: drone
|
||||
name: gitea-act-runner
|
||||
when: gitea_act_runner_enabled | default(true)
|
||||
tags: gitea-act-runner
|
||||
|
||||
- name: Deploy WikiJS
|
||||
import_role:
|
||||
|
@ -1,5 +1,6 @@
|
||||
adguard_enabled: false
|
||||
adguard_publish: false
|
||||
adguard_chart_ref: "ghp/adguard-home"
|
||||
adguard_short_name: "adguard"
|
||||
adguard_default_values:
|
||||
# upgrade strategy type (e.g. Recreate or RollingUpdate)
|
||||
|
@ -26,7 +26,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ adguard_namespace | default(namespace) }}"
|
||||
release_name: "{{ adguard_name | default('adguard') }}"
|
||||
chart_ref: "{{ adguard_chart | default('ghp/adguard-home') }}"
|
||||
chart_ref: "{{ adguard_chart_ref }}"
|
||||
chart_version: "{{ adguard_version | default(omit) }}"
|
||||
release_values: "{{ adguard_combined_values | from_yaml }}"
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
bitwarden_enabled: true
|
||||
bitwarden_publish: false
|
||||
bitwarden_chart_ref: "ghp/bitwarden"
|
||||
bitwarden_use_external_db: true
|
||||
bitwarden_short_name: "bitwarden"
|
||||
bitwarden_default_values:
|
||||
|
@ -12,7 +12,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ bitwarden_namespace | default(namespace) }}"
|
||||
release_name: "{{ bitwarden_name | default('bitwarden') }}"
|
||||
chart_ref: "{{ bitwarden_chart | default('ghp/bitwarden') }}"
|
||||
chart_ref: "{{ bitwarden_chart_ref }}"
|
||||
chart_version: "{{ bitwarden_version | default(omit) }}"
|
||||
release_values: "{{ bitwarden_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,4 +1,5 @@
|
||||
cert_manager_namespace: cert-manager
|
||||
cert_manager_chart_ref: "jetstack/cert-manager"
|
||||
cert_manager_namespace: "cert-manager"
|
||||
lets_encrypt_mailbox: "admin@{{ domain }}"
|
||||
cert_manager_base64_tsig_key: "{{ k8s_tsig | b64encode }}"
|
||||
cert_manager_default_values:
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ cert_manager_namespace | default('cert-manager') }}"
|
||||
release_name: "{{ cert_manager_name | default('cert-manager') }}"
|
||||
chart_ref: "{{ cert_manager_chart | default('jetstack/cert-manager') }}"
|
||||
chart_ref: "{{ cert_manager_chart_ref }}"
|
||||
chart_version: "{{ cert_manager_version }}"
|
||||
release_values: "{{ cert_manager_combined_values | from_yaml | default(omit) }}"
|
||||
wait: true
|
||||
|
@ -1,83 +0,0 @@
|
||||
chartmuseum_enabled: true
|
||||
chartmuseum_publish: false
|
||||
chartmuseum_short_name: "charts"
|
||||
chartmuseum_default_values:
|
||||
env:
|
||||
open:
|
||||
# storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
|
||||
STORAGE: local
|
||||
# levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
|
||||
DEPTH: 0
|
||||
# sets the base context path
|
||||
CONTEXT_PATH: /
|
||||
# show debug messages
|
||||
DEBUG: false
|
||||
# output structured logs as json
|
||||
LOG_JSON: true
|
||||
# disable use of index-cache.yaml
|
||||
DISABLE_STATEFILES: false
|
||||
# disable Prometheus metrics
|
||||
DISABLE_METRICS: true
|
||||
# disable all routes prefixed with /api
|
||||
DISABLE_API: false
|
||||
# allow chart versions to be re-uploaded
|
||||
ALLOW_OVERWRITE: true
|
||||
# allow anonymous GET operations when auth is used
|
||||
AUTH_ANONYMOUS_GET: true
|
||||
secret:
|
||||
# username for basic http authentication
|
||||
BASIC_AUTH_USER: "{{ chartmuseum_admin_login | default('admin') }}"
|
||||
# password for basic http authentication
|
||||
BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass | default(chartmuseum_admin_password) }}"
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: "{{ chartmuseum_storage_mode | default('ReadWriteMany') }}"
|
||||
size: "{{ chartmuseum_size | default('10Gi') }}"
|
||||
labels: {}
|
||||
path: /storage
|
||||
storageClass: "{{ chartmuseum_storage | default('nfs-hdd') }}"
|
||||
|
||||
## Ingress for load balancer
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
|
||||
kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- name: "{{ chartmuseum_short_name }}.{{ domain }}"
|
||||
path: /
|
||||
tls: true
|
||||
tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls"
|
||||
|
||||
chartmuseum_readonly_ingress_definition: |
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |-
|
||||
limit_except GET {
|
||||
deny all;
|
||||
}
|
||||
name: chartmuseum-public
|
||||
namespace: "{{ chartmuseum_namespace | default(namespace) }}"
|
||||
spec:
|
||||
rules:
|
||||
- host: "{{ chartmuseum_readonly_ingress }}"
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: chartmuseum-chartmuseum
|
||||
servicePort: 8080
|
||||
path: /
|
||||
tls:
|
||||
- hosts:
|
||||
- "{{ chartmuseum_readonly_ingress }}"
|
||||
secretName: "{{ chartmuseum_readonly_ingress }}-tls"
|
||||
|
@ -1,20 +0,0 @@
|
||||
- set_fact:
|
||||
chartmuseum_combined_values: "{{ chartmuseum_default_values | combine(chartmuseum_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy ChartMuseum
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ chartmuseum_namespace | default(namespace) }}"
|
||||
release_name: "{{ chartmuseum_name | default('chartmuseum') }}"
|
||||
chart_ref: "{{ chartmuseum_chart | default('ghp/chartmuseum') }}"
|
||||
chart_version: "{{ chartmuseum_version | default(omit) }}"
|
||||
release_values: "{{ chartmuseum_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
||||
- name: Deploy readonly public ingress for ChartMuseum
|
||||
when: chartmuseum_readonly_ingress is defined
|
||||
k8s:
|
||||
state: present
|
||||
definition:
|
||||
"{{ chartmuseum_readonly_ingress_definition }}"
|
||||
|
@ -5,22 +5,17 @@ ddclient_namespace: "{{ namespace | default('ddclient') }}"
|
||||
ddclient_container_name: "{{ ddclient_namespace }}-ddclient"
|
||||
