feat: new style in prod

2025-09-11 20:05:40 -04:00
parent f193ff4e6b
commit 31a8eafd65
8 changed files with 175 additions and 167 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -2,8 +2,9 @@ version: 3
 tasks:
  vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
-  infra: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
+  provision: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
-  setup: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}}
+  deploy: ansible-playbook playbooks/deploy.yml {{.CLI_ARGS}}
  restore: ansible-playbook playbooks/restore.yml {{.CLI_ARGS}}
  enter:
    cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}}
--- a/gitea/Dockerfile
+++ b/gitea/Dockerfile
@@ -4,3 +4,4 @@ ADD --chown=git:git config /etc/gitea
 ADD --chown=git:git custom /etc/gitea-custom
 ENV GITEA_CUSTOM=/etc/gitea-custom
 ENV BUCKET_KEY=""
--- a/gitea/config/app.ini
+++ b/gitea/config/app.ini
@@ -24,16 +24,12 @@ DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 22
 SSH_LISTEN_PORT = 22
 # SSH_DOMAIN = %(FULL_DOMAIN)s
 BUILTIN_SSH_SERVER_USER = git
 PROTOCOL=https
 ENABLE_ACME=true
 ACME_ACCEPTTOS=true
 ACME_DIRECTORY=https
 # ACME_EMAIL=%(EMAIL)s
 # DOMAIN = %(FULL_DOMAIN)s
 # ROOT_URL = %(ROOT_URL)s
 HTTP_PORT = 443
 [database]
--- a/gitea/config/dev.app.ini
+++ b/gitea/config/dev.app.ini
@@ -1,106 +0,0 @@
 APP_NAME = """Max's Code"""
 RUN_USER = git
 RUN_MODE = prod
 WORK_PATH = /var/lib/gitea
 [ui]
 DEFAULT_THEME = gitea-dark
 [repository]
 ROOT = /var/lib/gitea/git/repositories
 [repository.local]
 LOCAL_COPY_PATH = /tmp/gitea/local-repo
 [repository.upload]
 TEMP_PATH = /tmp/gitea/uploads
 [server]
 APP_DATA_PATH = /var/lib/gitea
 LFS_START_SERVER = true
 OFFLINE_MODE = true
 LFS_JWT_SECRET = x-----------------------------------------x
 DISABLE_SSH = false
 START_SSH_SERVER = true
 SSH_PORT = 2222
 SSH_LISTEN_PORT = 2222
 SSH_DOMAIN = localhost
 BUILTIN_SSH_SERVER_USER = git
 PROTOCOL  = https
 ROOT_URL  = https://localhost:443/
 DOMAIN = localhost
 HTTP_PORT = 443
 CERT_FILE = /etc/gitea-custom/cert.pem
 KEY_FILE  = /etc/gitea-custom/key.pem
 [database]
 DB_TYPE = sqlite3
 [session]
 PROVIDER_CONFIG = /var/lib/gitea/data/sessions
 PROVIDER = file
 [picture]
 AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
 REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
 [attachment]
 PATH = /var/lib/gitea/data/attachments
 [log]
 ROOT_PATH = /var/lib/gitea/data/log
 MODE = console
 LEVEL = info
 [security]
 INSTALL_LOCK = true
 SECRET_KEY = 
 REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = *
 PASSWORD_HASH_ALGO = pbkdf2
 INTERNAL_TOKEN = x-----------------------------------------x
 [service]
 DISABLE_REGISTRATION = true
 REQUIRE_SIGNIN_VIEW = false
 REGISTER_EMAIL_CONFIRM = false
 ENABLE_NOTIFY_MAIL = false
 ALLOW_ONLY_EXTERNAL_REGISTRATION = false
 ENABLE_CAPTCHA = false
 DEFAULT_KEEP_EMAIL_PRIVATE = false
 DEFAULT_ALLOW_CREATE_ORGANIZATION = true
 DEFAULT_ENABLE_TIMETRACKING = true
 NO_REPLY_ADDRESS = noreply
 [lfs]
 PATH = /var/lib/gitea/git/lfs
 [mailer]
 ENABLED = false
 [openid]
 ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = false
 [cron.update_checker]
 ENABLED = false
 [repository.pull-request]
 DEFAULT_MERGE_STYLE = merge
 [repository.signing]
 DEFAULT_TRUST_MODEL = committer
 [oauth2]
 JWT_SECRET = x-----------------------------------------x
 [storage]
 STORAGE_TYPE = minio
 MINIO_ENDPOINT = localstack:4566
 MINIO_ACCESS_KEY_ID = test
 MINIO_SECRET_ACCESS_KEY = test
 MINIO_BUCKET = storage
 MINIO_USE_SSL = false
 MINIO_INSECURE_SKIP_VERIFY = true
--- a/playbooks/deploy.yml
+++ b/playbooks/deploy.yml
@@ -32,6 +32,8 @@
 - name: Set up real host.
  gather_facts: false
  hosts: localhost
  tags:
    - deploy
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
@@ -51,6 +53,21 @@
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
    - name: Install PIP.
      ansible.builtin.apt:
        name:
          - python3-pip
        state: present
    - name: Install needed packages.
      ansible.builtin.pip:
        name:
          - botocore
          - boto3
          - packaging
        state: present
        break_system_packages: true
    - name: Download Docker repository key.