ddclient_container_registry: "{{ container_registry | default(docker_registry) | default('registry.geekhome.org/ghp') }}"
|
||||
ddclient_image_name: "ddclient"
|
||||
ddclient_image_tag: "v3.9.1-ls45"
|
||||
ddclient_image_tag: "3.9.1-1"
|
||||
ddclient_systemd_unit_name: "{{ ddclient_container_name }}-container.service"
|
||||
|
||||
harbor_readonly_ingress: false
|
||||
registry_readonly_ingress: false
|
||||
wikijs_readonly_ingress: false
|
||||
chartmuseum_readonly_ingress: false
|
||||
registry_publish: false
|
||||
chartmuseum_publish: false
|
||||
harbor_publish: false
|
||||
roundcube_publish: false
|
||||
nextcloud_publish: false
|
||||
bitwarden_publish: false
|
||||
gitea_publish_web: false
|
||||
gitea_publish_ssh: false
|
||||
drone_publish: false
|
||||
wikijs_publish: false
|
||||
playmaker_publish: false
|
||||
pypiserver_publish: false
|
||||
|
@ -1,3 +1,4 @@
|
||||
dovecot_chart_ref: "ghp/dovecot"
|
||||
dovecot_short_name: "dovecot"
|
||||
dovecot_default_values:
|
||||
replicaCount: 1
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ dovecot_namespace | default(mail_namespace) | default(namespace) }}"
|
||||
release_name: "{{ dovecot_name | default('dovecot') }}"
|
||||
chart_ref: "{{ dovecot_chart | default('ghp/dovecot') }}"
|
||||
chart_ref: "{{ dovecot_chart_ref }}"
|
||||
chart_version: "{{ dovecot_version | default(omit) }}"
|
||||
release_values: "{{ dovecot_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,50 +0,0 @@
|
||||
drone_enabled: true
|
||||
drone_publish: false
|
||||
drone_use_external_db: true
|
||||
drone_short_name: "drone"
|
||||
drone_default_values:
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
ingress:
|
||||
enabled: true
|
||||
className: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
hosts:
|
||||
- host: "{{ drone_short_name }}.{{ domain }}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: "{{ drone_short_name }}.{{ domain }}-tls"
|
||||
hosts:
|
||||
- "{{ drone_short_name }}.{{ domain }}"
|
||||
persistentVolume:
|
||||
enabled: true
|
||||
accessModes:
|
||||
- "{{ drone_storage_mode | default('ReadWriteMany') }}"
|
||||
mountPath: /data
|
||||
size: "{{ drone_size | default('8Gi') }}"
|
||||
storageClass: "{{ drone_storage | default('nfs-ssd') }}"
|
||||
env:
|
||||
DRONE_SERVER_HOST: "{{ drone_short_name }}.{{ domain }}"
|
||||
DRONE_SERVER_PROTO: https
|
||||
DRONE_RPC_SECRET: "{{ drone_rpc_secret | default(omit) }}"
|
||||
DRONE_DATABASE_DRIVER: "postgres"
|
||||
DRONE_DATABASE_DATASOURCE: "postgres://{{ drone_db_username }}:{{ drone_db_password }}@{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432/drone?sslmode=disable"
|
||||
DRONE_DATABASE_SECRET: "{{ drone_database_secret | default(omit) }}"
|
||||
DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id | default(omit) }}"
|
||||
DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret | default(omit) }}"
|
||||
DRONE_GITEA_SERVER: "https://{{ gitea_short_name | default('gitea') }}.{{ domain }}"
|
||||
|
||||
drone_runner_kube_default_values:
|
||||
rbac:
|
||||
buildNamespaces:
|
||||
- "{{ drone_namespace | default(namespace) }}"
|
||||
env:
|
||||
DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
|
||||
DRONE_RPC_HOST: "{{ drone_short_name }}.{{ domain }}"
|
||||
DRONE_RPC_PROTO: https
|
||||
DRONE_NAMESPACE_DEFAULT: "{{ drone_namespace | default(namespace) }}"
|
||||
|
@ -1,31 +0,0 @@
|
||||
- name: Import secret.yaml to obtain secrets
|
||||
include_tasks: secrets.yaml
|
||||
when:
|
||||
- drone_use_external_db
|
||||
- postgres_enabled is defined and postgres_enabled
|
||||
|
||||
- set_fact:
|
||||
drone_combined_values: "{{ drone_default_values | combine(drone_values, recursive=true) }}"
|
||||
|
||||
- set_fact:
|
||||
drone_runner_kube_combined_values: "{{ drone_runner_kube_default_values | combine(drone_runner_kube_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy Drone Server
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ drone_namespace | default(namespace) }}"
|
||||
release_name: "{{ drone_name | default('drone') }}"
|
||||
chart_ref: "{{ drone_chart | default('drone/drone') }}"
|
||||
chart_version: "{{ drone_version | default(omit) }}"
|
||||
release_values: "{{ drone_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
||||
- name: Deploy Drone Runner Kube
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ drone_runner_kube_namespace | default(namespace) }}"
|
||||
release_name: "{{ drone_runner_kube_name | default('drone-runner-kube') }}"
|
||||
chart_ref: "{{ drone_runner_kube_chart | default('drone/drone-runner-kube') }}"
|
||||
chart_version: "{{ drone_runner_kube_version | default(omit) }}"
|
||||
release_values: "{{ drone_runner_kube_combined_values | from_yaml }}"
|
||||
wait: true
|
@ -1,25 +0,0 @@
|
||||
- block:
|
||||
- name: Set DB namespace for secret lookup
|
||||
set_fact:
|
||||
db_namespace: "{{ drone_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
|
||||
|
||||
- name: Set DB secret name for lookup
|
||||
set_fact:
|
||||
db_secret_name: "drone.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
|
||||
|
||||
- name: Lookup Drone DB secret
|
||||
set_fact:
|
||||
drone_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ drone_db_secret }}"
|
||||
verbosity: 2
|
||||
|
||||
- name: Set Drone DB username
|
||||
set_fact:
|
||||
drone_db_username: "{{ drone_db_secret.data.username | b64decode }}"
|
||||
|
||||
- name: Set Drone DB password
|
||||
set_fact:
|
||||
drone_db_password: "{{ drone_db_secret.data.password | b64decode }}"
|
||||
|
@ -1,8 +1,5 @@
|
||||
external_dns_chart_ref: "ghp/external-dns"
|
||||
external_dns_default_values:
|
||||
image:
|
||||
registry: registry.0xace.cc
|
||||
repository: ghp/external-dns
|
||||
tag: v0.7.6-663-gf76382a5
|
||||
fullnameOverride: "{{ external_dns_name | default(namespace + '-external-dns') }}"
|
||||
ingressClass: "{{ external_ingress_class }}"
|
||||
domainFilters: ["{{ external_domain | default(domain) }}"]
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ external_dns_namespace | default(dns_namespace) | default(namespace) }}"
|
||||
release_name: "{{ external_dns_name | default(namespace + '-external-dns') }}"
|
||||
chart_ref: "{{ external_dns_chart | default('ghp/external-dns') }}"
|
||||
chart_ref: "{{ external_dns_chart_ref }}"
|
||||
chart_version: "{{ external_dns_version | default(omit) }}"
|
||||
release_values: "{{ external_dns_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,3 +1,4 @@
|
||||
external_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
|
||||
external_ingress_nginx_default_values:
|
||||
controller:
|
||||
kind: DaemonSet
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ external_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}"
|
||||
release_name: "{{ external_ingress_nginx_name | default(namespace + '-external-ingress-nginx') }}"
|
||||
chart_ref: "{{ external_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
|
||||
chart_ref: "{{ external_ingress_nginx_chart_ref }}"
|
||||
chart_version: "{{ external_ingress_nginx_version | default(omit) }}"
|
||||
release_values: "{{ external_ingress_nginx_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
11
roles/gitea-act-runner/defaults/main.yaml
Normal file
11
roles/gitea-act-runner/defaults/main.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
gitea_act_runner_enabled: true
|
||||
gitea_act_runner_chart_ref: "ghp/gitea-act-runner"
|
||||
gitea_act_runner_gitea_instance_short_name: "gitea"
|
||||
gitea_act_runner_default_values:
|
||||
giteaInstance: "{{ gitea_act_runner_gitea_instance_short_name }}.{{ domain }}"
|
||||
token: ""
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: "{{ gitea_act_runner_storage_mode | default('ReadWriteMany') }}"
|
||||
size: "{{ gitea_act_runner_size | default('25Gi') }}"
|
||||
storageClass: "{{ gitea_act_runner_storage | default('nfs-ssd') }}"
|
11
roles/gitea-act-runner/tasks/main.yaml
Normal file
11
roles/gitea-act-runner/tasks/main.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
- set_fact:
|
||||
gitea_act_runner_combined_values: "{{ gitea_act_runner_default_values | combine(gitea_act_runner_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy Gitea Act Runner
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ gitea_act_runner_namespace | default(namespace) }}"
|
||||
release_name: "{{ gitea_act_runner_name | default('gitea-act-runner') }}"
|
||||
chart_ref: "{{ gitea_act_runner_chart_ref }}"
|
||||
chart_version: "{{ gitea_act_runner_version | default(omit) }}"
|
||||
release_values: "{{ gitea_act_runner_combined_values | from_yaml }}"
|
25
roles/gitea-act-runner/tasks/secrets.yaml
Normal file
25
roles/gitea-act-runner/tasks/secrets.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
- block:
|
||||
- name: Set DB namespace for secret lookup
|
||||
set_fact:
|
||||
db_namespace: "{{ peertube_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
|
||||
|
||||
- name: Set DB secret name for lookup
|
||||
set_fact:
|
||||
db_secret_name: "peertube-owner-user.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
|
||||
|
||||
- name: Lookup PeerTube DB secret
|
||||
set_fact:
|
||||
peertube_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
|
||||
|
||||
- debug:
|
||||
msg: "{{ peertube_db_secret }}"
|
||||
verbosity: 2
|
||||
|
||||
- name: Set PeerTube DB username
|
||||
set_fact:
|
||||
peertube_db_username: "{{ peertube_db_secret.data.username | b64decode }}"
|
||||
|
||||
- name: Set PeerTube DB password
|
||||
set_fact:
|
||||
peertube_db_password: "{{ peertube_db_secret.data.password | b64decode }}"
|
||||
|
@ -1,6 +1,7 @@
|
||||
gitea_enabled: true
|
||||
gitea_publish_web: false
|
||||
gitea_publish_ssh: false
|
||||
gitea_chart_ref: "gitea-charts/gitea"
|
||||
gitea_use_external_db: true
|
||||
gitea_short_name: "gitea"
|
||||
gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
|
||||
@ -78,6 +79,10 @@ gitea_default_values:
|
||||
USER: "{{ gitea_ldap_user | default('gitea') }}"
|
||||
PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
|
||||
MAILER_TYPE: "smtp"
|
||||
actions:
|
||||
ENABLED: "true"
|
||||
packages:
|
||||
ENABLED: "true"
|
||||
|
||||
gitea_external_db_values:
|
||||
gitea:
|
||||
@ -101,6 +106,7 @@ gitea_publish_ingress_nginx_values:
|
||||
service:
|
||||
externalTrafficPolicy: Local
|
||||
|
||||
gitea_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
|
||||
gitea_ingress_nginx_default_values:
|
||||
controller:
|
||||
containerPort:
|
||||
@ -133,11 +139,8 @@ gitea_ingress_nginx_default_values:
|
||||
22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"
|
||||
|
||||
|
||||
gitea_dns_chart_ref: "ghp/external-dns"
|
||||
gitea_dns_default_values:
|
||||
image:
|
||||
registry: registry.0xace.cc
|
||||
repository: ghp/external-dns
|
||||
tag: v0.7.6-663-gf76382a5
|
||||
fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"
|
||||
ingressClass: "{{ gitea_ingress_class }}"
|
||||
domainFilters: ["{{ domain }}"]
|
||||
|
@ -26,7 +26,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ gitea_ingress_nginx_namespace | default(namespace) }}"
|
||||
release_name: "{{ gitea_ingress_nginx_release_name | default(namespace + '-gitea-ingress-nginx') }}"
|
||||
chart_ref: "{{ gitea_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
|
||||
chart_ref: "{{ gitea_ingress_nginx_chart_ref }}"
|
||||
chart_version: "{{ gitea_ingress_nginx_version | default(omit) }}"
|
||||
release_values: "{{ gitea_ingress_nginx_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