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/debian/gpg
@@ -92,6 +109,8 @@
 - name: Deploy artifact to instance.
  hosts: server
  tags:
    - deploy
  gather_facts: false
  vars_files:
    - ../variables.yml
@@ -129,6 +148,7 @@
        memory_swap: 900m
        ports: [80:80, 443:443, "22:22"]
        env:
          # Secrets.
          GITEA__security__INTERNAL_TOKEN: "{{ secret.internal }}"
          GITEA__server__LFS_JWT_SECRET: "{{ secret.lfs }}"
          GITEA__oauth2__JWT_SECRET: "{{ secret.jwt }}"
@@ -137,10 +157,22 @@
          GITEA__server__DOMAIN: "{{ server_fqdn.value }}"
          GITEA__server__ROOT_URL: "https://{{ server_fqdn.value }}/"
          # General S3 storage information.
          GITEA__storage__MINIO_BUCKET: "{{ secret.bucket.name }}"
          GITEA__storage__MINIO_ENDPOINT: "{{ secret.bucket.endpoint }}"
          GITEA__storage__MINIO_ACCESS_KEY_ID: "{{ secret.bucket.access_key }}"
          GITEA__storage__MINIO_SECRET_ACCESS_KEY: "{{ secret.bucket.secret_key }}"
          # Set storage to specific S3 bucket path.
          GITEA__storage_0x2E_attachments__MINIO_BASE_PATH: "{{ secret.storage.key }}/attachments"
          GITEA__storage_0x2E_lfs__MINIO_BASE_PATH: "{{ secret.storage.key }}/lfs"
          GITEA__storage_0x2E_avatars__MINIO_BASE_PATH: "{{ secret.storage.key }}/avatars"
          GITEA__storage_0x2E_repo_0X2D_archive___MINIO_BASE_PATH: "{{ secret.storage.key }}/repo-archive"
          GITEA__storage_0x2E_repo_0X2D_avatars__MINIO_BASE_PATH: "{{ secret.storage.key }}/repo-avatars"
          GITEA__storage_0x2E_packages__MINIO_BASE_PATH: "{{ secret.storage.key }}/packages"
          GITEA__storage_0x2E_actions_log__MINIO_BASE_PATH: "{{ secret.storage.key }}/actions_log"
          GITEA__storage_0x2E_actions_artifacts__MINIO_BASE_PATH: "{{ secret.storage.key }}/actions_artifacts"
        labels:
          docker-volume-backup.stop-during-backup: "true"
        volumes:
--- a/playbooks/restore.yml
+++ b/playbooks/restore.yml
@@ -0,0 +1,72 @@
 - name: Set up real host.
  gather_facts: false
  hosts: localhost
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
    - name: Add remote host.
      ansible.builtin.add_host:
        name: server
        ansible_ssh_host: "{{ server_ip.value }}"
        ansible_user: root
        ansible_port: 2222
        ansible_private_key_file: "{{ secret.private_ssh_key_path }}"
 - name: Deploy artifact to instance.
  hosts: server
  become: true
  gather_facts: false
  vars_files:
    - ../vault.yml
    - ../dist/terraform_outputs.yml
  tasks:
    - name: Stop server.
      community.docker.docker_container:
        name: "{{ item }}"
        state: stopped
      loop: [server, backup]
    - name: Copy backup from S3.
      amazon.aws.s3_object:
        bucket: "{{ secret.restore.bucket | mandatory(msg='You must specify the bucket of the data.') }}"
        object: "{{ secret.restore.key | mandatory(msg='You must specify the key of the data.') }}"
        dest: /root/snapshot.tar.gz
        mode: get
        region: "{{ secret.restore.region }}"
        access_key: "{{ secret.restore.access_key }}"
        secret_key: "{{ secret.restore.secret_key }}"
        ignore_nonexistent_bucket: true
    - name: Ensure backup directory exists.
      ansible.builtin.file:
        path: /root/restore
        state: directory
        mode: '0777'
    - name: Extract backup.
      ansible.builtin.unarchive:
        src: /root/snapshot.tar.gz
        dest: /root/restore
        remote_src: true
    - name: Move backup files to data folder.