@ -36,7 +36,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ gitea_dns_namespace | default(namespace) }}"
|
||||
release_name: "{{ gitea_dns_relase_name | default(namespace + '-gitea-internal-dns') }}"
|
||||
chart_ref: "{{ gitea_dns_chart | default('ghp/external-dns') }}"
|
||||
chart_ref: "{{ gitea_dns_chart_ref }}"
|
||||
chart_version: "{{ gitea_dns_version | default(omit) }}"
|
||||
release_values: "{{ gitea_dns_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
@ -47,7 +47,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ gitea_namespace | default(namespace) }}"
|
||||
release_name: "{{ gitea_release_name | default(namespace + '-gitea') }}"
|
||||
chart_ref: "{{ gitea_chart | default('gitea-charts/gitea') }}"
|
||||
chart_ref: "{{ gitea_chart_ref }}"
|
||||
chart_version: "{{ gitea_version | default(omit) }}"
|
||||
release_values: "{{ gitea_combined_values | from_yaml }}"
|
||||
#wait: true
|
||||
|
@ -1,5 +1,6 @@
|
||||
harbor_enabled: true
|
||||
harbor_enabled: false
|
||||
harbor_publish: false
|
||||
harbor_chart_ref: "harbor/harbor"
|
||||
harbor_short_name: "harbor"
|
||||
harbor_use_external_db: true
|
||||
harbor_default_values:
|
||||
@ -48,12 +49,6 @@ harbor_default_values:
|
||||
subPath: ""
|
||||
accessMode: "{{ harbor_registry_storage_mode | default(harbor_storage_mode) | default('ReadWriteMany') }}"
|
||||
size: "{{ harbor_registry_size | default('100Gi') }}"
|
||||
chartmuseum:
|
||||
existingClaim: ""
|
||||
storageClass: "{{ harbor_charts_storage | default(harbor_storage) | default('nfs-ssd') }}"
|
||||
subPath: ""
|
||||
accessMode: "{{ harbor_charts_storage_mode | default(harbor_storage_mode) | default('ReadWriteMany') }}"
|
||||
size: "{{ harbor_charts_size | default('50Gi') }}"
|
||||
jobservice:
|
||||
jobLog:
|
||||
existingClaim: ""
|
||||
@ -86,9 +81,6 @@ harbor_default_values:
|
||||
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
# The update strategy for deployments with persistent volumes(jobservice, registry
|
||||
# and chartmuseum): "RollingUpdate" or "Recreate"
|
||||
# Set it as "Recreate" when "RWM" for volumes isn't supported
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
|
||||
|
@ -12,7 +12,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ harbor_namespace | default(namespace) }}"
|
||||
release_name: "{{ harbor_name | default('harbor') }}"
|
||||
chart_ref: "{{ harbor_chart | default('harbor/harbor') }}"
|
||||
chart_ref: "{{ harbor_chart_ref }}"
|
||||
chart_version: "{{ harbor_version | default(omit) }}"
|
||||
release_values: "{{ harbor_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,8 +1,7 @@
|
||||
helm_repos:
|
||||
- { name: 'ghp', url: 'https://registry.geekhome.org/chartrepo/ghp' }
|
||||
- { name: 'ghp', url: 'https://git.geekhome.org' }
|
||||
- { name: 'jetstack', url: 'https://charts.jetstack.io' }
|
||||
- { name: 'bitnami', url: 'https://charts.bitnami.com/bitnami' }
|
||||
- { name: 'drone', url: 'https://charts.drone.io' }
|
||||
- { name: 'ingress-nginx', url: 'https://kubernetes.github.io/ingress-nginx' }
|
||||
- { name: 'stable', url: 'https://charts.helm.sh/stable' }
|
||||
- { name: 'nextcloud', url: 'https://nextcloud.github.io/helm' }
|
||||
@ -11,4 +10,5 @@ helm_repos:
|
||||
- { name: 'harbor', url: 'https://helm.goharbor.io' }
|
||||
- { name: 'metallb', url: 'https://metallb.github.io/metallb' }
|
||||
- { name: 'nfs-subdir-external-provisioner', url: 'https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner' }
|
||||
- { name: 'metrics-server', url: 'https://kubernetes-sigs.github.io/metrics-server/' }
|
||||
|
||||
|
@ -1,8 +1,5 @@
|
||||
internal_dns_chart_ref: "ghp/external-dns"
|
||||
internal_dns_default_values:
|
||||
image:
|
||||
registry: registry.0xace.cc
|
||||
repository: ghp/external-dns
|
||||
tag: v0.7.6-663-gf76382a5
|
||||
fullnameOverride: "{{ internal_dns_name | default(namespace + '-internal-dns') }}"
|
||||
ingressClass: "{{ internal_ingress_class }}"
|
||||
domainFilters: ["{{ internal_domain | default(domain) }}"]
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ internal_dns_namespace | default(dns_namespace) | default(namespace) }}"
|
||||
release_name: "{{ internal_dns_name | default(namespace + '-internal-dns') }}"
|
||||
chart_ref: "{{ internal_dns_chart | default('ghp/external-dns') }}"
|
||||
chart_ref: "{{ internal_dns_chart_ref }}"
|
||||
chart_version: "{{ internal_dns_version | default(omit) }}"
|
||||
release_values: "{{ internal_dns_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,3 +1,4 @@
|
||||
internal_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
|
||||
internal_ingress_nginx_default_values:
|
||||
controller:
|
||||
publishService:
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ internal_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}"
|
||||
release_name: "{{ internal_ingress_nginx_name | default(namespace + '-internal-ingress-nginx') }}"
|
||||
chart_ref: "{{ internal_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
|
||||
chart_ref: "{{ internal_ingress_nginx_chart_ref }}"
|
||||
chart_version: "{{ internal_ingress_nginx_version | default(omit) }}"
|
||||
release_values: "{{ internal_ingress_nginx_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,8 +1,5 @@
|
||||
local_dns_chart_ref: "ghp/external-dns"
|
||||
local_dns_default_values:
|
||||
image:
|
||||
registry: registry.0xace.cc
|
||||
repository: ghp/external-dns
|
||||
tag: v0.7.6-663-gf76382a5
|
||||
fullnameOverride: "{{ local_dns_name | default(namespace + '-local-dns') }}"
|
||||
ingressClass: "{{ local_ingress_class }}"
|
||||
domainFilters: ["{{ local_domain }}"]
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ local_dns_namespace | default(dns_namespace) | default(namespace) }}"
|
||||
release_name: "{{ local_dns_name | default(namespace + '-local-dns') }}"
|
||||
chart_ref: "{{ local_dns_chart | default('ghp/external-dns') }}"
|
||||
chart_ref: "{{ local_dns_chart_ref }}"
|
||||
chart_version: "{{ local_dns_version | default(omit) }}"
|
||||
release_values: "{{ local_dns_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,3 +1,4 @@
|
||||
local_ingress_nginx_chart_ref: "ingress-nginx/ingress-nginx"
|
||||
local_ingress_nginx_default_values:
|
||||
controller:
|
||||
publishService:
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ local_ingress_nginx_namespace | default(ingress_namespace) | default(namespace) }}"
|
||||
release_name: "{{ local_ingress_nginx_name | default(namespace + '-local-ingress-nginx') }}"
|
||||
chart_ref: "{{ local_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
|
||||
chart_ref: "{{ local_ingress_nginx_chart_ref }}"
|
||||
chart_version: "{{ local_ingress_nginx_version | default(omit) }}"
|
||||
release_values: "{{ local_ingress_nginx_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -46,18 +46,6 @@
|
||||
name: dovecot
|
||||
tags: dovecot
|
||||
|
||||
- name: Deploy OpenDKIM
|
||||
import_role:
|
||||
name: opendkim
|
||||
when: opendkim_enabled | default(false)
|
||||
tags: opendkim
|
||||
|
||||
- name: Deploy OpenDMARC
|
||||
import_role:
|
||||
name: opendmarc
|
||||
when: opendmarc_enabled | default(false)
|
||||
tags: opendmarc
|
||||
|
||||
- name: Deploy Rspamd
|
||||
import_role:
|
||||
name: rspamd
|
||||
|
@ -1,5 +1,6 @@
|
||||
mastodon_enabled: false
|
||||
mastodon_publish: true
|
||||
mastodon_chart_ref: "ghp/mastodon"
|
||||
mastodon_use_external_db: true
|
||||
mastodon_short_name: "mastodon"
|
||||
mastodon_enable_elasticsearch: true
|
||||
|
@ -12,7 +12,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ mastodon_namespace | default(namespace) }}"
|
||||
release_name: "{{ mastodon_name | default('mastodon') }}"
|
||||
chart_ref: "{{ mastodon_chart | default('ghp/mastodon') }}"
|
||||
chart_ref: "{{ mastodon_chart_ref }}"
|
||||
chart_version: "{{ mastodon_version | default(omit) }}"
|
||||
release_values: "{{ mastodon_combined_values | from_yaml }}"
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
strict_arp_for_metallb: true
|
||||
metallb_chart_ref: "metallb/metallb"
|
||||
metallb_strict_arp: true
|
||||
metallb_default_values: {}
|
||||
|
||||
metallb_pool_name: "default"
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ metallb_namespace | default('metallb-system') }}"
|
||||
release_name: "{{ metallb_name | default('metallb') }}"
|
||||
chart_ref: "{{ metallb_chart | default('metallb/metallb') }}"
|
||||
chart_ref: "{{ metallb_chart_ref }}"
|
||||
chart_version: "{{ metallb_version | default(omit) }}"
|
||||
release_values: "{{ metallb_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
@ -18,7 +18,7 @@
|
||||
sed -e "s/strictARP: false/strictARP: true/" | \
|
||||
kubectl diff -f - -n kube-system
|
||||
register: check_strict_arp
|
||||
when: strict_arp_for_metallb
|
||||
when: metallb_strict_arp
|
||||
changed_when: check_strict_arp.rc != 0
|
||||
|
||||
- name: Apply strict arp
|
||||
@ -29,7 +29,7 @@
|
||||
&& kubectl -n kube-system delete pods --selector=k8s-app=kube-proxy
|
||||
when:
|
||||
- strict_arp_for_metallb
|
||||
- check_strict_arp.changed
|
||||
- metallb_strict_arp.changed
|
||||
|
||||
- name: Apply MetalLB L2 definitions
|
||||
k8s:
|
||||
|
@ -1,6 +1,10 @@
|
||||
metrics_server_enabled: true
|
||||
metrics_server_chart_ref: "metrics-server/metrics-server"
|
||||
metrics_server_default_values:
|
||||
apiService:
|
||||
create: true
|
||||
extraArgs:
|
||||
kubelet-insecure-tls: true
|
||||
args:
|
||||
- --kubelet-insecure-tls=true
|
||||
metrics:
|
||||
enabled: true
|
||||
|
||||
|
@ -6,6 +6,6 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ metrics_server_namespace | default('metrics-server') }}"
|
||||
release_name: "{{ metrics_server_name | default('metrics-server') }}"
|
||||
chart_ref: "{{ metrics_server_chart | default('bitnami/metrics-server') }}"
|
||||
chart_ref: "{{ metrics_server_chart_ref }}"
|
||||
chart_version: "{{ metrics_server_version | default(omit) }}"
|
||||
release_values: "{{ metrics_server_combined_values | from_yaml }}"
|
||||
|
@ -1,5 +1,6 @@
|
||||
nextcloud_enabled: true
|
||||
nextcloud_publish: false
|
||||
nextcloud_chart_ref: "nextcloud/nextcloud"
|
||||
nextcloud_use_external_db: true
|
||||
nextcloud_short_name: "nextcloud"
|
||||
nextcloud_default_values:
|
||||
|
@ -12,7 +12,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ nextcloud_namespace | default(namespace) }}"
|
||||
release_name: "{{ nextcloud_name | default('nextcloud') }}"
|
||||
chart_ref: "{{ nextcloud_chart | default('nextcloud/nextcloud') }}"
|
||||
chart_ref: "{{ nextcloud_chart_ref }}"
|
||||
chart_version: "{{ nextcloud_version | default(omit) }}"
|
||||
release_values: "{{ nextcloud_combined_values | from_yaml }}"
|
||||
wait: false
|
||||
|
@ -1,4 +1,5 @@
|
||||
nfs_client_provisioner_namespace: nfs-client-provisioner
|
||||
nfs_client_provisioner_namespace: "nfs-client-provisioner"
|
||||
nfs_client_provisioner_hdd_chart_ref: "nfs-subdir-external-provisioner/nfs-subdir-external-provisioner"
|
||||
nfs_client_provisioner_hdd_default_values:
|
||||
replicaCount: 1
|
||||
strategyType: Recreate
|
||||
@ -34,6 +35,7 @@ nfs_client_provisioner_hdd_default_values:
|
||||
accessModes: ReadWriteMany
|
||||
|
||||
|
||||
nfs_client_provisioner_ssd_chart_ref: "nfs-subdir-external-provisioner/nfs-subdir-external-provisioner"
|
||||
nfs_client_provisioner_ssd_default_values:
|
||||
replicaCount: 1
|
||||
strategyType: Recreate
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ nfs_client_provisioner_hdd_namespace | default(nfs_client_provisioner_namespace) | default(namespace) }}"