      ansible.builtin.copy:
        remote_src: true
        src: /root/restore/backup/my-app-backup/
        dest: /root/data/
        mode: '0777'
    - name: Update permissions.
      ansible.builtin.file:
        path: /root/data
        recurse: true
        mode: '0777'
        owner: 1000
        group: 1000
    - name: Restart containers.
      community.docker.docker_container:
        name: "{{ item }}"
        state: started
      loop: [server, backup]
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -4,7 +4,7 @@ locals {
  server_image = "debian-12"
  domain = "maximhutz.com"
-  subdomain = "git2"
+  subdomain = "git"
 }
 # ---------------------------------------------------------------------------- #
--- a/vault.yml
+++ b/vault.yml
@@ -1,54 +1,66 @@
 $ANSIBLE_VAULT;1.1;AES256
-38663938363539353464613331616136616331306165376535336636653164613838643438376565
+62366236383830323331383264663835316237363032333766333730653939666236666261653162
-3961346438313132643166396662333536326264353935390a626235663065666266383132626164
+3938653635393063313566343261303338666363386661650a376637613563303238373965356134
-35306337636461626533343438633766303464363065653432303438666234626436663235376263
+30373861653832383462666231356163623231303637636539383166383039333562636434646334
-3337616265643730640a643265616330393136386139613166333834376336353532366362346662
+3433393163363562340a333962343636366234336239633032313166303163353165643762326464
-31363731616339336461306230616234323866373239313662643933653666626233616135333837
+34353062323863666666666132663364633336623430373033623761613035666332323739313833
-38313935386234333165333230633236353261396337343936346161636435653663343139373839
+38623639643539363639383339356231313431373437343430323237336539313939303139353534
-36303431623662363765373962333834386266303236623064356639633431313833663562633630
+63616331353464613963323864626663396637313139646461356165643233306530303062666332
-36653962663763383334383862383337323132376536346335333235353364313965366332353164
+36363636316335356434633439636434336666306466616231353135306538386334313937363765
-35306563616161626366653433333861616161623838343432663333643539303765323733643831
+34333833626634383734396638646530393233623937396335313637333764313736383032333734
-33366166386661386562616634323730666534663937376164656365323163633034633435623734
+64373966643030623331663139363034343536373830353338356335356338633638393862386230
-36393366653562363835633139316331636361373361363461656338363633373538333639343336
+39336533656465366534306465396536613334333632643937316130303338626331386537343331
-62326365396666376239346265633463356664333263353639393562393137653666353439356330
+64363966323561326262376631356261613231343335393233366231373631663635376234346164
-36643333383964393735666537336565373131396139363336613138326563653739626135363739
+38303432386336643566363731386664376239666530336232666532616264353537353738636464
-32326663666634383736333933373939376366303036383466663361363235663862306331343231
+64616364353730653831616335656532663336666339653337646133316661373038326164373235
-38323736336235633965643937646138646634323065373332346663343933643562363265633666
+30653836336338333932303539393632326164623538303066353934623831376533333964346561
-30373234373066386132373361623833396330306364613138346461303132626236343334333664
+61323137373837376161653730386637663336623130366639356130626338663764366661616163
-37653362383265623235306562366439353938653539663332313234353561303839353334636665
+38356235386461366362396337646239633663303261616536386134663866333132613166373162
-66326434353265623831346562333863376161643862343430666438626231653033656464343162
+33616663316566623665666464356135393932366663663932366235643336343434633731646665
-33303864303263386332396466616661343732616131363138343462303233616239636564343337
+63323963366662346436393933643032653330313430633339613262306430306332326364343135
-31366561393137336533656437366331373130306131363138626130393435626236373830333232
+37393764363338656639393333623835626135323434376338656663386662643339643135653938
-33633063656139316437386532353161363132656134623836626336663833366339363936313930
+37396133373436353566646437633630373931643533383133343266626431393761646633666161
-63373930333438626430643261616565643537613133643230633663323334326234323664323533
+66313365373537386332396562613531346634376266653631343934356134643463633566373162
-33613636626434323466663437336466636133313537356433313537306166663931343039623431
+30633933636136663339316136333036386237346163646638393533336362363735623130623862
-32633932663731316435303933343534646439623232376463613463356637363635303263623333
+38623666383461363564326462326239303838623533393034383831366631396530343037636532
-64623663643938363432623330333333306166633234346636666365653861303731333166363232
+38366162396663653930633866303538353232656330643966386134316364313538646564313565
-34353733613263613630643331636634386539636637353163396634636438383166646563383461
+61313732343330336436393963643164303139373036303437393336313738336138306438393364
-66356166633166656461613966306333666535393665323761323832313835613339363833666361
+65623331663464626462316538663134346231643163356638383631623862313066343965376235