|
||||
release_name: "{{ nfs_client_provisioner_hdd_name | default('nfs-client-provisioner-hdd') }}"
|
||||
chart_ref: "{{ nfs_client_provisioner_hdd_chart | default('nfs-subdir-external-provisioner/nfs-subdir-external-provisioner') }}"
|
||||
chart_ref: "{{ nfs_client_provisioner_hdd_chart_ref }}"
|
||||
chart_version: "{{ nfs_client_provisioner_hdd_version | default(omit) }}"
|
||||
release_values: "{{ nfs_client_provisioner_hdd_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
@ -19,7 +19,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ nfs_client_provisioner_ssd_namespace | default(nfs_client_provisioner_namespace) | default(namespace) }}"
|
||||
release_name: "{{ nfs_client_provisioner_ssd_name | default('nfs-client-provisioner-ssd') }}"
|
||||
chart_ref: "{{ nfs_client_provisioner_ssd_chart | default('nfs-subdir-external-provisioner/nfs-subdir-external-provisioner') }}"
|
||||
chart_ref: "{{ nfs_client_provisioner_ssd_chart_ref }}"
|
||||
chart_version: "{{ nfs_client_provisioner_ssd_version | default(omit) }}"
|
||||
release_values: "{{ nfs_client_provisioner_ssd_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,16 +1,11 @@
|
||||
harbor_readonly_ingress: false
|
||||
registry_readonly_ingress: false
|
||||
wikijs_readonly_ingress: false
|
||||
chartmuseum_readonly_ingress: false
|
||||
registry_publish: false
|
||||
chartmuseum_publish: false
|
||||
harbor_publish: false
|
||||
roundcube_publish: false
|
||||
nextcloud_publish: true
|
||||
bitwarden_publish: false
|
||||
gitea_publish_web: false
|
||||
gitea_publish_ssh: false
|
||||
drone_publish: false
|
||||
wikijs_publish: false
|
||||
playmaker_publish: false
|
||||
pypiserver_publish: false
|
||||
|
@ -1,45 +0,0 @@
|
||||
opendkim_short_name: "opendkim"
|
||||
opendkim_default_values:
|
||||
replicaCount: 1
|
||||
persistence:
|
||||
enabled: false
|
||||
existingClaim: mailboxes
|
||||
opendkim:
|
||||
image:
|
||||
repository: "instrumentisto/opendkim"
|
||||
tag: alpine
|
||||
configmaps:
|
||||
opendkim: |
|
||||
PidFile /var/run/opendkim/opendkim.pid
|
||||
Mode sv
|
||||
Syslog yes
|
||||
SyslogSuccess yes
|
||||
LogWhy yes
|
||||
UserID opendkim:opendkim
|
||||
Socket inet:8891
|
||||
Umask 002
|
||||
SendReports yes
|
||||
SoftwareHeader yes
|
||||
Canonicalization relaxed/relaxed
|
||||
Domain {{ domain }}
|
||||
Selector default
|
||||
MinimumKeyBits 1024
|
||||
KeyTable refile:/etc/opendkim/KeyTable
|
||||
SigningTable refile:/etc/opendkim/SigningTable
|
||||
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
||||
InternalHosts refile:/etc/opendkim/TrustedHosts
|
||||
OversignHeaders From
|
||||
keytable: |
|
||||
default._domainkey.{{ domain }} {{ domain }}:default:/etc/opendkim/keys/default.private
|
||||
signingtable: |
|
||||
*@{{ domain }} default._domainkey.{{ domain }}
|
||||
trustedhosts: |
|
||||
127.0.0.1
|
||||
::1
|
||||
*.{{ domain }}
|
||||
default-private: |
|
||||
{{ dkim_private_key_base64 | b64decode }}
|
||||
default-public: |
|
||||
{{ dkim_public_key_base64 | b64decode }}
|
||||
service:
|
||||
type: ClusterIP
|
@ -1,13 +0,0 @@
|
||||
- set_fact:
|
||||
opendkim_combined_values: "{{ opendkim_default_values | combine(opendkim_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy OpenDKIM
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ opendkim_namespace | default(mail_namespace) | default(namespace) }}"
|
||||
release_name: "{{ opendkim_name | default('opendkim') }}"
|
||||
chart_ref: "{{ opendkim_chart | default('ghp/opendkim') }}"
|
||||
chart_version: "{{ opendkim_version | default(omit) }}"
|
||||
release_values: "{{ opendkim_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,25 +0,0 @@
|
||||
opendmarc_short_name: "opendmarc"
|
||||
opendmarc_default_values:
|
||||
replicaCount: 1
|
||||
persistence:
|
||||
enabled: false
|
||||
existingClaim: mailboxes
|
||||
|
||||
opendmarc:
|
||||
image:
|
||||
repository: "instrumentisto/opendmarc"
|
||||
tag: alpine
|
||||
configmaps:
|
||||
opendmarc: |
|
||||
AuthservID {{ mail_short_name | default('mail') }}.{{ domain }}
|
||||
Socket inet:8893
|
||||
SoftwareHeader true
|
||||
IgnoreAuthenticatedClients true
|
||||
SPFIgnoreResults false
|
||||
SPFSelfValidate false
|
||||
RequiredHeaders true
|
||||
Syslog true
|
||||
UserID opendmarc:mail
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
@ -1,13 +0,0 @@
|
||||
- set_fact:
|
||||
opendmarc_combined_values: "{{ opendmarc_default_values | combine(opendmarc_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy OpenDMARC
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ opendmarc_namespace | default(mail_namespace) | default(namespace) }}"
|
||||
release_name: "{{ opendmarc_name | default('opendmarc') }}"
|
||||
chart_ref: "{{ opendmarc_chart | default('ghp/opendmarc') }}"
|
||||
chart_version: "{{ opendmarc_version | default(omit) }}"
|
||||
release_values: "{{ opendmarc_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,3 +1,4 @@
|
||||
openldap_chart_ref: "ghp/openldap"
|
||||
openldap_short_name: "openldap"
|
||||
openldap_default_values:
|
||||
replicaCount: 1
|
||||
|
@ -38,7 +38,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ openldap_namespace | default(namespace) }}"
|
||||
release_name: "{{ openldap_name | default('openldap') }}"
|
||||
chart_ref: "{{ openldap_chart | default('ghp/openldap') }}"
|
||||
chart_ref: "{{ openldap_chart_ref }}"
|
||||
chart_version: "{{ openldap_version | default(omit) }}"
|
||||
release_values: "{{ openldap_combined_values | from_yaml }}"
|
||||
|
||||
|
@ -1,5 +1,6 @@
|
||||
peertube_enabled: false
|
||||
peertube_publish: false
|
||||
peertube_chart_ref: "ghp/peertube"
|
||||
peertube_use_external_db: true