-39313536663962393734643237636162623832313261356435346661656536613461336431666431
+65613736643163663238316532623638343062633564333865623264356362663433333734383365
-64353362343939343664313863363339636535653038343635393534393534393635343839333162
+61373432656362343762333561376639396632386530353762303664373733656366343733613262
-63313136646563653636343534393366646563346537346662396538383535363566626365666264
+62313562323938356563323939316131646239313432626261353431626661613235363566393038
-62393965303766376133383338396434376466663537333934333464333933636363396365393531
+63656634383230316463363036306433366334643235656561613031653331333038323133653562
-33353437373962633938393331613339346662343964633931613735333864306261663139323662
+61393034663030663432376331383236626639613663343662323639316331653432383036393130
-35633064356162336430343831343238333361346138303466646162393366663431623630646233
+35376438333235336461313435316232373963613934323233613431643530646661666135613064
-61353466303363373162343534346132393539363033663062376539386334633066383635303961
+34313431613164333761643965373939353864333234353136386637326536336266363733343332
-34306532316637333936633237343562653838656434316238656362633431633661646666346333
+63393539353234343835633639333163386633326163623966343634346265623430326233353734
-64316163396137376266663033383032376431373062643832333764663766303461383933336231
+61373339393264383038383564346462396362333132346632396534346134613038316231613966
-36346261343364376664323836333530613863363437373134633434373663383338616230303239
+30636637626531343636376161326434336430386537646333353139353131363461613639646162
-32333362353133333164346462326333636539376239653638626163373166383834616462383136
+31346538326138366663623439393764653237386564653666396338623435386639623239373438
-36393838616266356139303430313931396337306362663061346632383764326137303265373030
+31616237343731623634643965386535663939356363653934343362633735353532353662396331
-31636466353139353135653765616561653463383737376461376532646162643434356263303764
+39373639346336653739613162626537636663376163343831623762643765346535636565376463
-38663530666361656561633936643035616531313339623065343634633135383934343466313537
+32366361373730376462356332363766376136613562613331386134633264613862383061343462
-61613465303761396239333835353735313235336463623265343064323032643832633133313831
+38316637336437336637393030613933393633666332353533646362663661313930376337396234
-31396437383563633036363737376463316135366161653162613738633466633061343933343430
+64636162343130326630366261356263363130663439393539363236343461343436316330663265
-37313433313934373266616634633065663030656163343032346462376265656363663262663064
+32616665366664303038333966373835646130343237646464353362346132653331303634643165
-66396666636638393538373534323664636464386239643964666432396337666130323562303234
+31393530373464653066643435343137313937326633653136623462363330343932383939626538
-39633431656333646538313762613661353764356532363833383136363335356530363761316366
+61663137623931353166616639636635616232306161643432623563643633333739646336356236
-32346635333762656336643163616335363634346330613462393336656265303365643638396338
+30663463303362396331396630623063646365373839333837333832643231396130636461636537
-32663933363738666465353931393937353336633337383166326634663966356336363566333232
+35653937363434393331303065326137373931633231323861666632393762353162313635393830
-39373566393061643632313661356434663039623862343836376238323861363034643566343863
+32666366376638383632666130353438316231313763323833663836663262646135633763376334
-31303936373236333865376131623462323130353163633031373839383962333237333564336666
+64636531653937303136373063336430303536316636343835396532383164623539653966343865
-66316334303461336531366165626236616565373562633930323565616366616235313661303832
+64316236656164653936613139643061323264333861623833383061386362333934373535633565
-61663436633435313933613436633138613135383066333735393563643466613237616161633234
+37623065636437626165646261343265613234373963386134616632396433376162306432633038
-6462
+37356135663862363930303834303166333236643864383166333365313131333438373633653631
 35613639343638356135356537626231663661623364313837393065363031616661613032306462
 32653664373334636561613132336631613561363638666465393930336533333962383062316231
 35633535643836323131656337366139313864343632616266363666646130316532336465633562
 35326562633539386238613834656665306365643466356235326536383065623239653235653236
 34356636623263343932336266336664303362613537666630343935313362666466393134653262
 66396561363463646237363638336539663261626534363531636330386136623463366432313335
 36343236613863383139353461313562303534613166353866636262623866383736303262626438
 39353762303831353238323538626635393365363132646563626535613362326662653631663935
 35636134343266626162316135316533346331663634366630633437363531313732313161306665
 35336336323438613865396363363434663461646238346565336233363738666437323235336365
 37316561386137353338643561656262336336373736393939363039663731343636366435633162
 38383564663438303964643563613338306363623831613432333439386165303965