|
||||
peertube_short_name: "peertube"
|
||||
peertube_default_values:
|
||||
|
@ -12,6 +12,6 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ peertube_namespace | default(namespace) }}"
|
||||
release_name: "{{ peertube_name | default('peertube') }}"
|
||||
chart_ref: "{{ peertube_chart | default('ghp/peertube') }}"
|
||||
chart_ref: "{{ peertube_chart_ref }}"
|
||||
chart_version: "{{ peertube_version | default(omit) }}"
|
||||
release_values: "{{ peertube_combined_values | from_yaml }}"
|
||||
|
@ -1,5 +1,6 @@
|
||||
playmaker_enabled: true
|
||||
playmaker_publish: false
|
||||
playmaker_chart_ref: "ghp/playmaker"
|
||||
playmaker_short_name: "playmaker"
|
||||
playmaker_default_values:
|
||||
replicaCount: 1
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ playmaker_namespace | default(namespace) }}"
|
||||
release_name: "{{ playmaker_name | default('playmaker') }}"
|
||||
chart_ref: "{{ playmaker_chart | default('ghp/playmaker') }}"
|
||||
chart_ref: "{{ playmaker_chart_ref }}"
|
||||
chart_version: "{{ playmaker_version | default(omit) }}"
|
||||
release_values: "{{ playmaker_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,3 +1,4 @@
|
||||
postfix_chart_ref: "ghp/postfix"
|
||||
postfix_short_name: "postfix"
|
||||
postfix_default_values:
|
||||
replicaCount: 1
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ postfix_namespace | default(mail_namespace) | default(namespace) }}"
|
||||
release_name: "{{ postfix_name | default('postfix') }}"
|
||||
chart_ref: "{{ postfix_chart | default('ghp/postfix') }}"
|
||||
chart_ref: "{{ postfix_chart_ref }}"
|
||||
chart_version: "{{ postfix_version | default(omit) }}"
|
||||
release_values: "{{ postfix_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -49,7 +49,6 @@ postgres_db_definitions:
|
||||
size: "{{ postgres_size | default('10Gi') }}"
|
||||
users:
|
||||
gitea: []
|
||||
drone: []
|
||||
bitwarden: []
|
||||
wikijs: []
|
||||
nextcloud: []
|
||||
@ -58,7 +57,6 @@ postgres_db_definitions:
|
||||
mastodon: []
|
||||
databases:
|
||||
gitea: gitea
|
||||
drone: drone
|
||||
bitwarden: bitwarden
|
||||
wikijs: wikijs
|
||||
nextcloud: nextcloud
|
||||
|
@ -45,12 +45,12 @@
|
||||
- set_fact:
|
||||
postgres_operator_combined_values: "{{ postgres_operator_default_values | combine(postgres_operator_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy Postgres-operator
|
||||
- name: Deploy Postgres Operator
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ postgres_operator_namespace | default(namespace) }}"
|
||||
release_name: "{{ postgres_operator_name | default('postgres-operator') }}"
|
||||
chart_ref: "{{ postgres_operator_chart | default('ghp/postgres-operator') }}"
|
||||
chart_ref: "{{ postgres_operator_chart_ref }}"
|
||||
chart_version: "{{ postgres_operator_version | default(omit) }}"
|
||||
release_values: "{{ postgres_operator_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
@ -58,12 +58,12 @@
|
||||
- set_fact:
|
||||
postgres_operator_ui_combined_values: "{{ postgres_operator_ui_default_values | combine(postgres_operator_ui_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy Postgres-operator UI
|
||||
- name: Deploy Postgres Operator UI
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ postgres_operator_ui_namespace | default(postgres_operator_namespace) | default(namespace) }}"
|
||||
release_name: "{{ postgres_operator_ui_name | default('postgres-operator-ui') }}"
|
||||
chart_ref: "{{ postgres_operator_ui_chart | default('ghp/postgres-operator-ui') }}"
|
||||
chart_ref: "{{ postgres_operator_ui_chart_ref }}"
|
||||
chart_version: "{{ postgres_operator_ui_version | default(omit) }}"
|
||||
release_values: "{{ postgres_operator_ui_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -8,8 +8,6 @@ default_accounts:
|
||||
- { name: gitea_admin }
|
||||
- { name: gitea_ldap }
|
||||
- { name: wikijs_ldap }
|
||||
- { name: drone_admin }
|
||||
- { name: chartmuseum_admin }
|
||||
- { name: peertube_ldap }
|
||||
- { name: peertube_admin }
|
||||
- { name: mastodon_admin }
|
||||
|
@ -25,36 +25,6 @@
|
||||
loop: "{{ openldap_simple_users }}"
|
||||
when: openldap_simple_users is defined
|
||||
|
||||
- name: Test if Drone rpc secret exists in file for {{ item }}
|
||||
shell: grep -c "drone_rpc_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
|
||||
register: rpc_secret_test_grep
|
||||
|
||||
- name: Test if Drone database secret exists in file for {{ item }}
|
||||
shell: grep -c "drone_database_secret" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
|
||||
register: database_secret_test_grep
|
||||
|
||||
- name: Create Drone rpc secret for {{ item }}
|
||||
shell: "< /dev/urandom tr -dc a-f0-9 | head -c${1:-128};echo;"
|
||||
register: rpc_secret
|
||||
when: rpc_secret_test_grep.stdout == '0'
|
||||
|
||||
- name: Create Drone database secret for {{ item }}
|
||||
shell: "< /dev/urandom tr -dc a-f0-9 | head -c${1:-32};echo;"
|
||||
register: db_secret
|
||||
when: database_secret_test_grep.stdout == '0'
|
||||
|
||||
- name: Write Drone rpc secret for {{ item }}
|
||||
lineinfile:
|
||||
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
|
||||
line: "drone_rpc_secret: \"{{ rpc_secret.stdout }}\""
|
||||
when: rpc_secret_test_grep.stdout == '0'
|
||||
|
||||
- name: Write Drone database secret for {{ item }}
|
||||
lineinfile:
|
||||
path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
|
||||
line: "drone_database_secret: \"{{ db_secret.stdout }}\""
|
||||
when: database_secret_test_grep.stdout == '0'
|
||||
|
||||
- include_tasks: tsig.yaml
|
||||
|
||||
- include_tasks: dkim.yaml
|
||||
|
@ -1,5 +1,6 @@
|
||||
pypiserver_enabled: true
|
||||
pypiserver_publish: false
|
||||
pypiserver_chart_ref: "ghp/pypiserver"
|
||||
pypiserver_short_name: "pip"
|
||||
pypiserver_default_values:
|
||||
## If you want more than 1 replica you will have to use a ReadWriteMany volume
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ pypiserver_namespace | default(namespace) }}"
|
||||
release_name: "{{ pypiserver_name | default('pypiserver') }}"
|
||||
chart_ref: "{{ pypiserver_chart | default('ghp/pypiserver') }}"
|
||||
chart_ref: "{{ pypiserver_chart_ref }}"
|
||||
chart_version: "{{ pypiserver_version | default(omit) }}"
|
||||
release_values: "{{ pypiserver_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,56 +0,0 @@
|
||||
registry_enabled: true
|
||||
registry_publish: false
|
||||
registry_short_name: "registry"
|
||||
registry_default_values:
|
||||
service:
|
||||
type: ClusterIP
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "{{ external_ingress_class if registry_publish else internal_ingress_class }}"
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||||
hosts:
|
||||
- "{{ registry_short_name }}.{{ domain }}"
|
||||
tls:
|
||||
- secretName: "{{ registry_short_name }}.{{ domain }}-tls"
|
||||
hosts:
|
||||
- "{{ registry_short_name }}.{{ domain }}"
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: "{{ registry_storage | default('nfs-hdd') }}"
|
||||
size: "{{ registry_size | default('15Gi') }}"
|
||||
accessMode: "{{ registry_storage_mode | default('ReadWriteMany') }}"
|
||||
|
||||
registry_readonly_ingress_definition: |
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |-
|
||||
limit_except GET {
|
||||
deny all;
|
||||
}
|
||||
name: docker-registry-public
|
||||
namespace: "{{ registry_namespace | default(namespace) }}"
|
||||
spec:
|
||||
rules:
|
||||
- host: "{{ registry_readonly_ingress }}"
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: docker-registry
|
||||
servicePort: 5000
|
||||
path: /
|
||||
tls:
|
||||
- hosts:
|
||||
- "{{ registry_readonly_ingress }}"
|
||||
secretName: "{{ registry_readonly_ingress }}-tls"
|
||||
|
@ -1,19 +0,0 @@
|
||||
- set_fact:
|
||||
registry_combined_values: "{{ registry_default_values | combine(registry_values, recursive=true) }}"
|
||||
|
||||
- name: Deploy Docker registry
|
||||
kubernetes.core.helm:
|
||||
create_namespace: true
|
||||
release_namespace: "{{ registry_namespace | default(namespace) }}"
|
||||
release_name: "{{ registry_name | default('docker-registry') }}"
|
||||
chart_ref: "{{ registry_chart | default('ghp/docker-registry') }}"
|
||||
chart_version: "{{ registry_version | default(omit) }}"
|
||||
release_values: "{{ registry_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
||||
- name: Deploy readonly public ingress for Docker registry
|
||||
when: registry_readonly_ingress is defined
|
||||
k8s:
|
||||
state: present
|
||||
definition:
|
||||
"{{ registry_readonly_ingress_definition }}"
|
@ -1,5 +1,6 @@
|
||||
roundcube_enabled: true
|
||||
roundcube_publish: false
|
||||
roundcube_chart_ref: "ghp/roundcube"
|
||||
roundcube_use_external_db: true
|
||||
roundcube_short_name: "webmail"
|
||||
roundcube_default_values:
|
||||
|
@ -12,7 +12,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ roundcube_namespace | default(mail_namespace) | default(namespace) }}"
|
||||
release_name: "{{ roundcube_name | default('roundcube') }}"
|
||||
chart_ref: "{{ roundcube_chart | default('ghp/roundcube') }}"
|
||||
chart_ref: "{{ roundcube_chart_ref }}"
|
||||
chart_version: "{{ roundcube_version | default(omit) }}"
|
||||
release_values: "{{ roundcube_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,4 +1,5 @@
|
||||
rspamd_enabled: true
|
||||
rspamd_chart_ref: "ghp/rspamd"
|
||||
rspamd_short_name: "rspamd"
|
||||
rspamd_default_values:
|
||||
replicaCount: 1
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ rspamd_namespace | default(mail_namespace) | default(namespace) }}"
|
||||
release_name: "{{ rspamd_name | default('rspamd') }}"
|
||||
chart_ref: "{{ rspamd_chart | default('ghp/rspamd') }}"
|
||||
chart_ref: "{{ rspamd_chart_ref }}"
|
||||
chart_version: "{{ rspamd_version | default(omit) }}"
|
||||
release_values: "{{ rspamd_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,8 +1,5 @@
|
||||
service_dns_chart_ref: "ghp/external-dns"
|
||||
service_dns_default_values:
|
||||
image:
|
||||
registry: registry.0xace.cc
|
||||
repository: ghp/external-dns
|
||||
tag: v0.7.6-663-gf76382a5
|
||||
fullnameOverride: "{{ service_dns_name | default(namespace + '-service-dns') }}"
|
||||
domainFilters: ["{{ service_domain | default(domain) }}"]
|
||||
sources: ['service']
|
||||
|
@ -6,7 +6,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ service_dns_namespace | default(dns_namespace) | default(namespace) }}"
|
||||
release_name: "{{ service_dns_name | default(namespace + '-service-dns') }}"
|
||||
chart_ref: "{{ service_dns_chart | default('ghp/external-dns') }}"
|
||||
chart_ref: "{{ service_dns_chart_ref }}"
|
||||
chart_version: "{{ service_dns_version | default(omit) }}"
|
||||
release_values: "{{ service_dns_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
@ -1,5 +1,6 @@
|
||||
wikijs_enabled: true
|
||||
wikijs_publish: false
|
||||
wikijs_chart_ref: "ghp/wikijs"
|
||||
wikijs_use_external_db: true
|
||||
wikijs_short_name: "wikijs"
|
||||
wikijs_default_values:
|
||||
|
@ -12,7 +12,7 @@
|
||||
create_namespace: true
|
||||
release_namespace: "{{ wikijs_namespace | default(namespace) }}"
|
||||
release_name: "{{ wikijs_name | default('wikijs') }}"
|
||||
chart_ref: "{{ wikijs_chart | default('ghp/wikijs') }}"
|
||||
chart_ref: "{{ wikijs_chart_ref }}"
|
||||
chart_version: "{{ wikijs_version | default(omit) }}"
|
||||
release_values: "{{ wikijs_combined_values | from_yaml }}"
|
||||
wait: true
|
||||
|
Loading…
Reference in New Issue
Block a user